Tandem
/
certspotter
mirror of https://github.com/SSLMate/certspotter.git
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use ct.SHA256Hash for log ID rather than []byte

This commit is contained in:
Andrew Ayer 2021-04-30 17:04:16 -04:00
parent 2cccf67601
commit a147970db8
5 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
cmd/state.go
View File

@ -162,7 +162,7 @@ func (state *State) SaveCert(isPrecert bool, certs [][]byte) (bool, string, erro
} }
func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) { func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) {
return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID))) return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID[:])))
} }
func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) { func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) {

3
loglist/helpers.go
View File

@ -10,7 +10,6 @@
package loglist package loglist
import ( import (
"encoding/base64"
"time" "time"
) )
@ -25,7 +24,7 @@ func (list *List) AllLogs() []*Log {
} }
func (log *Log) LogIDString() string { func (log *Log) LogIDString() string {
return base64.StdEncoding.EncodeToString(log.LogID) return log.LogID.Base64String()
} }
func (log *Log) AcceptsExpiration(expiration time.Time) bool { func (log *Log) AcceptsExpiration(expiration time.Time) bool {

4
loglist/schema.go
View File

@ -11,6 +11,8 @@ package loglist
import ( import (
"time" "time"
"software.sslmate.com/src/certspotter/ct"
) )
type List struct { type List struct {
@ -26,7 +28,7 @@ type Operator struct {
type Log struct { type Log struct {
Key []byte `json:"key"` Key []byte `json:"key"`
LogID []byte `json:"log_id"` LogID ct.SHA256Hash `json:"log_id"`
MMD int `json:"mmd"` MMD int `json:"mmd"`
URL string `json:"url"` URL string `json:"url"`
Description string `json:"description"` Description string `json:"description"`

3
loglist/validate.go
View File

@ -10,7 +10,6 @@
package loglist package loglist
import ( import (
"bytes"
"crypto/sha256" "crypto/sha256"
"fmt" "fmt"
) )
@ -35,7 +34,7 @@ func (operator *Operator) Validate() error {
func (log *Log) Validate() error { func (log *Log) Validate() error {
realLogID := sha256.Sum256(log.Key) realLogID := sha256.Sum256(log.Key)
if !bytes.Equal(log.LogID, realLogID[:]) { if log.LogID != realLogID {
return fmt.Errorf("log ID does not match log key") return fmt.Errorf("log ID does not match log key")
} }
return nil return nil

6
scanner.go
View File

@ -63,7 +63,7 @@ type Scanner struct {
// Public key of the log // Public key of the log
publicKey crypto.PublicKey publicKey crypto.PublicKey
LogId []byte LogId ct.SHA256Hash
// Client used to talk to the CT log instance // Client used to talk to the CT log instance
logClient *client.LogClient logClient *client.LogClient
@ -207,7 +207,7 @@ func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error) {
return nil, errors.New("STH signature is invalid: " + err.Error()) return nil, errors.New("STH signature is invalid: " + err.Error())
} }
} }
copy(latestSth.LogID[:], s.LogId) latestSth.LogID = s.LogId
return latestSth, nil return latestSth, nil
} }
@ -311,7 +311,7 @@ func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCall
// Creates a new Scanner instance using |client| to talk to the log, and taking // Creates a new Scanner instance using |client| to talk to the log, and taking
// configuration options from |opts|. // configuration options from |opts|.
func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner { func NewScanner(logUri string, logId ct.SHA256Hash, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner {
var scanner Scanner var scanner Scanner
scanner.LogUri = logUri scanner.LogUri = logUri
scanner.LogId = logId scanner.LogId = logId