// NewLog returns an initialized Log struct func NewLog(uri, b64PK string) (*Log, error) { url, err := url.Parse(uri) if err != nil { return nil, err } url.Path = strings.TrimSuffix(url.Path, "/") client := ctClient.New(url.String(), nil) pkBytes, err := base64.StdEncoding.DecodeString(b64PK) if err != nil { return nil, fmt.Errorf("Failed to decode base64 log public key") } pk, err := x509.ParsePKIXPublicKey(pkBytes) if err != nil { return nil, fmt.Errorf("Failed to parse log public key") } verifier, err := ct.NewSignatureVerifier(pk) if err != nil { return nil, err } // Replace slashes with dots for statsd logging sanitizedPath := strings.TrimPrefix(url.Path, "/") sanitizedPath = strings.Replace(sanitizedPath, "/", ".", -1) return &Log{ logID: b64PK, uri: uri, statName: fmt.Sprintf("%s.%s", url.Host, sanitizedPath), client: client, verifier: verifier, }, nil }
func createVerifiers() (*gossip.SignatureVerifierMap, error) { m := make(gossip.SignatureVerifierMap) if len(*logKeys) == 0 { return nil, errors.New("--log_public_keys is empty") } keys := strings.Split(*logKeys, ",") for _, k := range keys { pem, err := ioutil.ReadFile(k) if err != nil { return nil, fmt.Errorf("failed to read specified PEM file %s: %v", k, err) } for len(pem) > 0 { key, id, rest, err := ct.PublicKeyFromPEM(pem) pem = rest if err != nil { return nil, fmt.Errorf("failed to read public key from PEM in file %s: %v", k, err) } sv, err := ct.NewSignatureVerifier(key) if err != nil { return nil, fmt.Errorf("Failed to create new SignatureVerifier: %v", err) } m[id] = *sv log.Printf("Loaded key for LogID %v", id) } } return &m, nil }
func mustCreateSignatureVerifiers(t *testing.T) SignatureVerifierMap { m := make(SignatureVerifierMap) key, id, _, err := ct.PublicKeyFromPEM([]byte(pubKey)) if err != nil { t.Fatalf("Failed to parse pubkey: %v", err) } sv, err := ct.NewSignatureVerifier(key) if err != nil { t.Fatalf("Failed to create new SignatureVerifier: %v", err) } m[id] = *sv return m }
// NewWithPubKey constructs a new LogClient instance that includes public // key information for the log; this instance will check signatures on // responses from the log. func NewWithPubKey(uri string, hc *http.Client, pemEncodedKey string) (*LogClient, error) { pubkey, _, rest, err := ct.PublicKeyFromPEM([]byte(pemEncodedKey)) if err != nil { return nil, err } if len(rest) > 0 { return nil, errors.New("extra data found after PEM key decoded") } verifier, err := ct.NewSignatureVerifier(pubkey) if err != nil { return nil, err } if hc == nil { hc = new(http.Client) } return &LogClient{uri: uri, httpClient: hc, verifier: verifier}, nil }
// NewLog returns an initialized Log struct func NewLog(uri, b64PK string) (*Log, error) { if strings.HasSuffix(uri, "/") { uri = uri[0 : len(uri)-2] } client := ctClient.New(uri) pkBytes, err := base64.StdEncoding.DecodeString(b64PK) if err != nil { return nil, fmt.Errorf("Failed to decode base64 log public key") } pk, err := x509.ParsePKIXPublicKey(pkBytes) if err != nil { return nil, fmt.Errorf("Failed to parse log public key") } verifier, err := ct.NewSignatureVerifier(pk) if err != nil { return nil, err } return &Log{uri, client, verifier}, nil }