diff options
author | Linus Nordberg <linus@nordu.net> | 2015-09-26 21:14:38 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2016-02-01 11:40:25 +0100 |
commit | 1aa959b65818ca98855d7af1ba610528cc82fc25 (patch) | |
tree | 272e31dcf9484c868e0eed086cab5f230829efe5 | |
parent | 3af793842f9feb2d8ae09075d596ac9e1c50bf99 (diff) |
Base64-decode submitted blobs and treat them as leaf certs.
-rw-r--r-- | src/catlfish.erl | 29 | ||||
-rw-r--r-- | src/v1.erl | 10 |
2 files changed, 20 insertions, 19 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 7a28f9f..e3b5939 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -2,7 +2,7 @@ %%% See LICENSE for licensing information. -module(catlfish). --export([add_chain/2, entries/2, entry_and_proof/2]). +-export([add_chain/3, entries/2, entry_and_proof/2]). -export([known_roots/0, update_known_roots/0]). -export([init_cache_table/0]). -export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]). @@ -131,15 +131,15 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) -> get_ratelimit_token(Type) -> ratelimit:get_token(Type). --spec add_chain(binary(), normal) -> {[{_,_},...]}. -add_chain(Blob, Type) -> - EntryHash = crypto:hash(sha256, Blob), +-spec add_chain(binary(), [binary()], normal|precert) -> {[{_,_},...]}. +add_chain(LeafCert, CertChain, Type) -> + EntryHash = crypto:hash(sha256, [LeafCert | CertChain]), {TimestampedEntry, Hash} = case plop:get(EntryHash) of notfound -> case get_ratelimit_token(add_chain) of ok -> - add_to_db(Type, Blob, [], EntryHash); + add_to_db(Type, LeafCert, CertChain, EntryHash); _ -> exit({internalerror, "Rate limiting"}) end; @@ -271,18 +271,13 @@ verify_entry(Entry) -> verify_entry(Entry, RootCerts). %% Used from plop. -verify_entry(PackedEntry, RootCerts) -> - {_Type, MTLText, Cert, Chain} = unpack_entry(PackedEntry), - case x509:normalise_chain(RootCerts, [Cert | Chain]) of - {ok, [Cert | FullChain]} -> - case verify_mtl(deserialise_mtl(MTLText), Cert, FullChain) of - ok -> - {ok, ht:leaf_hash(MTLText)}; - error -> - {error, "MTL verification failed"} - end; - {error, Reason} -> - {error, Reason} +verify_entry(PackedEntry, _RootCerts) -> + {_Type, MTLText, Cert, _Chain} = unpack_entry(PackedEntry), + case verify_mtl(deserialise_mtl(MTLText), Cert, []) of + ok -> + {ok, ht:leaf_hash(MTLText)}; + error -> + {error, "MTL verification failed"} end. %% Used from plop. @@ -153,6 +153,12 @@ add_blob(Input) -> {error, E} -> err400("add-blob: bad input:", E); {struct, [{<<"blob">>, Blob}]} -> - success(catlfish:add_chain(Blob, normal)); - _ -> err400("add-blob: missing input: blob", Input) + case (catch base64:decode(Blob)) of + {'EXIT', _} -> + err400("add-blob: invalid base64-encoded blob", Blob); + DecodedBlob -> + success(catlfish:add_chain(DecodedBlob, [], normal)) + end; + _ -> + err400("add-blob: missing input: blob", Input) end. |