summaryrefslogtreecommitdiff
path: root/src/v1.erl
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-06-10 16:36:54 +0200
committerLinus Nordberg <linus@nordu.net>2015-06-12 15:45:18 +0200
commit3de0e0af3521f826e60468b2d6d19717fa0a53d7 (patch)
tree6c29099ff3c6d2b44aae0cc9e6401dffb004f42e /src/v1.erl
parentd1fca4e2072984045cbe736dade59eeb5b8a0b2e (diff)
Don't answer public requests if STH is too old or nonexistent
Diffstat (limited to 'src/v1.erl')
-rw-r--r--src/v1.erl28
1 files changed, 28 insertions, 0 deletions
diff --git a/src/v1.erl b/src/v1.erl
index ad312e7..e066cdd 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -7,14 +7,37 @@
%% API (URL)
-export([request/3]).
+check_valid_sth() ->
+ case plop:sth() of
+ noentry ->
+ lager:error("No valid STH found"),
+ exit({internalerror, "No valid STH found"});
+ {struct, PropList} ->
+ Now = plop:generate_timestamp(),
+ Timestamp = proplists:get_value(<<"timestamp">>, PropList),
+ MMD = application:get_env(catlfish, mmd, 86400) * 1000,
+ if
+ Now - Timestamp > MMD ->
+ lager:error("Old STH found, " ++
+ "now: ~p, STH timestamp: ~p, diff: ~p",
+ [Now, Timestamp, Now - Timestamp]),
+ exit({internalerror, "No valid STH found"});
+ true ->
+ ok
+ end
+ end.
+
%% Public functions, i.e. part of URL.
request(post, "ct/v1/add-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, normal);
request(post, "ct/v1/add-pre-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, precert);
request(get, "ct/v1/get-sth", _Query) ->
+ check_valid_sth(),
case plop:sth() of
noentry ->
lager:error("No valid STH found"),
@@ -24,6 +47,7 @@ request(get, "ct/v1/get-sth", _Query) ->
end;
request(get, "ct/v1/get-sth-consistency", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"first", FirstInput}, {"second", SecondInput}] ->
{First, _} = string:to_integer(FirstInput),
@@ -42,6 +66,7 @@ request(get, "ct/v1/get-sth-consistency", Query) ->
end;
request(get, "ct/v1/get-proof-by-hash", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"hash", HashInput}, {"tree_size", TreeSizeInput}] ->
Hash = case (catch base64:decode(HashInput)) of
@@ -67,6 +92,7 @@ request(get, "ct/v1/get-proof-by-hash", Query) ->
end;
request(get, "ct/v1/get-entries", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"end", EndInput}, {"start", StartInput}] ->
{Start, _} = string:to_integer(StartInput),
@@ -80,6 +106,7 @@ request(get, "ct/v1/get-entries", Query) ->
end;
request(get, "ct/v1/get-entry-and-proof", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"leaf_index", IndexInput}, {"tree_size", TreeSizeInput}] ->
{Index, _} = string:to_integer(IndexInput),
@@ -94,6 +121,7 @@ request(get, "ct/v1/get-entry-and-proof", Query) ->
end;
request(get, "ct/v1/get-roots", _Query) ->
+ check_valid_sth(),
R = [{certificates,
[base64:encode(Der) ||
Der <- catlfish:update_known_roots()]}],