1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
|
package main
import (
"log"
"sync"
"time"
"git.sr.ht/~benburwell/gosumdbaudit/sumdb"
)
func main() {
dbs := []*database{
&database{
host: "sum.golang.org",
key: "sum.golang.org+033de0ae+Ac4zctda0e5eza+HJyk9SxEdh+s3Ux18htTTAD8OuAn8",
// key: "sum.golang.org+033de0ae+BADBADBADBADBADBADBADBADBADBADBADBADBADBADBA",
pollInterval: 10 * time.Second,
},
}
var wg sync.WaitGroup
wg.Add(len(dbs))
for _, db := range dbs {
go func(db *database) {
defer wg.Done()
if err := monitor(db); err != nil {
log.Printf("AUDIT FAILED: %s", err.Error())
return
}
}(db)
}
wg.Wait()
}
func monitor(db *database) error {
log.Printf("starting monitor for %s", db.host)
client := sumdb.NewClient(db)
lines, err := client.Lookup("golang.org/x/text", "v0.3.0")
if err != nil {
return err
}
log.Printf("got lines: %s", lines)
// fetch & verify current STH
// latest, err := client.Latest()
// if err != nil {
// return err
// }
// fetch all entries in the tree according to the STH
// entries := client.Entries(nil, latest)
// confirm the tree made from the entries produces the same hash as the STH
// IF NOT: the server has signed invalid data
// prev := latest
for {
// await a new STH
// prev = latest
time.Sleep(db.pollInterval)
log.Printf("checking %s for new STH...", db.host)
// awaitNewSTH()
// latest, err := client.Latest()
// if err != nil {
// return err
// }
// fetch all NEW entries between prev and latest
// if unavailable for an extended period, this should be viewed as misbehavior
// entries := client.Entries(prev, latest)
// fetch a consistency proof for the new STH with the previous STH
// verify consistency proof
// verify the new entries generate the corresponding elements in the consistency proof
}
}
|