Drop dependency on c-t-go for structs (#119)

* copy types.go from c-t-go

* migrate to local and internal types

# Conflicts:
#	ctlog.go

# Conflicts:
#	internal/scti/handlers_test.go
#	internal/scti/signatures_test.go

# Conflicts:
#	ctlog.go
#	internal/scti/handlers.go
#	internal/scti/handlers_test.go
#	internal/scti/signatures.go

* move SerializeSTHSignatureInput and serializeSCTSignatureInput from c-t-fo

# Conflicts:
#	internal/scti/signatures_test.go

* copy move MerkleTreeLeafFromChain

Author: phbnf

internal/scti/ctlog.go

@@ -7,8 +7,8 @@ import (
 	"errors"
 	"fmt"
 
-	ct "github.com/google/certificate-transparency-go"
 	"github.com/google/certificate-transparency-go/x509"
+	"github.com/transparency-dev/static-ct/internal/types"
 	"github.com/transparency-dev/static-ct/modules/dedup"
 	"github.com/transparency-dev/static-ct/storage"
 	tessera "github.com/transparency-dev/trillian-tessera"
@@ -64,7 +64,7 @@ func NewLog(ctx context.Context, origin string, signer crypto.Signer, cvOpts Cha
 		return nil, fmt.Errorf("unsupported key type: %v", keyType)
 	}
 
-	log.signSCT = func(leaf *ct.MerkleTreeLeaf) (*ct.SignedCertificateTimestamp, error) {
+	log.signSCT = func(leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) {
 		return buildV1SCT(signer, leaf)
 	}
 

internal/scti/handlers.go

@@ -32,12 +32,11 @@ import (
 	"github.com/google/certificate-transparency-go/x509"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promauto"
+	"github.com/transparency-dev/static-ct/internal/types"
 	"github.com/transparency-dev/static-ct/modules/dedup"
 	tessera "github.com/transparency-dev/trillian-tessera"
 	"github.com/transparency-dev/trillian-tessera/ctonly"
 	"k8s.io/klog/v2"
-
-	ct "github.com/google/certificate-transparency-go"
 )
 
 const (
@@ -206,9 +205,9 @@ func NewPathHandlers(opts *HandlerOptions, log *log) pathHandlers {
 	// Bind each endpoint to an appHandler instance.
 	// TODO(phboneff): try and get rid of PathHandlers and appHandler
 	ph := pathHandlers{
-		prefix + ct.AddChainPath:    appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost},
-		prefix + ct.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost},
-		prefix + ct.GetRootsPath:    appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet},
+		prefix + types.AddChainPath:    appHandler{opts: opts, log: log, handler: addChain, name: addChainName, method: http.MethodPost},
+		prefix + types.AddPreChainPath: appHandler{opts: opts, log: log, handler: addPreChain, name: addPreChainName, method: http.MethodPost},
+		prefix + types.GetRootsPath:    appHandler{opts: opts, log: log, handler: getRoots, name: getRootsName, method: http.MethodGet},
 	}
 
 	return ph
@@ -224,23 +223,23 @@ func (opts *HandlerOptions) sendHTTPError(w http.ResponseWriter, statusCode int,
 }
 
 // parseBodyAsJSONChain tries to extract cert-chain out of request.
-func parseBodyAsJSONChain(r *http.Request) (ct.AddChainRequest, error) {
+func parseBodyAsJSONChain(r *http.Request) (types.AddChainRequest, error) {
 	body, err := io.ReadAll(r.Body)
 	if err != nil {
 		klog.V(1).Infof("Failed to read request body: %v", err)
-		return ct.AddChainRequest{}, err
+		return types.AddChainRequest{}, err
 	}
 
-	var req ct.AddChainRequest
+	var req types.AddChainRequest
 	if err := json.Unmarshal(body, &req); err != nil {
 		klog.V(1).Infof("Failed to parse request body: %v", err)
-		return ct.AddChainRequest{}, err
+		return types.AddChainRequest{}, err
 	}
 
 	// The cert chain is not allowed to be empty. We'll defer other validation for later
 	if len(req.Chain) == 0 {
 		klog.V(1).Infof("Request chain is empty: %q", body)
-		return ct.AddChainRequest{}, errors.New("cert chain was empty")
+		return types.AddChainRequest{}, errors.New("cert chain was empty")
 	}
 
 	return req, nil
@@ -318,7 +317,7 @@ func addChainInternal(ctx context.Context, opts *HandlerOptions, log *log, w htt
 	}
 
 	// Always use the returned leaf as the basis for an SCT.
-	var loggedLeaf ct.MerkleTreeLeaf
+	var loggedLeaf types.MerkleTreeLeaf
 	leafValue := entry.MerkleTreeLeaf(idx)
 	if rest, err := tls.Unmarshal(leafValue, &loggedLeaf); err != nil {
 		return http.StatusInternalServerError, fmt.Errorf("failed to reconstruct MerkleTreeLeaf: %s", err)
@@ -387,7 +386,7 @@ func deadlineTime(opts *HandlerOptions) time.Time {
 
 // verifyAddChain is used by add-chain and add-pre-chain. It does the checks that the supplied
 // cert is of the correct type and chains to a trusted root.
-func verifyAddChain(log *log, req ct.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) {
+func verifyAddChain(log *log, req types.AddChainRequest, expectingPrecert bool) ([]*x509.Certificate, error) {
 	// We already checked that the chain is not empty so can move on to verification
 	validPath, err := validateChain(req.Chain, log.chainValidationOpts)
 	if err != nil {
@@ -416,13 +415,13 @@ func verifyAddChain(log *log, req ct.AddChainRequest, expectingPrecert bool) ([]
 
 // marshalAndWriteAddChainResponse is used by add-chain and add-pre-chain to create and write
 // the JSON response to the client
-func marshalAndWriteAddChainResponse(sct *ct.SignedCertificateTimestamp, w http.ResponseWriter) error {
+func marshalAndWriteAddChainResponse(sct *types.SignedCertificateTimestamp, w http.ResponseWriter) error {
 	sig, err := tls.Marshal(sct.Signature)
 	if err != nil {
 		return fmt.Errorf("failed to marshal signature: %s", err)
 	}
 
-	rsp := ct.AddChainResponse{
+	rsp := types.AddChainResponse{
 		SCTVersion: sct.SCTVersion,
 		Timestamp:  sct.Timestamp,
 		ID:         sct.LogID.KeyID[:],

internal/scti/handlers_test.go

@@ -35,15 +35,14 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/transparency-dev/static-ct/internal/testdata"
+	"github.com/transparency-dev/static-ct/internal/types"
 	"github.com/transparency-dev/static-ct/mockstorage"
 	"github.com/transparency-dev/static-ct/modules/dedup"
 	"github.com/transparency-dev/trillian-tessera/ctonly"
 	"google.golang.org/grpc/codes"
 	"google.golang.org/grpc/status"
 	"google.golang.org/protobuf/proto"
 	"k8s.io/klog/v2"
-
-	ct "github.com/google/certificate-transparency-go"
 )
 
 // Arbitrary time for use in tests
@@ -57,7 +56,7 @@ var origin = "example.com"
 var fakeDeadlineTime = time.Date(2016, 7, 22, 11, 01, 13, 500*1000*1000, time.UTC)
 var fakeTimeSource = newFixedTimeSource(fakeTime)
 
-var entrypaths = []string{origin + ct.AddChainPath, origin + ct.AddPreChainPath, origin + ct.GetRootsPath}
+var entrypaths = []string{origin + types.AddChainPath, origin + types.AddPreChainPath, origin + types.GetRootsPath}
 
 type handlerTestInfo struct {
 	mockCtrl *gomock.Controller
@@ -99,7 +98,7 @@ func setupTest(t *testing.T, pemRoots []string, signer crypto.Signer) handlerTes
 		RequestLog: new(DefaultRequestLog),
 		TimeSource: fakeTimeSource,
 	}
-	signSCT := func(leaf *ct.MerkleTreeLeaf) (*ct.SignedCertificateTimestamp, error) {
+	signSCT := func(leaf *types.MerkleTreeLeaf) (*types.SignedCertificateTimestamp, error) {
 		return buildV1SCT(signer, leaf)
 	}
 	log := log{
@@ -121,27 +120,27 @@ func setupTest(t *testing.T, pemRoots []string, signer crypto.Signer) handlerTes
 
 func (info handlerTestInfo) getHandlers(t *testing.T) pathHandlers {
 	t.Helper()
-	handler, ok := info.handlers[origin+ct.GetRootsPath]
+	handler, ok := info.handlers[origin+types.GetRootsPath]
 	if !ok {
-		t.Fatalf("%q path not registered", ct.GetRootsPath)
+		t.Fatalf("%q path not registered", types.GetRootsPath)
 	}
-	return pathHandlers{origin + ct.GetRootsPath: handler}
+	return pathHandlers{origin + types.GetRootsPath: handler}
 }
 
 func (info handlerTestInfo) postHandlers(t *testing.T) pathHandlers {
 	t.Helper()
-	addChainHandler, ok := info.handlers[origin+ct.AddChainPath]
+	addChainHandler, ok := info.handlers[origin+types.AddChainPath]
 	if !ok {
-		t.Fatalf("%q path not registered", ct.AddPreChainStr)
+		t.Fatalf("%q path not registered", types.AddPreChainStr)
 	}
-	addPreChainHandler, ok := info.handlers[origin+ct.AddPreChainPath]
+	addPreChainHandler, ok := info.handlers[origin+types.AddPreChainPath]
 	if !ok {
-		t.Fatalf("%q path not registered", ct.AddPreChainStr)
+		t.Fatalf("%q path not registered", types.AddPreChainStr)
 	}
 
 	return map[string]appHandler{
-		origin + ct.AddChainPath:    addChainHandler,
-		origin + ct.AddPreChainPath: addPreChainHandler,
+		origin + types.AddChainPath:    addChainHandler,
+		origin + types.AddPreChainPath: addPreChainHandler,
 	}
 }
 
@@ -339,7 +338,7 @@ func TestAddChainWhitespace(t *testing.T) {
 			recorder := httptest.NewRecorder()
 			handler, ok := info.handlers["example.com/ct/v1/add-chain"]
 			if !ok {
-				t.Fatalf("%q path not registered", ct.AddChainStr)
+				t.Fatalf("%q path not registered", types.AddChainStr)
 			}
 			req, err := http.NewRequest(http.MethodPost, "http://example.com/ct/v1/add-chain", strings.NewReader(test.body))
 			if err != nil {
@@ -422,12 +421,12 @@ func TestAddChain(t *testing.T) {
 				t.Fatalf("addChain()=%d (body:%v); want %dv", recorder.Code, recorder.Body, test.want)
 			}
 			if test.want == http.StatusOK {
-				var resp ct.AddChainResponse
+				var resp types.AddChainResponse
 				if err := json.NewDecoder(recorder.Body).Decode(&resp); err != nil {
 					t.Fatalf("json.Decode(%s)=%v; want nil", recorder.Body.Bytes(), err)
 				}
 
-				if got, want := ct.Version(resp.SCTVersion), ct.V1; got != want {
+				if got, want := types.Version(resp.SCTVersion), types.V1; got != want {
 					t.Errorf("resp.SCTVersion=%v; want %v", got, want)
 				}
 				if got, want := resp.ID, demoLogID[:]; !bytes.Equal(got, want) {
@@ -519,12 +518,12 @@ func TestAddPrechain(t *testing.T) {
 				t.Fatalf("addPrechain()=%d (body:%v); want %d", recorder.Code, recorder.Body, test.want)
 			}
 			if test.want == http.StatusOK {
-				var resp ct.AddChainResponse
+				var resp types.AddChainResponse
 				if err := json.NewDecoder(recorder.Body).Decode(&resp); err != nil {
 					t.Fatalf("json.Decode(%s)=%v; want nil", recorder.Body.Bytes(), err)
 				}
 
-				if got, want := ct.Version(resp.SCTVersion), ct.V1; got != want {
+				if got, want := types.Version(resp.SCTVersion), types.V1; got != want {
 					t.Errorf("resp.SCTVersion=%v; want %v", got, want)
 				}
 				if got, want := resp.ID, demoLogID[:]; !bytes.Equal(got, want) {
@@ -543,7 +542,7 @@ func TestAddPrechain(t *testing.T) {
 
 func createJSONChain(t *testing.T, p x509util.PEMCertPool) io.Reader {
 	t.Helper()
-	var req ct.AddChainRequest
+	var req types.AddChainRequest
 	for _, rawCert := range p.RawCertificates() {
 		req.Chain = append(req.Chain, rawCert.Raw)
 	}
@@ -590,18 +589,18 @@ func (d dlMatcher) String() string {
 
 func makeAddPrechainRequest(t *testing.T, handlers pathHandlers, body io.Reader) *httptest.ResponseRecorder {
 	t.Helper()
-	handler, ok := handlers[origin+ct.AddPreChainPath]
+	handler, ok := handlers[origin+types.AddPreChainPath]
 	if !ok {
-		t.Fatalf("%q path not registered", ct.AddPreChainStr)
+		t.Fatalf("%q path not registered", types.AddPreChainStr)
 	}
 	return makeAddChainRequestInternal(t, handler, "add-pre-chain", body)
 }
 
 func makeAddChainRequest(t *testing.T, handlers pathHandlers, body io.Reader) *httptest.ResponseRecorder {
 	t.Helper()
-	handler, ok := handlers[origin+ct.AddChainPath]
+	handler, ok := handlers[origin+types.AddChainPath]
 	if !ok {
-		t.Fatalf("%q path not registered", ct.AddChainStr)
+		t.Fatalf("%q path not registered", types.AddChainStr)
 	}
 	return makeAddChainRequestInternal(t, handler, "add-chain", body)
 }