summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/v1.erl28
-rw-r--r--test/catlfish-test.cfg2
-rwxr-xr-xtools/compileconfig.py2
3 files changed, 32 insertions, 0 deletions
diff --git a/src/v1.erl b/src/v1.erl
index ad312e7..e066cdd 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -7,14 +7,37 @@
%% API (URL)
-export([request/3]).
+check_valid_sth() ->
+ case plop:sth() of
+ noentry ->
+ lager:error("No valid STH found"),
+ exit({internalerror, "No valid STH found"});
+ {struct, PropList} ->
+ Now = plop:generate_timestamp(),
+ Timestamp = proplists:get_value(<<"timestamp">>, PropList),
+ MMD = application:get_env(catlfish, mmd, 86400) * 1000,
+ if
+ Now - Timestamp > MMD ->
+ lager:error("Old STH found, " ++
+ "now: ~p, STH timestamp: ~p, diff: ~p",
+ [Now, Timestamp, Now - Timestamp]),
+ exit({internalerror, "No valid STH found"});
+ true ->
+ ok
+ end
+ end.
+
%% Public functions, i.e. part of URL.
request(post, "ct/v1/add-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, normal);
request(post, "ct/v1/add-pre-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, precert);
request(get, "ct/v1/get-sth", _Query) ->
+ check_valid_sth(),
case plop:sth() of
noentry ->
lager:error("No valid STH found"),
@@ -24,6 +47,7 @@ request(get, "ct/v1/get-sth", _Query) ->
end;
request(get, "ct/v1/get-sth-consistency", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"first", FirstInput}, {"second", SecondInput}] ->
{First, _} = string:to_integer(FirstInput),
@@ -42,6 +66,7 @@ request(get, "ct/v1/get-sth-consistency", Query) ->
end;
request(get, "ct/v1/get-proof-by-hash", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"hash", HashInput}, {"tree_size", TreeSizeInput}] ->
Hash = case (catch base64:decode(HashInput)) of
@@ -67,6 +92,7 @@ request(get, "ct/v1/get-proof-by-hash", Query) ->
end;
request(get, "ct/v1/get-entries", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"end", EndInput}, {"start", StartInput}] ->
{Start, _} = string:to_integer(StartInput),
@@ -80,6 +106,7 @@ request(get, "ct/v1/get-entries", Query) ->
end;
request(get, "ct/v1/get-entry-and-proof", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"leaf_index", IndexInput}, {"tree_size", TreeSizeInput}] ->
{Index, _} = string:to_integer(IndexInput),
@@ -94,6 +121,7 @@ request(get, "ct/v1/get-entry-and-proof", Query) ->
end;
request(get, "ct/v1/get-roots", _Query) ->
+ check_valid_sth(),
R = [{certificates,
[base64:encode(Der) ||
Der <- catlfish:update_known_roots()]}],
diff --git a/test/catlfish-test.cfg b/test/catlfish-test.cfg
index 3131415..6cb3bed 100644
--- a/test/catlfish-test.cfg
+++ b/test/catlfish-test.cfg
@@ -17,3 +17,5 @@ mergenodes:
- name: merge-1
storage-quorum-size: 1
+
+mmd: 86400
diff --git a/tools/compileconfig.py b/tools/compileconfig.py
index 574b158..d90d96d 100755
--- a/tools/compileconfig.py
+++ b/tools/compileconfig.py
@@ -180,6 +180,8 @@ def gen_config(nodename, config, localconfig):
(Symbol("https_cacertfile"), paths["https_cacertfile"]),
]
+ catlfishconfig.append((Symbol("mmd"), config["mmd"]))
+
lagerconfig = [
(Symbol("handlers"), [
(Symbol("lager_console_backend"), Symbol("info")),