1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
|
package instance
import (
"context"
"crypto"
"fmt"
"net/http"
"time"
"git.sigsum.org/log-go/pkg/db"
"git.sigsum.org/log-go/pkg/state"
"git.sigsum.org/sigsum-go/pkg/dns"
"git.sigsum.org/sigsum-go/pkg/requests"
"git.sigsum.org/sigsum-go/pkg/types"
)
// Config is a collection of log parameters
type Config struct {
LogID string // H(public key), then hex-encoded
TreeID int64 // Merkle tree identifier used by Trillian
Prefix string // The portion between base URL and st/v0 (may be "")
MaxRange int64 // Maximum number of leaves per get-leaves request
Deadline time.Duration // Deadline used for gRPC requests
Interval time.Duration // Cosigning frequency
ShardStart uint64 // Shard interval start (num seconds since UNIX epoch)
// Witnesses map trusted witness identifiers to public keys
Witnesses map[types.Hash]types.PublicKey
}
// Instance is an instance of the log's front-end
type Instance struct {
Config // configuration parameters
Client db.Client // provides access to the Trillian backend
Signer crypto.Signer // provides access to Ed25519 private key
Stateman state.StateManager // coordinates access to (co)signed tree heads
DNS dns.Verifier // checks if domain name knows a public key
Role Role
Peer ServiceEndpoint
}
type Role int64
const (
Primary Role = iota
Secondary
)
type ServiceEndpoint struct {
URL string
Pubkey types.PublicKey
}
func (i *Instance) Handlers() []Handler {
switch i.Role {
case Primary:
return []Handler{
Handler{Instance: i, Handler: addLeaf, Endpoint: types.EndpointAddLeaf, Method: http.MethodPost},
Handler{Instance: i, Handler: addCosignature, Endpoint: types.EndpointAddCosignature, Method: http.MethodPost},
Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetTreeHeadToCosign, Method: http.MethodGet}, // ToSign -> ToCoSign
Handler{Instance: i, Handler: getTreeHeadCosigned, Endpoint: types.EndpointGetTreeHeadCosigned, Method: http.MethodGet},
Handler{Instance: i, Handler: getCheckpoint, Endpoint: types.Endpoint("get-checkpoint"), Method: http.MethodGet},
Handler{Instance: i, Handler: getConsistencyProof, Endpoint: types.EndpointGetConsistencyProof, Method: http.MethodGet},
Handler{Instance: i, Handler: getInclusionProof, Endpoint: types.EndpointGetInclusionProof, Method: http.MethodGet},
Handler{Instance: i, Handler: getLeaves, Endpoint: types.EndpointGetLeaves, Method: http.MethodGet},
}
case Secondary:
return []Handler{
Handler{Instance: i, Handler: getTreeHeadToCosign, Endpoint: types.EndpointGetSecondaryTreeHead, Method: http.MethodGet},
}
default:
return []Handler{}
}
}
// checkHTTPMethod checks if an HTTP method is supported
func (i *Instance) checkHTTPMethod(m string) bool {
return m == http.MethodGet || m == http.MethodPost
}
func (i *Instance) leafRequestFromHTTP(ctx context.Context, r *http.Request) (*requests.Leaf, error) {
var req requests.Leaf
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
stmt := types.Statement{
ShardHint: req.ShardHint,
Checksum: *types.HashFn(req.Message[:]),
}
if !stmt.Verify(&req.PublicKey, &req.Signature) {
return nil, fmt.Errorf("invalid signature")
}
shardEnd := uint64(time.Now().Unix())
if req.ShardHint < i.ShardStart {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, shardEnd)
}
if req.ShardHint > shardEnd {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, shardEnd)
}
if err := i.DNS.Verify(ctx, req.DomainHint, &req.PublicKey); err != nil {
return nil, fmt.Errorf("invalid domain hint: %v", err)
}
return &req, nil
}
func (i *Instance) cosignatureRequestFromHTTP(r *http.Request) (*requests.Cosignature, error) {
var req requests.Cosignature
if err := req.FromASCII(r.Body); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if _, ok := i.Witnesses[req.KeyHash]; !ok {
return nil, fmt.Errorf("Unknown witness: %x", req.KeyHash)
}
return &req, nil
}
func (i *Instance) consistencyProofRequestFromHTTP(r *http.Request) (*requests.ConsistencyProof, error) {
var req requests.ConsistencyProof
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("FromURL: %v", err)
}
if req.OldSize < 1 {
return nil, fmt.Errorf("OldSize(%d) must be larger than zero", req.OldSize)
}
if req.NewSize <= req.OldSize {
return nil, fmt.Errorf("NewSize(%d) must be larger than OldSize(%d)", req.NewSize, req.OldSize)
}
return &req, nil
}
func (i *Instance) inclusionProofRequestFromHTTP(r *http.Request) (*requests.InclusionProof, error) {
var req requests.InclusionProof
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if req.TreeSize < 2 {
// TreeSize:0 => not possible to prove inclusion of anything
// TreeSize:1 => you don't need an inclusion proof (it is always empty)
return nil, fmt.Errorf("TreeSize(%d) must be larger than one", req.TreeSize)
}
return &req, nil
}
func (i *Instance) leavesRequestFromHTTP(r *http.Request) (*requests.Leaves, error) {
var req requests.Leaves
if err := req.FromURL(r.URL.Path); err != nil {
return nil, fmt.Errorf("FromASCII: %v", err)
}
if req.StartSize > req.EndSize {
return nil, fmt.Errorf("StartSize(%d) must be less than or equal to EndSize(%d)", req.StartSize, req.EndSize)
}
if req.EndSize-req.StartSize+1 > uint64(i.MaxRange) {
req.EndSize = req.StartSize + uint64(i.MaxRange) - 1
}
return &req, nil
}
|