From 9eaa1ef1b558043b809fd7c7f869128c186ec0e9 Mon Sep 17 00:00:00 2001
From: Magnus Ahltorp <map@kth.se>
Date: Mon, 2 Mar 2015 19:15:09 +0100
Subject: Implement external signing

---
 src/sign.erl | 54 +++++++++++++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 49 insertions(+), 5 deletions(-)

(limited to 'src/sign.erl')

diff --git a/src/sign.erl b/src/sign.erl
index 9acb9d4..b0916fd 100644
--- a/src/sign.erl
+++ b/src/sign.erl
@@ -8,7 +8,7 @@
 
 %% API.
 -export([start_link/0, stop/0]).
--export([sign/1, get_pubkey/0, get_logid/0]).
+-export([sign_sct/1, sign_sth/1, get_pubkey/0, get_logid/0]).
 -export([read_keyfile_ec/1]).
 %% API for tests.
 -export([read_keyfile_rsa/2]).
@@ -16,6 +16,9 @@
 -export([init/1, handle_call/3, terminate/2,
          handle_cast/2, handle_info/2, code_change/3]).
 
+-define(CERTIFICATE_TIMESTAMP, 0).
+-define(TREE_HASH, 1).
+
 -import(stacktrace, [call/2]).
 
 -include_lib("public_key/include/public_key.hrl").
@@ -44,7 +47,6 @@ init([]) ->
     Private_key = read_keyfile_ec(PrivKeyfile),
     Public_key = read_keyfile_ec(PubKeyfile),
     LogID = read_keyfile_ec_logid(PubKeyfile),
-    _Tree = ht:reset_tree([db:size() - 1]),
     {ok, #state{pubkey = Public_key,
                 privkey = Private_key,
                 logid = LogID}}.
@@ -107,17 +109,59 @@ public_key(#'RSAPrivateKey'{modulus = Mod, publicExponent = Exp}) ->
     #'RSAPublicKey'{modulus = Mod, publicExponent = Exp}.
 
 
+remote_sign_request(URL, Request) ->
+    case plop_httputil:request("signing", URL, [{"Content-Type", "text/json"}], list_to_binary(mochijson2:encode(Request))) of
+        {failure, StatusLine, RespHeaders, Body}  ->
+            lager:debug("auth check failed"),
+            none;
+        {success, StatusLine, RespHeaders, Body} ->
+            lager:debug("auth check succeeded"),
+            case (catch mochijson2:decode(Body)) of
+                {error, E} ->
+                    none;
+                {struct, PropList} ->
+                    base64:decode(proplists:get_value(<<"result">>, PropList))
+            end;
+        {noauth, StatusLine, RespHeaders, Body} ->
+            lager:debug("no auth"),
+            none
+    end.
+
 %%%%%%%%%%%%%%%%%%%%
 %% Public API.
 
-sign(Data) ->
-    call(?MODULE, {sign, Data}).
+sign_sct(Data = <<_Version:8,
+                  ?CERTIFICATE_TIMESTAMP:8,
+                  _/binary>>) ->
+    case application:get_env(plop, signing_node) of
+        {ok, URLBase} ->
+            Request = {[{plop_version, 1},
+                        {data, base64:encode(Data)}
+                       ]},
+            remote_sign_request(URLBase ++ "sct", Request);
+        undefined ->
+            call(?MODULE, {sign, Data})
+    end.
+
+sign_sth(Data = <<_Version:8,
+                  ?TREE_HASH:8,
+                  _/binary>>) ->
+    case application:get_env(plop, signing_node) of
+        {ok, URLBase} ->
+            Request = {[{plop_version, 1},
+                        {data, base64:encode(Data)}
+                       ]},
+            remote_sign_request(URLBase ++ "sth", Request);
+        undefined ->
+            call(?MODULE, {sign, Data})
+    end.
 
 get_pubkey() ->
     call(?MODULE, {get, pubkey}).
 
 get_logid() ->
-    call(?MODULE, {get, logid}).
+    PubKeyfile = application:get_env(plop, log_public_key, none),
+    read_keyfile_ec_logid(PubKeyfile).
 
 %%%%%%%%%%%%%%%%%%%%
 %% gen_server callbacks.
-- 
cgit v1.1