diff options
| -rw-r--r-- | src/catlfish.erl | 43 |
1 files changed, 31 insertions, 12 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 3956eec..2fd9dc7 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -69,10 +69,30 @@ build_mtl(Timestamp, LeafCert) -> entry = TSE}, serialise(MTL). +calc_sct(TimestampedEntry) -> + plop:serialise(plop:spt(list_to_binary([<<?PROTOCOL_VERSION:8>>, + serialise_signature_type(certificate_timestamp), + serialise(TimestampedEntry)]))). + +get_sct(Hash, TimestampedEntry) -> + case application:get_env(catlfish, sctcache_root_path) of + {ok, RootPath} -> + case perm:readfile(RootPath, Hash) of + Contents when is_binary(Contents) -> + Contents; + noentry -> + SCT = calc_sct(TimestampedEntry), + ok = perm:ensurefile_nosync(RootPath, Hash, SCT), + SCT + end; + _ -> + SCT = calc_sct(TimestampedEntry) + end. + -spec add_chain(binary(), [binary()]) -> nonempty_string(). add_chain(LeafCert, CertChain) -> EntryHash = crypto:hash(sha256, [LeafCert | CertChain]), - TimestampedEntry = + {TimestampedEntry, Hash} = case plop:get(EntryHash) of notfound -> Timestamp = plop:generate_timestamp(), @@ -82,28 +102,27 @@ add_chain(LeafCert, CertChain) -> MTL = #mtl{leaf_version = v1, leaf_type = timestamped_entry, entry = TSE}, + MTLHash = ht:leaf_hash(serialise(MTL)), ok = plop:add( serialise_logentry(Timestamp, LeafCert, CertChain), - ht:leaf_hash(serialise(MTL)), + MTLHash, EntryHash), - TSE; - {_Index, _MTLHash, Entry} -> + {TSE, MTLHash}; + {_Index, MTLHash, Entry} -> <<Timestamp:64, _LogEntry/binary>> = Entry, %% TODO: Perform a costly db consistency check against %% unpacked LogEntry (w/ LeafCert and CertChain) - #timestamped_entry{timestamp = Timestamp, - entry_type = x509_entry, - signed_entry = LeafCert} + {#timestamped_entry{timestamp = Timestamp, + entry_type = x509_entry, + signed_entry = LeafCert}, + MTLHash} end, - SCT_sig = - plop:spt(list_to_binary([<<?PROTOCOL_VERSION:8>>, - serialise_signature_type(certificate_timestamp), - serialise(TimestampedEntry)])), + SCT_sig = get_sct(Hash, TimestampedEntry), {[{sct_version, ?PROTOCOL_VERSION}, {id, base64:encode(plop:get_logid())}, {timestamp, TimestampedEntry#timestamped_entry.timestamp}, {extensions, base64:encode(<<>>)}, - {signature, base64:encode(plop:serialise(SCT_sig))}]}. + {signature, base64:encode(SCT_sig)}]}. -spec serialise_logentry(integer(), binary(), [binary()]) -> binary(). serialise_logentry(Timestamp, LeafCert, CertChain) -> |