Skip to content

Commit 598b81d

Browse files
phbnfphbnf
committed
wire up flags
1 parent c04899c commit 598b81d

File tree

3 files changed

+36
-24
lines changed

3 files changed

+36
-24
lines changed

cmd/tesseract/aws/main.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,8 @@ var (
6464
origin = flag.String("origin", "", "Origin of the log, for checkpoints. This MUST match the log's submission prefix as per https://c2sp.org/static-ct-api.")
6565
pathPrefix = flag.String("path_prefix", "", "Prefix to use on endpoints URL paths: HOST:PATH_PREFIX/ct/v1/ENDPOINT.")
6666
rootsPemFile = flag.String("roots_pem_file", "", "Path to the file containing root certificates that are acceptable to the log. The certs are served through get-roots endpoint.")
67+
rootsRemoteFetchURL = flag.String("roots_remote_fetch_url", "https://ccadb.my.salesforce-sites.com/ccadb/RootCACertificatesIncludedByRSReportCSV", "WIP DO NOT USE - URL to fetch trusted roots from.")
68+
rootsRemoteFetchInterval = flag.Duration("roots_remote_fetch_interval", time.Duration(0), "WIP DO NOT USE - Interval between two fetches from roots_fetch_url.")
6769
rejectExpired = flag.Bool("reject_expired", false, "If true then the certificate validity period will be checked against the current time during the validation of submissions. This will cause expired certificates to be rejected.")
6870
rejectUnexpired = flag.Bool("reject_unexpired", false, "If true then TesseraCT rejects certificates that are either currently valid or not yet valid.")
6971
extKeyUsages = flag.String("ext_key_usages", "", "If set, will restrict the set of such usages that the server will accept. By default all are accepted. The values specified must be ones known to the x509 package.")
@@ -127,14 +129,16 @@ func main() {
127129
}
128130

129131
chainValidationConfig := tesseract.ChainValidationConfig{
130-
RootsPEMFile: *rootsPemFile,
131-
RejectExpired: *rejectExpired,
132-
RejectUnexpired: *rejectUnexpired,
133-
ExtKeyUsages: *extKeyUsages,
134-
RejectExtensions: *rejectExtensions,
135-
NotAfterStart: notAfterStart.t,
136-
NotAfterLimit: notAfterLimit.t,
137-
AcceptSHA1: *acceptSHA1,
132+
RootsPEMFile: *rootsPemFile,
133+
RootsRemoteFetchURL: *rootsRemoteFetchURL,
134+
RootsRemoteFetchInterval: *rootsRemoteFetchInterval,
135+
RejectExpired: *rejectExpired,
136+
RejectUnexpired: *rejectUnexpired,
137+
ExtKeyUsages: *extKeyUsages,
138+
RejectExtensions: *rejectExtensions,
139+
NotAfterStart: notAfterStart.t,
140+
NotAfterLimit: notAfterLimit.t,
141+
AcceptSHA1: *acceptSHA1,
138142
}
139143
if *acceptSHA1 {
140144
klog.Info(`**** WARNING **** This server will accept chains signed

cmd/tesseract/gcp/main.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,6 +64,8 @@ var (
6464
origin = flag.String("origin", "", "Origin of the log, for checkpoints. This MUST match the log's submission prefix as per https://c2sp.org/static-ct-api.")
6565
pathPrefix = flag.String("path_prefix", "", "Prefix to use on endpoints URL paths: HOST:PATH_PREFIX/ct/v1/ENDPOINT.")
6666
rootsPemFile = flag.String("roots_pem_file", "", "Path to the file containing root certificates that are acceptable to the log. The certs are served through get-roots endpoint.")
67+
rootsRemoteFetchURL = flag.String("roots_remote_fetch_url", "https://ccadb.my.salesforce-sites.com/ccadb/RootCACertificatesIncludedByRSReportCSV", "WIP DO NOT USE - URL to fetch trusted roots from.")
68+
rootsRemoteFetchInterval = flag.Duration("roots_remote_fetch_interval", time.Duration(0), "WIP DO NOT USE - Interval between two fetches from roots_fetch_url.")
6769
rejectExpired = flag.Bool("reject_expired", false, "If true then the certificate validity period will be checked against the current time during the validation of submissions. This will cause expired certificates to be rejected.")
6870
rejectUnexpired = flag.Bool("reject_unexpired", false, "If true then TesseraCT rejects certificates that are either currently valid or not yet valid.")
6971
extKeyUsages = flag.String("ext_key_usages", "", "If set, will restrict the set of such usages that the server will accept. By default all are accepted. The values specified must be ones known to the x509 package.")
@@ -113,14 +115,16 @@ func main() {
113115
}
114116

115117
chainValidationConfig := tesseract.ChainValidationConfig{
116-
RootsPEMFile: *rootsPemFile,
117-
RejectExpired: *rejectExpired,
118-
RejectUnexpired: *rejectUnexpired,
119-
ExtKeyUsages: *extKeyUsages,
120-
RejectExtensions: *rejectExtensions,
121-
NotAfterStart: notAfterStart.t,
122-
NotAfterLimit: notAfterLimit.t,
123-
AcceptSHA1: *acceptSHA1,
118+
RootsPEMFile: *rootsPemFile,
119+
RootsRemoteFetchURL: *rootsRemoteFetchURL,
120+
RootsRemoteFetchInterval: *rootsRemoteFetchInterval,
121+
RejectExpired: *rejectExpired,
122+
RejectUnexpired: *rejectUnexpired,
123+
ExtKeyUsages: *extKeyUsages,
124+
RejectExtensions: *rejectExtensions,
125+
NotAfterStart: notAfterStart.t,
126+
NotAfterLimit: notAfterLimit.t,
127+
AcceptSHA1: *acceptSHA1,
124128
}
125129
if *acceptSHA1 {
126130
klog.Info(`**** WARNING **** This server will accept chains signed

cmd/tesseract/posix/main.go

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -67,6 +67,8 @@ var (
6767
origin = flag.String("origin", "", "Origin of the log, for checkpoints. This MUST match the log's submission prefix as per https://c2sp.org/static-ct-api.")
6868
pathPrefix = flag.String("path_prefix", "", "Prefix to use on endpoints URL paths: HOST:PATH_PREFIX/ct/v1/ENDPOINT.")
6969
rootsPemFile = flag.String("roots_pem_file", "", "Path to the file containing root certificates that are acceptable to the log. The certs are served through get-roots endpoint.")
70+
rootsRemoteFetchURL = flag.String("roots_remote_fetch_url", "https://ccadb.my.salesforce-sites.com/ccadb/RootCACertificatesIncludedByRSReportCSV", "WIP DO NOT USE - URL to fetch trusted roots from.")
71+
rootsRemoteFetchInterval = flag.Duration("roots_remote_fetch_interval", time.Duration(0), "WIP DO NOT USE - Interval between two fetches from roots_fetch_url.")
7072
rejectExpired = flag.Bool("reject_expired", false, "If true then the certificate validity period will be checked against the current time during the validation of submissions. This will cause expired certificates to be rejected.")
7173
rejectUnexpired = flag.Bool("reject_unexpired", false, "If true then TesseraCT rejects certificates that are either currently valid or not yet valid.")
7274
extKeyUsages = flag.String("ext_key_usages", "", "If set, will restrict the set of such usages that the server will accept. By default all are accepted. The values specified must be ones known to the x509 package.")
@@ -106,14 +108,16 @@ func main() {
106108
signer := signerFromFlags()
107109

108110
chainValidationConfig := tesseract.ChainValidationConfig{
109-
RootsPEMFile: *rootsPemFile,
110-
RejectExpired: *rejectExpired,
111-
RejectUnexpired: *rejectUnexpired,
112-
ExtKeyUsages: *extKeyUsages,
113-
RejectExtensions: *rejectExtensions,
114-
NotAfterStart: notAfterStart.t,
115-
NotAfterLimit: notAfterLimit.t,
116-
AcceptSHA1: *acceptSHA1,
111+
RootsPEMFile: *rootsPemFile,
112+
RootsRemoteFetchURL: *rootsRemoteFetchURL,
113+
RootsRemoteFetchInterval: *rootsRemoteFetchInterval,
114+
RejectExpired: *rejectExpired,
115+
RejectUnexpired: *rejectUnexpired,
116+
ExtKeyUsages: *extKeyUsages,
117+
RejectExtensions: *rejectExtensions,
118+
NotAfterStart: notAfterStart.t,
119+
NotAfterLimit: notAfterLimit.t,
120+
AcceptSHA1: *acceptSHA1,
117121
}
118122
if *acceptSHA1 {
119123
klog.Info(`**** WARNING **** This server will accept chains signed

0 commit comments

Comments
 (0)