diff options
Diffstat (limited to 'pkg/storage')
| -rw-r--r-- | pkg/storage/index/index.go | 4 | ||||
| -rw-r--r-- | pkg/storage/index/inmem.go | 16 | ||||
| -rw-r--r-- | pkg/storage/loglist/loglist.go | 4 | ||||
| -rw-r--r-- | pkg/storage/loglist/metadata.go | 26 |
4 files changed, 41 insertions, 9 deletions
diff --git a/pkg/storage/index/index.go b/pkg/storage/index/index.go index 95eb04a..c85a9e9 100644 --- a/pkg/storage/index/index.go +++ b/pkg/storage/index/index.go @@ -56,7 +56,7 @@ func (ix *Index) AddChain(node string, pem []byte) error { var crtID CertificateID crtID.Set(chain[0]) path := fmt.Sprintf("%s/%s-%s.pem", ix.cfg.TrustDirectory, node, crtID) - if !ix.mem.addChain(crtID, path) { + if !ix.mem.addChain(path, crtID, chain[0].DNSNames) { return nil // duplicate } @@ -76,7 +76,7 @@ func (ix *Index) AddEntries(logID [sha256.Size]byte, entries []monitor.LogEntry) var crtID CertificateID crtID.Set(crt) path := fmt.Sprintf("%s/%x-%d.json", ix.cfg.MatchDirectory, logID[:], entry.LeafIndex) - if !ix.mem.addEntry(crtID, path) { + if !ix.mem.addEntry(path, crtID, crt.DNSNames, logID, entry.LeafIndex) { return nil // duplicate } if err := ioutil.CommitJSON(path, entry); err != nil { diff --git a/pkg/storage/index/inmem.go b/pkg/storage/index/inmem.go index ba48bc1..6184cad 100644 --- a/pkg/storage/index/inmem.go +++ b/pkg/storage/index/inmem.go @@ -16,8 +16,12 @@ func (crtID *CertificateID) Set(crt x509.Certificate) { } type CertificateInfo struct { - ObservedAt time.Time `json:"observed_at"` - StoredAt string `json:"stored_at"` + ObservedAt time.Time `json:"observed_at"` + StoredAt string `json:"stored_at"` + SerialNumber CertificateID `json:"serial_number"` + SANs []string `json:"crt_sans"` + LogID [32]byte `json:"log_id,omitempty"` + LogIndex uint64 `json:"log_index,omitempty"` } // index is an in-memory index of certificates @@ -65,12 +69,12 @@ func (ix *index) triggerAlerts(delay time.Duration) []CertificateInfo { return alerts } -func (ix *index) addChain(crtID CertificateID, path string) bool { +func (ix *index) addChain(path string, crtID CertificateID, sans []string) bool { if _, ok := ix.Legitimate[crtID]; ok { return false // we already marked this certificate as "good" } - entry := CertificateInfo{ObservedAt: time.Now(), StoredAt: path} + entry := CertificateInfo{ObservedAt: time.Now(), StoredAt: path, SerialNumber: crtID, SANs: sans} crtInfos := []CertificateInfo{entry} if v, ok := ix.Alerting[crtID]; ok { crtInfos = append(crtInfos, v...) @@ -84,8 +88,8 @@ func (ix *index) addChain(crtID CertificateID, path string) bool { return true // index updated such that this certificate is marked as "good" } -func (ix *index) addEntry(crtID CertificateID, path string) bool { - crtInfo := CertificateInfo{ObservedAt: time.Now(), StoredAt: path} +func (ix *index) addEntry(path string, crtID CertificateID, sans []string, logID [32]byte, logIndex uint64) bool { + crtInfo := CertificateInfo{ObservedAt: time.Now(), StoredAt: path, SerialNumber: crtID, SANs: sans, LogID: logID, LogIndex: logIndex} if _, ok := ix.Legitimate[crtID]; ok { return add(ix.Legitimate, crtID, crtInfo) } else if _, ok := ix.Alerting[crtID]; ok { diff --git a/pkg/storage/loglist/loglist.go b/pkg/storage/loglist/loglist.go index a37cb32..f282113 100644 --- a/pkg/storage/loglist/loglist.go +++ b/pkg/storage/loglist/loglist.go @@ -72,6 +72,10 @@ func New(cfg Config) (LogList, error) { return ll, nil } +func (ll *LogList) LogName(logID [32]byte) (string, error) { + return metadataLogName(ll.md, logID) +} + func (ll *LogList) IsRecent() bool { return time.Now().Before(ll.md.CreatedAt.Add(ll.cfg.MetadataIsRecent)) } diff --git a/pkg/storage/loglist/metadata.go b/pkg/storage/loglist/metadata.go index adacf81..96d035c 100644 --- a/pkg/storage/loglist/metadata.go +++ b/pkg/storage/loglist/metadata.go @@ -1,6 +1,11 @@ package loglist -import "gitlab.torproject.org/rgdd/ct/pkg/metadata" +import ( + "fmt" + "strings" + + "gitlab.torproject.org/rgdd/ct/pkg/metadata" +) // FIXME: helpers that should probably be in the upstream package @@ -13,6 +18,25 @@ func metadataFindLog(md metadata.Metadata, target metadata.Log) bool { return false } +func metadataLogName(md metadata.Metadata, targetID [32]byte) (string, error) { + for _, operator := range md.Operators { + for _, log := range operator.Logs { + id, _ := log.Key.ID() + if id == targetID { + return FormatLogName(log), nil + } + } + } + return "", fmt.Errorf("no match for log ID: %x", targetID[:]) +} + +func FormatLogName(log metadata.Log) string { + if log.Description != nil { + return *log.Description + } + return strings.TrimSuffix("https://", string(log.URL)) +} + func findLog(logs []metadata.Log, target metadata.Log) bool { targetID, _ := target.Key.ID() for _, log := range logs { |