summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Nordberg <linus@nordu.net>2015-09-26 21:14:38 +0200
committerLinus Nordberg <linus@nordu.net>2015-09-27 13:38:30 +0200
commit2f0d0c63e2a935835779347b97ce79925347949b (patch)
treef2bbc2a97a9c46fa64b0aee8988ccc1212d846d2
parent3adc635ef9857dc4e988448662d99f69abc4719a (diff)
Base64-decode submitted blobs and treat them as leaf certs.
-rw-r--r--src/catlfish.erl29
-rw-r--r--src/v1.erl10
2 files changed, 20 insertions, 19 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 7a28f9f..e3b5939 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -2,7 +2,7 @@
%%% See LICENSE for licensing information.
-module(catlfish).
--export([add_chain/2, entries/2, entry_and_proof/2]).
+-export([add_chain/3, entries/2, entry_and_proof/2]).
-export([known_roots/0, update_known_roots/0]).
-export([init_cache_table/0]).
-export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]).
@@ -131,15 +131,15 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) ->
get_ratelimit_token(Type) ->
ratelimit:get_token(Type).
--spec add_chain(binary(), normal) -> {[{_,_},...]}.
-add_chain(Blob, Type) ->
- EntryHash = crypto:hash(sha256, Blob),
+-spec add_chain(binary(), [binary()], normal|precert) -> {[{_,_},...]}.
+add_chain(LeafCert, CertChain, Type) ->
+ EntryHash = crypto:hash(sha256, [LeafCert | CertChain]),
{TimestampedEntry, Hash} =
case plop:get(EntryHash) of
notfound ->
case get_ratelimit_token(add_chain) of
ok ->
- add_to_db(Type, Blob, [], EntryHash);
+ add_to_db(Type, LeafCert, CertChain, EntryHash);
_ ->
exit({internalerror, "Rate limiting"})
end;
@@ -271,18 +271,13 @@ verify_entry(Entry) ->
verify_entry(Entry, RootCerts).
%% Used from plop.
-verify_entry(PackedEntry, RootCerts) ->
- {_Type, MTLText, Cert, Chain} = unpack_entry(PackedEntry),
- case x509:normalise_chain(RootCerts, [Cert | Chain]) of
- {ok, [Cert | FullChain]} ->
- case verify_mtl(deserialise_mtl(MTLText), Cert, FullChain) of
- ok ->
- {ok, ht:leaf_hash(MTLText)};
- error ->
- {error, "MTL verification failed"}
- end;
- {error, Reason} ->
- {error, Reason}
+verify_entry(PackedEntry, _RootCerts) ->
+ {_Type, MTLText, Cert, _Chain} = unpack_entry(PackedEntry),
+ case verify_mtl(deserialise_mtl(MTLText), Cert, []) of
+ ok ->
+ {ok, ht:leaf_hash(MTLText)};
+ error ->
+ {error, "MTL verification failed"}
end.
%% Used from plop.
diff --git a/src/v1.erl b/src/v1.erl
index d89b521..3c5e6b4 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -151,6 +151,12 @@ add_blob(Input) ->
{error, E} ->
err400("add-blob: bad input:", E);
{struct, [{<<"blob">>, Blob}]} ->
- success(catlfish:add_chain(Blob, normal));
- _ -> err400("add-blob: missing input: blob", Input)
+ case (catch base64:decode(Blob)) of
+ {'EXIT', _} ->
+ err400("add-blob: invalid base64-encoded blob", Blob);
+ DecodedBlob ->
+ success(catlfish:add_chain(DecodedBlob, [], normal))
+ end;
+ _ ->
+ err400("add-blob: missing input: blob", Input)
end.