Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Create CT verification client #259

Merged
merged 4 commits into from
Aug 12, 2016
Merged

Create CT verification client #259

merged 4 commits into from
Aug 12, 2016

Conversation

gdbelvin
Copy link
Contributor

@gdbelvin gdbelvin commented Aug 8, 2016
edited
Loading

Moves CT verification from the client to it's own Log object.

  • Verify inclusion proofs by hash
  • Verify consistency proofs
  • Verify Signed Tree Head signatures
  • Verify Signed Certificate Timestamp signatures
  • Save fresh SCTs to be verified later

This closes #227 and closes #171.

@gdbelvin gdbelvin changed the title Pro Create CT verification client.of Create CT verification client Aug 8, 2016
branlwyd
branlwyd reviewed Aug 9, 2016
View reviewed changes
client/client_ct.go

"golang.org/x/net/context"

ct "github.com/google/certificate-transparency/go"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How are you organizing your imports? It seems to be sort of arbitrary between the files in this PR.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The scheme I intended to follow:

  1. Go packages
  2. Local repository packages
  3. 3rd Party packages
  4. Protobuf packages

@gdbelvin
Copy link
Contributor Author

Cleaned up tests. @branlwyd PTAL and see if you're happy :-)

gdbelvin
gdbelvin reviewed Aug 12, 2016
View reviewed changes
client/client_ct_test.go
if err != nil {
t.Fatalf("NewLog(): %v", err)
}
for i := range tests {
Copy link
Contributor Author

@gdbelvin gdbelvin Aug 12, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would like to do this, however, I need tc to be a variable outside the for loop so the http server can access it. Any other suggestions? I could create http.NewServer inside the test, but this would involve opening and closing many sockets - perhaps increasing test flakiness and latency.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: once the above comment is addressed, if you decided to create a new httptest.Server for each test case this can be written as for i, tc := range tests {

branlwyd
branlwyd reviewed Aug 12, 2016
View reviewed changes
client/client_ct_test.go
},
}
var tc Test
hs := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
Copy link

@branlwyd branlwyd Aug 12, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How expensive is it to create these HTTP test servers?

It's kind of hacky that tc is visible outside of the test-case loop, and AFAICT this is only so hs's handler func can examine the test case values. This also means that the test cases are not completely isolated from one another--if one test case somehow put the the httptest.Server in a broken state, later test cases could observe this brokenness.

I recommend creating a new httptest.Server for each test case, unless it is very expensive to do so.

(it looks like a few tests have this issue)

@branlwyd
Copy link

Added a couple more comments. LGTM once these are addressed.

@gdbelvin
Create CT verification client.
d8d1d16 
- Verify inclusion proofs by hash
- Verify consistency proofs
- Verify Signed Tree Head signatures
- Verify Signed Certificate Timestamp signatures
- Save fresh SCTs to be verified later

This closes #227 and closes #171.
@gdbelvin
Cleaned up tests
874cd72
@gdbelvin
Even cleaner tests
5b59752
branlwyd
branlwyd reviewed Aug 12, 2016
View reviewed changes
client/client_ct_test.go
t.Fatalf("Incorrect URL path: %s", r.URL.Path)
}
}))
defer hs.Close()
Copy link

@branlwyd branlwyd Aug 12, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This deferred hs.Close() won't run until the entire test terminates. There are only a few test cases per test, but I suggest either:

  1. Manually calling close at the end of each test case.
  2. Wrapping the per-test-case code in an anonymous function call so that the defer is effectively scoped to the test case loop iteration.

@gdbelvin
Copy link
Contributor Author

  • Moved hs.Close to end of tests
  • Errorf followed by Fatalf.

@gdbelvin gdbelvin merged commit d993c5d into google:master Aug 12, 2016
@gdbelvin gdbelvin deleted the proof branch August 12, 2016 23:22
@gdbelvin gdbelvin mentioned this pull request Aug 13, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@branlwyd branlwyd

@AlCutter AlCutter

@bitlux bitlux

@Martin2112 Martin2112

@SAHF SAHF

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Integrate Inclusion Proof Checks Create Verification Client
6 participants
@gdbelvin @branlwyd @bitlux @AlCutter @Martin2112 @SAHF