Commit Graph

319 Commits

Author SHA1 Message Date
Andrew Ayer 0d9b81ecc8 Tweak logic for storing tree position 2017-01-06 12:19:53 -08:00
Andrew Ayer 87c6bc4f1c Add CONTRIBUTING file 2017-01-06 10:55:52 -08:00
Andrew Ayer 8ea4003994 Add some additional logging 2017-01-06 10:31:34 -08:00
Andrew Ayer 0c751f0294 Drop the MerkleTreeBuilder return value from VerifyConsistencyProof 2017-01-05 21:06:37 -08:00
Andrew Ayer ef00e22ec1 Remove unused code 2017-01-05 21:02:28 -08:00
Andrew Ayer 0af0262498 Overhaul log processing and auditing
1. Instead of storing a single STH per log, we now store one verified
STH and any number of unverified STHs.  When we process a log, we verify
each unverified STH using a consistency proof with the verified STH,
and only delete it if it successfully verifies.  We set the verified
STH to the largest STH which we've successfully verified.

This has two important benefits.  First, we never ever delete an STH
unless we can successfully verify it (previously, we would forget about
an STH under certain error conditions).  Second, it lays the groundwork
for STH pollination.  Upon reception of an STH, we can simply drop it in
the log's unverified_sths directory (assuming the signature is valid),
and Cert Spotter will audit it.

There is no more "evidence" directory; if a consistency proof fails,
the STHs will already be present elsewhere in the state directory.

2. We now persist a MerkleTreeBuilder between each run of Cert Spotter,
instead of rebuilding it every time from the consistency proof.  This is
not intrinsically better, but it makes the code simpler considering we
can now fetch numerous consistency proofs per run.

3. To accommodate the above changes, the state directory has a brand
new layout.  The state directory is now versioned, and Cert Spotter
will automatically migrate old state directories to the new layout.
This migration logic will be removed in a future Cert Spotter release.

As a bonus, the code is generally cleaner now :-)
2017-01-05 21:00:35 -08:00
Andrew Ayer 54d9762ff2 Add JSON marshalling for MerkleTreeBuilder 2017-01-05 15:43:26 -08:00
Andrew Ayer 7c55be7d5c Add GetNumLeaves function for MerkleTreeBuilder 2017-01-05 15:00:56 -08:00
Andrew Ayer 3673518b30 Add constructor functions for MerkleTreeBuilder 2017-01-05 14:48:35 -08:00
Andrew Ayer 39737f33ec Rename MerkleTreeBuilder.size to numLeaves 2017-01-05 14:41:54 -08:00
Andrew Ayer f920ef0ec3 Add a TODO 2017-01-05 14:32:28 -08:00
Andrew Ayer 55d12ee013 Support empty trees 2017-01-05 14:32:22 -08:00
Andrew Ayer 4868243259 Add ID function to LogInfo to return log ID 2016-11-26 17:48:15 -08:00
Andrew Ayer ff6d1f21fd Add a TODO comment 2016-11-26 17:47:57 -08:00
Andrew Ayer 0bd48084f0 Add MakeMerkleTreeBuilder 2016-11-25 20:13:17 -08:00
Andrew Ayer adce61e035 Add GetAuditProof to LogClient 2016-11-25 20:09:59 -08:00
Andrew Ayer b63a024876 Replace MerkleTreeBuilder.Finish with non-mutating CalculateRoot 2016-11-25 17:43:07 -08:00
Andrew Ayer ef18092eb9 Add new logs: Icarus, Skydiver, StartCom, WoSign 2016-11-15 15:59:39 -08:00
Andrew Ayer 9bf82346d8 Avoid use of json.Decoder
Per https://ahmetalpbalkan.com/blog/golang-json-decoder-pitfalls/
2016-11-15 15:59:39 -08:00
Andrew Ayer 36210a9544 VerifyConsistencyProof: properly return tree builder when two trees are the same 2016-11-15 15:59:39 -08:00
Andrew Ayer 31f2316aa2 Rework -all_time logic
If -all_time is specified, scan the entirety of all logs, even
existing logs.  This matches user expectation better.  Previously,
-all_time had no impact on existing logs.

The first time Cert Spotter is run, do not scan any logs, unless
-all_time is specified.  This avoids a several hour wait the first
time Cert Spotter is run.  If the user is interested in knowing
about existing certificates, they can use the certspotter.com API
or crt.sh.  This is the same as existing behavior.

When a new log is added, scan it in its entirety even if -all_time is
not specified, so users are alerted to interesting certificates in the
new log.  Hopefully new logs will be small and this won't take too long!
Previously, new logs were not scanned in their entirety unless -all_time
was specified.

Closes: #5
2016-11-15 15:59:38 -08:00
Andrew Ayer 7d2936eada README: document upcoming mandatory CT 2016-11-12 08:09:42 -08:00
Andrew Ayer f706b09bc8 README: document GlobalSign DV logging 2016-11-12 08:09:27 -08:00
Andrew Ayer 2a80e85783 Increase log client request timeout to 60 seconds
This should be configurable, but I need to experiment first.
2016-08-30 10:40:13 -07:00
Andrew Ayer 35c646ae62 Add NEWS file for 0.2 release 2016-08-25 17:13:31 -07:00
Joe Tsai 4104152de6 Use io.ReadFull instead of raw Read
An io.Reader does not guarantee that it can read all bytes possible
to fill the input buffer. Thus, we should use io.ReadFull here instead.

Cherry-picked from ddfd4a2b2d89e20f0a7c63c88420aaa419d4d95c
of https://github.com/google/certificate-transparency
2016-08-25 16:48:58 -07:00
Andrew Ayer c36452f67a Improve log client error messages 2016-08-25 16:04:29 -07:00
Andrew Ayer 1af6309367 Define tagUTCTime and tagGeneralizedTime
They're only exported in Go1.6 and I'd like to support Go1.5 as well.

Closes: #15
2016-08-20 19:43:44 -07:00
Andrew Ayer b1dc229785 Fix typo 2016-07-28 15:52:32 -07:00
Andrew Ayer 1f97fb3a13 Suppress duplicate identifiers 2016-07-28 14:00:15 -07:00
Andrew Ayer 6cae4942e4 Identifiers: abstract out appendIPAddress 2016-07-28 13:53:24 -07:00
Jonathan Rudenberg c217200b96 Return errors from InvokeHookScript instead of failing silently
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 12:26:58 -07:00
Jonathan Rudenberg acc6781f29 Run gofmt
Signed-off-by: Jonathan Rudenberg <jonathan@titanous.com>
2016-07-28 14:55:46 -04:00
Andrew Ayer 38b9c920eb Add README 2016-07-27 14:17:53 -07:00
Andrew Ayer 1dc7e1cda9 Refine command line flag descriptions 2016-07-27 14:14:09 -07:00
Andrew Ayer 902755d4e8 Don't enforce public key compliance
You have to trust the public key anyways, so compliance checks are
superfluous.
2016-07-26 17:00:01 -07:00
Andrew Ayer f75c47d9ca Always store files in ~/.certspotter, even if running as root 2016-07-26 16:57:26 -07:00
Andrew Ayer c185657181 Remove Izenpe log, add CNNIC 2016-07-19 10:46:15 -07:00
Andrew Ayer cf8a5d8703 Remove description field from logs.go 2016-07-19 10:39:01 -07:00
Andrew Ayer 37bc55be2d Add key hash to logs.go 2016-07-19 10:32:05 -07:00
Andrew Ayer ebdf2af720 Add some comments 2016-07-19 10:31:23 -07:00
Andrew Ayer 19e05b901a Remove some dead code from the scanner 2016-06-22 10:32:42 -07:00
Andrew Ayer 74f9ceb6a2 Add attribution of the ct sub-directory 2016-06-22 10:30:16 -07:00
Andrew Ayer 724517e4c4 Update crt.sh link to use sha256= instead of q= 2016-06-20 15:23:15 -07:00
Andrew Ayer fa1236f434 Use a switch statement instead of an if statement
This will make it cleaner to handle other extension types
2016-06-08 15:57:56 -07:00
Andrew Ayer 196bd864cd Properly handle non-200 responses from logs 2016-06-08 15:18:28 -07:00
Andrew Ayer 1fc964732b Allow public key to be omitted from log JSON file
In which case signatures are not checked.
2016-06-03 08:10:38 -07:00
Andrew Ayer 2c8cb1f402 Return exit code from cmd.Main instead of exiting directly
This allows the calling code to do custom cleanup.
2016-06-03 07:21:08 -07:00
Andrew Ayer 6db3f7564c Add function to reconstruct pre-cert TBS from cert TBS 2016-05-16 11:33:03 -07:00
Andrew Ayer ae59c317dc Ignore empty DNS names 2016-05-13 10:31:13 -07:00