Use ct.SHA256Hash for log ID rather than []byte
This commit is contained in:
Andrew Ayer
parent
2cccf67601
commit
a147970db8
|
|
@ -162,7 +162,7 @@ func (state *State) SaveCert(isPrecert bool, certs [][]byte) (bool, string, erro
|
|||
}
|
||||
|
||||
func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) {
|
||||
return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID)))
|
||||
return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID[:])))
|
||||
}
|
||||
|
||||
func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) {
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@
|
|||
package loglist
|
||||
|
||||
import (
|
||||
"encoding/base64"
|
||||
"time"
|
||||
)
|
||||
|
||||
|
|
@ -25,7 +24,7 @@ func (list *List) AllLogs() []*Log {
|
|||
}
|
||||
|
||||
func (log *Log) LogIDString() string {
|
||||
return base64.StdEncoding.EncodeToString(log.LogID)
|
||||
return log.LogID.Base64String()
|
||||
}
|
||||
|
||||
func (log *Log) AcceptsExpiration(expiration time.Time) bool {
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ package loglist
|
|||
|
||||
import (
|
||||
"time"
|
||||
|
||||
"software.sslmate.com/src/certspotter/ct"
|
||||
)
|
||||
|
||||
type List struct {
|
||||
|
|
@ -25,14 +27,14 @@ type Operator struct {
|
|||
}
|
||||
|
||||
type Log struct {
|
||||
Key []byte `json:"key"`
|
||||
LogID []byte `json:"log_id"`
|
||||
MMD int `json:"mmd"`
|
||||
URL string `json:"url"`
|
||||
Description string `json:"description"`
|
||||
State State `json:"state"`
|
||||
DNS string `json:"dns"`
|
||||
LogType LogType `json:"log_type"`
|
||||
Key []byte `json:"key"`
|
||||
LogID ct.SHA256Hash `json:"log_id"`
|
||||
MMD int `json:"mmd"`
|
||||
URL string `json:"url"`
|
||||
Description string `json:"description"`
|
||||
State State `json:"state"`
|
||||
DNS string `json:"dns"`
|
||||
LogType LogType `json:"log_type"`
|
||||
TemporalInterval *struct {
|
||||
StartInclusive time.Time `json:"start_inclusive"`
|
||||
EndExclusive time.Time `json:"end_exclusive"`
|
||||
|
|
|
|||
|
|
@ -10,7 +10,6 @@
|
|||
package loglist
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/sha256"
|
||||
"fmt"
|
||||
)
|
||||
|
|
@ -35,7 +34,7 @@ func (operator *Operator) Validate() error {
|
|||
|
||||
func (log *Log) Validate() error {
|
||||
realLogID := sha256.Sum256(log.Key)
|
||||
if !bytes.Equal(log.LogID, realLogID[:]) {
|
||||
if log.LogID != realLogID {
|
||||
return fmt.Errorf("log ID does not match log key")
|
||||
}
|
||||
return nil
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ type Scanner struct {
|
|||
|
||||
// Public key of the log
|
||||
publicKey crypto.PublicKey
|
||||
LogId []byte
|
||||
LogId ct.SHA256Hash
|
||||
|
||||
// Client used to talk to the CT log instance
|
||||
logClient *client.LogClient
|
||||
|
|
@ -207,7 +207,7 @@ func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error) {
|
|||
return nil, errors.New("STH signature is invalid: " + err.Error())
|
||||
}
|
||||
}
|
||||
copy(latestSth.LogID[:], s.LogId)
|
||||
latestSth.LogID = s.LogId
|
||||
return latestSth, nil
|
||||
}
|
||||
|
||||
|
|
@ -311,7 +311,7 @@ func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCall
|
|||
|
||||
// Creates a new Scanner instance using |client| to talk to the log, and taking
|
||||
// configuration options from |opts|.
|
||||
func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner {
|
||||
func NewScanner(logUri string, logId ct.SHA256Hash, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner {
|
||||
var scanner Scanner
|
||||
scanner.LogUri = logUri
|
||||
scanner.LogId = logId
|
||||
|
|
|
|||
Loading…
Reference in New Issue