1 files changed, 18 insertions, 41 deletions
diff --git a/src/plop.erl b/src/plop.erl
index 5eb0c1f..ebadcc5 100644
--- a/src/plop.erl
+++ b/src/plop.erl
@@ -27,7 +27,7 @@
 -export([start_link/0, stop/0]).
 -export([get_logid/0, serialise/1]).
 -export([add/3, sth/0, get/1, get/2, spt/1, consistency/2, inclusion/2, inclusion_and_entry/2]).
--export([generate_timestamp/0]).
+-export([generate_timestamp/0, save_sth/1, verify_sth/4]).
 %% API for tests.
 -export([testing_get_pubkey/0]).
 %% gen_server callbacks.
@@ -115,8 +115,14 @@ add(LogEntry, TreeLeafHash, EntryHash) ->
                                 end)
     end.
 
+save_sth(STH) ->
+    {ok, STHFile} = application:get_env(plop, sth_path),
+    lager:debug("writing new sth to ~p: ~p", [STHFile, STH]),
+    atomic:replacefile(STHFile, mochijson2:encode(STH)).
+
 sth() ->
-    sth([]).
+    {ok, STHFile} = application:get_env(plop, sth_path),
+    mochijson2:decode(atomic:readfile(STHFile)).
 
 -spec get(non_neg_integer(), non_neg_integer()) ->
                  [{non_neg_integer(), binary(), binary()}].
@@ -198,7 +204,7 @@ send_http_request(TreeLeafHash, URL, Headers, RequestBody) ->
     RequestId = make_ref(),
     spawn(fun () ->
                   case plop_httputil:request("leafhash " ++ mochihex:to_hex(TreeLeafHash), URL, Headers, RequestBody) of
-                      {failure, StatusLine, RespHeaders, Body}  ->
+                      {failure, _StatusLine, _RespHeaders, _Body}  ->
                           lager:debug("auth check failed"),
                           drop;
                       {success, StatusLine, RespHeaders, Body} ->
@@ -293,32 +299,15 @@ handle_call(stop, _From, Plop) ->
     {stop, normal, stopped, Plop}.
 
 
-%% @doc Signed Plop Timestamp, conformant to an SCT in RFC6962 3.2 and
-%% RFC5246 4.7.
-
-%% @doc Signed Tree Head as specified in RFC6962 section 3.2.
--spec sth(sth_signed() | list()) -> sth().
-sth([]) ->
-    sth(#sth_signed{timestamp = now});
-sth(#sth_signed{version = Version, timestamp = Timestamp_in}) ->
-    Timestamp = timestamp(Timestamp_in),
-    Treesize = ht:size(),
-    Roothash = ht:root(),
-    BinToSign = serialise(#sth_signed{
-                             version = Version,
-                             signature_type = tree_hash,
-                             timestamp = Timestamp,
-                             tree_size = Treesize,
-                             root_hash = Roothash}),
-    Signature = #signature{
-                   algorithm = #sig_and_hash_alg{
-                                  hash_alg = sha256,
-                                  signature_alg = ecdsa},
-                   signature = sign:sign_sth(BinToSign)},
-    STH = {Treesize, Timestamp, Roothash, Signature},
-    %%io:format("STH: ~p~nBinToSign: ~p~nSignature: ~p~nTimestamp: ~p~n",
-    %%          [STH, BinToSign, Signature, Timestamp]),
-    STH.
+verify_sth(Treesize, Timestamp, Roothash, PackedSignature) ->
+    STH = serialise(#sth_signed{
+                       version = ?PLOPVERSION,
+                       signature_type = tree_hash,
+                       timestamp = Timestamp,
+                       tree_size = Treesize,
+                       root_hash = Roothash}),
+    <<HashAlg:8, SignatureAlg:8, SigLen:16, Signature/binary>> = PackedSignature,
+    sign:verify_sth(STH, Signature).
 
 
 
@@ -349,18 +338,6 @@ signature_alg_type(rsa) -> 1;
 signature_alg_type(dsa) -> 2;
 signature_alg_type(ecdsa) -> 3.
 
-%% TODO: Remove.
--spec timestamp(now | integer()) -> integer().
-timestamp(Timestamp) ->
-    case Timestamp of
-        now ->
-            {NowMegaSec, NowSec, NowMicroSec} = now(),
-            trunc(NowMegaSec * 1.0e9
-                  + NowSec * 1.0e3
-                  + NowMicroSec / 1.0e3);
-        _ -> Timestamp
-    end.
-
 -spec generate_timestamp() -> integer().
 generate_timestamp() ->
     {NowMegaSec, NowSec, NowMicroSec} = now(),