Class: CertificateTransparency::SignedTreeHead

Inherits:

Object

Object
CertificateTransparency::SignedTreeHead

show all

Defined in:: lib/certificate-transparency/signed_tree_head.rb

Overview

A CT SignedTreeHead (RFC6962 s3.5, s4.3).

Instance Attribute Summary collapse

#root_hash ⇒ Object
Returns the value of attribute root_hash.
#signature ⇒ Object
Returns the value of attribute signature.
#timestamp ⇒ Object
Returns the value of attribute timestamp.
#tree_size ⇒ Object
Returns the value of attribute tree_size.

Class Method Summary collapse

.from_json(json) ⇒ Object
Create a new SignedTreeHead instance from the JSON returned by /ct/v1/get-sth.

Instance Method Summary collapse

#valid?(pk) ⇒ Boolean
Determine whether or not the signature that was provided in the signed tree head is a valid one, based on the provided key.

Instance Attribute Details

#root_hash ⇒ `Object`

Returns the value of attribute root_hash.



9
10
11

# File 'lib/certificate-transparency/signed_tree_head.rb', line 9

def root_hash
  @root_hash
end

#signature ⇒ `Object`

Returns the value of attribute signature.



10
11
12

# File 'lib/certificate-transparency/signed_tree_head.rb', line 10

def signature
  @signature
end

#timestamp ⇒ `Object`

Returns the value of attribute timestamp.



8
9
10

# File 'lib/certificate-transparency/signed_tree_head.rb', line 8

def timestamp
  @timestamp
end

#tree_size ⇒ `Object`

Returns the value of attribute tree_size.



7
8
9

# File 'lib/certificate-transparency/signed_tree_head.rb', line 7

def tree_size
  @tree_size
end

Class Method Details

.from_json(json) ⇒ `Object`

Create a new SignedTreeHead instance from the JSON returned by /ct/v1/get-sth.

# File 'lib/certificate-transparency/signed_tree_head.rb', line 15

def self.from_json(json)
	doc = JSON.parse(json)

	self.new.tap do |sth|
		sth.tree_size = doc['tree_size']
		sth.timestamp = Time.at(doc['timestamp'].to_f / 1000)
		sth.root_hash = doc['sha256_root_hash'].unpack("m").first
		sth.signature = doc['tree_head_signature'].unpack("m").first
	end
end

Instance Method Details

#valid?(pk) ⇒ `Boolean`

Determine whether or not the signature that was provided in the signed tree head is a valid one, based on the provided key.

Parameters:

pk (String, OpenSSL::PKey::PKey) —
either the raw binary form of the public key of the log, or an existing OpenSSL public key object.

Returns:

(Boolean) —
Boolean

# File 'lib/certificate-transparency/signed_tree_head.rb', line 34

def valid?(pk)
	key = if pk.is_a?(OpenSSL::PKey::PKey)
		pk
	else
		begin
			OpenSSL::PKey::EC.new(pk)
		rescue ArgumentError
			OpenSSL::PKey::RSA.new(pk)
		end
	end

	blob = [
		CT::Version[:v1],
		CT::SignatureType[:tree_hash],
	   timestamp.ms,
	   tree_size,
	   root_hash
	].pack("ccQ>Q>a32")

	ds = TLS::DigitallySigned.from_blob(signature)
	ds.content = blob
	ds.key = key

	ds.valid?
end