Verify that the config that is loaded has some sanity (at least a single log, various fields containing data, reporting when empty etc)

tesseract/genconf/env.go

@@ -32,7 +32,7 @@ func generateEnv(yamlFile string) {
 		// Build TESSERACT_ARGS string
 		args := []string{
 			fmt.Sprintf("--private_key=%s", logEntry.Secret),
-			fmt.Sprintf("--origin=%s.log.ct.ipng.ch", logEntry.ShortName),
+			fmt.Sprintf("--origin=%s.%s", logEntry.ShortName, logEntry.Domain),
 			fmt.Sprintf("--storage_dir=%s", logEntry.LocalDirectory),
 			fmt.Sprintf("--roots_pem_file=%s", rootsPemPath),
 		}

tesseract/genconf/html.go

@@ -74,7 +74,7 @@ const htmlTemplate = `<!DOCTYPE html>
 
     {{range .Logs}}
 
-    <h2>{{.ShortName}}.log.ct.ipng.ch</h2>
+    <h2>{{.ShortName}}.{{.Domain}}</h2>
 
     <p>
       Log ID: <code>{{.LogID}}</code><br>
@@ -211,7 +211,7 @@ func computeKeyInfo(logEntry *Log) error {
 
 func generateLogJSONWithStatus(logEntry Log, outputPath string) error {
 	logJSON := LogV3JSON{
-		Description:   fmt.Sprintf("%s.log.ct.ipng.ch", logEntry.ShortName),
+		Description:   fmt.Sprintf("%s.%s", logEntry.ShortName, logEntry.Domain),
 		SubmissionURL: fmt.Sprintf("%s/", logEntry.SubmissionPrefix),
 		MonitoringURL: fmt.Sprintf("%s/", logEntry.MonitoringPrefix),
 		TemporalInterval: TemporalInterval{

tesseract/genconf/key.go

@@ -19,20 +19,20 @@ func generateKeys(yamlFile string) {
 	for _, logEntry := range config.Logs {
 		// Check if key already exists
 		if _, err := os.Stat(logEntry.Secret); err == nil {
-			fmt.Printf("Key already exists: %s (skipped)\n", logEntry.Secret)
+			fmt.Printf("Key already exists for log %s: %s (skipped)\n", logEntry.ShortName, logEntry.Secret)
 			continue
 		}
 
 		// Generate new prime256v1 key
 		privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 		if err != nil {
-			log.Fatalf("Failed to generate key for %s: %v", logEntry.ShortName, err)
+			log.Fatalf("Failed to generate key for log %s: %v", logEntry.ShortName, err)
 		}
 
 		// Marshal private key to DER format
 		privKeyDER, err := x509.MarshalECPrivateKey(privKey)
 		if err != nil {
-			log.Fatalf("Failed to marshal private key for %s: %v", logEntry.ShortName, err)
+			log.Fatalf("Failed to marshal private key for log %s: %v", logEntry.ShortName, err)
 		}
 
 		// Create PEM block
@@ -43,13 +43,13 @@ func generateKeys(yamlFile string) {
 
 		// Ensure directory exists
 		if err := os.MkdirAll(filepath.Dir(logEntry.Secret), 0755); err != nil {
-			log.Fatalf("Failed to create directory for %s: %v", logEntry.Secret, err)
+			log.Fatalf("Failed to create directory for %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err)
 		}
 
 		// Write key to file
 		err = os.WriteFile(logEntry.Secret, privKeyPEM, 0600)
 		if err != nil {
-			log.Fatalf("Failed to write key file %s: %v", logEntry.Secret, err)
+			log.Fatalf("Failed to write key file %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err)
 		}
 
 		fmt.Printf("Generated %s\n", logEntry.Secret)

tesseract/genconf/main.go

@@ -19,6 +19,7 @@ type Config struct {
 
 type Log struct {
 	ShortName        string    `yaml:"shortname"`
+	Domain           string    `yaml:"domain"`
 	Inception        string    `yaml:"inception"`
 	Period           int       `yaml:"period"`
 	PoolSize         int       `yaml:"poolsize"`
@@ -84,13 +85,74 @@ func loadConfig(yamlFile string) Config {
 		config.Listen = []string{":8080"}
 	}
 
-	// Set defaults for log entries
+	// Checkpoints & Roots are not used in-code, not checking for being set/valid
+
+	// Ensure there are logs configured
+	if len(config.Logs) == 0 {
+		log.Fatalf("Parsed YAML did not include any 'logs'")
+	}
+
+	// Set defaults for log entries and check for empty/missing values
 	for i := range config.Logs {
+		// Checks are in order of fields of the Log struct
+
+		if config.Logs[i].ShortName == "" {
+			log.Fatalf("Log %d is missing a ShortName", i)
+		}
+
+		if config.Logs[i].Domain == "" {
+			log.Fatalf("Log %d (%s) is missing a value for Domain", i, config.Logs[i].ShortName)
+		}
+
+		// Inception is not used in-code
+
+		if config.Logs[i].Period == 0 {
+			config.Logs[i].Period = 200
+		}
+
 		if config.Logs[i].PoolSize == 0 {
 			config.Logs[i].PoolSize = 750
 		}
-		if config.Logs[i].Period == 0 {
+
-			config.Logs[i].Period = 200
+		if config.Logs[i].SubmissionPrefix == "" {
+			log.Fatalf("Log %d (%s) is missing a value for SubmissionPrefix", i, config.Logs[i].ShortName)
+		}
+
+		if config.Logs[i].MonitoringPrefix == "" {
+			log.Fatalf("Log %d (%s) is missing a value for MonitoringPrefix", i, config.Logs[i].ShortName)
+		}
+
+		// CCadbRoots is not used in-code
+		// ExtraRoots is optional
+
+		if config.Logs[i].Secret == "" {
+			log.Fatalf("Log %d (%s) is missing a value for Secret", i, config.Logs[i].ShortName)
+		}
+
+		// Cache is not used in-code
+
+		if config.Logs[i].LocalDirectory == "" {
+			log.Fatalf("Log %d (%s) is missing a value for LocalDirectory", i, config.Logs[i].ShortName)
+		}
+
+		// Listen, NotAfterStart and NotAfterLimit are optional
+
+		// These fields are exported due to HTML templates
+		// but should not be provided/filled by the user
+		if config.Logs[i].LogID != "" {
+			log.Fatalf("Log %d (%s) has field LogID should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].LogID)
+		}
+
+		if config.Logs[i].PublicKeyPEM != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyPEM should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyPEM)
+		}
+
+		if config.Logs[i].PublicKeyDERB64 != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyDERB64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyDERB64)
+		}
+
+		if config.Logs[i].PublicKeyBase64 != "" {
+			log.Fatalf("Log %d (%s) has field PublicKeyBase64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyBase64)
 		}
 	}