4 files changed, 56 insertions, 67 deletions

diff --git a/collect.go b/collect.go
index 44130c3..3c548db 100644
--- a/collect.go
+++ b/collect.go
@@ -15,7 +15,7 @@ import (
 
 	"git.cs.kau.se/rasmoste/ct-sans/internal/chunk"
 	"git.cs.kau.se/rasmoste/ct-sans/internal/merkle"
-	"git.cs.kau.se/rasmoste/ct-sans/internal/utils"
+	"git.cs.kau.se/rasmoste/ct-sans/internal/x509"
 	ct "github.com/google/certificate-transparency-go"
 	"github.com/google/certificate-transparency-go/client"
 	"github.com/google/certificate-transparency-go/jsonclient"
@@ -59,13 +59,13 @@ func collect(opts options) error {
 	go func() {
 		await.Add(1)
 		defer await.Done()
-		handleMetrics(ctx, metricsCh, utils.Logs(md))
+		handleMetrics(ctx, metricsCh, logs(md))
 	}()
 
 	defer cancel()
 	var wg sync.WaitGroup
 	defer wg.Wait()
-	for _, log := range utils.Logs(md) {
+	for _, log := range logs(md) {
 		go func(log metadata.Log) {
 			wg.Add(1)
 			defer wg.Done()
@@ -128,7 +128,7 @@ func collect(opts options) error {
 				for i := 0; i < len(eb.Entries); i++ {
 					leafHashes = append(leafHashes, merkle.HashLeafNode(eb.Entries[i].LeafInput))
 				}
-				sans, errs := utils.SANsFromLeafEntries(eb.Start, eb.Entries)
+				sans, errs := x509.SANsFromLeafEntries(eb.Start, eb.Entries)
 				for _, err := range errs {
 					logger.Printf("NOTICE: %s: %v", *log.Description, err)
 				}
@@ -242,7 +242,7 @@ func persist(c *chunk.Chunk,
 	if p.LeafIndex != c.Start {
 		return false, fmt.Errorf("log says proof for entry %d is at index %d", c.Start, p.LeafIndex)
 	}
-	if newTH.RootHash, err = merkle.TreeHeadFromRangeProof(c.LeafHashes, uint64(c.Start), utils.Proof(p.AuditPath)); err != nil {
+	if newTH.RootHash, err = merkle.TreeHeadFromRangeProof(c.LeafHashes, uint64(c.Start), proof(p.AuditPath)); err != nil {
 		return false, err
 	}
 
@@ -253,7 +253,7 @@ func persist(c *chunk.Chunk,
 			return true, nil // try again later
 		}
 	}
-	if err := merkle.VerifyConsistency(uint64(oldTH.TreeSize), uint64(newTH.TreeSize), oldTH.RootHash, newTH.RootHash, utils.Proof(hashes)); err != nil {
+	if err := merkle.VerifyConsistency(uint64(oldTH.TreeSize), uint64(newTH.TreeSize), oldTH.RootHash, newTH.RootHash, proof(hashes)); err != nil {
 		return false, fmt.Errorf("%d %x is inconsistent with on-disk state: %v", newTH.TreeSize, newTH.RootHash, err)
 	}
 
@@ -261,7 +261,7 @@ func persist(c *chunk.Chunk,
 	if hashes, err = cli.GetSTHConsistency(ctx, uint64(newTH.TreeSize), sth.TreeSize); err != nil {
 		return true, nil // try again later
 	}
-	if err := merkle.VerifyConsistency(uint64(newTH.TreeSize), sth.TreeSize, newTH.RootHash, sth.SHA256RootHash, utils.Proof(hashes)); err != nil {
+	if err := merkle.VerifyConsistency(uint64(newTH.TreeSize), sth.TreeSize, newTH.RootHash, sth.SHA256RootHash, proof(hashes)); err != nil {
 		return false, fmt.Errorf("%d %x is inconsistent with signed tree head: %v", newTH.TreeSize, newTH.RootHash, err)
 	}
 
diff --git a/internal/utils/utils.go b/internal/utils/utils.go
deleted file mode 100644
index 5b27868..0000000
--- a/internal/utils/utils.go
+++ /dev/null
@@ -1,47 +0,0 @@
-package utils
-
-import (
-	"crypto/sha256"
-	"fmt"
-	"os"
-
-	"gitlab.torproject.org/rgdd/ct/pkg/metadata"
-)
-
-// Logs select logs that count towards CT-compliance checks.  Logs that don't
-// have a description are skipped after printing a warning.
-func Logs(md metadata.Metadata) (logs []metadata.Log) {
-	for _, operators := range md.Operators {
-		for _, log := range operators.Logs {
-			if log.Description == nil {
-				fmt.Fprintf(os.Stderr, "WARNING: skipping log without description")
-				continue
-			}
-			if log.State == nil {
-				continue // skip logs with unknown states
-			}
-			if log.State.Name == metadata.LogStatePending {
-				continue // pending logs do not count towards CT-compliance
-			}
-			if log.State.Name == metadata.LogStateRetired {
-				continue // retired logs are not necessarily reachable
-			}
-			if log.State.Name == metadata.LogStateRejected {
-				continue // rejected logs do not count towards CT-compliance
-			}
-
-			logs = append(logs, log)
-		}
-	}
-	return
-}
-
-// Proof formats hashes so that they can be passed to the merkle package
-func Proof(hashes [][]byte) (p [][sha256.Size]byte) {
-	for _, hash := range hashes {
-		var h [sha256.Size]byte
-		copy(h[:], hash)
-		p = append(p, h)
-	}
-	return
-}
diff --git a/internal/utils/x509.go b/internal/x509/x509.go
index bf99334..949199d 100644
--- a/internal/utils/x509.go
+++ b/internal/x509/x509.go
@@ -1,13 +1,3 @@
-package utils
-
-import (
-	"fmt"
-
-	ct "github.com/google/certificate-transparency-go"
-	"github.com/google/certificate-transparency-go/asn1"
-	"github.com/google/certificate-transparency-go/x509/pkix"
-)
-
 // Mozilla Public License Version 2.0
 // ==================================
 //
@@ -407,6 +397,15 @@ import (
 // https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/monitor/-/blob/main/follow-go/main.go#L115-124
 // https://gitlab.torproject.org/tpo/onion-services/sauteed-onions/monitor/-/blob/main/follow-go/x509.go
 // https://github.com/SSLMate/certspotter/blob/54f34077d3bebe8aafce07dcfbffeb928c6e1d04/x509.go#L380
+package x509
+
+import (
+	"fmt"
+
+	ct "github.com/google/certificate-transparency-go"
+	"github.com/google/certificate-transparency-go/asn1"
+	"github.com/google/certificate-transparency-go/x509/pkix"
+)
 
 func SANsFromLeafEntries(startIndex int64, leafEntries []ct.LeafEntry) (sans []string, errs []error) {
 	for offset, leafEntry := range leafEntries {
diff --git a/snapshot.go b/snapshot.go
index 63402ea..5a9c50e 100644
--- a/snapshot.go
+++ b/snapshot.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"git.cs.kau.se/rasmoste/ct-sans/internal/merkle"
-	"git.cs.kau.se/rasmoste/ct-sans/internal/utils"
 	ct "github.com/google/certificate-transparency-go"
 	"github.com/google/certificate-transparency-go/client"
 	"github.com/google/certificate-transparency-go/jsonclient"
@@ -46,7 +45,7 @@ func snapshot(opts options) error {
 	}
 
 	logger.Printf("INFO: updating signed tree heads\n")
-	for _, log := range utils.Logs(md) {
+	for _, log := range logs(md) {
 		id, _ := log.Key.ID()
 		der, _ := x509.MarshalPKIXPublicKey(log.Key)
 		dir := fmt.Sprintf("%s/%x", opts.logDirectory, id)
@@ -114,7 +113,7 @@ func snapshot(opts options) error {
 			nextSTH.TreeSize,
 			[sha256.Size]byte(currSTH.SHA256RootHash),
 			[sha256.Size]byte(nextSTH.SHA256RootHash),
-			utils.Proof(hashes)); err != nil {
+			proof(hashes)); err != nil {
 			return fmt.Errorf("%s: inconsistent tree: %v", *log.Description, err)
 		}
 		if err := os.WriteFile(sthFile, nextSTHBytes, 0644); err != nil {
@@ -124,3 +123,41 @@ func snapshot(opts options) error {
 	}
 	return nil
 }
+
+// logs select logs that count towards CT-compliance checks.  Logs that don't
+// have a description are skipped after printing a warning.
+func logs(md metadata.Metadata) (logs []metadata.Log) {
+	for _, operators := range md.Operators {
+		for _, log := range operators.Logs {
+			if log.Description == nil {
+				fmt.Fprintf(os.Stderr, "WARNING: skipping log without description")
+				continue
+			}
+			if log.State == nil {
+				continue // skip logs with unknown states
+			}
+			if log.State.Name == metadata.LogStatePending {
+				continue // pending logs do not count towards CT-compliance
+			}
+			if log.State.Name == metadata.LogStateRetired {
+				continue // retired logs are not necessarily reachable
+			}
+			if log.State.Name == metadata.LogStateRejected {
+				continue // rejected logs do not count towards CT-compliance
+			}
+
+			logs = append(logs, log)
+		}
+	}
+	return
+}
+
+// proof formats hashes so that they can be passed to the merkle package
+func proof(hashes [][]byte) (p [][sha256.Size]byte) {
+	for _, hash := range hashes {
+		var h [sha256.Size]byte
+		copy(h[:], hash)
+		p = append(p, h)
+	}
+	return
+}