Beispiel #1
0
// NewLog returns an initialized Log struct
func NewLog(uri, b64PK string) (*Log, error) {
	url, err := url.Parse(uri)
	if err != nil {
		return nil, err
	}
	url.Path = strings.TrimSuffix(url.Path, "/")
	client := ctClient.New(url.String(), nil)

	pkBytes, err := base64.StdEncoding.DecodeString(b64PK)
	if err != nil {
		return nil, fmt.Errorf("Failed to decode base64 log public key")
	}
	pk, err := x509.ParsePKIXPublicKey(pkBytes)
	if err != nil {
		return nil, fmt.Errorf("Failed to parse log public key")
	}

	verifier, err := ct.NewSignatureVerifier(pk)
	if err != nil {
		return nil, err
	}

	// Replace slashes with dots for statsd logging
	sanitizedPath := strings.TrimPrefix(url.Path, "/")
	sanitizedPath = strings.Replace(sanitizedPath, "/", ".", -1)

	return &Log{
		logID:    b64PK,
		uri:      uri,
		statName: fmt.Sprintf("%s.%s", url.Host, sanitizedPath),
		client:   client,
		verifier: verifier,
	}, nil
}
func createVerifiers() (*gossip.SignatureVerifierMap, error) {
	m := make(gossip.SignatureVerifierMap)
	if len(*logKeys) == 0 {
		return nil, errors.New("--log_public_keys is empty")
	}
	keys := strings.Split(*logKeys, ",")
	for _, k := range keys {
		pem, err := ioutil.ReadFile(k)
		if err != nil {
			return nil, fmt.Errorf("failed to read specified PEM file %s: %v", k, err)
		}
		for len(pem) > 0 {
			key, id, rest, err := ct.PublicKeyFromPEM(pem)
			pem = rest
			if err != nil {
				return nil, fmt.Errorf("failed to read public key from PEM in file %s: %v", k, err)
			}
			sv, err := ct.NewSignatureVerifier(key)
			if err != nil {
				return nil, fmt.Errorf("Failed to create new SignatureVerifier: %v", err)
			}
			m[id] = *sv
			log.Printf("Loaded key for LogID %v", id)
		}
	}
	return &m, nil
}
func mustCreateSignatureVerifiers(t *testing.T) SignatureVerifierMap {
	m := make(SignatureVerifierMap)
	key, id, _, err := ct.PublicKeyFromPEM([]byte(pubKey))
	if err != nil {
		t.Fatalf("Failed to parse pubkey: %v", err)
	}
	sv, err := ct.NewSignatureVerifier(key)
	if err != nil {
		t.Fatalf("Failed to create new SignatureVerifier: %v", err)
	}
	m[id] = *sv
	return m
}
Beispiel #4
0
// NewWithPubKey constructs a new LogClient instance that includes public
// key information for the log; this instance will check signatures on
// responses from the log.
func NewWithPubKey(uri string, hc *http.Client, pemEncodedKey string) (*LogClient, error) {
	pubkey, _, rest, err := ct.PublicKeyFromPEM([]byte(pemEncodedKey))
	if err != nil {
		return nil, err
	}
	if len(rest) > 0 {
		return nil, errors.New("extra data found after PEM key decoded")
	}

	verifier, err := ct.NewSignatureVerifier(pubkey)
	if err != nil {
		return nil, err
	}

	if hc == nil {
		hc = new(http.Client)
	}
	return &LogClient{uri: uri, httpClient: hc, verifier: verifier}, nil
}
// NewLog returns an initialized Log struct
func NewLog(uri, b64PK string) (*Log, error) {
	if strings.HasSuffix(uri, "/") {
		uri = uri[0 : len(uri)-2]
	}
	client := ctClient.New(uri)

	pkBytes, err := base64.StdEncoding.DecodeString(b64PK)
	if err != nil {
		return nil, fmt.Errorf("Failed to decode base64 log public key")
	}
	pk, err := x509.ParsePKIXPublicKey(pkBytes)
	if err != nil {
		return nil, fmt.Errorf("Failed to parse log public key")
	}

	verifier, err := ct.NewSignatureVerifier(pk)
	if err != nil {
		return nil, err
	}

	return &Log{uri, client, verifier}, nil
}