diff options
Diffstat (limited to 'pkg')
-rw-r--r-- | pkg/instance/instance.go | 44 | ||||
-rw-r--r-- | pkg/state/single.go | 60 | ||||
-rw-r--r-- | pkg/state/single_sec.go | 108 |
3 files changed, 15 insertions, 197 deletions
diff --git a/pkg/instance/instance.go b/pkg/instance/instance.go index 78b5d81..f4c0089 100644 --- a/pkg/instance/instance.go +++ b/pkg/instance/instance.go @@ -35,44 +35,22 @@ type Instance struct { Signer crypto.Signer // provides access to Ed25519 private key Stateman state.StateManager // coordinates access to (co)signed tree heads DNS dns.Verifier // checks if domain name knows a public key - Role Role - Peer ServiceEndpoint -} - -type Role int64 -const ( - Primary Role = iota - Secondary -) - -type ServiceEndpoint struct { - URL string - Pubkey types.PublicKey } +// Handlers returns a list of sigsum handlers func (i *Instance) Handlers() []Handler { - switch i.Role { - case Primary: - return []Handler{ - Handler{Instance: i, Handler: addLeaf, Endpoint: types.EndpointAddLeaf, Method: http.MethodPost}, - Handler{Instance: i, Handler: addCosignature, Endpoint: types.EndpointAddCosignature, Method: http.MethodPost}, - Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetTreeHeadToCosign, Method: http.MethodGet}, // ToSign -> ToCoSign - Handler{Instance: i, Handler: getTreeHeadCosigned, Endpoint: types.EndpointGetTreeHeadCosigned, Method: http.MethodGet}, - Handler{Instance: i, Handler: getCheckpoint, Endpoint: types.Endpoint("get-checkpoint"), Method: http.MethodGet}, - Handler{Instance: i, Handler: getConsistencyProof, Endpoint: types.EndpointGetConsistencyProof, Method: http.MethodGet}, - Handler{Instance: i, Handler: getInclusionProof, Endpoint: types.EndpointGetInclusionProof, Method: http.MethodGet}, - Handler{Instance: i, Handler: getLeaves, Endpoint: types.EndpointGetLeaves, Method: http.MethodGet}, - } - case Secondary: - return []Handler{ - Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetSecondaryTreeHead, Method: http.MethodGet}, - } - default: - return []Handler{} + return []Handler{ + Handler{Instance: i, Handler: addLeaf, Endpoint: types.EndpointAddLeaf, Method: http.MethodPost}, + Handler{Instance: i, Handler: addCosignature, Endpoint: types.EndpointAddCosignature, Method: http.MethodPost}, + Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetTreeHeadToCosign, Method: http.MethodGet}, + Handler{Instance: i, Handler: getTreeHeadCosigned, Endpoint: types.EndpointGetTreeHeadCosigned, Method: http.MethodGet}, + Handler{Instance: i, Handler: getCheckpoint, Endpoint: types.Endpoint("get-checkpoint"), Method: http.MethodGet}, + Handler{Instance: i, Handler: getConsistencyProof, Endpoint: types.EndpointGetConsistencyProof, Method: http.MethodGet}, + Handler{Instance: i, Handler: getInclusionProof, Endpoint: types.EndpointGetInclusionProof, Method: http.MethodGet}, + Handler{Instance: i, Handler: getLeaves, Endpoint: types.EndpointGetLeaves, Method: http.MethodGet}, } } - // checkHTTPMethod checks if an HTTP method is supported func (i *Instance) checkHTTPMethod(m string) bool { return m == http.MethodGet || m == http.MethodPost @@ -117,7 +95,7 @@ func (i *Instance) cosignatureRequestFromHTTP(r *http.Request) (*requests.Cosign func (i *Instance) consistencyProofRequestFromHTTP(r *http.Request) (*requests.ConsistencyProof, error) { var req requests.ConsistencyProof if err := req.FromURL(r.URL.Path); err != nil { - return nil, fmt.Errorf("FromURL: %v", err) + return nil, fmt.Errorf("FromASCII: %v", err) } if req.OldSize < 1 { return nil, fmt.Errorf("OldSize(%d) must be larger than zero", req.OldSize) diff --git a/pkg/state/single.go b/pkg/state/single.go index 2e44fee..695f0e3 100644 --- a/pkg/state/single.go +++ b/pkg/state/single.go @@ -8,21 +8,18 @@ import ( "sync" "time" - "git.sigsum.org/log-go/pkg/client" "git.sigsum.org/log-go/pkg/db" "git.sigsum.org/sigsum-go/pkg/log" - //"git.sigsum.org/sigsum-go/pkg/requests" "git.sigsum.org/sigsum-go/pkg/types" ) -// StateManagerSingle implements a single-instance StateManager for primary nodes +// StateManagerSingle implements a single-instance StateManager type StateManagerSingle struct { client db.Client signer crypto.Signer namespace types.Hash interval time.Duration deadline time.Duration - secondary *client.Client // Lock-protected access to pointers. A write lock is only obtained once // per interval when doing pointer rotation. All endpoints are readers. @@ -35,14 +32,13 @@ type StateManagerSingle struct { cosignatures map[types.Hash]*types.Signature } -func NewStateManagerSingle(dbcli db.Client, signer crypto.Signer, interval, deadline time.Duration, securl string, secpk types.PublicKey) (*StateManagerSingle, error) { +func NewStateManagerSingle(client db.Client, signer crypto.Signer, interval, deadline time.Duration) (*StateManagerSingle, error) { sm := &StateManagerSingle{ - client: dbcli, + client: client, signer: signer, namespace: *types.HashFn(signer.Public().(ed25519.PublicKey)), interval: interval, deadline: deadline, - secondary: client.NewClient(securl, secpk), } sth, err := sm.latestSTH(context.Background()) sm.setCosignedTreeHead() @@ -161,57 +157,9 @@ func (sm *StateManagerSingle) latestSTH(ctx context.Context) (*types.SignedTreeH if err != nil { return nil, fmt.Errorf("failed fetching tree head: %v", err) } - - //pth, err := choseTree(ctx, sm.deadline, sm.secondary, th) - pth, err := th, nil // DEBUG - if err != nil { - return nil, fmt.Errorf("failed chosing tree head: %v", err) - } - - sth, err := pth.Sign(sm.signer, &sm.namespace) + sth, err := th.Sign(sm.signer, &sm.namespace) if err != nil { return nil, fmt.Errorf("failed signing tree head: %v", err) } - return sth, nil } - -func choseTree(ctx context.Context, deadline time.Duration, secondary *client.Client, th *types.TreeHead) (*types.TreeHead, error) { - // TODO: handle multiple secondaries and not just one - - if !secondary.Configured { - return th, nil - } - - sctx, cancel := context.WithTimeout(ctx, deadline) // FIXME: use a separate timeout value for secondaries? - defer cancel() - secsth, err := secondary.GetCurrentTreeHead(sctx) - if err != nil { - return nil, fmt.Errorf("failed getting the latest tree head from all secondaries: %v", err) - } - - if secsth.TreeSize < th.TreeSize { - // We're stuck at secsth.size so let's verify - // consistency since secsth and sign that - - // TODO: get and verify consinstency proof - - // req := &requests.ConsistencyProof{ - // OldSize: secsth.TreeSize, - // NewSize: th.TreeSize, - // } - - // proof, err := sm.client.GetConsistencyProof(ctx, req) - // if err != nil { - // return nil, fmt.Errorf("unable to get consistency proof from %d to %d: %v", req.OldSize, req.NewSize, err) - // } - - // if !proof.Verify() { - // return nil, fmt.Errorf("invalid consistency proof from %d to %d", req.OldSize, req.NewSize) - // } - - th = &secsth.TreeHead // FIXME: need to copy? - } - - return th, nil -} diff --git a/pkg/state/single_sec.go b/pkg/state/single_sec.go deleted file mode 100644 index 9c69fa8..0000000 --- a/pkg/state/single_sec.go +++ /dev/null @@ -1,108 +0,0 @@ -package state - -import ( - "context" - "crypto" - "crypto/ed25519" - "fmt" - "sync" - "time" - - "git.sigsum.org/log-go/pkg/client" - "git.sigsum.org/log-go/pkg/db" - "git.sigsum.org/sigsum-go/pkg/log" - //"git.sigsum.org/sigsum-go/pkg/requests" - "git.sigsum.org/sigsum-go/pkg/types" -) - -// StateManagerSingleSecondary implements a single-instance StateManager for secondary nodes -type StateManagerSingleSecondary struct { - client db.Client - signer crypto.Signer - namespace types.Hash - interval time.Duration - deadline time.Duration - primary *client.Client - - // Lock-protected access to pointers. A write lock is only obtained once - // per interval when doing pointer rotation. All endpoints are readers. - sync.RWMutex - signedTreeHead *types.SignedTreeHead -} - -func NewStateManagerSingleSecondary(dbcli db.Client, signer crypto.Signer, interval, deadline time.Duration, primurl string, primpk types.PublicKey) (*StateManagerSingleSecondary, error) { - sm := &StateManagerSingleSecondary{ - client: dbcli, - signer: signer, - namespace: *types.HashFn(signer.Public().(ed25519.PublicKey)), - interval: interval, - deadline: deadline, - primary: client.NewClient(primurl, primpk), - } - sth, err := sm.latestSTH(context.Background()) - sm.setSignedTreeHead(sth) - return sm, err -} - -func (sm *StateManagerSingleSecondary) Run(ctx context.Context) { - rotation := func() { - nextSTH, err := sm.latestSTH(ctx) - if err != nil { - log.Warning("cannot rotate without tree head: %v", err) - return - } - sm.rotate(nextSTH) - } - - ticker := time.NewTicker(sm.interval) - defer ticker.Stop() - - // TODO: fetch leaves from primary - - rotation() - for { - select { - case <-ticker.C: - rotation() - case <-ctx.Done(): - return - } - } -} - -func (sm *StateManagerSingleSecondary) AddCosignature(ctx context.Context, pub *types.PublicKey, sig *types.Signature) error { - return fmt.Errorf("internal error: AddCosignature() called in secondary node") -} -func (sm *StateManagerSingleSecondary) CosignedTreeHead(_ context.Context) (*types.CosignedTreeHead, error) { - return nil, fmt.Errorf("internal error: AddCosignature() called in secondary node") -} -func (sm *StateManagerSingleSecondary) ToCosignTreeHead(_ context.Context) (*types.SignedTreeHead, error) { - return nil, fmt.Errorf("internal error: AddCosignature() called in secondary node") -} - -func (sm *StateManagerSingleSecondary) setSignedTreeHead(nextSTH *types.SignedTreeHead) { - sm.signedTreeHead = nextSTH -} - -func (sm *StateManagerSingleSecondary) latestSTH(ctx context.Context) (*types.SignedTreeHead, error) { - ictx, cancel := context.WithTimeout(ctx, sm.deadline) - defer cancel() - - th, err := sm.client.GetTreeHead(ictx) - if err != nil { - return nil, fmt.Errorf("failed fetching tree head: %v", err) - } - sth, err := th.Sign(sm.signer, &sm.namespace) - if err != nil { - return nil, fmt.Errorf("failed signing tree head: %v", err) - } - return sth, nil -} - -func (sm *StateManagerSingleSecondary) rotate(nextSTH *types.SignedTreeHead) { - sm.Lock() - defer sm.Unlock() - - log.Debug("rotating tree heads") - sm.setSignedTreeHead(nextSTH) -} |