aboutsummaryrefslogtreecommitdiff
path: root/pkg
diff options
context:
space:
mode:
Diffstat (limited to 'pkg')
-rw-r--r--pkg/storage/index/index.go4
-rw-r--r--pkg/storage/index/inmem.go16
-rw-r--r--pkg/storage/loglist/loglist.go4
-rw-r--r--pkg/storage/loglist/metadata.go26
4 files changed, 41 insertions, 9 deletions
diff --git a/pkg/storage/index/index.go b/pkg/storage/index/index.go
index 95eb04a..c85a9e9 100644
--- a/pkg/storage/index/index.go
+++ b/pkg/storage/index/index.go
@@ -56,7 +56,7 @@ func (ix *Index) AddChain(node string, pem []byte) error {
var crtID CertificateID
crtID.Set(chain[0])
path := fmt.Sprintf("%s/%s-%s.pem", ix.cfg.TrustDirectory, node, crtID)
- if !ix.mem.addChain(crtID, path) {
+ if !ix.mem.addChain(path, crtID, chain[0].DNSNames) {
return nil // duplicate
}
@@ -76,7 +76,7 @@ func (ix *Index) AddEntries(logID [sha256.Size]byte, entries []monitor.LogEntry)
var crtID CertificateID
crtID.Set(crt)
path := fmt.Sprintf("%s/%x-%d.json", ix.cfg.MatchDirectory, logID[:], entry.LeafIndex)
- if !ix.mem.addEntry(crtID, path) {
+ if !ix.mem.addEntry(path, crtID, crt.DNSNames, logID, entry.LeafIndex) {
return nil // duplicate
}
if err := ioutil.CommitJSON(path, entry); err != nil {
diff --git a/pkg/storage/index/inmem.go b/pkg/storage/index/inmem.go
index ba48bc1..6184cad 100644
--- a/pkg/storage/index/inmem.go
+++ b/pkg/storage/index/inmem.go
@@ -16,8 +16,12 @@ func (crtID *CertificateID) Set(crt x509.Certificate) {
}
type CertificateInfo struct {
- ObservedAt time.Time `json:"observed_at"`
- StoredAt string `json:"stored_at"`
+ ObservedAt time.Time `json:"observed_at"`
+ StoredAt string `json:"stored_at"`
+ SerialNumber CertificateID `json:"serial_number"`
+ SANs []string `json:"crt_sans"`
+ LogID [32]byte `json:"log_id,omitempty"`
+ LogIndex uint64 `json:"log_index,omitempty"`
}
// index is an in-memory index of certificates
@@ -65,12 +69,12 @@ func (ix *index) triggerAlerts(delay time.Duration) []CertificateInfo {
return alerts
}
-func (ix *index) addChain(crtID CertificateID, path string) bool {
+func (ix *index) addChain(path string, crtID CertificateID, sans []string) bool {
if _, ok := ix.Legitimate[crtID]; ok {
return false // we already marked this certificate as "good"
}
- entry := CertificateInfo{ObservedAt: time.Now(), StoredAt: path}
+ entry := CertificateInfo{ObservedAt: time.Now(), StoredAt: path, SerialNumber: crtID, SANs: sans}
crtInfos := []CertificateInfo{entry}
if v, ok := ix.Alerting[crtID]; ok {
crtInfos = append(crtInfos, v...)
@@ -84,8 +88,8 @@ func (ix *index) addChain(crtID CertificateID, path string) bool {
return true // index updated such that this certificate is marked as "good"
}
-func (ix *index) addEntry(crtID CertificateID, path string) bool {
- crtInfo := CertificateInfo{ObservedAt: time.Now(), StoredAt: path}
+func (ix *index) addEntry(path string, crtID CertificateID, sans []string, logID [32]byte, logIndex uint64) bool {
+ crtInfo := CertificateInfo{ObservedAt: time.Now(), StoredAt: path, SerialNumber: crtID, SANs: sans, LogID: logID, LogIndex: logIndex}
if _, ok := ix.Legitimate[crtID]; ok {
return add(ix.Legitimate, crtID, crtInfo)
} else if _, ok := ix.Alerting[crtID]; ok {
diff --git a/pkg/storage/loglist/loglist.go b/pkg/storage/loglist/loglist.go
index a37cb32..f282113 100644
--- a/pkg/storage/loglist/loglist.go
+++ b/pkg/storage/loglist/loglist.go
@@ -72,6 +72,10 @@ func New(cfg Config) (LogList, error) {
return ll, nil
}
+func (ll *LogList) LogName(logID [32]byte) (string, error) {
+ return metadataLogName(ll.md, logID)
+}
+
func (ll *LogList) IsRecent() bool {
return time.Now().Before(ll.md.CreatedAt.Add(ll.cfg.MetadataIsRecent))
}
diff --git a/pkg/storage/loglist/metadata.go b/pkg/storage/loglist/metadata.go
index adacf81..96d035c 100644
--- a/pkg/storage/loglist/metadata.go
+++ b/pkg/storage/loglist/metadata.go
@@ -1,6 +1,11 @@
package loglist
-import "gitlab.torproject.org/rgdd/ct/pkg/metadata"
+import (
+ "fmt"
+ "strings"
+
+ "gitlab.torproject.org/rgdd/ct/pkg/metadata"
+)
// FIXME: helpers that should probably be in the upstream package
@@ -13,6 +18,25 @@ func metadataFindLog(md metadata.Metadata, target metadata.Log) bool {
return false
}
+func metadataLogName(md metadata.Metadata, targetID [32]byte) (string, error) {
+ for _, operator := range md.Operators {
+ for _, log := range operator.Logs {
+ id, _ := log.Key.ID()
+ if id == targetID {
+ return FormatLogName(log), nil
+ }
+ }
+ }
+ return "", fmt.Errorf("no match for log ID: %x", targetID[:])
+}
+
+func FormatLogName(log metadata.Log) string {
+ if log.Description != nil {
+ return *log.Description
+ }
+ return strings.TrimSuffix("https://", string(log.URL))
+}
+
func findLog(logs []metadata.Log, target metadata.Log) bool {
targetID, _ := target.Key.ID()
for _, log := range logs {
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-07 06:46:35 +0000