From af5939d8fe0e1ee6ca647274beefb3b0816c2a7e Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 3 Apr 2025 08:48:23 +0000 Subject: [PATCH 1/5] move staticctapi in its own package --- internal/client/client.go | 6 +++--- internal/types/{ => staticctapi}/staticctapi.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename internal/types/{ => staticctapi}/staticctapi.go (99%) diff --git a/internal/client/client.go b/internal/client/client.go index 1385391a..3f790d85 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -30,7 +30,7 @@ import ( "github.com/transparency-dev/merkle/compact" "github.com/transparency-dev/merkle/proof" "github.com/transparency-dev/merkle/rfc6962" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/staticctapi" "github.com/transparency-dev/trillian-tessera/api" "github.com/transparency-dev/trillian-tessera/api/layout" "golang.org/x/mod/sumdb/note" @@ -285,8 +285,8 @@ func (n *nodeCache) GetNode(ctx context.Context, id compact.NodeID) ([]byte, err } // GetEntryBundle fetches the entry bundle at the given _tile index_. -func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (types.EntryBundle, error) { - bundle := types.EntryBundle{} +func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (staticctapi.EntryBundle, error) { + bundle := staticctapi.EntryBundle{} sRaw, err := f(ctx, i, layout.PartialTileSize(0, i, logSize)) if err != nil { if errors.Is(err, os.ErrNotExist) { diff --git a/internal/types/staticctapi.go b/internal/types/staticctapi/staticctapi.go similarity index 99% rename from internal/types/staticctapi.go rename to internal/types/staticctapi/staticctapi.go index aa8dc3be..f8949ddc 100644 --- a/internal/types/staticctapi.go +++ b/internal/types/staticctapi/staticctapi.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package types +package staticctapi import ( "fmt" From fdd98deadc3b9f0e083ee9ea33d968cfbc13233e Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 3 Apr 2025 09:13:36 +0000 Subject: [PATCH 2/5] move types/rfc6962.go to types/types/rfc6962.go # Conflicts: # internal/scti/handlers_test.go --- internal/hammer/chain.go | 2 +- internal/hammer/loadtest/client.go | 2 +- internal/hammer/loadtest/workers.go | 2 +- internal/scti/chain_validation.go | 2 +- internal/scti/chain_validation_test.go | 2 +- internal/scti/ctlog.go | 2 +- internal/scti/handlers.go | 2 +- internal/scti/handlers_test.go | 2 +- internal/scti/signatures.go | 2 +- internal/scti/signatures_test.go | 2 +- internal/types/{ => types}/rfc6962.go | 0 11 files changed, 10 insertions(+), 10 deletions(-) rename internal/types/{ => types}/rfc6962.go (100%) diff --git a/internal/hammer/chain.go b/internal/hammer/chain.go index 956dc24a..b204cb83 100644 --- a/internal/hammer/chain.go +++ b/internal/hammer/chain.go @@ -22,7 +22,7 @@ import ( "math/big" "time" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "k8s.io/klog/v2" ) diff --git a/internal/hammer/loadtest/client.go b/internal/hammer/loadtest/client.go index 00854b79..62702bdf 100644 --- a/internal/hammer/loadtest/client.go +++ b/internal/hammer/loadtest/client.go @@ -30,7 +30,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/client" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "golang.org/x/crypto/cryptobyte" "k8s.io/klog/v2" ) diff --git a/internal/hammer/loadtest/workers.go b/internal/hammer/loadtest/workers.go index 8b4141bb..bb3d7fab 100644 --- a/internal/hammer/loadtest/workers.go +++ b/internal/hammer/loadtest/workers.go @@ -29,7 +29,7 @@ import ( "github.com/transparency-dev/merkle/proof" "github.com/transparency-dev/merkle/rfc6962" "github.com/transparency-dev/static-ct/internal/client" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/trillian-tessera/api/layout" "github.com/transparency-dev/trillian-tessera/ctonly" diff --git a/internal/scti/chain_validation.go b/internal/scti/chain_validation.go index 139d578f..dec8b267 100644 --- a/internal/scti/chain_validation.go +++ b/internal/scti/chain_validation.go @@ -25,7 +25,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/lax509" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/x509util" "k8s.io/klog/v2" ) diff --git a/internal/scti/chain_validation_test.go b/internal/scti/chain_validation_test.go index 900751e8..70695ba2 100644 --- a/internal/scti/chain_validation_test.go +++ b/internal/scti/chain_validation_test.go @@ -24,7 +24,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/testdata" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/x509util" ) diff --git a/internal/scti/ctlog.go b/internal/scti/ctlog.go index a54c1c61..04c857cb 100644 --- a/internal/scti/ctlog.go +++ b/internal/scti/ctlog.go @@ -8,7 +8,7 @@ import ( "errors" "fmt" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/modules/dedup" "github.com/transparency-dev/static-ct/storage" tessera "github.com/transparency-dev/trillian-tessera" diff --git a/internal/scti/handlers.go b/internal/scti/handlers.go index a4ae2ba9..78aac2cd 100644 --- a/internal/scti/handlers.go +++ b/internal/scti/handlers.go @@ -31,7 +31,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/types/tls" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/static-ct/modules/dedup" diff --git a/internal/scti/handlers_test.go b/internal/scti/handlers_test.go index 8632ebe3..362cb3f1 100644 --- a/internal/scti/handlers_test.go +++ b/internal/scti/handlers_test.go @@ -34,7 +34,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/transparency-dev/static-ct/internal/testdata" "github.com/transparency-dev/static-ct/internal/testonly/storage/posix" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/static-ct/storage" "github.com/transparency-dev/static-ct/storage/bbolt" diff --git a/internal/scti/signatures.go b/internal/scti/signatures.go index c4151309..69c11bfe 100644 --- a/internal/scti/signatures.go +++ b/internal/scti/signatures.go @@ -24,7 +24,7 @@ import ( "time" tfl "github.com/transparency-dev/formats/log" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/types/tls" "golang.org/x/mod/sumdb/note" ) diff --git a/internal/scti/signatures_test.go b/internal/scti/signatures_test.go index 1a620cb4..e2b8f686 100644 --- a/internal/scti/signatures_test.go +++ b/internal/scti/signatures_test.go @@ -26,7 +26,7 @@ import ( "github.com/kylelemons/godebug/pretty" "github.com/transparency-dev/static-ct/internal/testdata" - "github.com/transparency-dev/static-ct/internal/types" + "github.com/transparency-dev/static-ct/internal/types/types" "github.com/transparency-dev/static-ct/internal/types/tls" "github.com/transparency-dev/static-ct/internal/x509util" ) diff --git a/internal/types/rfc6962.go b/internal/types/types/rfc6962.go similarity index 100% rename from internal/types/rfc6962.go rename to internal/types/types/rfc6962.go From aee5ecff76dad48b9bd1df6d8b488f247d4f0a20 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Thu, 3 Apr 2025 15:13:45 +0000 Subject: [PATCH 3/5] move types/types to types/rfc6962 # Conflicts: # internal/scti/handlers_test.go # Conflicts: # internal/scti/handlers_test.go --- internal/hammer/chain.go | 4 +- internal/hammer/loadtest/client.go | 4 +- internal/hammer/loadtest/workers.go | 6 +- internal/scti/chain_validation.go | 4 +- internal/scti/chain_validation_test.go | 6 +- internal/scti/ctlog.go | 4 +- internal/scti/handlers.go | 28 +++---- internal/scti/handlers_test.go | 56 ++++++------- internal/scti/signatures.go | 50 +++++------ internal/scti/signatures_test.go | 88 ++++++++++---------- internal/types/{types => rfc6962}/rfc6962.go | 2 +- 11 files changed, 126 insertions(+), 126 deletions(-) rename internal/types/{types => rfc6962}/rfc6962.go (99%) diff --git a/internal/hammer/chain.go b/internal/hammer/chain.go index b204cb83..64967fd5 100644 --- a/internal/hammer/chain.go +++ b/internal/hammer/chain.go @@ -22,7 +22,7 @@ import ( "math/big" "time" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "k8s.io/klog/v2" ) @@ -85,7 +85,7 @@ func (g *chainGenerator) certificate(serialNumber int64) []byte { // addChainRequestBody generates the add-chain request body for submission. func (g *chainGenerator) addChainRequestBody(serialNumber int64) []byte { - var req types.AddChainRequest + var req rfc6962.AddChainRequest req.Chain = append(req.Chain, g.certificate(serialNumber)) req.Chain = append(req.Chain, g.intermediateCert.Raw) diff --git a/internal/hammer/loadtest/client.go b/internal/hammer/loadtest/client.go index 62702bdf..30321a03 100644 --- a/internal/hammer/loadtest/client.go +++ b/internal/hammer/loadtest/client.go @@ -30,7 +30,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/client" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "golang.org/x/crypto/cryptobyte" "k8s.io/klog/v2" ) @@ -235,7 +235,7 @@ func (rr *roundRobinLeafWriter) next() LeafWriter { // index from the extensions and timestamp from the response. // Code is inspired by https://github.com/FiloSottile/sunlight/blob/main/tile.go. func parseAddChainResponse(body []byte) (uint64, uint64, error) { - var resp types.AddChainResponse + var resp rfc6962.AddChainResponse if err := json.Unmarshal(body, &resp); err != nil { return 0, 0, fmt.Errorf("can't parse add-chain response: %v", err) } diff --git a/internal/hammer/loadtest/workers.go b/internal/hammer/loadtest/workers.go index bb3d7fab..cb3780a2 100644 --- a/internal/hammer/loadtest/workers.go +++ b/internal/hammer/loadtest/workers.go @@ -29,7 +29,7 @@ import ( "github.com/transparency-dev/merkle/proof" "github.com/transparency-dev/merkle/rfc6962" "github.com/transparency-dev/static-ct/internal/client" - "github.com/transparency-dev/static-ct/internal/types/types" + rfc69621 "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/trillian-tessera/api/layout" "github.com/transparency-dev/trillian-tessera/ctonly" @@ -246,7 +246,7 @@ func (w *LogWriter) Run(ctx context.Context) { // TODO: Remove the json.Unmarshal by generating the chain and // marshaling the add chain request from w.gen() at a later stage. - var req types.AddChainRequest + var req rfc69621.AddChainRequest if err := json.Unmarshal(newLeaf, &req); err != nil { klog.Warningf("Failed to unmarshal add-chain request: %v", err) } @@ -449,7 +449,7 @@ func isPreIssuer(cert *x509.Certificate) bool { // Look for the extension in the Extensions field and not ExtKeyUsage // since crypto/x509 does not recognize this extension as an ExtKeyUsage. for _, ext := range cert.Extensions { - if types.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { + if rfc69621.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { return true } } diff --git a/internal/scti/chain_validation.go b/internal/scti/chain_validation.go index dec8b267..e3b76ea3 100644 --- a/internal/scti/chain_validation.go +++ b/internal/scti/chain_validation.go @@ -25,7 +25,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/lax509" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/x509util" "k8s.io/klog/v2" ) @@ -131,7 +131,7 @@ func isPrecertificate(cert *x509.Certificate) (bool, error) { } for _, ext := range cert.Extensions { - if types.OIDExtensionCTPoison.Equal(ext.Id) { + if rfc6962.OIDExtensionCTPoison.Equal(ext.Id) { if !ext.Critical || !bytes.Equal(asn1.NullBytes, ext.Value) { return false, fmt.Errorf("CT poison ext is not critical or invalid: %v", ext) } diff --git a/internal/scti/chain_validation_test.go b/internal/scti/chain_validation_test.go index 70695ba2..2b5356bf 100644 --- a/internal/scti/chain_validation_test.go +++ b/internal/scti/chain_validation_test.go @@ -24,7 +24,7 @@ import ( "time" "github.com/transparency-dev/static-ct/internal/testdata" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/x509util" ) @@ -169,13 +169,13 @@ func wipeExtensions(cert *x509.Certificate) *x509.Certificate { func makePoisonNonCritical(cert *x509.Certificate) *x509.Certificate { // Invalid as a pre-cert because poison extension needs to be marked as critical. - cert.Extensions = []pkix.Extension{{Id: types.OIDExtensionCTPoison, Critical: false, Value: asn1.NullBytes}} + cert.Extensions = []pkix.Extension{{Id: rfc6962.OIDExtensionCTPoison, Critical: false, Value: asn1.NullBytes}} return cert } func makePoisonNonNull(cert *x509.Certificate) *x509.Certificate { // Invalid as a pre-cert because poison extension is not ASN.1 NULL value. - cert.Extensions = []pkix.Extension{{Id: types.OIDExtensionCTPoison, Critical: false, Value: []byte{0x42, 0x42, 0x42}}} + cert.Extensions = []pkix.Extension{{Id: rfc6962.OIDExtensionCTPoison, Critical: false, Value: []byte{0x42, 0x42, 0x42}}} return cert } diff --git a/internal/scti/ctlog.go b/internal/scti/ctlog.go index 04c857cb..dae99272 100644 --- a/internal/scti/ctlog.go +++ b/internal/scti/ctlog.go @@ -8,7 +8,7 @@ import ( "errors" "fmt" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/modules/dedup" "github.com/transparency-dev/static-ct/storage" tessera "github.com/transparency-dev/trillian-tessera" @@ -64,7 +64,7 @@ func NewLog(ctx context.Context, origin string, signer crypto.Signer, cvOpts Cha return nil, fmt.Errorf("unsupported key type: %v", keyType) } - log.signSCT = func(leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) { + log.signSCT = func(leaf *rfc6962.MerkleTreeLeaf) (*rfc6962.SignedCertificateTimestamp, error) { return buildV1SCT(signer, leaf) } diff --git a/internal/scti/handlers.go b/internal/scti/handlers.go index 78aac2cd..a927043a 100644 --- a/internal/scti/handlers.go +++ b/internal/scti/handlers.go @@ -31,7 +31,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/prometheus/client_golang/prometheus/promauto" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/types/tls" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/static-ct/modules/dedup" @@ -209,9 +209,9 @@ func NewPathHandlers(opts *HandlerOptions, log *log) pathHandlers { // Bind each endpoint to an appHandler instance. // TODO(phboneff): try and get rid of PathHandlers and appHandler ph := pathHandlers{ - prefix + types.AddChainPath: appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost}, - prefix + types.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost}, - prefix + types.GetRootsPath: appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet}, + prefix + rfc6962.AddChainPath: appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost}, + prefix + rfc6962.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost}, + prefix + rfc6962.GetRootsPath: appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet}, } return ph @@ -227,23 +227,23 @@ func (opts *HandlerOptions) sendHTTPError(w http.ResponseWriter, statusCode int, } // parseBodyAsJSONChain tries to extract cert-chain out of request. -func parseBodyAsJSONChain(r *http.Request) (types.AddChainRequest, error) { +func parseBodyAsJSONChain(r *http.Request) (rfc6962.AddChainRequest, error) { body, err := io.ReadAll(r.Body) if err != nil { klog.V(1).Infof("Failed to read request body: %v", err) - return types.AddChainRequest{}, err + return rfc6962.AddChainRequest{}, err } - var req types.AddChainRequest + var req rfc6962.AddChainRequest if err := json.Unmarshal(body, &req); err != nil { klog.V(1).Infof("Failed to parse request body: %v", err) - return types.AddChainRequest{}, err + return rfc6962.AddChainRequest{}, err } // The cert chain is not allowed to be empty. We'll defer other validation for later if len(req.Chain) == 0 { klog.V(1).Infof("Request chain is empty: %q", body) - return types.AddChainRequest{}, errors.New("cert chain was empty") + return rfc6962.AddChainRequest{}, errors.New("cert chain was empty") } return req, nil @@ -324,7 +324,7 @@ func addChainInternal(ctx context.Context, opts *HandlerOptions, log *log, w htt } // Always use the returned leaf as the basis for an SCT. - var loggedLeaf types.MerkleTreeLeaf + var loggedLeaf rfc6962.MerkleTreeLeaf leafValue := entry.MerkleTreeLeaf(idx) if rest, err := tls.Unmarshal(leafValue, &loggedLeaf); err != nil { return http.StatusInternalServerError, fmt.Errorf("failed to reconstruct MerkleTreeLeaf: %s", err) @@ -393,7 +393,7 @@ func deadlineTime(opts *HandlerOptions) time.Time { // verifyAddChain is used by add-chain and add-pre-chain. It does the checks that the supplied // cert is of the correct type and chains to a trusted root. -func verifyAddChain(log *log, req types.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) { +func verifyAddChain(log *log, req rfc6962.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) { // We already checked that the chain is not empty so can move on to verification validPath, err := validateChain(req.Chain, log.chainValidationOpts) if err != nil { @@ -422,13 +422,13 @@ func verifyAddChain(log *log, req types.AddChainRequest, expectingPrecert bool) // marshalAndWriteAddChainResponse is used by add-chain and add-pre-chain to create and write // the JSON response to the client -func marshalAndWriteAddChainResponse(sct *types.SignedCertificateTimestamp, w http.ResponseWriter) error { +func marshalAndWriteAddChainResponse(sct *rfc6962.SignedCertificateTimestamp, w http.ResponseWriter) error { sig, err := tls.Marshal(sct.Signature) if err != nil { return fmt.Errorf("failed to marshal signature: %s", err) } - rsp := types.AddChainResponse{ + rsp := rfc6962.AddChainResponse{ SCTVersion: sct.SCTVersion, Timestamp: sct.Timestamp, ID: sct.LogID.KeyID[:], @@ -516,7 +516,7 @@ func isPreIssuer(cert *x509.Certificate) bool { // Look for the extension in the Extensions field and not ExtKeyUsage // since crypto/x509 does not recognize this extension as an ExtKeyUsage. for _, ext := range cert.Extensions { - if types.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { + if rfc6962.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { return true } } diff --git a/internal/scti/handlers_test.go b/internal/scti/handlers_test.go index 362cb3f1..33f9cbc9 100644 --- a/internal/scti/handlers_test.go +++ b/internal/scti/handlers_test.go @@ -34,7 +34,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/transparency-dev/static-ct/internal/testdata" "github.com/transparency-dev/static-ct/internal/testonly/storage/posix" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/static-ct/storage" "github.com/transparency-dev/static-ct/storage/bbolt" @@ -163,26 +163,26 @@ func newPosixStorageFunc(t *testing.T) storage.CreateStorage { func getHandlers(t *testing.T, handlers pathHandlers) pathHandlers { t.Helper() - path := path.Join(prefix, types.GetRootsPath) + path := path.Join(prefix, rfc6962.GetRootsPath) handler, ok := handlers[path] if !ok { - t.Fatalf("%q path not registered", types.GetRootsPath) + t.Fatalf("%q path not registered", rfc6962.GetRootsPath) } return pathHandlers{path: handler} } func postHandlers(t *testing.T, handlers pathHandlers) pathHandlers { t.Helper() - addChainPath := path.Join(prefix, types.AddChainPath) - addPreChainPath := path.Join(prefix, types.AddPreChainPath) + addChainPath := path.Join(prefix, rfc6962.AddChainPath) + addPreChainPath := path.Join(prefix, rfc6962.AddPreChainPath) addChainHandler, ok := handlers[addChainPath] if !ok { - t.Fatalf("%q path not registered", types.AddPreChainStr) + t.Fatalf("%q path not registered", rfc6962.AddPreChainStr) } addPreChainHandler, ok := handlers[addPreChainPath] if !ok { - t.Fatalf("%q path not registered", types.AddPreChainStr) + t.Fatalf("%q path not registered", rfc6962.AddPreChainStr) } return map[string]appHandler{ @@ -290,7 +290,7 @@ func TestNewPathHandlers(t *testing.T) { t.Errorf("Handler names mismatch got: %v, want: %v", hNames, entrypoints) } - entrypaths := []string{prefix + types.AddChainPath, prefix + types.AddPreChainPath, prefix + types.GetRootsPath} + entrypaths := []string{prefix + rfc6962.AddChainPath, prefix + rfc6962.AddPreChainPath, prefix + rfc6962.GetRootsPath} if !cmp.Equal(entrypaths, hPaths, cmpopts.SortSlices(func(n1, n2 string) bool { return n1 < n2 })) { @@ -321,10 +321,10 @@ func TestNewPathHandlers(t *testing.T) { func TestGetRoots(t *testing.T) { log := setupTestLog(t) - server := setupTestServer(t, log, path.Join(prefix, types.GetRootsPath)) + server := setupTestServer(t, log, path.Join(prefix, rfc6962.GetRootsPath)) defer server.Close() - resp, err := http.Get(server.URL + path.Join(prefix, types.GetRootsPath)) + resp, err := http.Get(server.URL + path.Join(prefix, rfc6962.GetRootsPath)) if err != nil { t.Fatalf("Failed to get roots: %v", err) } @@ -333,7 +333,7 @@ func TestGetRoots(t *testing.T) { t.Errorf("Unexpected status code: %v", resp.StatusCode) } - var roots types.GetRootsResponse + var roots rfc6962.GetRootsResponse err = json.NewDecoder(resp.Body).Decode(&roots) if err != nil { t.Errorf("Failed to decode response: %v", err) @@ -411,17 +411,17 @@ func TestAddChainWhitespace(t *testing.T) { } log := setupTestLog(t) - server := setupTestServer(t, log, path.Join(prefix, types.AddChainPath)) + server := setupTestServer(t, log, path.Join(prefix, rfc6962.AddChainPath)) defer server.Close() for _, test := range tests { t.Run(test.descr, func(t *testing.T) { - resp, err := http.Post(server.URL+types.AddChainPath, "application/json", strings.NewReader(test.body)) + resp, err := http.Post(server.URL+rfc6962.AddChainPath, "application/json", strings.NewReader(test.body)) if err != nil { - t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", types.AddChainPath, err) + t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", rfc6962.AddChainPath, err) } if got, want := resp.StatusCode, test.want; got != want { - t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", types.AddChainPath, got, want) + t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", rfc6962.AddChainPath, got, want) } }) } @@ -457,7 +457,7 @@ func TestAddChain(t *testing.T) { } log := setupTestLog(t) - server := setupTestServer(t, log, path.Join(prefix, types.AddChainPath)) + server := setupTestServer(t, log, path.Join(prefix, rfc6962.AddChainPath)) defer server.Close() for _, test := range tests { @@ -465,19 +465,19 @@ func TestAddChain(t *testing.T) { pool := loadCertsIntoPoolOrDie(t, test.chain) chain := createJSONChain(t, *pool) - resp, err := http.Post(server.URL+types.AddChainPath, "application/json", chain) + resp, err := http.Post(server.URL+rfc6962.AddChainPath, "application/json", chain) if err != nil { - t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", types.AddChainPath, err) + t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", rfc6962.AddChainPath, err) } if got, want := resp.StatusCode, test.want; got != want { - t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", types.AddChainPath, got, want) + t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", rfc6962.AddChainPath, got, want) } if test.want == http.StatusOK { - var gotRsp types.AddChainResponse + var gotRsp rfc6962.AddChainResponse if err := json.NewDecoder(resp.Body).Decode(&gotRsp); err != nil { t.Fatalf("json.Decode()=%v; want nil", err) } - if got, want := types.Version(gotRsp.SCTVersion), types.V1; got != want { + if got, want := rfc6962.Version(gotRsp.SCTVersion), rfc6962.V1; got != want { t.Errorf("resp.SCTVersion=%v; want %v", got, want) } if got, want := gotRsp.ID, demoLogID[:]; !bytes.Equal(got, want) { @@ -533,7 +533,7 @@ func TestAddPreChain(t *testing.T) { } log := setupTestLog(t) - server := setupTestServer(t, log, path.Join(prefix, types.AddPreChainPath)) + server := setupTestServer(t, log, path.Join(prefix, rfc6962.AddPreChainPath)) defer server.Close() for _, test := range tests { @@ -541,19 +541,19 @@ func TestAddPreChain(t *testing.T) { pool := loadCertsIntoPoolOrDie(t, test.chain) chain := createJSONChain(t, *pool) - resp, err := http.Post(server.URL+types.AddPreChainPath, "application/json", chain) + resp, err := http.Post(server.URL+rfc6962.AddPreChainPath, "application/json", chain) if err != nil { - t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", types.AddPreChainPath, err) + t.Fatalf("http.Post(%s)=(_,%q); want (_,nil)", rfc6962.AddPreChainPath, err) } if got, want := resp.StatusCode, test.want; got != want { - t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", types.AddPreChainPath, got, want) + t.Errorf("http.Post(%s)=(%d,nil); want (%d,nil)", rfc6962.AddPreChainPath, got, want) } if test.want == http.StatusOK { - var gotRsp types.AddChainResponse + var gotRsp rfc6962.AddChainResponse if err := json.NewDecoder(resp.Body).Decode(&gotRsp); err != nil { t.Fatalf("json.Decode()=%v; want nil", err) } - if got, want := types.Version(gotRsp.SCTVersion), types.V1; got != want { + if got, want := rfc6962.Version(gotRsp.SCTVersion), rfc6962.V1; got != want { t.Errorf("resp.SCTVersion=%v; want %v", got, want) } if got, want := gotRsp.ID, demoLogID[:]; !bytes.Equal(got, want) { @@ -576,7 +576,7 @@ func TestAddPreChain(t *testing.T) { func createJSONChain(t *testing.T, p x509util.PEMCertPool) io.Reader { t.Helper() - var req types.AddChainRequest + var req rfc6962.AddChainRequest for _, rawCert := range p.RawCertificates() { req.Chain = append(req.Chain, rawCert.Raw) } diff --git a/internal/scti/signatures.go b/internal/scti/signatures.go index 69c11bfe..6807c0e4 100644 --- a/internal/scti/signatures.go +++ b/internal/scti/signatures.go @@ -24,7 +24,7 @@ import ( "time" tfl "github.com/transparency-dev/formats/log" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/types/tls" "golang.org/x/mod/sumdb/note" ) @@ -32,25 +32,25 @@ import ( const nanosPerMilli int64 = int64(time.Millisecond / time.Nanosecond) // signSCT builds an SCT for a leaf. -type signSCT func(leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) +type signSCT func(leaf *rfc6962.MerkleTreeLeaf) (*rfc6962.SignedCertificateTimestamp, error) // serializeSCTSignatureInput serializes the passed in sct and log entry into // the correct format for signing. -func serializeSCTSignatureInput(sct types.SignedCertificateTimestamp, entry types.LogEntry) ([]byte, error) { +func serializeSCTSignatureInput(sct rfc6962.SignedCertificateTimestamp, entry rfc6962.LogEntry) ([]byte, error) { switch sct.SCTVersion { - case types.V1: - input := types.CertificateTimestamp{ + case rfc6962.V1: + input := rfc6962.CertificateTimestamp{ SCTVersion: sct.SCTVersion, - SignatureType: types.CertificateTimestampSignatureType, + SignatureType: rfc6962.CertificateTimestampSignatureType, Timestamp: sct.Timestamp, EntryType: entry.Leaf.TimestampedEntry.EntryType, Extensions: sct.Extensions, } switch entry.Leaf.TimestampedEntry.EntryType { - case types.X509LogEntryType: + case rfc6962.X509LogEntryType: input.X509Entry = entry.Leaf.TimestampedEntry.X509Entry - case types.PrecertLogEntryType: - input.PrecertEntry = &types.PreCert{ + case rfc6962.PrecertLogEntryType: + input.PrecertEntry = &rfc6962.PreCert{ IssuerKeyHash: entry.Leaf.TimestampedEntry.PrecertEntry.IssuerKeyHash, TBSCertificate: entry.Leaf.TimestampedEntry.PrecertEntry.TBSCertificate, } @@ -65,14 +65,14 @@ func serializeSCTSignatureInput(sct types.SignedCertificateTimestamp, entry type // TODO(phboneff): create an SCTSigner object // TODO(phboneff): see if we can change leaf to idx and entry -func buildV1SCT(signer crypto.Signer, leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) { +func buildV1SCT(signer crypto.Signer, leaf *rfc6962.MerkleTreeLeaf) (*rfc6962.SignedCertificateTimestamp, error) { // Serialize SCT signature input to get the bytes that need to be signed - sctInput := types.SignedCertificateTimestamp{ - SCTVersion: types.V1, + sctInput := rfc6962.SignedCertificateTimestamp{ + SCTVersion: rfc6962.V1, Timestamp: leaf.TimestampedEntry.Timestamp, Extensions: leaf.TimestampedEntry.Extensions, } - data, err := serializeSCTSignatureInput(sctInput, types.LogEntry{Leaf: *leaf}) + data, err := serializeSCTSignatureInput(sctInput, rfc6962.LogEntry{Leaf: *leaf}) if err != nil { return nil, fmt.Errorf("failed to serialize SCT data: %v", err) } @@ -83,7 +83,7 @@ func buildV1SCT(signer crypto.Signer, leaf *types.MerkleTreeLeaf) (*types.Signed return nil, fmt.Errorf("failed to sign SCT data: %v", err) } - digitallySigned := types.DigitallySigned{ + digitallySigned := rfc6962.DigitallySigned{ Algorithm: tls.SignatureAndHashAlgorithm{ Hash: tls.SHA256, Signature: tls.SignatureAlgorithmFromPubKey(signer.Public()), @@ -96,9 +96,9 @@ func buildV1SCT(signer crypto.Signer, leaf *types.MerkleTreeLeaf) (*types.Signed return nil, fmt.Errorf("failed to get logID for signing: %v", err) } - return &types.SignedCertificateTimestamp{ - SCTVersion: types.V1, - LogID: types.LogID{KeyID: logID}, + return &rfc6962.SignedCertificateTimestamp{ + SCTVersion: rfc6962.V1, + LogID: rfc6962.LogID{KeyID: logID}, Timestamp: sctInput.Timestamp, Extensions: sctInput.Extensions, Signature: digitallySigned, @@ -107,21 +107,21 @@ func buildV1SCT(signer crypto.Signer, leaf *types.MerkleTreeLeaf) (*types.Signed type rfc6962NoteSignature struct { timestamp uint64 - signature types.DigitallySigned + signature rfc6962.DigitallySigned } // serializeSTHSignatureInput serializes the passed in STH into the correct // format for signing. -func serializeSTHSignatureInput(sth types.SignedTreeHead) ([]byte, error) { +func serializeSTHSignatureInput(sth rfc6962.SignedTreeHead) ([]byte, error) { switch sth.Version { - case types.V1: + case rfc6962.V1: if len(sth.SHA256RootHash) != crypto.SHA256.Size() { return nil, fmt.Errorf("invalid TreeHash length, got %d expected %d", len(sth.SHA256RootHash), crypto.SHA256.Size()) } - input := types.TreeHeadSignature{ + input := rfc6962.TreeHeadSignature{ Version: sth.Version, - SignatureType: types.TreeHashSignatureType, + SignatureType: rfc6962.TreeHashSignatureType, Timestamp: sth.Timestamp, TreeSize: sth.TreeSize, SHA256RootHash: sth.SHA256RootHash, @@ -135,8 +135,8 @@ func serializeSTHSignatureInput(sth types.SignedTreeHead) ([]byte, error) { // buildCp builds a https://c2sp.org/static-ct-api checkpoint. // TODO(phboneff): add tests func buildCp(signer crypto.Signer, size uint64, timeMilli uint64, hash []byte) ([]byte, error) { - sth := types.SignedTreeHead{ - Version: types.V1, + sth := rfc6962.SignedTreeHead{ + Version: rfc6962.V1, TreeSize: size, Timestamp: timeMilli, } @@ -155,7 +155,7 @@ func buildCp(signer crypto.Signer, size uint64, timeMilli uint64, hash []byte) ( rfc6962Note := rfc6962NoteSignature{ timestamp: sth.Timestamp, - signature: types.DigitallySigned{ + signature: rfc6962.DigitallySigned{ Algorithm: tls.SignatureAndHashAlgorithm{ Hash: tls.SHA256, Signature: tls.SignatureAlgorithmFromPubKey(signer.Public()), diff --git a/internal/scti/signatures_test.go b/internal/scti/signatures_test.go index e2b8f686..111af408 100644 --- a/internal/scti/signatures_test.go +++ b/internal/scti/signatures_test.go @@ -26,7 +26,7 @@ import ( "github.com/kylelemons/godebug/pretty" "github.com/transparency-dev/static-ct/internal/testdata" - "github.com/transparency-dev/static-ct/internal/types/types" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/types/tls" "github.com/transparency-dev/static-ct/internal/x509util" ) @@ -100,23 +100,23 @@ const ( "696d757374626565786163746c7974686972747974776f62797465736c6f6e67" ) -func defaultSCTLogID() types.LogID { - var id types.LogID +func defaultSCTLogID() rfc6962.LogID { + var id rfc6962.LogID copy(id.KeyID[:], defaultSCTLogIDString) return id } -func defaultSCTSignature() types.DigitallySigned { - var ds types.DigitallySigned +func defaultSCTSignature() rfc6962.DigitallySigned { + var ds rfc6962.DigitallySigned if _, err := tls.Unmarshal([]byte(defaultSCTSignatureString), &ds); err != nil { panic(err) } return ds } -func defaultSCT() types.SignedCertificateTimestamp { - return types.SignedCertificateTimestamp{ - SCTVersion: types.V1, +func defaultSCT() rfc6962.SignedCertificateTimestamp { + return rfc6962.SignedCertificateTimestamp{ + SCTVersion: rfc6962.V1, LogID: defaultSCTLogID(), Timestamp: defaultSCTTimestamp, Extensions: []byte{}, @@ -136,16 +136,16 @@ func defaultCertificateSCTSignatureInput(t *testing.T) []byte { return r } -func defaultCertificateLogEntry() types.LogEntry { - return types.LogEntry{ +func defaultCertificateLogEntry() rfc6962.LogEntry { + return rfc6962.LogEntry{ Index: 1, - Leaf: types.MerkleTreeLeaf{ - Version: types.V1, - LeafType: types.TimestampedEntryLeafType, - TimestampedEntry: &types.TimestampedEntry{ + Leaf: rfc6962.MerkleTreeLeaf{ + Version: rfc6962.V1, + LeafType: rfc6962.TimestampedEntryLeafType, + TimestampedEntry: &rfc6962.TimestampedEntry{ Timestamp: defaultSCTTimestamp, - EntryType: types.X509LogEntryType, - X509Entry: &types.ASN1Cert{Data: defaultCertificate()}, + EntryType: rfc6962.X509LogEntryType, + X509Entry: &rfc6962.ASN1Cert{Data: defaultCertificate()}, }, }, } @@ -170,16 +170,16 @@ func defaultPrecertIssuerHash() [32]byte { return b } -func defaultPrecertLogEntry() types.LogEntry { - return types.LogEntry{ +func defaultPrecertLogEntry() rfc6962.LogEntry { + return rfc6962.LogEntry{ Index: 1, - Leaf: types.MerkleTreeLeaf{ - Version: types.V1, - LeafType: types.TimestampedEntryLeafType, - TimestampedEntry: &types.TimestampedEntry{ + Leaf: rfc6962.MerkleTreeLeaf{ + Version: rfc6962.V1, + LeafType: rfc6962.TimestampedEntryLeafType, + TimestampedEntry: &rfc6962.TimestampedEntry{ Timestamp: defaultSCTTimestamp, - EntryType: types.PrecertLogEntryType, - PrecertEntry: &types.PreCert{ + EntryType: rfc6962.PrecertLogEntryType, + PrecertEntry: &rfc6962.PreCert{ IssuerKeyHash: defaultPrecertIssuerHash(), TBSCertificate: defaultPrecertTBS(), }, @@ -188,14 +188,14 @@ func defaultPrecertLogEntry() types.LogEntry { } } -func defaultSTH() types.SignedTreeHead { - var root types.SHA256Hash +func defaultSTH() rfc6962.SignedTreeHead { + var root rfc6962.SHA256Hash copy(root[:], "imustbeexactlythirtytwobyteslong") - return types.SignedTreeHead{ + return rfc6962.SignedTreeHead{ TreeSize: 6, Timestamp: 2345, SHA256RootHash: root, - TreeHeadSignature: types.DigitallySigned{ + TreeHeadSignature: rfc6962.DigitallySigned{ Algorithm: tls.SignatureAndHashAlgorithm{ Hash: tls.SHA256, Signature: tls.ECDSA}, @@ -259,7 +259,7 @@ func TestBuildV1MerkleTreeLeafForCert(t *testing.T) { if err != nil { t.Fatalf("buildV1MerkleTreeLeafForCert()=nil,%v; want _,nil", err) } - var leaf types.MerkleTreeLeaf + var leaf rfc6962.MerkleTreeLeaf leafValue := entry.MerkleTreeLeaf(uint64(fakeIndex)) if rest, err := tls.Unmarshal(leafValue, &leaf); err != nil { t.Fatalf("failed to reconstruct MerkleTreeLeaf: %s", err) @@ -271,12 +271,12 @@ func TestBuildV1MerkleTreeLeafForCert(t *testing.T) { t.Fatalf("buildV1SCT()=nil,%v; want _,nil", err) } - expected := types.SignedCertificateTimestamp{ + expected := rfc6962.SignedCertificateTimestamp{ SCTVersion: 0, - LogID: types.LogID{KeyID: demoLogID}, + LogID: rfc6962.LogID{KeyID: demoLogID}, Timestamp: fixedTimeMillis, - Extensions: types.CTExtensions(fakeExtension), - Signature: types.DigitallySigned{ + Extensions: rfc6962.CTExtensions(fakeExtension), + Signature: rfc6962.DigitallySigned{ Algorithm: tls.SignatureAndHashAlgorithm{ Hash: tls.SHA256, Signature: tls.ECDSA}, @@ -289,13 +289,13 @@ func TestBuildV1MerkleTreeLeafForCert(t *testing.T) { } // Additional checks that the MerkleTreeLeaf we built is correct - if got, want := leaf.Version, types.V1; got != want { + if got, want := leaf.Version, rfc6962.V1; got != want { t.Fatalf("Got a %v leaf, expected a %v leaf", got, want) } - if got, want := leaf.LeafType, types.TimestampedEntryLeafType; got != want { + if got, want := leaf.LeafType, rfc6962.TimestampedEntryLeafType; got != want { t.Fatalf("Got leaf type %v, expected %v", got, want) } - if got, want := leaf.TimestampedEntry.EntryType, types.X509LogEntryType; got != want { + if got, want := leaf.TimestampedEntry.EntryType, rfc6962.X509LogEntryType; got != want { t.Fatalf("Got entry type %v, expected %v", got, want) } if got, want := leaf.TimestampedEntry.Timestamp, got.Timestamp; got != want { @@ -322,7 +322,7 @@ func TestSignV1SCTForPrecertificate(t *testing.T) { if err != nil { t.Fatalf("buildV1MerkleTreeLeafForCert()=nil,%v; want _,nil", err) } - var leaf types.MerkleTreeLeaf + var leaf rfc6962.MerkleTreeLeaf leafValue := entry.MerkleTreeLeaf(uint64(fakeIndex)) if rest, err := tls.Unmarshal(leafValue, &leaf); err != nil { t.Fatalf("failed to reconstruct MerkleTreeLeaf: %s", err) @@ -335,12 +335,12 @@ func TestSignV1SCTForPrecertificate(t *testing.T) { t.Fatalf("buildV1SCT()=nil,%v; want _,nil", err) } - expected := types.SignedCertificateTimestamp{ + expected := rfc6962.SignedCertificateTimestamp{ SCTVersion: 0, - LogID: types.LogID{KeyID: demoLogID}, + LogID: rfc6962.LogID{KeyID: demoLogID}, Timestamp: fixedTimeMillis, - Extensions: types.CTExtensions(fakeExtension), - Signature: types.DigitallySigned{ + Extensions: rfc6962.CTExtensions(fakeExtension), + Signature: rfc6962.DigitallySigned{ Algorithm: tls.SignatureAndHashAlgorithm{ Hash: tls.SHA256, Signature: tls.ECDSA}, @@ -351,13 +351,13 @@ func TestSignV1SCTForPrecertificate(t *testing.T) { } // Additional checks that the MerkleTreeLeaf we built is correct - if got, want := leaf.Version, types.V1; got != want { + if got, want := leaf.Version, rfc6962.V1; got != want { t.Fatalf("Got a %v leaf, expected a %v leaf", got, want) } - if got, want := leaf.LeafType, types.TimestampedEntryLeafType; got != want { + if got, want := leaf.LeafType, rfc6962.TimestampedEntryLeafType; got != want { t.Fatalf("Got leaf type %v, expected %v", got, want) } - if got, want := leaf.TimestampedEntry.EntryType, types.PrecertLogEntryType; got != want { + if got, want := leaf.TimestampedEntry.EntryType, rfc6962.PrecertLogEntryType; got != want { t.Fatalf("Got entry type %v, expected %v", got, want) } if got, want := got.Timestamp, leaf.TimestampedEntry.Timestamp; got != want { diff --git a/internal/types/types/rfc6962.go b/internal/types/rfc6962/rfc6962.go similarity index 99% rename from internal/types/types/rfc6962.go rename to internal/types/rfc6962/rfc6962.go index a418093e..1b535556 100644 --- a/internal/types/types/rfc6962.go +++ b/internal/types/rfc6962/rfc6962.go @@ -1,4 +1,4 @@ -package types +package rfc6962 import ( "crypto/sha256" From 862dbec58402b44efd2093ce4e1b5943d72768cc Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Mon, 7 Apr 2025 16:01:49 +0000 Subject: [PATCH 4/5] sort out package renaming --- internal/hammer/loadtest/workers.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/internal/hammer/loadtest/workers.go b/internal/hammer/loadtest/workers.go index cb3780a2..90144699 100644 --- a/internal/hammer/loadtest/workers.go +++ b/internal/hammer/loadtest/workers.go @@ -27,9 +27,9 @@ import ( "github.com/transparency-dev/formats/log" "github.com/transparency-dev/merkle/proof" - "github.com/transparency-dev/merkle/rfc6962" + hasher "github.com/transparency-dev/merkle/rfc6962" "github.com/transparency-dev/static-ct/internal/client" - rfc69621 "github.com/transparency-dev/static-ct/internal/types/rfc6962" + "github.com/transparency-dev/static-ct/internal/types/rfc6962" "github.com/transparency-dev/static-ct/internal/x509util" "github.com/transparency-dev/trillian-tessera/api/layout" "github.com/transparency-dev/trillian-tessera/ctonly" @@ -246,7 +246,7 @@ func (w *LogWriter) Run(ctx context.Context) { // TODO: Remove the json.Unmarshal by generating the chain and // marshaling the add chain request from w.gen() at a later stage. - var req rfc69621.AddChainRequest + var req rfc6962.AddChainRequest if err := json.Unmarshal(newLeaf, &req); err != nil { klog.Warningf("Failed to unmarshal add-chain request: %v", err) } @@ -365,7 +365,7 @@ func (v *MMDVerifier) Run(ctx context.Context) { panic(fmt.Sprintf("Failed to create entry from chain: %v", err)) } leafHash := entry.MerkleLeafHash(leafMMD.index) - if err := proof.VerifyInclusion(rfc6962.DefaultHasher, leafMMD.index, checkpoint.Size, leafHash, ip, checkpoint.Hash); err != nil { + if err := proof.VerifyInclusion(hasher.DefaultHasher, leafMMD.index, checkpoint.Size, leafHash, ip, checkpoint.Hash); err != nil { panic(fmt.Sprintf("Failed to verify inclusion proof: %v", err)) } @@ -449,7 +449,7 @@ func isPreIssuer(cert *x509.Certificate) bool { // Look for the extension in the Extensions field and not ExtKeyUsage // since crypto/x509 does not recognize this extension as an ExtKeyUsage. for _, ext := range cert.Extensions { - if rfc69621.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { + if rfc6962.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) { return true } } From 303982ff2eaf88bf663cc3a5e28a38bc1bb26327 Mon Sep 17 00:00:00 2001 From: Philippe Boneff Date: Mon, 7 Apr 2025 16:02:57 +0000 Subject: [PATCH 5/5] s/staticctapi/staticct --- internal/client/client.go | 6 +++--- internal/types/{staticctapi => staticct}/staticctapi.go | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) rename internal/types/{staticctapi => staticct}/staticctapi.go (99%) diff --git a/internal/client/client.go b/internal/client/client.go index 3f790d85..3277adb6 100644 --- a/internal/client/client.go +++ b/internal/client/client.go @@ -30,7 +30,7 @@ import ( "github.com/transparency-dev/merkle/compact" "github.com/transparency-dev/merkle/proof" "github.com/transparency-dev/merkle/rfc6962" - "github.com/transparency-dev/static-ct/internal/types/staticctapi" + "github.com/transparency-dev/static-ct/internal/types/staticct" "github.com/transparency-dev/trillian-tessera/api" "github.com/transparency-dev/trillian-tessera/api/layout" "golang.org/x/mod/sumdb/note" @@ -285,8 +285,8 @@ func (n *nodeCache) GetNode(ctx context.Context, id compact.NodeID) ([]byte, err } // GetEntryBundle fetches the entry bundle at the given _tile index_. -func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (staticctapi.EntryBundle, error) { - bundle := staticctapi.EntryBundle{} +func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (staticct.EntryBundle, error) { + bundle := staticct.EntryBundle{} sRaw, err := f(ctx, i, layout.PartialTileSize(0, i, logSize)) if err != nil { if errors.Is(err, os.ErrNotExist) { diff --git a/internal/types/staticctapi/staticctapi.go b/internal/types/staticct/staticctapi.go similarity index 99% rename from internal/types/staticctapi/staticctapi.go rename to internal/types/staticct/staticctapi.go index f8949ddc..a15a136c 100644 --- a/internal/types/staticctapi/staticctapi.go +++ b/internal/types/staticct/staticctapi.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package staticctapi +package staticct import ( "fmt"