summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordberg.se>2014-05-04 19:52:13 +0200
committerLinus Nordberg <linus@nordberg.se>2014-05-04 19:52:13 +0200
commited8bb6d1e454b9ddc793f74f682bd80b1c728904 (patch)
treeae81a24c1e7bbafd0a169ef94d8fada9d9403408
parent68f6bdf0f88322867b35a6ae35a0c4c3ea641884 (diff)
Get going, first cut.
add-chain looks like it might work properly. Not verified!
-rw-r--r--Emakefile3
-rw-r--r--src/.erlang5
-rw-r--r--src/Makefile10
-rw-r--r--src/Makefile.inc6
-rw-r--r--src/https/Makefile5
-rw-r--r--src/https/https_server.erl5
-rw-r--r--src/https_server.erl43
-rw-r--r--src/v1.erl45
-rw-r--r--webroot/certs/webcert.pem60
-rw-r--r--webroot/docroot/index.html6
-rw-r--r--webroot/keys/webkey.pem16
11 files changed, 173 insertions, 31 deletions
diff --git a/Emakefile b/Emakefile
new file mode 100644
index 0000000..8869cf4
--- /dev/null
+++ b/Emakefile
@@ -0,0 +1,3 @@
+%% erl -make (-*- erlang -*-)
+{"src/*", [debug_info, {i, "include/"}, {outdir, "ebin/"}]}.
+{"test/*", [debug_info, {i, "include/"}, {outdir, "ebin/"}]}.
diff --git a/src/.erlang b/src/.erlang
deleted file mode 100644
index b0147e0..0000000
--- a/src/.erlang
+++ /dev/null
@@ -1,5 +0,0 @@
-%% Erlang init file for ctls (in Emacs -*- erlang -*- mode)
-%%io:format("Inititaing for ctls~n").
-code:add_pathz("https").
-code:add_pathz("merkletree").
-code:add_pathz("x509").
diff --git a/src/Makefile b/src/Makefile
deleted file mode 100644
index 62548f6..0000000
--- a/src/Makefile
+++ /dev/null
@@ -1,10 +0,0 @@
-## TODO: Consider using 'rebar' instead of Make.
-
-MODULES = ctls
-
-all: subdirs $(MODULES:%=%.beam)
-
-subdirs:
- $(MAKE) -C https
-
-include Makefile.inc
diff --git a/src/Makefile.inc b/src/Makefile.inc
deleted file mode 100644
index 928b06a..0000000
--- a/src/Makefile.inc
+++ /dev/null
@@ -1,6 +0,0 @@
-# -*- makefile -*-
-
-.erl.beam:
- erlc -W $<
-
-.SUFFIXES: .erl .beam
diff --git a/src/https/Makefile b/src/https/Makefile
deleted file mode 100644
index ac3b57b..0000000
--- a/src/https/Makefile
+++ /dev/null
@@ -1,5 +0,0 @@
-MODULES = https_server
-
-all: $(MODULES:%=%.beam)
-
-include ../Makefile.inc
diff --git a/src/https/https_server.erl b/src/https/https_server.erl
deleted file mode 100644
index a62a02f..0000000
--- a/src/https/https_server.erl
+++ /dev/null
@@ -1,5 +0,0 @@
--module(https_server).
--export([start/0]).
-
-start() ->
- io:format("Starting https server~n").
diff --git a/src/https_server.erl b/src/https_server.erl
new file mode 100644
index 0000000..a0b81b4
--- /dev/null
+++ b/src/https_server.erl
@@ -0,0 +1,43 @@
+-module(https_server).
+-export([start/0, stop/1]).
+
+start() ->
+ io:format("Starting https server~n"),
+ %% TODO: put this in httpd_props.conf and use that at erlang
+ %% start. inets:start(httpd, {proplist_file, "httpd_props.conf"}).
+ ServerRoot = "/home/linus/usr/src/ct/ctls/webroot",
+ {ok, Pid} =
+ inets:start(httpd,
+ [{port, 8080},
+ %%{bind_address, {127,0,0,1}},
+ {bind_address, {192, 168, 122, 119}},
+ {server_name, "flimsy.ct.nordu.net"},
+ {server_root, ServerRoot},
+ {document_root, ServerRoot ++ "/docroot"},
+ {modules, [mod_alias,
+ mod_auth,
+ mod_esi,
+ mod_get,
+ mod_head,
+ mod_log,
+ mod_disk_log]},
+ %%{re_write, {"^/ct/v1/(.*)$", "/ct/v1/https_server/\\1"}},
+ {re_write, {"^/ct/v1/(.*)_(.*)$", "/ct/v1/\\1-\\2"}},
+ {erl_script_alias, {"/ct", [v1]}},
+ {erl_script_nocache, true},
+ {error_log, "log/error"},
+ {security_log, "log/security"},
+ {transfer_log, "log/transfer"},
+ %% See ssl(3erl) for SSL options.
+ {socket_type, {essl, [
+ {certfile, ServerRoot ++ "/certs/webcert.pem"},
+ {keyfile, ServerRoot ++ "/keys/webkey.pem"},
+ %%{cacertfile, ServerRoot ++ "/certs/cacert.pem"},
+ {ciphers, ssl:cipher_suites()},
+ {verify, verify_none}
+ ]}}
+ ]),
+ Pid.
+
+stop(Pid) ->
+ inets:stop(httpd, Pid).
diff --git a/src/v1.erl b/src/v1.erl
new file mode 100644
index 0000000..99cf55b
--- /dev/null
+++ b/src/v1.erl
@@ -0,0 +1,45 @@
+-module(v1).
+-export([add_chain/3]).
+-export([hello/3]).
+-include("/home/linus/usr/src/ct/plop/include/plop.hrl").
+-define(PROTOCOL_VERSION, 1).
+
+%% Public functions.
+add_chain(SessionID, _Env, Input) ->
+ Res = case (catch jiffy:decode(Input)) of
+ {error, E} -> html("add-chain: bad input; see RFC 6962", E);
+ {[{<<"chain">>, Chain}]} ->
+ Entry = #plop_entry{type = x509,
+ data = list_to_binary(Chain)},
+ SPT = plop:add(#timestamped_entry{entry = Entry}),
+ Timestamp = SPT#spt_on_wire.timestamp,
+ R = [{sct_version, ?PROTOCOL_VERSION},
+ {id, base64:encode(plop:get_logid())},
+ {timestamp, Timestamp},
+ {extensions, []},
+ {signature, base64:encode(list_to_binary(plop:serialise(SPT)))}],
+ binary_to_list(jiffy:encode({R}));
+ _ -> html("add-chain: missing input: chain; see RFC 6962", Input)
+ end,
+ mod_esi:deliver(SessionID, Res).
+
+%% For testing. FIXME: Remove.
+hello(SessionID, Env, Input) ->
+ Query = httpd:parse_query(Input),
+ mod_esi:deliver(SessionID, io_lib:format(
+ "Content-Type: text/html\r\n\r\n" ++
+ "<html><body>hello again, erlang world" ++
+ "<p>SessionID: ~p~n" ++
+ "<p>Env: ~p~n" ++
+ "<p>Input, raw: ~p~n" ++
+ "<p>Input, parsed: ~p~n" ++
+ "</body></html>", [SessionID, Env, Input, Query])).
+
+%% Private functions.
+html(Text, Input) ->
+ io_lib:format(
+ "Content-Type: text/html\r\n\r\n" ++
+ "<html><body><p>~n" ++
+ "~s~n" ++
+ "~p~n" ++
+ "</body></html>~n", [Text, Input]).
diff --git a/webroot/certs/webcert.pem b/webroot/certs/webcert.pem
new file mode 100644
index 0000000..cff62f0
--- /dev/null
+++ b/webroot/certs/webcert.pem
@@ -0,0 +1,60 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha256WithRSAEncryption
+ Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest
+ Validity
+ Not Before: May 4 10:17:19 2014 GMT
+ Not After : May 4 10:17:19 2015 GMT
+ Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:c5:1e:c3:c1:9a:26:e8:64:7f:dd:1c:05:5a:e0:
+ 9a:87:cc:d1:d4:f5:30:95:62:73:79:56:a8:8e:8e:
+ eb:12:7b:cb:8d:5e:5f:eb:3b:12:c9:c4:7d:fe:ad:
+ 85:c5:89:81:63:2f:3c:dc:a1:b6:ee:7c:7b:42:9d:
+ 6d:69:81:a4:c7:34:0e:85:f0:f3:ee:5f:34:92:a1:
+ 01:bb:f6:f6:c1:6a:e8:c6:cf:7f:44:8d:b7:9d:62:
+ d5:9a:7a:22:bc:f2:d4:e3:fa:03:e9:b1:ca:01:f0:
+ db:84:33:9f:64:60:f3:f8:7a:5b:f0:e3:9d:4e:b2:
+ 21:a1:49:a8:d9:e5:e8:7f:f5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:FALSE
+ Netscape Comment:
+ OpenSSL Generated Certificate
+ X509v3 Subject Key Identifier:
+ 7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28
+ X509v3 Authority Key Identifier:
+ keyid:7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28
+
+ Signature Algorithm: sha256WithRSAEncryption
+ 59:47:3b:91:85:21:40:31:af:82:bf:57:21:c3:46:07:eb:14:
+ bf:be:ec:f8:98:d1:0e:51:0b:eb:2c:44:8a:95:d0:e9:43:04:
+ 56:43:c5:10:41:76:2e:6c:f3:0a:9b:e4:5f:15:f5:2e:38:17:
+ dd:f6:f7:9e:5f:ed:f7:b2:76:b2:c2:55:da:48:73:e4:54:dc:
+ 3b:7e:b8:88:33:27:83:67:34:c8:a4:e7:b2:c7:20:51:0e:9f:
+ f6:b8:f3:a5:73:e2:b2:fc:5e:cf:82:43:6b:0e:73:fa:ef:ce:
+ 5d:46:f8:de:54:6c:b1:96:17:be:1c:f9:c4:49:cb:8d:ee:0a:
+ da:32
+-----BEGIN CERTIFICATE-----
+MIICpTCCAg6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJBVTET
+MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMRMwEQYDVQQDDApmbGltc3l0ZXN0MB4XDTE0MDUwNDEwMTcxOVoXDTE1
+MDUwNDEwMTcxOVowWjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx
+ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZmxp
+bXN5dGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxR7DwZom6GR/3RwF
+WuCah8zR1PUwlWJzeVaojo7rEnvLjV5f6zsSycR9/q2FxYmBYy883KG27nx7Qp1t
+aYGkxzQOhfDz7l80kqEBu/b2wWroxs9/RI23nWLVmnoivPLU4/oD6bHKAfDbhDOf
+ZGDz+Hpb8OOdTrIhoUmo2eXof/UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB
+hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE
+FHwFDLoJWMLeRn/tOVuHsiiLmdcoMB8GA1UdIwQYMBaAFHwFDLoJWMLeRn/tOVuH
+siiLmdcoMA0GCSqGSIb3DQEBCwUAA4GBAFlHO5GFIUAxr4K/VyHDRgfrFL++7PiY
+0Q5RC+ssRIqV0OlDBFZDxRBBdi5s8wqb5F8V9S44F932955f7feydrLCVdpIc+RU
+3Dt+uIgzJ4NnNMik57LHIFEOn/a486Vz4rL8Xs+CQ2sOc/rvzl1G+N5UbLGWF74c
++cRJy43uCtoy
+-----END CERTIFICATE-----
diff --git a/webroot/docroot/index.html b/webroot/docroot/index.html
new file mode 100644
index 0000000..00d1842
--- /dev/null
+++ b/webroot/docroot/index.html
@@ -0,0 +1,6 @@
+<html><title>
+Certificate Transparency Log Server
+</title><body>
+This is a Certificate Transparency Log Server.
+</body></html>
+
diff --git a/webroot/keys/webkey.pem b/webroot/keys/webkey.pem
new file mode 100644
index 0000000..a018196
--- /dev/null
+++ b/webroot/keys/webkey.pem
@@ -0,0 +1,16 @@
+-----BEGIN PRIVATE KEY-----
+MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMUew8GaJuhkf90c
+BVrgmofM0dT1MJVic3lWqI6O6xJ7y41eX+s7EsnEff6thcWJgWMvPNyhtu58e0Kd
+bWmBpMc0DoXw8+5fNJKhAbv29sFq6MbPf0SNt51i1Zp6Irzy1OP6A+mxygHw24Qz
+n2Rg8/h6W/DjnU6yIaFJqNnl6H/1AgMBAAECgYBxbEhbiCXHJrzkL5FtPzvr1BER
+Jpxz+JhVQ2Xt0ZK1qgHwMFOk+PLQon2VI6eLiJmoxq+QjITEKWCLbiZcxTpYWNBN
+y2ZdfQTwtAEc9cXcF0ZXFSkL58DCK+7haF6J6yyX6dXHRa+TzIlgHmDGTM0wb2Jv
+1lgr1nCUn+W5RpMLqQJBAP2mLZkLL+ai39QP8m2gjIfbmyXqz2WIgJNdiHNNqkzw
+fjMx/x5hutYTJtz4iYx/MfrklZvHb5cp37RPbzun2pcCQQDG8nZ8rOcgJp28WrFI
+CbaHY17TOHpPmCyYnA4DTXX3yXdlpjsJ3Q9CqjD/J1GQ94QyMSBggV16jJVU7DFh
+YYdTAkEAqtUAQuI4+cHatC2lXlZSL7IlVS1HT5/W0Ome2+GEAFu882gJ5gF2X3X4
+p7ywjzKfi9XmOUviCVJHe15AkVIkswJBAIifTXtFCdvsaPpGleRQt0a2mRIYgPZU
+HJwY3w6pjU/CzPnDdFvLsYUod0lh6QPS1rfZQNDFRjq4fHy7TxX+8f0CQQCZVXRg
+tWGcP0+t9HLpUhguH10qpLAYSqVcpWFVycVcPu2d4gJNZ2ls5TVkQeUZjM1S+Pg/
+/Uod2TbrtPafW8Ss
+-----END PRIVATE KEY-----