Use ct.SHA256Hash for log ID rather than []byte
This commit is contained in:
parent
2cccf67601
commit
a147970db8
|
@ -162,7 +162,7 @@ func (state *State) SaveCert(isPrecert bool, certs [][]byte) (bool, string, erro
|
||||||
}
|
}
|
||||||
|
|
||||||
func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) {
|
func (state *State) OpenLogState(logInfo *loglist.Log) (*LogState, error) {
|
||||||
return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID)))
|
return OpenLogState(filepath.Join(state.path, "logs", base64.RawURLEncoding.EncodeToString(logInfo.LogID[:])))
|
||||||
}
|
}
|
||||||
|
|
||||||
func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) {
|
func (state *State) GetLegacySTH(logInfo *loglist.Log) (*ct.SignedTreeHead, error) {
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
package loglist
|
package loglist
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"encoding/base64"
|
|
||||||
"time"
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -25,7 +24,7 @@ func (list *List) AllLogs() []*Log {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (log *Log) LogIDString() string {
|
func (log *Log) LogIDString() string {
|
||||||
return base64.StdEncoding.EncodeToString(log.LogID)
|
return log.LogID.Base64String()
|
||||||
}
|
}
|
||||||
|
|
||||||
func (log *Log) AcceptsExpiration(expiration time.Time) bool {
|
func (log *Log) AcceptsExpiration(expiration time.Time) bool {
|
||||||
|
|
|
@ -11,6 +11,8 @@ package loglist
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
|
"software.sslmate.com/src/certspotter/ct"
|
||||||
)
|
)
|
||||||
|
|
||||||
type List struct {
|
type List struct {
|
||||||
|
@ -25,14 +27,14 @@ type Operator struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
type Log struct {
|
type Log struct {
|
||||||
Key []byte `json:"key"`
|
Key []byte `json:"key"`
|
||||||
LogID []byte `json:"log_id"`
|
LogID ct.SHA256Hash `json:"log_id"`
|
||||||
MMD int `json:"mmd"`
|
MMD int `json:"mmd"`
|
||||||
URL string `json:"url"`
|
URL string `json:"url"`
|
||||||
Description string `json:"description"`
|
Description string `json:"description"`
|
||||||
State State `json:"state"`
|
State State `json:"state"`
|
||||||
DNS string `json:"dns"`
|
DNS string `json:"dns"`
|
||||||
LogType LogType `json:"log_type"`
|
LogType LogType `json:"log_type"`
|
||||||
TemporalInterval *struct {
|
TemporalInterval *struct {
|
||||||
StartInclusive time.Time `json:"start_inclusive"`
|
StartInclusive time.Time `json:"start_inclusive"`
|
||||||
EndExclusive time.Time `json:"end_exclusive"`
|
EndExclusive time.Time `json:"end_exclusive"`
|
||||||
|
|
|
@ -10,7 +10,6 @@
|
||||||
package loglist
|
package loglist
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"bytes"
|
|
||||||
"crypto/sha256"
|
"crypto/sha256"
|
||||||
"fmt"
|
"fmt"
|
||||||
)
|
)
|
||||||
|
@ -35,7 +34,7 @@ func (operator *Operator) Validate() error {
|
||||||
|
|
||||||
func (log *Log) Validate() error {
|
func (log *Log) Validate() error {
|
||||||
realLogID := sha256.Sum256(log.Key)
|
realLogID := sha256.Sum256(log.Key)
|
||||||
if !bytes.Equal(log.LogID, realLogID[:]) {
|
if log.LogID != realLogID {
|
||||||
return fmt.Errorf("log ID does not match log key")
|
return fmt.Errorf("log ID does not match log key")
|
||||||
}
|
}
|
||||||
return nil
|
return nil
|
||||||
|
|
|
@ -63,7 +63,7 @@ type Scanner struct {
|
||||||
|
|
||||||
// Public key of the log
|
// Public key of the log
|
||||||
publicKey crypto.PublicKey
|
publicKey crypto.PublicKey
|
||||||
LogId []byte
|
LogId ct.SHA256Hash
|
||||||
|
|
||||||
// Client used to talk to the CT log instance
|
// Client used to talk to the CT log instance
|
||||||
logClient *client.LogClient
|
logClient *client.LogClient
|
||||||
|
@ -207,7 +207,7 @@ func (s *Scanner) GetSTH() (*ct.SignedTreeHead, error) {
|
||||||
return nil, errors.New("STH signature is invalid: " + err.Error())
|
return nil, errors.New("STH signature is invalid: " + err.Error())
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
copy(latestSth.LogID[:], s.LogId)
|
latestSth.LogID = s.LogId
|
||||||
return latestSth, nil
|
return latestSth, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -311,7 +311,7 @@ func (s *Scanner) Scan(startIndex int64, endIndex int64, processCert ProcessCall
|
||||||
|
|
||||||
// Creates a new Scanner instance using |client| to talk to the log, and taking
|
// Creates a new Scanner instance using |client| to talk to the log, and taking
|
||||||
// configuration options from |opts|.
|
// configuration options from |opts|.
|
||||||
func NewScanner(logUri string, logId []byte, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner {
|
func NewScanner(logUri string, logId ct.SHA256Hash, publicKey crypto.PublicKey, opts *ScannerOptions) *Scanner {
|
||||||
var scanner Scanner
|
var scanner Scanner
|
||||||
scanner.LogUri = logUri
|
scanner.LogUri = logUri
|
||||||
scanner.LogId = logId
|
scanner.LogId = logId
|
||||||
|
|
Loading…
Reference in New Issue