146 lines
4.1 KiB
Go
146 lines
4.1 KiB
Go
// Copyright (C) 2017 Opsmate, Inc.
|
|
//
|
|
// This Source Code Form is subject to the terms of the Mozilla
|
|
// Public License, v. 2.0. If a copy of the MPL was not distributed
|
|
// with this file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
//
|
|
// This software is distributed WITHOUT A WARRANTY OF ANY KIND.
|
|
// See the Mozilla Public License for details.
|
|
|
|
package cmd
|
|
|
|
import (
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"encoding/binary"
|
|
"fmt"
|
|
"os"
|
|
"path/filepath"
|
|
"strconv"
|
|
"strings"
|
|
|
|
"software.sslmate.com/src/certspotter"
|
|
"software.sslmate.com/src/certspotter/ct"
|
|
)
|
|
|
|
type LogState struct {
|
|
path string
|
|
}
|
|
|
|
// generate a filename that uniquely identifies the STH (within the context of a particular log)
|
|
func sthFilename(sth *ct.SignedTreeHead) string {
|
|
hasher := sha256.New()
|
|
switch sth.Version {
|
|
case ct.V1:
|
|
binary.Write(hasher, binary.LittleEndian, sth.Timestamp)
|
|
binary.Write(hasher, binary.LittleEndian, sth.SHA256RootHash)
|
|
default:
|
|
panic(fmt.Sprintf("Unsupported STH version %d", sth.Version))
|
|
}
|
|
// For 6962-bis, we will need to handle a variable-length root hash, and include the signature in the filename hash (since signatures must be deterministic)
|
|
return strconv.FormatUint(sth.TreeSize, 10) + "-" + base64.RawURLEncoding.EncodeToString(hasher.Sum(nil)) + ".json"
|
|
}
|
|
|
|
func makeLogStateDir(logStatePath string) error {
|
|
if err := os.Mkdir(logStatePath, 0777); err != nil && !os.IsExist(err) {
|
|
return fmt.Errorf("%s: %s", logStatePath, err)
|
|
}
|
|
for _, subdir := range []string{"unverified_sths"} {
|
|
path := filepath.Join(logStatePath, subdir)
|
|
if err := os.Mkdir(path, 0777); err != nil && !os.IsExist(err) {
|
|
return fmt.Errorf("%s: %s", path, err)
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func OpenLogState(logStatePath string) (*LogState, error) {
|
|
if err := makeLogStateDir(logStatePath); err != nil {
|
|
return nil, fmt.Errorf("Error creating log state directory: %s", err)
|
|
}
|
|
return &LogState{path: logStatePath}, nil
|
|
}
|
|
|
|
func (logState *LogState) VerifiedSTHFilename() string {
|
|
return filepath.Join(logState.path, "sth.json")
|
|
}
|
|
|
|
func (logState *LogState) GetVerifiedSTH() (*ct.SignedTreeHead, error) {
|
|
sth, err := readSTHFile(logState.VerifiedSTHFilename())
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return nil, nil
|
|
} else {
|
|
return nil, err
|
|
}
|
|
}
|
|
return sth, nil
|
|
}
|
|
|
|
func (logState *LogState) StoreVerifiedSTH(sth *ct.SignedTreeHead) error {
|
|
return writeJSONFile(logState.VerifiedSTHFilename(), sth, 0666)
|
|
}
|
|
|
|
func (logState *LogState) GetUnverifiedSTHs() ([]*ct.SignedTreeHead, error) {
|
|
dir, err := os.Open(filepath.Join(logState.path, "unverified_sths"))
|
|
if err != nil {
|
|
if os.IsNotExist(err) {
|
|
return []*ct.SignedTreeHead{}, nil
|
|
} else {
|
|
return nil, err
|
|
}
|
|
}
|
|
filenames, err := dir.Readdirnames(0)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
sths := make([]*ct.SignedTreeHead, 0, len(filenames))
|
|
for _, filename := range filenames {
|
|
if !strings.HasPrefix(filename, ".") {
|
|
sth, _ := readSTHFile(filepath.Join(dir.Name(), filename))
|
|
if sth != nil {
|
|
sths = append(sths, sth)
|
|
}
|
|
}
|
|
}
|
|
return sths, nil
|
|
}
|
|
|
|
func (logState *LogState) UnverifiedSTHFilename(sth *ct.SignedTreeHead) string {
|
|
return filepath.Join(logState.path, "unverified_sths", sthFilename(sth))
|
|
}
|
|
|
|
func (logState *LogState) StoreUnverifiedSTH(sth *ct.SignedTreeHead) error {
|
|
filename := logState.UnverifiedSTHFilename(sth)
|
|
if fileExists(filename) {
|
|
return nil
|
|
}
|
|
return writeJSONFile(filename, sth, 0666)
|
|
}
|
|
|
|
func (logState *LogState) RemoveUnverifiedSTH(sth *ct.SignedTreeHead) error {
|
|
filename := logState.UnverifiedSTHFilename(sth)
|
|
err := os.Remove(filepath.Join(filename))
|
|
if err != nil && !os.IsNotExist(err) {
|
|
return err
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (logState *LogState) GetTree() (*certspotter.CollapsedMerkleTree, error) {
|
|
tree := new(certspotter.CollapsedMerkleTree)
|
|
if err := readJSONFile(filepath.Join(logState.path, "tree.json"), tree); err != nil {
|
|
if os.IsNotExist(err) {
|
|
return nil, nil
|
|
} else {
|
|
return nil, err
|
|
}
|
|
}
|
|
return tree, nil
|
|
}
|
|
|
|
func (logState *LogState) StoreTree(tree *certspotter.CollapsedMerkleTree) error {
|
|
return writeJSONFile(filepath.Join(logState.path, "tree.json"), tree, 0666)
|
|
}
|