summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/catlfish.erl43
1 files changed, 31 insertions, 12 deletions
diff --git a/src/catlfish.erl b/src/catlfish.erl
index 3956eec..2fd9dc7 100644
--- a/src/catlfish.erl
+++ b/src/catlfish.erl
@@ -69,10 +69,30 @@ build_mtl(Timestamp, LeafCert) ->
entry = TSE},
serialise(MTL).
+calc_sct(TimestampedEntry) ->
+ plop:serialise(plop:spt(list_to_binary([<<?PROTOCOL_VERSION:8>>,
+ serialise_signature_type(certificate_timestamp),
+ serialise(TimestampedEntry)]))).
+
+get_sct(Hash, TimestampedEntry) ->
+ case application:get_env(catlfish, sctcache_root_path) of
+ {ok, RootPath} ->
+ case perm:readfile(RootPath, Hash) of
+ Contents when is_binary(Contents) ->
+ Contents;
+ noentry ->
+ SCT = calc_sct(TimestampedEntry),
+ ok = perm:ensurefile_nosync(RootPath, Hash, SCT),
+ SCT
+ end;
+ _ ->
+ SCT = calc_sct(TimestampedEntry)
+ end.
+
-spec add_chain(binary(), [binary()]) -> nonempty_string().
add_chain(LeafCert, CertChain) ->
EntryHash = crypto:hash(sha256, [LeafCert | CertChain]),
- TimestampedEntry =
+ {TimestampedEntry, Hash} =
case plop:get(EntryHash) of
notfound ->
Timestamp = plop:generate_timestamp(),
@@ -82,28 +102,27 @@ add_chain(LeafCert, CertChain) ->
MTL = #mtl{leaf_version = v1,
leaf_type = timestamped_entry,
entry = TSE},
+ MTLHash = ht:leaf_hash(serialise(MTL)),
ok = plop:add(
serialise_logentry(Timestamp, LeafCert, CertChain),
- ht:leaf_hash(serialise(MTL)),
+ MTLHash,
EntryHash),
- TSE;
- {_Index, _MTLHash, Entry} ->
+ {TSE, MTLHash};
+ {_Index, MTLHash, Entry} ->
<<Timestamp:64, _LogEntry/binary>> = Entry,
%% TODO: Perform a costly db consistency check against
%% unpacked LogEntry (w/ LeafCert and CertChain)
- #timestamped_entry{timestamp = Timestamp,
- entry_type = x509_entry,
- signed_entry = LeafCert}
+ {#timestamped_entry{timestamp = Timestamp,
+ entry_type = x509_entry,
+ signed_entry = LeafCert},
+ MTLHash}
end,
- SCT_sig =
- plop:spt(list_to_binary([<<?PROTOCOL_VERSION:8>>,
- serialise_signature_type(certificate_timestamp),
- serialise(TimestampedEntry)])),
+ SCT_sig = get_sct(Hash, TimestampedEntry),
{[{sct_version, ?PROTOCOL_VERSION},
{id, base64:encode(plop:get_logid())},
{timestamp, TimestampedEntry#timestamped_entry.timestamp},
{extensions, base64:encode(<<>>)},
- {signature, base64:encode(plop:serialise(SCT_sig))}]}.
+ {signature, base64:encode(SCT_sig)}]}.
-spec serialise_logentry(integer(), binary(), [binary()]) -> binary().
serialise_logentry(Timestamp, LeafCert, CertChain) ->