From ed8bb6d1e454b9ddc793f74f682bd80b1c728904 Mon Sep 17 00:00:00 2001 From: Linus Nordberg Date: Sun, 4 May 2014 19:52:13 +0200 Subject: Get going, first cut. add-chain looks like it might work properly. Not verified! --- Emakefile | 3 +++ src/.erlang | 5 ---- src/Makefile | 10 -------- src/Makefile.inc | 6 ----- src/https/Makefile | 5 ---- src/https/https_server.erl | 5 ---- src/https_server.erl | 43 +++++++++++++++++++++++++++++++++ src/v1.erl | 45 ++++++++++++++++++++++++++++++++++ webroot/certs/webcert.pem | 60 ++++++++++++++++++++++++++++++++++++++++++++++ webroot/docroot/index.html | 6 +++++ webroot/keys/webkey.pem | 16 +++++++++++++ 11 files changed, 173 insertions(+), 31 deletions(-) create mode 100644 Emakefile delete mode 100644 src/.erlang delete mode 100644 src/Makefile delete mode 100644 src/Makefile.inc delete mode 100644 src/https/Makefile delete mode 100644 src/https/https_server.erl create mode 100644 src/https_server.erl create mode 100644 src/v1.erl create mode 100644 webroot/certs/webcert.pem create mode 100644 webroot/docroot/index.html create mode 100644 webroot/keys/webkey.pem diff --git a/Emakefile b/Emakefile new file mode 100644 index 0000000..8869cf4 --- /dev/null +++ b/Emakefile @@ -0,0 +1,3 @@ +%% erl -make (-*- erlang -*-) +{"src/*", [debug_info, {i, "include/"}, {outdir, "ebin/"}]}. +{"test/*", [debug_info, {i, "include/"}, {outdir, "ebin/"}]}. diff --git a/src/.erlang b/src/.erlang deleted file mode 100644 index b0147e0..0000000 --- a/src/.erlang +++ /dev/null @@ -1,5 +0,0 @@ -%% Erlang init file for ctls (in Emacs -*- erlang -*- mode) -%%io:format("Inititaing for ctls~n"). -code:add_pathz("https"). -code:add_pathz("merkletree"). -code:add_pathz("x509"). diff --git a/src/Makefile b/src/Makefile deleted file mode 100644 index 62548f6..0000000 --- a/src/Makefile +++ /dev/null @@ -1,10 +0,0 @@ -## TODO: Consider using 'rebar' instead of Make. - -MODULES = ctls - -all: subdirs $(MODULES:%=%.beam) - -subdirs: - $(MAKE) -C https - -include Makefile.inc diff --git a/src/Makefile.inc b/src/Makefile.inc deleted file mode 100644 index 928b06a..0000000 --- a/src/Makefile.inc +++ /dev/null @@ -1,6 +0,0 @@ -# -*- makefile -*- - -.erl.beam: - erlc -W $< - -.SUFFIXES: .erl .beam diff --git a/src/https/Makefile b/src/https/Makefile deleted file mode 100644 index ac3b57b..0000000 --- a/src/https/Makefile +++ /dev/null @@ -1,5 +0,0 @@ -MODULES = https_server - -all: $(MODULES:%=%.beam) - -include ../Makefile.inc diff --git a/src/https/https_server.erl b/src/https/https_server.erl deleted file mode 100644 index a62a02f..0000000 --- a/src/https/https_server.erl +++ /dev/null @@ -1,5 +0,0 @@ --module(https_server). --export([start/0]). - -start() -> - io:format("Starting https server~n"). diff --git a/src/https_server.erl b/src/https_server.erl new file mode 100644 index 0000000..a0b81b4 --- /dev/null +++ b/src/https_server.erl @@ -0,0 +1,43 @@ +-module(https_server). +-export([start/0, stop/1]). + +start() -> + io:format("Starting https server~n"), + %% TODO: put this in httpd_props.conf and use that at erlang + %% start. inets:start(httpd, {proplist_file, "httpd_props.conf"}). + ServerRoot = "/home/linus/usr/src/ct/ctls/webroot", + {ok, Pid} = + inets:start(httpd, + [{port, 8080}, + %%{bind_address, {127,0,0,1}}, + {bind_address, {192, 168, 122, 119}}, + {server_name, "flimsy.ct.nordu.net"}, + {server_root, ServerRoot}, + {document_root, ServerRoot ++ "/docroot"}, + {modules, [mod_alias, + mod_auth, + mod_esi, + mod_get, + mod_head, + mod_log, + mod_disk_log]}, + %%{re_write, {"^/ct/v1/(.*)$", "/ct/v1/https_server/\\1"}}, + {re_write, {"^/ct/v1/(.*)_(.*)$", "/ct/v1/\\1-\\2"}}, + {erl_script_alias, {"/ct", [v1]}}, + {erl_script_nocache, true}, + {error_log, "log/error"}, + {security_log, "log/security"}, + {transfer_log, "log/transfer"}, + %% See ssl(3erl) for SSL options. + {socket_type, {essl, [ + {certfile, ServerRoot ++ "/certs/webcert.pem"}, + {keyfile, ServerRoot ++ "/keys/webkey.pem"}, + %%{cacertfile, ServerRoot ++ "/certs/cacert.pem"}, + {ciphers, ssl:cipher_suites()}, + {verify, verify_none} + ]}} + ]), + Pid. + +stop(Pid) -> + inets:stop(httpd, Pid). diff --git a/src/v1.erl b/src/v1.erl new file mode 100644 index 0000000..99cf55b --- /dev/null +++ b/src/v1.erl @@ -0,0 +1,45 @@ +-module(v1). +-export([add_chain/3]). +-export([hello/3]). +-include("/home/linus/usr/src/ct/plop/include/plop.hrl"). +-define(PROTOCOL_VERSION, 1). + +%% Public functions. +add_chain(SessionID, _Env, Input) -> + Res = case (catch jiffy:decode(Input)) of + {error, E} -> html("add-chain: bad input; see RFC 6962", E); + {[{<<"chain">>, Chain}]} -> + Entry = #plop_entry{type = x509, + data = list_to_binary(Chain)}, + SPT = plop:add(#timestamped_entry{entry = Entry}), + Timestamp = SPT#spt_on_wire.timestamp, + R = [{sct_version, ?PROTOCOL_VERSION}, + {id, base64:encode(plop:get_logid())}, + {timestamp, Timestamp}, + {extensions, []}, + {signature, base64:encode(list_to_binary(plop:serialise(SPT)))}], + binary_to_list(jiffy:encode({R})); + _ -> html("add-chain: missing input: chain; see RFC 6962", Input) + end, + mod_esi:deliver(SessionID, Res). + +%% For testing. FIXME: Remove. +hello(SessionID, Env, Input) -> + Query = httpd:parse_query(Input), + mod_esi:deliver(SessionID, io_lib:format( + "Content-Type: text/html\r\n\r\n" ++ + "hello again, erlang world" ++ + "

SessionID: ~p~n" ++ + "

Env: ~p~n" ++ + "

Input, raw: ~p~n" ++ + "

Input, parsed: ~p~n" ++ + "", [SessionID, Env, Input, Query])). + +%% Private functions. +html(Text, Input) -> + io_lib:format( + "Content-Type: text/html\r\n\r\n" ++ + "

~n" ++ + "~s~n" ++ + "~p~n" ++ + "~n", [Text, Input]). diff --git a/webroot/certs/webcert.pem b/webroot/certs/webcert.pem new file mode 100644 index 0000000..cff62f0 --- /dev/null +++ b/webroot/certs/webcert.pem @@ -0,0 +1,60 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 0 (0x0) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest + Validity + Not Before: May 4 10:17:19 2014 GMT + Not After : May 4 10:17:19 2015 GMT + Subject: C=AU, ST=Some-State, O=Internet Widgits Pty Ltd, CN=flimsytest + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (1024 bit) + Modulus: + 00:c5:1e:c3:c1:9a:26:e8:64:7f:dd:1c:05:5a:e0: + 9a:87:cc:d1:d4:f5:30:95:62:73:79:56:a8:8e:8e: + eb:12:7b:cb:8d:5e:5f:eb:3b:12:c9:c4:7d:fe:ad: + 85:c5:89:81:63:2f:3c:dc:a1:b6:ee:7c:7b:42:9d: + 6d:69:81:a4:c7:34:0e:85:f0:f3:ee:5f:34:92:a1: + 01:bb:f6:f6:c1:6a:e8:c6:cf:7f:44:8d:b7:9d:62: + d5:9a:7a:22:bc:f2:d4:e3:fa:03:e9:b1:ca:01:f0: + db:84:33:9f:64:60:f3:f8:7a:5b:f0:e3:9d:4e:b2: + 21:a1:49:a8:d9:e5:e8:7f:f5 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: + CA:FALSE + Netscape Comment: + OpenSSL Generated Certificate + X509v3 Subject Key Identifier: + 7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28 + X509v3 Authority Key Identifier: + keyid:7C:05:0C:BA:09:58:C2:DE:46:7F:ED:39:5B:87:B2:28:8B:99:D7:28 + + Signature Algorithm: sha256WithRSAEncryption + 59:47:3b:91:85:21:40:31:af:82:bf:57:21:c3:46:07:eb:14: + bf:be:ec:f8:98:d1:0e:51:0b:eb:2c:44:8a:95:d0:e9:43:04: + 56:43:c5:10:41:76:2e:6c:f3:0a:9b:e4:5f:15:f5:2e:38:17: + dd:f6:f7:9e:5f:ed:f7:b2:76:b2:c2:55:da:48:73:e4:54:dc: + 3b:7e:b8:88:33:27:83:67:34:c8:a4:e7:b2:c7:20:51:0e:9f: + f6:b8:f3:a5:73:e2:b2:fc:5e:cf:82:43:6b:0e:73:fa:ef:ce: + 5d:46:f8:de:54:6c:b1:96:17:be:1c:f9:c4:49:cb:8d:ee:0a: + da:32 +-----BEGIN CERTIFICATE----- +MIICpTCCAg6gAwIBAgIBADANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMRMwEQYDVQQDDApmbGltc3l0ZXN0MB4XDTE0MDUwNDEwMTcxOVoXDTE1 +MDUwNDEwMTcxOVowWjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUx +ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAwwKZmxp +bXN5dGVzdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxR7DwZom6GR/3RwF +WuCah8zR1PUwlWJzeVaojo7rEnvLjV5f6zsSycR9/q2FxYmBYy883KG27nx7Qp1t +aYGkxzQOhfDz7l80kqEBu/b2wWroxs9/RI23nWLVmnoivPLU4/oD6bHKAfDbhDOf +ZGDz+Hpb8OOdTrIhoUmo2eXof/UCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB +hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE +FHwFDLoJWMLeRn/tOVuHsiiLmdcoMB8GA1UdIwQYMBaAFHwFDLoJWMLeRn/tOVuH +siiLmdcoMA0GCSqGSIb3DQEBCwUAA4GBAFlHO5GFIUAxr4K/VyHDRgfrFL++7PiY +0Q5RC+ssRIqV0OlDBFZDxRBBdi5s8wqb5F8V9S44F932955f7feydrLCVdpIc+RU +3Dt+uIgzJ4NnNMik57LHIFEOn/a486Vz4rL8Xs+CQ2sOc/rvzl1G+N5UbLGWF74c ++cRJy43uCtoy +-----END CERTIFICATE----- diff --git a/webroot/docroot/index.html b/webroot/docroot/index.html new file mode 100644 index 0000000..00d1842 --- /dev/null +++ b/webroot/docroot/index.html @@ -0,0 +1,6 @@ + +Certificate Transparency Log Server + +This is a Certificate Transparency Log Server. + + diff --git a/webroot/keys/webkey.pem b/webroot/keys/webkey.pem new file mode 100644 index 0000000..a018196 --- /dev/null +++ b/webroot/keys/webkey.pem @@ -0,0 +1,16 @@ +-----BEGIN PRIVATE KEY----- +MIICeAIBADANBgkqhkiG9w0BAQEFAASCAmIwggJeAgEAAoGBAMUew8GaJuhkf90c +BVrgmofM0dT1MJVic3lWqI6O6xJ7y41eX+s7EsnEff6thcWJgWMvPNyhtu58e0Kd +bWmBpMc0DoXw8+5fNJKhAbv29sFq6MbPf0SNt51i1Zp6Irzy1OP6A+mxygHw24Qz +n2Rg8/h6W/DjnU6yIaFJqNnl6H/1AgMBAAECgYBxbEhbiCXHJrzkL5FtPzvr1BER +Jpxz+JhVQ2Xt0ZK1qgHwMFOk+PLQon2VI6eLiJmoxq+QjITEKWCLbiZcxTpYWNBN +y2ZdfQTwtAEc9cXcF0ZXFSkL58DCK+7haF6J6yyX6dXHRa+TzIlgHmDGTM0wb2Jv +1lgr1nCUn+W5RpMLqQJBAP2mLZkLL+ai39QP8m2gjIfbmyXqz2WIgJNdiHNNqkzw +fjMx/x5hutYTJtz4iYx/MfrklZvHb5cp37RPbzun2pcCQQDG8nZ8rOcgJp28WrFI +CbaHY17TOHpPmCyYnA4DTXX3yXdlpjsJ3Q9CqjD/J1GQ94QyMSBggV16jJVU7DFh +YYdTAkEAqtUAQuI4+cHatC2lXlZSL7IlVS1HT5/W0Ome2+GEAFu882gJ5gF2X3X4 +p7ywjzKfi9XmOUviCVJHe15AkVIkswJBAIifTXtFCdvsaPpGleRQt0a2mRIYgPZU +HJwY3w6pjU/CzPnDdFvLsYUod0lh6QPS1rfZQNDFRjq4fHy7TxX+8f0CQQCZVXRg +tWGcP0+t9HLpUhguH10qpLAYSqVcpWFVycVcPu2d4gJNZ2ls5TVkQeUZjM1S+Pg/ +/Uod2TbrtPafW8Ss +-----END PRIVATE KEY----- -- cgit v1.1