Merge pull request #27 from bwesterb/lvalenta/httpserver

Rename HttpServer to ServerPrefix, and do not listen on it directly

README.md

@@ -143,7 +143,7 @@ batch_duration         300        5m0s
 life_time              3600       1h0m0s
 storage_window_size    24         2h0m0s
 validity_window_size   12
-http_server            ca.example.com/path
+server_prefix          ca.example.com/path
 public_key fingerprint ml-dsa-87:85b5a617ef109e0a8d68a094c8b969f622ac4096c513fa0acd169c231ce2fad5
 ```
 
@@ -406,7 +406,7 @@ batch_duration     300    5m0s
 life_time       3600    1h0m0s
 storage_window_size  24     2h0m0s
 validity_window_size  12
-http_server      localhost:8080
+server_prefix    ca.example.com/path
 public_key fingerprint ml-dsa-87:be1903a366b462b7b4e0010120d4b38279bbf4e350559b95e93671dbc4b821fc
 ```
 

ca/ca.go

@@ -30,8 +30,8 @@ var (
 )
 
 type NewOpts struct {
-	Issuer     mtc.RelativeOID
-	HttpServer string
+	Issuer       mtc.RelativeOID
+	ServerPrefix string
 
 	// Fields below are optional.
 
@@ -363,59 +363,59 @@ func Open(path string) (*Handle, error) {
 	return &h, nil
 }
 
-func (h Handle) skPath() string {
+func (h *Handle) skPath() string {
 	return gopath.Join(h.path, "signing.key")
 }
 
-func (h Handle) paramsPath() string {
+func (h *Handle) paramsPath() string {
 	return gopath.Join(h.path, "www", "mtc", "v1", "ca-params")
 }
 
-func (h Handle) queuePath() string {
+func (h *Handle) queuePath() string {
 	return gopath.Join(h.path, "queue")
 }
 
-func (h Handle) revocationCachePath() string {
+func (h *Handle) revocationCachePath() string {
 	return gopath.Join(h.path, "revocation-cache")
 }
 
-func (h Handle) umbilicalRootsPath() string {
+func (h *Handle) umbilicalRootsPath() string {
 	return gopath.Join(h.path, "www", "mtc", "v1", "umbilical-roots.pem")
 }
 
-func (h Handle) treePath(number uint32) string {
+func (h *Handle) treePath(number uint32) string {
 	return gopath.Join(h.batchPath(number), "tree")
 }
 
-func (h Handle) indexPath(number uint32) string {
+func (h *Handle) indexPath(number uint32) string {
 	return gopath.Join(h.batchPath(number), "index")
 }
 
-func (h Handle) aaPath(number uint32) string {
+func (h *Handle) aaPath(number uint32) string {
 	return gopath.Join(h.batchPath(number), "abridged-assertions")
 }
 
-func (h Handle) evPath(number uint32) string {
+func (h *Handle) evPath(number uint32) string {
 	return gopath.Join(h.batchPath(number), "evidence")
 }
 
-func (h Handle) batchPath(number uint32) string {
+func (h *Handle) batchPath(number uint32) string {
 	return gopath.Join(h.batchesPath(), fmt.Sprintf("%d", number))
 }
 
-func (h Handle) latestBatchPath() string {
+func (h *Handle) latestBatchPath() string {
 	return gopath.Join(h.batchesPath(), "latest")
 }
 
-func (h Handle) batchesPath() string {
+func (h *Handle) batchesPath() string {
 	return gopath.Join(h.path, "www", "mtc", "v1", "batches")
 }
 
-func (h Handle) tmpPath() string {
+func (h *Handle) tmpPath() string {
 	return gopath.Join(h.path, "tmp")
 }
 
-func (h Handle) getSignedValidityWindow(number uint32) (
+func (h *Handle) getSignedValidityWindow(number uint32) (
 	*mtc.SignedValidityWindow, error) {
 	var w mtc.SignedValidityWindow
 
@@ -1337,7 +1337,7 @@ func New(path string, opts NewOpts) (*Handle, error) {
 
 	h.params.StartTime = uint64(time.Now().Unix())
 
-	h.params.HttpServer = opts.HttpServer
+	h.params.ServerPrefix = opts.ServerPrefix
 	h.params.Issuer = opts.Issuer
 	h.params.EvidencePolicy = opts.EvidencePolicy
 

cmd/mtc/main.go

@@ -513,18 +513,10 @@ func handleCaShowQueue(cc *cli.Context) error {
 }
 
 func handleCaServe(cc *cli.Context) error {
-	path := cc.String("ca-path")
-	listenAddr := cc.String("listen-addr")
-	if listenAddr == "" {
-		h, err := ca.Open(path)
-		if err != nil {
-			return err
-		}
-		listenAddr = h.Params().HttpServer
-		h.Close()
+	if !cc.IsSet("listen-addr") {
+		return errors.New("expect listen-addr to be specified")
 	}
-	s := NewServer(path, listenAddr)
-	return s.Serve()
+	return NewServer(cc.String("ca-path"), cc.String("listen-addr")).Serve()
 }
 
 func handleCaNew(cc *cli.Context) error {
@@ -563,8 +555,8 @@ func handleCaNew(cc *cli.Context) error {
 	h, err := ca.New(
 		cc.String("ca-path"),
 		ca.NewOpts{
-			Issuer:     oid,
-			HttpServer: cc.Args().Get(1),
+			Issuer:       oid,
+			ServerPrefix: cc.Args().Get(1),
 
 			BatchDuration:     cc.Duration("batch-duration"),
 			StorageDuration:   cc.Duration("storage-duration"),
@@ -965,7 +957,7 @@ func handleInspectCaParams(cc *cli.Context) error {
 	fmt.Fprintf(w, "storage_window_size\t%d\t%s\n", p.StorageWindowSize,
 		time.Second*time.Duration(p.BatchDuration*p.StorageWindowSize))
 	fmt.Fprintf(w, "validity_window_size\t%d\n", p.ValidityWindowSize)
-	fmt.Fprintf(w, "http_server\t%s\n", p.HttpServer)
+	fmt.Fprintf(w, "server_prefix\t%s\n", p.ServerPrefix)
 	fmt.Fprintf(
 		w,
 		"public_key fingerprint\t%s\n",
@@ -999,7 +991,7 @@ func main() {
 						Name:      "new",
 						Usage:     "creates a new CA",
 						Action:    handleCaNew,
-						ArgsUsage: "<issuer-oid> <http-server>",
+						ArgsUsage: "<issuer-oid> <server-prefix>",
 						Flags: []cli.Flag{
 							&cli.DurationFlag{
 								Name:    "batch-duration",

mtc.go

@@ -29,7 +29,7 @@ type CAParams struct {
 	Lifetime           uint64
 	ValidityWindowSize uint64
 	StorageWindowSize  uint64
-	HttpServer         string
+	ServerPrefix       string
 	EvidencePolicy     EvidencePolicyType
 }
 
@@ -481,7 +481,7 @@ func (p *CAParams) MarshalBinary() ([]byte, error) {
 	b.AddUint64(p.ValidityWindowSize)
 	b.AddUint64(p.StorageWindowSize)
 	b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) {
-		b.AddBytes([]byte(p.HttpServer))
+		b.AddBytes([]byte(p.ServerPrefix))
 	})
 	b.AddUint16(uint16(p.EvidencePolicy))
 	return b.Bytes()
@@ -490,11 +490,11 @@ func (p *CAParams) MarshalBinary() ([]byte, error) {
 func (p *CAParams) UnmarshalBinary(data []byte) error {
 	s := cryptobyte.String(data)
 	var (
-		issuerBuf     []byte
-		pkBuf         []byte
-		httpServerBuf []byte
-		sigScheme     SignatureScheme
-		err           error
+		issuerBuf       []byte
+		pkBuf           []byte
+		serverPrefixBuf []byte
+		sigScheme       SignatureScheme
+		err             error
 	)
 
 	if !s.ReadUint8LengthPrefixed((*cryptobyte.String)(&issuerBuf)) ||
@@ -506,7 +506,7 @@ func (p *CAParams) UnmarshalBinary(data []byte) error {
 		!s.ReadUint64(&p.Lifetime) ||
 		!s.ReadUint64(&p.ValidityWindowSize) ||
 		!s.ReadUint64(&p.StorageWindowSize) ||
-		!s.ReadUint16LengthPrefixed((*cryptobyte.String)(&httpServerBuf)) ||
+		!s.ReadUint16LengthPrefixed((*cryptobyte.String)(&serverPrefixBuf)) ||
 		!s.ReadUint16((*uint16)(&p.EvidencePolicy)) {
 		return ErrTruncated
 	}
@@ -516,7 +516,7 @@ func (p *CAParams) UnmarshalBinary(data []byte) error {
 	}
 
 	p.Issuer = issuerBuf
-	p.HttpServer = string(httpServerBuf)
+	p.ServerPrefix = string(serverPrefixBuf)
 	p.PublicKey, err = UnmarshalVerifier(sigScheme, pkBuf)
 	if err != nil {
 		return err

mtc_test.go

@@ -85,7 +85,7 @@ func createTestCA() *CAParams {
 		BatchDuration:      1,
 		Lifetime:           10,
 		ValidityWindowSize: 10,
-		HttpServer:         "example.com",
+		ServerPrefix:       "ca.example.com/path",
 	}
 	return &ret
 }