Save STH instead of calculating a new one each time.

Verify incoming STH.

1 files changed, 26 insertions, 5 deletions

diff --git a/src/frontend.erl b/src/frontend.erl
index b2244de..68039c2 100644
--- a/src/frontend.erl
+++ b/src/frontend.erl
@@ -45,18 +45,30 @@ request(post, "ct/frontend/sendsth", Input) ->
         {struct, PropList} ->
             OldSize = db:size(),
             Treesize = proplists:get_value(<<"tree_size">>, PropList),
+            Timestamp = proplists:get_value(<<"timestamp">>, PropList),
             RootHash = base64:decode(proplists:get_value(<<"sha256_root_hash">>, PropList)),
+            Signature = base64:decode(proplists:get_value(<<"tree_head_signature">>, PropList)),
             Indexsize = db:indexsize(),
 
             if
                 Treesize < OldSize ->
                     html("Size is older than current size", OldSize);
-                Treesize == OldSize ->
-                    success({[{result, <<"ok">>}]});
+                Treesize == 0, OldSize == 0 ->
+                    lager:debug("both old and new size is 0, saving sth"),
+                    OwnRootHash = ht:root(-1),
+                    case {plop:verify_sth(Treesize, Timestamp, RootHash, Signature), OwnRootHash} of
+                        {true, RootHash} ->
+                            ok = plop:save_sth({struct, PropList}),
+                            success({[{result, <<"ok">>}]});
+                        {false, RootHash} ->
+                            html("Verification failed", hex:bin_to_hexstr(RootHash));
+                        _ ->
+                            html("Root hash not the same", hex:bin_to_hexstr(OwnRootHash))
+                    end;
                 Treesize > Indexsize ->
                     html("Has too few entries", Indexsize);
                 true ->
-                    NewEntries = db:leafhash_for_indices(OldSize, Treesize - 1),
+                    NewEntries = get_new_entries(OldSize, Treesize),
                     lager:debug("old size: ~p new size: ~p entries: ~p",
                                 [OldSize, Treesize, NewEntries]),
 
@@ -66,10 +78,13 @@ request(post, "ct/frontend/sendsth", Input) ->
                         [] ->
                             ht:load_tree(Treesize - 1),
                             OwnRootHash = ht:root(Treesize - 1),
-                            case OwnRootHash of
-                                RootHash ->
+                            case {plop:verify_sth(Treesize, Timestamp, RootHash, Signature), OwnRootHash} of
+                                {true, RootHash} ->
                                     ok = db:set_treesize(Treesize),
+                                    ok = plop:save_sth({struct, PropList}),
                                     success({[{result, <<"ok">>}]});
+                                {false, RootHash} ->
+                                    html("Verification failed", hex:bin_to_hexstr(RootHash));
                                 _ ->
                                     html("Root hash not the same", hex:bin_to_hexstr(OwnRootHash))
                             end;
@@ -91,6 +106,12 @@ request(get, "ct/frontend/missingentries", _Query) ->
     success({[{result, <<"ok">>},
               {entries, lists:map(fun (Entry) -> base64:encode(Entry) end,
                                   Missing)}]}).
+
+get_new_entries(OldSize, Treesize) when OldSize < Treesize ->
+    db:leafhash_for_indices(OldSize, Treesize - 1);
+get_new_entries(OldSize, Treesize) when OldSize == Treesize ->
+    [].
+
 check_entries(Entries, Start, End) ->
     lists:foldl(fun ({Hash, Index}, Acc) ->
                         case check_entry(Hash, Index) of