func createVerifiers() (*gossip.SignatureVerifierMap, error) {
m := make(gossip.SignatureVerifierMap)
if len(*logKeys) == 0 {
return nil, errors.New("--log_public_keys is empty")
}
keys := strings.Split(*logKeys, ",")
for _, k := range keys {
pem, err := ioutil.ReadFile(k)
if err != nil {
return nil, fmt.Errorf("failed to read specified PEM file %s: %v", k, err)
}
for len(pem) > 0 {
key, id, rest, err := ct.PublicKeyFromPEM(pem)
pem = rest
if err != nil {
return nil, fmt.Errorf("failed to read public key from PEM in file %s: %v", k, err)
}
sv, err := ct.NewSignatureVerifier(key)
if err != nil {
return nil, fmt.Errorf("Failed to create new SignatureVerifier: %v", err)
}
m[id] = *sv
log.Printf("Loaded key for LogID %v", id)
}
}
return &m, nil
}
func mustCreateSignatureVerifiers(t *testing.T) SignatureVerifierMap {
m := make(SignatureVerifierMap)
key, id, _, err := ct.PublicKeyFromPEM([]byte(pubKey))
if err != nil {
t.Fatalf("Failed to parse pubkey: %v", err)
}
sv, err := ct.NewSignatureVerifier(key)
if err != nil {
t.Fatalf("Failed to create new SignatureVerifier: %v", err)
}
m[id] = *sv
return m
}
// NewWithPubKey constructs a new LogClient instance that includes public
// key information for the log; this instance will check signatures on
// responses from the log.
func NewWithPubKey(uri string, hc *http.Client, pemEncodedKey string) (*LogClient, error) {
pubkey, _, rest, err := ct.PublicKeyFromPEM([]byte(pemEncodedKey))
if err != nil {
return nil, err
}
if len(rest) > 0 {
return nil, errors.New("extra data found after PEM key decoded")
}
verifier, err := ct.NewSignatureVerifier(pubkey)
if err != nil {
return nil, err
}
if hc == nil {
hc = new(http.Client)
}
return &LogClient{uri: uri, httpClient: hc, verifier: verifier}, nil
}
