Verify that the config that is loaded has some sanity (at least a single log, various fields containing data, reporting when empty etc)

key: Improve error message, including the log name for clarity
2025-08-28 12:03:36 +02:00 · 2025-08-28 12:03:15 +02:00
2 changed files with 55 additions and 5 deletions
--- a/tesseract/genconf/key.go
+++ b/tesseract/genconf/key.go
@@ -19,20 +19,20 @@ func generateKeys(yamlFile string) {
 	for _, logEntry := range config.Logs {
 		// Check if key already exists
 		if _, err := os.Stat(logEntry.Secret); err == nil {
-			fmt.Printf("Key already exists: %s (skipped)\n", logEntry.Secret)
+			fmt.Printf("Key already exists for log %s: %s (skipped)\n", logEntry.ShortName, logEntry.Secret)
 			continue
 		}

 		// Generate new prime256v1 key
 		privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
-			log.Fatalf("Failed to generate key for %s: %v", logEntry.ShortName, err)
+			log.Fatalf("Failed to generate key for log %s: %v", logEntry.ShortName, err)
 		}

 		// Marshal private key to DER format
 		privKeyDER, err := x509.MarshalECPrivateKey(privKey)
 		if err != nil {
-			log.Fatalf("Failed to marshal private key for %s: %v", logEntry.ShortName, err)
+			log.Fatalf("Failed to marshal private key for log %s: %v", logEntry.ShortName, err)
 		}

 		// Create PEM block
@@ -43,13 +43,13 @@ func generateKeys(yamlFile string) {

 		// Ensure directory exists
 		if err := os.MkdirAll(filepath.Dir(logEntry.Secret), 0755); err != nil {
-			log.Fatalf("Failed to create directory for %s: %v", logEntry.Secret, err)
+			log.Fatalf("Failed to create directory for %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err)
 		}

 		// Write key to file
 		err = os.WriteFile(logEntry.Secret, privKeyPEM, 0600)
 		if err != nil {
-			log.Fatalf("Failed to write key file %s: %v", logEntry.Secret, err)
+			log.Fatalf("Failed to write key file %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err)
 		}

 		fmt.Printf("Generated %s\n", logEntry.Secret)
--- a/tesseract/genconf/main.go
+++ b/tesseract/genconf/main.go
@@ -85,6 +85,13 @@ func loadConfig(yamlFile string) Config {
 		config.Listen = []string{":8080"}
 	}

+	// Checkpoints & Roots are not used in-code, not checking for being set/valid
+
+	// Ensure there are logs configured
+	if len(config.Logs) == 0 {
+		log.Fatalf("Parsed YAML did not include any 'logs'")
+	}
+
 	// Set defaults for log entries and check for empty/missing values
 	for i := range config.Logs {
 		// Checks are in order of fields of the Log struct
@@ -97,6 +104,8 @@ func loadConfig(yamlFile string) Config {
 			log.Fatalf("Log %d (%s) is missing a value for Domain", i, config.Logs[i].ShortName)
 		}

+		// Inception is not used in-code
+
 		if config.Logs[i].Period == 0 {
 			config.Logs[i].Period = 200
 		}
@@ -104,6 +113,47 @@ func loadConfig(yamlFile string) Config {
 		if config.Logs[i].PoolSize == 0 {
 			config.Logs[i].PoolSize = 750
 		}
+
+		if config.Logs[i].SubmissionPrefix == "" {
+			log.Fatalf("Log %d (%s) is missing a value for SubmissionPrefix", i, config.Logs[i].ShortName)
+		}
+
+		if config.Logs[i].MonitoringPrefix == "" {
+			log.Fatalf("Log %d (%s) is missing a value for MonitoringPrefix", i, config.Logs[i].ShortName)
+		}
+
+		// CCadbRoots is not used in-code
+		// ExtraRoots is optional
+
+		if config.Logs[i].Secret == "" {
+			log.Fatalf("Log %d (%s) is missing a value for Secret", i, config.Logs[i].ShortName)
+		}
+
+		// Cache is not used in-code
+
+		if config.Logs[i].LocalDirectory == "" {
+			log.Fatalf("Log %d (%s) is missing a value for LocalDirectory", i, config.Logs[i].ShortName)
+		}
+
+		// Listen, NotAfterStart and NotAfterLimit are optional
+
+		// These fields are exported due to HTML templates
+		// but should not be provided/filled by the user
+		if config.Logs[i].LogID != "" {
+			log.Fatalf("Log %d (%s) has field LogID should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].LogID)
+		}
+
+		if config.Logs[i].PublicKeyPEM != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyPEM should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyPEM)
+		}
+
+		if config.Logs[i].PublicKeyDERB64 != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyDERB64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyDERB64)
+		}
+
+		if config.Logs[i].PublicKeyBase64 != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyBase64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyBase64)
+		}
 	}

 	return config
Author	SHA1	Message	Date
Jeroen Massar	61097dc961	Verify that the config that is loaded has some sanity (at least a single log, various fields containing data, reporting when empty etc)	2025-08-28 12:03:36 +02:00
Jeroen Massar	9db46db7ca	key: Improve error message, including the log name for clarity	2025-08-28 12:03:15 +02:00