From e78602ea080d6c0d1017ca72f15c1201bfc51345 Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Wed, 28 Sep 2016 15:57:51 +0100 Subject: [PATCH] Mapper doesn't write for empty domains (#173) --- examples/ct/ct_mapper/mapper/mapper.go | 19 +++++++- examples/ct/ct_mapper/mapper/mapper_test.go | 53 +++++++++++++++++++++ 2 files changed, 70 insertions(+), 2 deletions(-) create mode 100644 examples/ct/ct_mapper/mapper/mapper_test.go diff --git a/examples/ct/ct_mapper/mapper/mapper.go b/examples/ct/ct_mapper/mapper/mapper.go index fcd36408c9..68c7493bac 100644 --- a/examples/ct/ct_mapper/mapper/mapper.go +++ b/examples/ct/ct_mapper/mapper/mapper.go @@ -30,9 +30,13 @@ type CTMapper struct { func updateDomainMap(m map[string]ct_mapper.EntryList, cert x509.Certificate, index int64, isPrecert bool) { domains := make(map[string]bool) - domains[cert.Subject.CommonName] = true + if len(cert.Subject.CommonName) > 0 { + domains[cert.Subject.CommonName] = true + } for _, n := range cert.DNSNames { - domains[n] = true + if len(n) > 0 { + domains[n] = true + } } for k := range domains { @@ -42,11 +46,13 @@ func updateDomainMap(m map[string]ct_mapper.EntryList, cert x509.Certificate, in } else { el.CertIndex = append(el.CertIndex, index) } + el.Domain = k m[k] = el } } func (m *CTMapper) oneMapperRun() (bool, error) { + start := time.Now() glog.Info("starting mapping batch") getRootReq := &trillian.GetSignedMapRootRequest{m.mapID} getRootResp, err := m.vmap.GetSignedMapRoot(context.Background(), getRootReq) @@ -125,15 +131,22 @@ func (m *CTMapper) oneMapperRun() (bool, error) { } //glog.Info("Get resp: %v", getResp) + proofs := 0 for _, v := range getResp.KeyValue { e := ct_mapper.EntryList{} + if len(v.Inclusion) > 0 { + proofs++ + } if err := proto.Unmarshal(v.KeyValue.Value.LeafValue, &e); err != nil { return false, err } + glog.Infof("Got %#v", e) el := domains[e.Domain] proto.Merge(&el, &e) domains[e.Domain] = el + glog.Infof("will update for %s", e.Domain) } + glog.Infof("Got %d values, and %d proofs", len(getResp.KeyValue), proofs) glog.Info("Storing updated map values for domains...") // Store updated map values: @@ -158,6 +171,8 @@ func (m *CTMapper) oneMapperRun() (bool, error) { return false, err } glog.Infof("Set resp: %v", setResp) + d := time.Now().Sub(start) + glog.Infof("Map run complete, took %.1f secs to update %d values (%0.2f/s)", d.Seconds(), len(setReq.KeyValue), float64(len(setReq.KeyValue))/d.Seconds()) return true, nil } diff --git a/examples/ct/ct_mapper/mapper/mapper_test.go b/examples/ct/ct_mapper/mapper/mapper_test.go new file mode 100644 index 0000000000..04119c8ad7 --- /dev/null +++ b/examples/ct/ct_mapper/mapper/mapper_test.go @@ -0,0 +1,53 @@ +package main + +import ( + "reflect" + "testing" + + "github.com/google/certificate-transparency/go/x509" + "github.com/google/certificate-transparency/go/x509/pkix" + "github.com/google/trillian/examples/ct/ct_mapper" +) + +func TestUpdateDomainMap(t *testing.T) { + vector := []struct { + commonName string + subjectNames []string + index int64 + precert bool + }{ + {"commonName", nil, 0, false}, + {"commonName", nil, 10, false}, + {"", []string{"commonName"}, 11, false}, + {"commonName", []string{"commonName"}, 12, false}, + {"", []string{"commonName", "commonName"}, 13, false}, + + {"anotherName", []string{"alt1", "alt2"}, 20, false}, + {"anotherName", []string{"alt1", "alt2"}, 21, true}, + {"", []string{"", ""}, 30, false}, + } + + expected := map[string]ct_mapper.EntryList{ + "commonName": ct_mapper.EntryList{Domain: "commonName", CertIndex: []int64{0, 10, 11, 12, 13}}, + "anotherName": ct_mapper.EntryList{Domain: "anotherName", CertIndex: []int64{20}, PrecertIndex: []int64{21}}, + "alt1": ct_mapper.EntryList{Domain: "alt1", CertIndex: []int64{20}, PrecertIndex: []int64{21}}, + "alt2": ct_mapper.EntryList{Domain: "alt2", CertIndex: []int64{20}, PrecertIndex: []int64{21}}, + } + + m := make(map[string]ct_mapper.EntryList) + + for _, v := range vector { + c := x509.Certificate{} + if len(v.commonName) > 0 { + c.Subject = pkix.Name{CommonName: v.commonName} + } + if len(v.subjectNames) > 0 { + c.DNSNames = v.subjectNames + } + updateDomainMap(m, c, v.index, v.precert) + } + + if !reflect.DeepEqual(m, expected) { + t.Fatalf("Built incorrect map:\n%#v\nexpected:\n%#v", m, expected) + } +}