1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
package instance
import (
"context"
"crypto"
"crypto/ed25519"
"fmt"
"net/http"
"time"
"github.com/golang/glog"
"golang.sigsum.org/sigsum-log-go/pkg/state"
"golang.sigsum.org/sigsum-log-go/pkg/trillian"
"golang.sigsum.org/sigsum-log-go/pkg/types"
)
// Config is a collection of log parameters
type Config struct {
LogID string // H(public key), then hex-encoded
TreeID int64 // Merkle tree identifier used by Trillian
Prefix string // The portion between base URL and st/v0 (may be "")
MaxRange int64 // Maximum number of leaves per get-leaves request
Deadline time.Duration // Deadline used for gRPC requests
Interval time.Duration // Cosigning frequency
ShardStart uint64 // Shard interval start (num seconds since UNIX epoch)
ShardEnd uint64 // Shard interval end (num seconds since UNIX epoch)
// Witnesses map trusted witness identifiers to public verification keys
Witnesses map[[types.HashSize]byte][types.VerificationKeySize]byte
}
// Instance is an instance of the log's front-end
type Instance struct {
Config // configuration parameters
Client trillian.Client // provides access to the Trillian backend
Signer crypto.Signer // provides access to Ed25519 private key
Stateman state.StateManager // coordinates access to (co)signed tree heads
}
// Handler implements the http.Handler interface, and contains a reference
// to a sigsum server instance as well as a function that uses it.
type Handler struct {
Instance *Instance
Endpoint types.Endpoint
Method string
Handler func(context.Context, *Instance, http.ResponseWriter, *http.Request) (int, error)
}
// Handlers returns a list of sigsum handlers
func (i *Instance) Handlers() []Handler {
return []Handler{
Handler{Instance: i, Handler: addLeaf, Endpoint: types.EndpointAddLeaf, Method: http.MethodPost},
Handler{Instance: i, Handler: addCosignature, Endpoint: types.EndpointAddCosignature, Method: http.MethodPost},
Handler{Instance: i, Handler: getTreeHeadLatest, Endpoint: types.EndpointGetTreeHeadLatest, Method: http.MethodGet},
Handler{Instance: i, Handler: getTreeHeadToSign, Endpoint: types.EndpointGetTreeHeadToSign, Method: http.MethodGet},
Handler{Instance: i, Handler: getTreeHeadCosigned, Endpoint: types.EndpointGetTreeHeadCosigned, Method: http.MethodGet},
Handler{Instance: i, Handler: getConsistencyProof, Endpoint: types.EndpointGetConsistencyProof, Method: http.MethodPost},
Handler{Instance: i, Handler: getInclusionProof, Endpoint: types.EndpointGetInclusionProof, Method: http.MethodPost},
Handler{Instance: i, Handler: getLeaves, Endpoint: types.EndpointGetLeaves, Method: http.MethodPost},
}
}
// Path returns a path that should be configured for this handler
func (h Handler) Path() string {
return h.Endpoint.Path(h.Instance.Prefix, "sigsum", "v0")
}
// ServeHTTP is part of the http.Handler interface
func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
// export prometheus metrics
var now time.Time = time.Now()
var statusCode int
defer func() {
rspcnt.Inc(a.Instance.LogID, string(a.Endpoint), fmt.Sprintf("%d", statusCode))
latency.Observe(time.Now().Sub(now).Seconds(), a.Instance.LogID, string(a.Endpoint), fmt.Sprintf("%d", statusCode))
}()
reqcnt.Inc(a.Instance.LogID, string(a.Endpoint))
ctx, cancel := context.WithDeadline(r.Context(), now.Add(a.Instance.Deadline))
defer cancel()
if r.Method != a.Method {
glog.Warningf("%s/%s: got HTTP %s, wanted HTTP %s", a.Instance.Prefix, string(a.Endpoint), r.Method, a.Method)
http.Error(w, "", http.StatusMethodNotAllowed)
return
}
statusCode, err := a.Handler(ctx, a.Instance, w, r)
if err != nil {
glog.Warningf("handler error %s/%s: %v", a.Instance.Prefix, a.Endpoint, err)
http.Error(w, fmt.Sprintf("%s%s%s%s", "Error", types.Delim, err.Error(), types.EOL), statusCode)
}
}
func (i *Instance) leafRequestFromHTTP(r *http.Request) (*types.LeafRequest, error) {
var req types.LeafRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
}
vk := ed25519.PublicKey(req.VerificationKey[:])
msg := req.Message.Marshal()
sig := req.Signature[:]
if !ed25519.Verify(vk, msg, sig) {
return nil, fmt.Errorf("invalid signature")
}
if req.ShardHint < i.ShardStart {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, i.ShardEnd)
}
if req.ShardHint > i.ShardEnd {
return nil, fmt.Errorf("invalid shard hint: %d not in [%d, %d]", req.ShardHint, i.ShardStart, i.ShardEnd)
}
// TODO: check domain hint
return &req, nil
}
func (i *Instance) cosignatureRequestFromHTTP(r *http.Request) (*types.CosignatureRequest, error) {
var req types.CosignatureRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
}
if _, ok := i.Witnesses[*req.KeyHash]; !ok {
return nil, fmt.Errorf("Unknown witness: %x", req.KeyHash)
}
return &req, nil
}
func (i *Instance) consistencyProofRequestFromHTTP(r *http.Request) (*types.ConsistencyProofRequest, error) {
var req types.ConsistencyProofRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
}
if req.OldSize < 1 {
return nil, fmt.Errorf("OldSize(%d) must be larger than zero", req.OldSize)
}
if req.NewSize <= req.OldSize {
return nil, fmt.Errorf("NewSize(%d) must be larger than OldSize(%d)", req.NewSize, req.OldSize)
}
return &req, nil
}
func (i *Instance) inclusionProofRequestFromHTTP(r *http.Request) (*types.InclusionProofRequest, error) {
var req types.InclusionProofRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
}
if req.TreeSize < 2 {
// TreeSize:0 => not possible to prove inclusion of anything
// TreeSize:1 => you don't need an inclusion proof (it is always empty)
return nil, fmt.Errorf("TreeSize(%d) must be larger than one", req.TreeSize)
}
return &req, nil
}
func (i *Instance) leavesRequestFromHTTP(r *http.Request) (*types.LeavesRequest, error) {
var req types.LeavesRequest
if err := req.UnmarshalASCII(r.Body); err != nil {
return nil, fmt.Errorf("UnmarshalASCII: %v", err)
}
if req.StartSize > req.EndSize {
return nil, fmt.Errorf("StartSize(%d) must be less than or equal to EndSize(%d)", req.StartSize, req.EndSize)
}
if req.EndSize-req.StartSize+1 > uint64(i.MaxRange) {
req.EndSize = req.StartSize + uint64(i.MaxRange) - 1
}
return &req, nil
}
|