From 6a3ca9771919c494685e898f947b9ca05ee866a1 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sat, 26 Sep 2015 21:14:38 +0200 Subject: Base64-decode submitted blobs and treat them as leaf certs. --- src/catlfish.erl | 29 ++++++++++++----------------- src/v1.erl | 10 ++++++++-- 2 files changed, 20 insertions(+), 19 deletions(-) diff --git a/src/catlfish.erl b/src/catlfish.erl index 7a28f9f..e3b5939 100644 --- a/src/catlfish.erl +++ b/src/catlfish.erl @@ -2,7 +2,7 @@ %%% See LICENSE for licensing information. -module(catlfish). --export([add_chain/2, entries/2, entry_and_proof/2]). +-export([add_chain/3, entries/2, entry_and_proof/2]). -export([known_roots/0, update_known_roots/0]). -export([init_cache_table/0]). -export([entryhash_from_entry/1, verify_entry/1, verify_entry/2]). @@ -131,15 +131,15 @@ add_to_db(Type, LeafCert, CertChain, EntryHash) -> get_ratelimit_token(Type) -> ratelimit:get_token(Type). --spec add_chain(binary(), normal) -> {[{_,_},...]}. -add_chain(Blob, Type) -> - EntryHash = crypto:hash(sha256, Blob), +-spec add_chain(binary(), [binary()], normal|precert) -> {[{_,_},...]}. +add_chain(LeafCert, CertChain, Type) -> + EntryHash = crypto:hash(sha256, [LeafCert | CertChain]), {TimestampedEntry, Hash} = case plop:get(EntryHash) of notfound -> case get_ratelimit_token(add_chain) of ok -> - add_to_db(Type, Blob, [], EntryHash); + add_to_db(Type, LeafCert, CertChain, EntryHash); _ -> exit({internalerror, "Rate limiting"}) end; @@ -271,18 +271,13 @@ verify_entry(Entry) -> verify_entry(Entry, RootCerts). %% Used from plop. -verify_entry(PackedEntry, RootCerts) -> - {_Type, MTLText, Cert, Chain} = unpack_entry(PackedEntry), - case x509:normalise_chain(RootCerts, [Cert | Chain]) of - {ok, [Cert | FullChain]} -> - case verify_mtl(deserialise_mtl(MTLText), Cert, FullChain) of - ok -> - {ok, ht:leaf_hash(MTLText)}; - error -> - {error, "MTL verification failed"} - end; - {error, Reason} -> - {error, Reason} +verify_entry(PackedEntry, _RootCerts) -> + {_Type, MTLText, Cert, _Chain} = unpack_entry(PackedEntry), + case verify_mtl(deserialise_mtl(MTLText), Cert, []) of + ok -> + {ok, ht:leaf_hash(MTLText)}; + error -> + {error, "MTL verification failed"} end. %% Used from plop. diff --git a/src/v1.erl b/src/v1.erl index eb35ee7..40e93f2 100644 --- a/src/v1.erl +++ b/src/v1.erl @@ -153,6 +153,12 @@ add_blob(Input) -> {error, E} -> err400("add-blob: bad input:", E); {struct, [{<<"blob">>, Blob}]} -> - success(catlfish:add_chain(Blob, normal)); - _ -> err400("add-blob: missing input: blob", Input) + case (catch base64:decode(Blob)) of + {'EXIT', _} -> + err400("add-blob: invalid base64-encoded blob", Blob); + DecodedBlob -> + success(catlfish:add_chain(DecodedBlob, [], normal)) + end; + _ -> + err400("add-blob: missing input: blob", Input) end. -- cgit v1.1