diff options
| author | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-18 13:17:40 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-18 13:17:40 +0100 |
| commit | 15ffe76847c4c0383c4d0c0a35fb29d5031d093b (patch) | |
| tree | 73001d637ef722bcf11562cdc9b10c809d09a66c /snapshot.go | |
| parent | c96dabe39386d008985566bf689a3735d0a8f1c8 (diff) | |
more light refactoring
Diffstat (limited to 'snapshot.go')
| -rw-r--r-- | snapshot.go | 43 |
1 files changed, 40 insertions, 3 deletions
diff --git a/snapshot.go b/snapshot.go index 63402ea..5a9c50e 100644 --- a/snapshot.go +++ b/snapshot.go @@ -14,7 +14,6 @@ import ( "time" "git.cs.kau.se/rasmoste/ct-sans/internal/merkle" - "git.cs.kau.se/rasmoste/ct-sans/internal/utils" ct "github.com/google/certificate-transparency-go" "github.com/google/certificate-transparency-go/client" "github.com/google/certificate-transparency-go/jsonclient" @@ -46,7 +45,7 @@ func snapshot(opts options) error { } logger.Printf("INFO: updating signed tree heads\n") - for _, log := range utils.Logs(md) { + for _, log := range logs(md) { id, _ := log.Key.ID() der, _ := x509.MarshalPKIXPublicKey(log.Key) dir := fmt.Sprintf("%s/%x", opts.logDirectory, id) @@ -114,7 +113,7 @@ func snapshot(opts options) error { nextSTH.TreeSize, [sha256.Size]byte(currSTH.SHA256RootHash), [sha256.Size]byte(nextSTH.SHA256RootHash), - utils.Proof(hashes)); err != nil { + proof(hashes)); err != nil { return fmt.Errorf("%s: inconsistent tree: %v", *log.Description, err) } if err := os.WriteFile(sthFile, nextSTHBytes, 0644); err != nil { @@ -124,3 +123,41 @@ func snapshot(opts options) error { } return nil } + +// logs select logs that count towards CT-compliance checks. Logs that don't +// have a description are skipped after printing a warning. +func logs(md metadata.Metadata) (logs []metadata.Log) { + for _, operators := range md.Operators { + for _, log := range operators.Logs { + if log.Description == nil { + fmt.Fprintf(os.Stderr, "WARNING: skipping log without description") + continue + } + if log.State == nil { + continue // skip logs with unknown states + } + if log.State.Name == metadata.LogStatePending { + continue // pending logs do not count towards CT-compliance + } + if log.State.Name == metadata.LogStateRetired { + continue // retired logs are not necessarily reachable + } + if log.State.Name == metadata.LogStateRejected { + continue // rejected logs do not count towards CT-compliance + } + + logs = append(logs, log) + } + } + return +} + +// proof formats hashes so that they can be passed to the merkle package +func proof(hashes [][]byte) (p [][sha256.Size]byte) { + for _, hash := range hashes { + var h [sha256.Size]byte + copy(h[:], hash) + p = append(p, h) + } + return +} |