split types into rfc6962 and staticctapi

internal/client/client.go

@@ -30,7 +30,7 @@ import (
 	"github.com/transparency-dev/merkle/compact"
 	"github.com/transparency-dev/merkle/proof"
 	"github.com/transparency-dev/merkle/rfc6962"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/staticct"
 	"github.com/transparency-dev/trillian-tessera/api"
 	"github.com/transparency-dev/trillian-tessera/api/layout"
 	"golang.org/x/mod/sumdb/note"
@@ -285,8 +285,8 @@ func (n *nodeCache) GetNode(ctx context.Context, id compact.NodeID) ([]byte, err
 }
 
 // GetEntryBundle fetches the entry bundle at the given _tile index_.
-func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (types.EntryBundle, error) {
-	bundle := types.EntryBundle{}
+func GetEntryBundle(ctx context.Context, f EntryBundleFetcherFunc, i, logSize uint64) (staticct.EntryBundle, error) {
+	bundle := staticct.EntryBundle{}
 	sRaw, err := f(ctx, i, layout.PartialTileSize(0, i, logSize))
 	if err != nil {
 		if errors.Is(err, os.ErrNotExist) {

internal/hammer/chain.go

@@ -22,7 +22,7 @@ import (
 	"math/big"
 	"time"
 
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"k8s.io/klog/v2"
 )
 
@@ -85,7 +85,7 @@ func (g *chainGenerator) certificate(serialNumber int64) []byte {
 
 // addChainRequestBody generates the add-chain request body for submission.
 func (g *chainGenerator) addChainRequestBody(serialNumber int64) []byte {
-	var req types.AddChainRequest
+	var req rfc6962.AddChainRequest
 
 	req.Chain = append(req.Chain, g.certificate(serialNumber))
 	req.Chain = append(req.Chain, g.intermediateCert.Raw)

internal/hammer/loadtest/client.go

@@ -30,7 +30,7 @@ import (
 	"time"
 
 	"github.com/transparency-dev/static-ct/internal/client"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"golang.org/x/crypto/cryptobyte"
 	"k8s.io/klog/v2"
 )
@@ -235,7 +235,7 @@ func (rr *roundRobinLeafWriter) next() LeafWriter {
 // index from the extensions and timestamp from the response.
 // Code is inspired by https://github.com/FiloSottile/sunlight/blob/main/tile.go.
 func parseAddChainResponse(body []byte) (uint64, uint64, error) {
-	var resp types.AddChainResponse
+	var resp rfc6962.AddChainResponse
 	if err := json.Unmarshal(body, &resp); err != nil {
 		return 0, 0, fmt.Errorf("can't parse add-chain response: %v", err)
 	}

internal/hammer/loadtest/workers.go

@@ -27,9 +27,9 @@ import (
 
 	"github.com/transparency-dev/formats/log"
 	"github.com/transparency-dev/merkle/proof"
-	"github.com/transparency-dev/merkle/rfc6962"
+	hasher "github.com/transparency-dev/merkle/rfc6962"
 	"github.com/transparency-dev/static-ct/internal/client"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"github.com/transparency-dev/static-ct/internal/x509util"
 	"github.com/transparency-dev/trillian-tessera/api/layout"
 	"github.com/transparency-dev/trillian-tessera/ctonly"
@@ -246,7 +246,7 @@ func (w *LogWriter) Run(ctx context.Context) {
 
 		// TODO: Remove the json.Unmarshal by generating the chain and
 		// marshaling the add chain request from w.gen() at a later stage.
-		var req types.AddChainRequest
+		var req rfc6962.AddChainRequest
 		if err := json.Unmarshal(newLeaf, &req); err != nil {
 			klog.Warningf("Failed to unmarshal add-chain request: %v", err)
 		}
@@ -365,7 +365,7 @@ func (v *MMDVerifier) Run(ctx context.Context) {
 			panic(fmt.Sprintf("Failed to create entry from chain: %v", err))
 		}
 		leafHash := entry.MerkleLeafHash(leafMMD.index)
-		if err := proof.VerifyInclusion(rfc6962.DefaultHasher, leafMMD.index, checkpoint.Size, leafHash, ip, checkpoint.Hash); err != nil {
+		if err := proof.VerifyInclusion(hasher.DefaultHasher, leafMMD.index, checkpoint.Size, leafHash, ip, checkpoint.Hash); err != nil {
 			panic(fmt.Sprintf("Failed to verify inclusion proof: %v", err))
 		}
 
@@ -449,7 +449,7 @@ func isPreIssuer(cert *x509.Certificate) bool {
 	// Look for the extension in the Extensions field and not ExtKeyUsage
 	// since crypto/x509 does not recognize this extension as an ExtKeyUsage.
 	for _, ext := range cert.Extensions {
-		if types.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) {
+		if rfc6962.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) {
 			return true
 		}
 	}

internal/scti/chain_validation.go

@@ -25,7 +25,7 @@ import (
 	"time"
 
 	"github.com/transparency-dev/static-ct/internal/lax509"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"github.com/transparency-dev/static-ct/internal/x509util"
 	"k8s.io/klog/v2"
 )
@@ -131,7 +131,7 @@ func isPrecertificate(cert *x509.Certificate) (bool, error) {
 	}
 
 	for _, ext := range cert.Extensions {
-		if types.OIDExtensionCTPoison.Equal(ext.Id) {
+		if rfc6962.OIDExtensionCTPoison.Equal(ext.Id) {
 			if !ext.Critical || !bytes.Equal(asn1.NullBytes, ext.Value) {
 				return false, fmt.Errorf("CT poison ext is not critical or invalid: %v", ext)
 			}

internal/scti/chain_validation_test.go

@@ -24,7 +24,7 @@ import (
 	"time"
 
 	"github.com/transparency-dev/static-ct/internal/testdata"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"github.com/transparency-dev/static-ct/internal/x509util"
 )
 
@@ -169,13 +169,13 @@ func wipeExtensions(cert *x509.Certificate) *x509.Certificate {
 
 func makePoisonNonCritical(cert *x509.Certificate) *x509.Certificate {
 	// Invalid as a pre-cert because poison extension needs to be marked as critical.
-	cert.Extensions = []pkix.Extension{{Id: types.OIDExtensionCTPoison, Critical: false, Value: asn1.NullBytes}}
+	cert.Extensions = []pkix.Extension{{Id: rfc6962.OIDExtensionCTPoison, Critical: false, Value: asn1.NullBytes}}
 	return cert
 }
 
 func makePoisonNonNull(cert *x509.Certificate) *x509.Certificate {
 	// Invalid as a pre-cert because poison extension is not ASN.1 NULL value.
-	cert.Extensions = []pkix.Extension{{Id: types.OIDExtensionCTPoison, Critical: false, Value: []byte{0x42, 0x42, 0x42}}}
+	cert.Extensions = []pkix.Extension{{Id: rfc6962.OIDExtensionCTPoison, Critical: false, Value: []byte{0x42, 0x42, 0x42}}}
 	return cert
 }
 

internal/scti/ctlog.go

@@ -8,7 +8,7 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"github.com/transparency-dev/static-ct/modules/dedup"
 	"github.com/transparency-dev/static-ct/storage"
 	tessera "github.com/transparency-dev/trillian-tessera"
@@ -64,7 +64,7 @@ func NewLog(ctx context.Context, origin string, signer crypto.Signer, cvOpts Cha
 		return nil, fmt.Errorf("unsupported key type: %v", keyType)
 	}
 
-	log.signSCT = func(leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) {
+	log.signSCT = func(leaf *rfc6962.MerkleTreeLeaf) (*rfc6962.SignedCertificateTimestamp, error) {
 		return buildV1SCT(signer, leaf)
 	}
 

internal/scti/handlers.go

@@ -31,7 +31,7 @@ import (
 
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
-	"github.com/transparency-dev/static-ct/internal/types"
+	"github.com/transparency-dev/static-ct/internal/types/rfc6962"
 	"github.com/transparency-dev/static-ct/internal/types/tls"
 	"github.com/transparency-dev/static-ct/internal/x509util"
 	"github.com/transparency-dev/static-ct/modules/dedup"
@@ -209,9 +209,9 @@ func NewPathHandlers(opts *HandlerOptions, log *log) pathHandlers {
 	// Bind each endpoint to an appHandler instance.
 	// TODO(phboneff): try and get rid of PathHandlers and appHandler
 	ph := pathHandlers{
-		prefix + types.AddChainPath:    appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost},
-		prefix + types.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost},
-		prefix + types.GetRootsPath:    appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet},
+		prefix + rfc6962.AddChainPath:    appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost},
+		prefix + rfc6962.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost},
+		prefix + rfc6962.GetRootsPath:    appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet},
 	}
 
 	return ph
@@ -227,23 +227,23 @@ func (opts *HandlerOptions) sendHTTPError(w http.ResponseWriter, statusCode int,
 }
 
 // parseBodyAsJSONChain tries to extract cert-chain out of request.
-func parseBodyAsJSONChain(r *http.Request) (types.AddChainRequest, error) {
+func parseBodyAsJSONChain(r *http.Request) (rfc6962.AddChainRequest, error) {
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		klog.V(1).Infof("Failed to read request body: %v", err)
-		return types.AddChainRequest{}, err
+		return rfc6962.AddChainRequest{}, err
 	}
 
-	var req types.AddChainRequest
+	var req rfc6962.AddChainRequest
 	if err := json.Unmarshal(body, &req); err != nil {
 		klog.V(1).Infof("Failed to parse request body: %v", err)
-		return types.AddChainRequest{}, err
+		return rfc6962.AddChainRequest{}, err
 	}
 
 	// The cert chain is not allowed to be empty. We'll defer other validation for later
 	if len(req.Chain) == 0 {
 		klog.V(1).Infof("Request chain is empty: %q", body)
-		return types.AddChainRequest{}, errors.New("cert chain was empty")
+		return rfc6962.AddChainRequest{}, errors.New("cert chain was empty")
 	}
 
 	return req, nil
@@ -324,7 +324,7 @@ func addChainInternal(ctx context.Context, opts *HandlerOptions, log *log, w htt
 	}
 
 	// Always use the returned leaf as the basis for an SCT.
-	var loggedLeaf types.MerkleTreeLeaf
+	var loggedLeaf rfc6962.MerkleTreeLeaf
 	leafValue := entry.MerkleTreeLeaf(idx)
 	if rest, err := tls.Unmarshal(leafValue, &loggedLeaf); err != nil {
 		return http.StatusInternalServerError, fmt.Errorf("failed to reconstruct MerkleTreeLeaf: %s", err)
@@ -393,7 +393,7 @@ func deadlineTime(opts *HandlerOptions) time.Time {
 
 // verifyAddChain is used by add-chain and add-pre-chain. It does the checks that the supplied
 // cert is of the correct type and chains to a trusted root.
-func verifyAddChain(log *log, req types.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) {
+func verifyAddChain(log *log, req rfc6962.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) {
 	// We already checked that the chain is not empty so can move on to verification
 	validPath, err := validateChain(req.Chain, log.chainValidationOpts)
 	if err != nil {
@@ -422,13 +422,13 @@ func verifyAddChain(log *log, req types.AddChainRequest, expectingPrecert bool)
 
 // marshalAndWriteAddChainResponse is used by add-chain and add-pre-chain to create and write
 // the JSON response to the client
-func marshalAndWriteAddChainResponse(sct *types.SignedCertificateTimestamp, w http.ResponseWriter) error {
+func marshalAndWriteAddChainResponse(sct *rfc6962.SignedCertificateTimestamp, w http.ResponseWriter) error {
 	sig, err := tls.Marshal(sct.Signature)
 	if err != nil {
 		return fmt.Errorf("failed to marshal signature: %s", err)
 	}
 
-	rsp := types.AddChainResponse{
+	rsp := rfc6962.AddChainResponse{
 		SCTVersion: sct.SCTVersion,
 		Timestamp:  sct.Timestamp,
 		ID:         sct.LogID.KeyID[:],
@@ -516,7 +516,7 @@ func isPreIssuer(cert *x509.Certificate) bool {
 	// Look for the extension in the Extensions field and not ExtKeyUsage
 	// since crypto/x509 does not recognize this extension as an ExtKeyUsage.
 	for _, ext := range cert.Extensions {
-		if types.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) {
+		if rfc6962.OIDExtKeyUsageCertificateTransparency.Equal(ext.Id) {
 			return true
 		}
 	}