func createVerifiers() (*gossip.SignatureVerifierMap, error) {
m := make(gossip.SignatureVerifierMap)
if len(*logKeys) == 0 {
return nil, errors.New("--log_public_keys is empty")
}
keys := strings.Split(*logKeys, ",")
for _, k := range keys {
pem, err := ioutil.ReadFile(k)
if err != nil {
return nil, fmt.Errorf("failed to read specified PEM file %s: %v", k, err)
}
for len(pem) > 0 {
key, id, rest, err := ct.PublicKeyFromPEM(pem)
pem = rest
if err != nil {
return nil, fmt.Errorf("failed to read public key from PEM in file %s: %v", k, err)
}
sv, err := ct.NewSignatureVerifier(key)
if err != nil {
return nil, fmt.Errorf("Failed to create new SignatureVerifier: %v", err)
}
m[id] = *sv
log.Printf("Loaded key for LogID %v", id)
}
}
return &m, nil
}
func addLog(t *testing.T, pub *PublisherImpl, port int, pubKey *ecdsa.PublicKey) {
verifier, err := ct.NewSignatureVerifier(pubKey)
test.AssertNotError(t, err, "Couldn't create signature verifier")
pub.ctLogs = append(pub.ctLogs, &Log{
client: ctClient.New(fmt.Sprintf("http://localhost:%d", port)),
verifier: verifier,
})
}
// NewLog returns an initialized Log struct
func NewLog(uri, b64PK string) (*Log, error) {
if strings.HasSuffix(uri, "/") {
uri = uri[0 : len(uri)-2]
}
client := ctClient.New(uri)
pkBytes, err := base64.StdEncoding.DecodeString(b64PK)
if err != nil {
return nil, fmt.Errorf("Failed to decode base64 log public key")
}
pk, err := x509.ParsePKIXPublicKey(pkBytes)
if err != nil {
return nil, fmt.Errorf("Failed to parse log public key")
}
verifier, err := ct.NewSignatureVerifier(pk)
if err != nil {
return nil, err
}
return &Log{client, verifier}, nil
}