From 15ffe76847c4c0383c4d0c0a35fb29d5031d093b Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@rgdd.se>
Date: Sat, 18 Mar 2023 13:17:40 +0100
Subject: more light refactoring

---
 snapshot.go | 43 ++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 40 insertions(+), 3 deletions(-)

(limited to 'snapshot.go')

diff --git a/snapshot.go b/snapshot.go
index 63402ea..5a9c50e 100644
--- a/snapshot.go
+++ b/snapshot.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"git.cs.kau.se/rasmoste/ct-sans/internal/merkle"
-	"git.cs.kau.se/rasmoste/ct-sans/internal/utils"
 	ct "github.com/google/certificate-transparency-go"
 	"github.com/google/certificate-transparency-go/client"
 	"github.com/google/certificate-transparency-go/jsonclient"
@@ -46,7 +45,7 @@ func snapshot(opts options) error {
 	}
 
 	logger.Printf("INFO: updating signed tree heads\n")
-	for _, log := range utils.Logs(md) {
+	for _, log := range logs(md) {
 		id, _ := log.Key.ID()
 		der, _ := x509.MarshalPKIXPublicKey(log.Key)
 		dir := fmt.Sprintf("%s/%x", opts.logDirectory, id)
@@ -114,7 +113,7 @@ func snapshot(opts options) error {
 			nextSTH.TreeSize,
 			[sha256.Size]byte(currSTH.SHA256RootHash),
 			[sha256.Size]byte(nextSTH.SHA256RootHash),
-			utils.Proof(hashes)); err != nil {
+			proof(hashes)); err != nil {
 			return fmt.Errorf("%s: inconsistent tree: %v", *log.Description, err)
 		}
 		if err := os.WriteFile(sthFile, nextSTHBytes, 0644); err != nil {
@@ -124,3 +123,41 @@ func snapshot(opts options) error {
 	}
 	return nil
 }
+
+// logs select logs that count towards CT-compliance checks.  Logs that don't
+// have a description are skipped after printing a warning.
+func logs(md metadata.Metadata) (logs []metadata.Log) {
+	for _, operators := range md.Operators {
+		for _, log := range operators.Logs {
+			if log.Description == nil {
+				fmt.Fprintf(os.Stderr, "WARNING: skipping log without description")
+				continue
+			}
+			if log.State == nil {
+				continue // skip logs with unknown states
+			}
+			if log.State.Name == metadata.LogStatePending {
+				continue // pending logs do not count towards CT-compliance
+			}
+			if log.State.Name == metadata.LogStateRetired {
+				continue // retired logs are not necessarily reachable
+			}
+			if log.State.Name == metadata.LogStateRejected {
+				continue // rejected logs do not count towards CT-compliance
+			}
+
+			logs = append(logs, log)
+		}
+	}
+	return
+}
+
+// proof formats hashes so that they can be passed to the merkle package
+func proof(hashes [][]byte) (p [][sha256.Size]byte) {
+	for _, hash := range hashes {
+		var h [sha256.Size]byte
+		copy(h[:], hash)
+		p = append(p, h)
+	}
+	return
+}
-- 
cgit v1.2.3