summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorMagnus Ahltorp <map@kth.se>2015-06-10 16:36:54 +0200
committerMagnus Ahltorp <map@kth.se>2015-06-10 17:09:45 +0200
commit1d4ee3918c353649f2a166f0bdd6a1846caccfee (patch)
treed365e7950827ba44d7d5554ce0f228f78a9262d3 /src
parentd1fca4e2072984045cbe736dade59eeb5b8a0b2e (diff)
Don't answer public requests if STH is too old or nonexistentsthfresh
Diffstat (limited to 'src')
-rw-r--r--src/v1.erl26
1 files changed, 26 insertions, 0 deletions
diff --git a/src/v1.erl b/src/v1.erl
index ad312e7..e635151 100644
--- a/src/v1.erl
+++ b/src/v1.erl
@@ -7,14 +7,35 @@
%% API (URL)
-export([request/3]).
+check_valid_sth() ->
+ case plop:sth() of
+ noentry ->
+ lager:error("No valid STH found"),
+ exit({internalerror, "No valid STH found"});
+ {struct, PropList} ->
+ Now = plop:generate_timestamp(),
+ Timestamp = proplists:get_value(<<"timestamp">>, PropList),
+ MMD = application:get_env(catlfish, mmd, 86400) * 1000,
+ if
+ Now - Timestamp > MMD ->
+ lager:error("Old STH found, now: ~p STH timestamp: ~p diff: ~p", [Now, Timestamp, Now - Timestamp]),
+ exit({internalerror, "No valid STH found"});
+ true ->
+ ok
+ end
+ end.
+
%% Public functions, i.e. part of URL.
request(post, "ct/v1/add-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, normal);
request(post, "ct/v1/add-pre-chain", Input) ->
+ check_valid_sth(),
add_chain(Input, precert);
request(get, "ct/v1/get-sth", _Query) ->
+ check_valid_sth(),
case plop:sth() of
noentry ->
lager:error("No valid STH found"),
@@ -24,6 +45,7 @@ request(get, "ct/v1/get-sth", _Query) ->
end;
request(get, "ct/v1/get-sth-consistency", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"first", FirstInput}, {"second", SecondInput}] ->
{First, _} = string:to_integer(FirstInput),
@@ -42,6 +64,7 @@ request(get, "ct/v1/get-sth-consistency", Query) ->
end;
request(get, "ct/v1/get-proof-by-hash", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"hash", HashInput}, {"tree_size", TreeSizeInput}] ->
Hash = case (catch base64:decode(HashInput)) of
@@ -67,6 +90,7 @@ request(get, "ct/v1/get-proof-by-hash", Query) ->
end;
request(get, "ct/v1/get-entries", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"end", EndInput}, {"start", StartInput}] ->
{Start, _} = string:to_integer(StartInput),
@@ -80,6 +104,7 @@ request(get, "ct/v1/get-entries", Query) ->
end;
request(get, "ct/v1/get-entry-and-proof", Query) ->
+ check_valid_sth(),
case lists:sort(Query) of
[{"leaf_index", IndexInput}, {"tree_size", TreeSizeInput}] ->
{Index, _} = string:to_integer(IndexInput),
@@ -94,6 +119,7 @@ request(get, "ct/v1/get-entry-and-proof", Query) ->
end;
request(get, "ct/v1/get-roots", _Query) ->
+ check_valid_sth(),
R = [{certificates,
[base64:encode(Der) ||
Der <- catlfish:update_known_roots()]}],