diff options
author | Linus Nordberg <linus@nordu.net> | 2015-09-26 21:14:38 +0200 |
---|---|---|
committer | Linus Nordberg <linus@nordu.net> | 2015-11-13 17:02:23 +0100 |
commit | 6a3ca9771919c494685e898f947b9ca05ee866a1 (patch) | |
tree | e91b3f09d8971a9e26556488dcb7587ccec0e258 /src/catlfish.erl | |
parent | 35e92d56f1d6085c2fc413adaf8189d55c62cab5 (diff) |
Base64-decode submitted blobs and treat them as leaf certs.
Diffstat (limited to 'src/catlfish.erl')
-rw-r--r-- | src/catlfish.erl | 29 |
1 files changed, 12 insertions, 17 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl index 7a28f9f..e3b5939 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -2,7 +2,7 @@ %%% See LICENSE for licensing information. -module(catlfish). --export([add_chain/2, entries/2, entry_and_proof/2]). +-export([add_chain/3, entries/2, entry_and_proof/2]). -export([known_roots/0, update_known_roots/0]). -export([init_cache_table/0]). -export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]). @@ -131,15 +131,15 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) -> get_ratelimit_token(Type) -> ratelimit:get_token(Type). --spec add_chain(binary(), normal) -> {[{_,_},...]}. -add_chain(Blob, Type) -> - EntryHash = crypto:hash(sha256, Blob), +-spec add_chain(binary(), [binary()], normal|precert) -> {[{_,_},...]}. +add_chain(LeafCert, CertChain, Type) -> + EntryHash = crypto:hash(sha256, [LeafCert | CertChain]), {TimestampedEntry, Hash} = case plop:get(EntryHash) of notfound -> case get_ratelimit_token(add_chain) of ok -> - add_to_db(Type, Blob, [], EntryHash); + add_to_db(Type, LeafCert, CertChain, EntryHash); _ -> exit({internalerror, "Rate limiting"}) end; @@ -271,18 +271,13 @@ verify_entry(Entry) -> verify_entry(Entry, RootCerts). %% Used from plop. -verify_entry(PackedEntry, RootCerts) -> - {_Type, MTLText, Cert, Chain} = unpack_entry(PackedEntry), - case x509:normalise_chain(RootCerts, [Cert | Chain]) of - {ok, [Cert | FullChain]} -> - case verify_mtl(deserialise_mtl(MTLText), Cert, FullChain) of - ok -> - {ok, ht:leaf_hash(MTLText)}; - error -> - {error, "MTL verification failed"} - end; - {error, Reason} -> - {error, Reason} +verify_entry(PackedEntry, _RootCerts) -> + {_Type, MTLText, Cert, _Chain} = unpack_entry(PackedEntry), + case verify_mtl(deserialise_mtl(MTLText), Cert, []) of + ok -> + {ok, ht:leaf_hash(MTLText)}; + error -> + {error, "MTL verification failed"} end. %% Used from plop. |