cd path/to/policy-generator; go run .
./tools/create_schema.sh
.csv
and .gz
files located within a bundled
subfolder are ingested):
go run ./cmd/ingest path/to/cert-directory
go run cmd/mapserver/main.go -policyFile path/to/policy-generator/output/pca.pc config.json
for x in path/to/policy-generator/output/pc_*.pc; do go run cmd/mapserver/main.go -policyFile $x config.json; done
go run cmd/mapserver/main.go config.json
TODO: The information below is old and outdated.
.
├── cert # certificates for testing. Eg. cert for PCA
├── cmd # Executables. Log server and log signer
├── config # Config file for PCA and policy log
├── doc # FPKI design
│ ├── images
│ └── performance_test_output # Some results of the policy log performance
├── pkg # Packages of the project
├── scripts # Scripts to clean and build the executables
└── tests # Some integration tests. Unit tests are in the individual pkg
The figure above illustrates the components so far. The domain owner sends RCSR to the PCA, and PCA signs the RCSR to generate an RPC. Then the PCA sends the RPC to the policy log to get an SPT. The log verifier will verify the SPT and the consistency between the old tree head and the newest tree head.
Trillian is used in the policy log.
The policy log is the most complex component so far. It consists of four sub-components:
Within the policy log, the log client and admin client only communicate with the log server via grpc. Log signer only communicates with the log server, and the communication is internal, so we don't have access to it. For other components outside the policy log, they can only have access to the log client to add leaves of fetch proof of inclusion. Admin client should only be accessed internally.
There are two integration tests which require the setup of Trillian server.
Download trillian and setup database (more information on https://github.com/google/trillian#mysql-setup)
git clone https://github.com/google/trillian.git
cd scripts
./resetdb.sh
Download the FPKI
Conpile the executable
make
make test_folders
Open two terminals, run "cmd/logserver_exec" and "cmd/logsigner_exec"
Run the tests:
cd fpki
go test ./...
There are some integration tests and benchmark under the tests folders.
.
├── benchmark # benchmark for each components
│ ├── db_benchmark
│ └── logserver_benchmark
│ └── smt_benchmark
│ └── mapserver_benchmark
│ │ └── updater_benchmark
│ │ └── responder_benchmark
├── integration_tests
│ └── db
│ └── domainowner_pca_policy_interaction
│ └── mapserver
│ └── policy_interaction
│ └── smt
For map server, you might be interested in the following tests:
This benchmark evaluates the inserting speed, reading speed and deleting speed of a key-value store.
This benchmark evaluates the speed of Sparse Merkle Tree. For example, the updating speed of SMT, and time to commit the changes to the DB.
This folder contains two folders, one for updater and one for responder. The updater is responsible for updating the SMT and changing the domain entries table. The responder is responsible for generating the proof, and distributing the proof to client. Currently, the updater and responder are evaluated seperately. If you want to combine the two benchmarks together, please send me a message and I can do some modification. It's trivial.
domain materials: Bytes which contain all the certificates which are related to this domain name.
This test is the integration test for mapserver. The test first starts an updater, fetches 1000 certificates from CT log, and adds them to the SMT and domain entries tables. Then the test starts a responder, re-collects the previously-added certificates, and queries the proof for corresponding domain name. Then the proof is checked against individual certificate(whether the certificate is included in the domain materials, and whether SMT proof is correct).