From 8a3f9e2db56bf6b58e25f1b713538c903e9bc26a Mon Sep 17 00:00:00 2001 From: Al Cutter Date: Wed, 18 Dec 2024 14:33:32 +0000 Subject: [PATCH] Rollback changes and add some comments --- ctonly/ct.go | 25 +++++++++++++++---------- 1 file changed, 15 insertions(+), 10 deletions(-) diff --git a/ctonly/ct.go b/ctonly/ct.go index 93eff3fd..de4c2c2c 100644 --- a/ctonly/ct.go +++ b/ctonly/ct.go @@ -45,13 +45,16 @@ import ( // Entry represents a CT log entry. type Entry struct { - Timestamp uint64 - IsPrecert bool - Certificate []byte - Precertificate []byte - PrecertSigningCert []byte - IssuerKeyHash []byte - FingerprintsChain [][32]byte + Timestamp uint64 + IsPrecert bool + // Certificate holds different things depending on whether the entry represents a Certificate or a Precertificate submission: + // - IsPrecert == false: the bytes here are the x509 certificate submitted for logging. + // - IsPrecert == true: the bytes here are the TBS certificate extracted from the submitted precert. + Certificate []byte + // Precertificate holds the precertificate to be logged, only used when IsPrecert is true. + Precertificate []byte + IssuerKeyHash []byte + FingerprintsChain [][32]byte } // LeafData returns the data which should be added to an entry bundle for this entry. @@ -70,13 +73,14 @@ func (c Entry) LeafData(idx uint64) []byte { b.AddUint16(1 /* entry_type = precert_entry */) b.AddBytes(c.IssuerKeyHash[:]) b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { - b.AddBytes(c.Precertificate) + // Note that this is really the TBS extracted from the submitted precertificate. + b.AddBytes(c.Certificate) }) } addExtensions(b, idx) if c.IsPrecert { b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { - b.AddBytes(c.PrecertSigningCert) + b.AddBytes(c.Precertificate) }) } b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { @@ -105,7 +109,8 @@ func (e *Entry) MerkleTreeLeaf(idx uint64) []byte { b.AddUint16(1 /* entry_type = precert_entry */) b.AddBytes(e.IssuerKeyHash[:]) b.AddUint24LengthPrefixed(func(b *cryptobyte.Builder) { - b.AddBytes(e.Precertificate) + // Note that this is really the TBS extracted from the submitted precertificate. + b.AddBytes(e.Certificate) }) } addExtensions(b, idx)