diff --git a/tesseract/genconf/env.go b/tesseract/genconf/env.go index 9e21921..1253d12 100644 --- a/tesseract/genconf/env.go +++ b/tesseract/genconf/env.go @@ -32,7 +32,7 @@ func generateEnv(yamlFile string) { // Build TESSERACT_ARGS string args := []string{ fmt.Sprintf("--private_key=%s", logEntry.Secret), - fmt.Sprintf("--origin=%s.log.ct.ipng.ch", logEntry.ShortName), + fmt.Sprintf("--origin=%s.%s", logEntry.ShortName, logEntry.Domain), fmt.Sprintf("--storage_dir=%s", logEntry.LocalDirectory), fmt.Sprintf("--roots_pem_file=%s", rootsPemPath), } diff --git a/tesseract/genconf/html.go b/tesseract/genconf/html.go index 4426629..acfe384 100644 --- a/tesseract/genconf/html.go +++ b/tesseract/genconf/html.go @@ -74,7 +74,7 @@ const htmlTemplate = ` {{range .Logs}} -

{{.ShortName}}.log.ct.ipng.ch

+

{{.ShortName}}.{{.Domain}}

Log ID: {{.LogID}}
@@ -211,7 +211,7 @@ func computeKeyInfo(logEntry *Log) error { func generateLogJSONWithStatus(logEntry Log, outputPath string) error { logJSON := LogV3JSON{ - Description: fmt.Sprintf("%s.log.ct.ipng.ch", logEntry.ShortName), + Description: fmt.Sprintf("%s.%s", logEntry.ShortName, logEntry.Domain), SubmissionURL: fmt.Sprintf("%s/", logEntry.SubmissionPrefix), MonitoringURL: fmt.Sprintf("%s/", logEntry.MonitoringPrefix), TemporalInterval: TemporalInterval{ diff --git a/tesseract/genconf/key.go b/tesseract/genconf/key.go index f49d1dc..3fb0e4e 100644 --- a/tesseract/genconf/key.go +++ b/tesseract/genconf/key.go @@ -19,20 +19,20 @@ func generateKeys(yamlFile string) { for _, logEntry := range config.Logs { // Check if key already exists if _, err := os.Stat(logEntry.Secret); err == nil { - fmt.Printf("Key already exists: %s (skipped)\n", logEntry.Secret) + fmt.Printf("Key already exists for log %s: %s (skipped)\n", logEntry.ShortName, logEntry.Secret) continue } // Generate new prime256v1 key privKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { - log.Fatalf("Failed to generate key for %s: %v", logEntry.ShortName, err) + log.Fatalf("Failed to generate key for log %s: %v", logEntry.ShortName, err) } // Marshal private key to DER format privKeyDER, err := x509.MarshalECPrivateKey(privKey) if err != nil { - log.Fatalf("Failed to marshal private key for %s: %v", logEntry.ShortName, err) + log.Fatalf("Failed to marshal private key for log %s: %v", logEntry.ShortName, err) } // Create PEM block @@ -43,13 +43,13 @@ func generateKeys(yamlFile string) { // Ensure directory exists if err := os.MkdirAll(filepath.Dir(logEntry.Secret), 0755); err != nil { - log.Fatalf("Failed to create directory for %s: %v", logEntry.Secret, err) + log.Fatalf("Failed to create directory for %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err) } // Write key to file err = os.WriteFile(logEntry.Secret, privKeyPEM, 0600) if err != nil { - log.Fatalf("Failed to write key file %s: %v", logEntry.Secret, err) + log.Fatalf("Failed to write key file %s for log %s: %v", logEntry.Secret, logEntry.ShortName, err) } fmt.Printf("Generated %s\n", logEntry.Secret) diff --git a/tesseract/genconf/main.go b/tesseract/genconf/main.go index b872806..d6c0b69 100644 --- a/tesseract/genconf/main.go +++ b/tesseract/genconf/main.go @@ -19,6 +19,7 @@ type Config struct { type Log struct { ShortName string `yaml:"shortname"` + Domain string `yaml:"domain"` Inception string `yaml:"inception"` Period int `yaml:"period"` PoolSize int `yaml:"poolsize"` @@ -84,13 +85,74 @@ func loadConfig(yamlFile string) Config { config.Listen = []string{":8080"} } - // Set defaults for log entries + // Checkpoints & Roots are not used in-code, not checking for being set/valid + + // Ensure there are logs configured + if len(config.Logs) == 0 { + log.Fatalf("Parsed YAML did not include any 'logs'") + } + + // Set defaults for log entries and check for empty/missing values for i := range config.Logs { + // Checks are in order of fields of the Log struct + + if config.Logs[i].ShortName == "" { + log.Fatalf("Log %d is missing a ShortName", i) + } + + if config.Logs[i].Domain == "" { + log.Fatalf("Log %d (%s) is missing a value for Domain", i, config.Logs[i].ShortName) + } + + // Inception is not used in-code + + if config.Logs[i].Period == 0 { + config.Logs[i].Period = 200 + } + if config.Logs[i].PoolSize == 0 { config.Logs[i].PoolSize = 750 } - if config.Logs[i].Period == 0 { - config.Logs[i].Period = 200 + + if config.Logs[i].SubmissionPrefix == "" { + log.Fatalf("Log %d (%s) is missing a value for SubmissionPrefix", i, config.Logs[i].ShortName) + } + + if config.Logs[i].MonitoringPrefix == "" { + log.Fatalf("Log %d (%s) is missing a value for MonitoringPrefix", i, config.Logs[i].ShortName) + } + + // CCadbRoots is not used in-code + // ExtraRoots is optional + + if config.Logs[i].Secret == "" { + log.Fatalf("Log %d (%s) is missing a value for Secret", i, config.Logs[i].ShortName) + } + + // Cache is not used in-code + + if config.Logs[i].LocalDirectory == "" { + log.Fatalf("Log %d (%s) is missing a value for LocalDirectory", i, config.Logs[i].ShortName) + } + + // Listen, NotAfterStart and NotAfterLimit are optional + + // These fields are exported due to HTML templates + // but should not be provided/filled by the user + if config.Logs[i].LogID != "" { + log.Fatalf("Log %d (%s) has field LogID should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].LogID) + } + + if config.Logs[i].PublicKeyPEM != "" { + log.Fatalf("Log %d (%s) has field PublicKeyPEM should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyPEM) + } + + if config.Logs[i].PublicKeyDERB64 != "" { + log.Fatalf("Log %d (%s) has field PublicKeyDERB64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyDERB64) + } + + if config.Logs[i].PublicKeyBase64 != "" { + log.Fatalf("Log %d (%s) has field PublicKeyBase64 should not be configured (%s)", i, config.Logs[i].ShortName, config.Logs[i].PublicKeyBase64) } }