Skip to content

Commit

Permalink
Move github.com/sigstore/protobuf-specs users into a separate subpack…
Browse files Browse the repository at this point in the history
…age (#1511)

Nothing else in this repository currently uses sigstore/protobuf-specs,
notably prodution users of pkg/client don't use it. So, move the new TLE
utilities into a separate subpackage, to make clients smaller.

Only moves unchanged code, should not change behavior.

Signed-off-by: Miloslav Trmač <[email protected]>
  • Loading branch information
mtrmac authored May 29, 2023
1 parent e34fe7c commit 55a5a33
Show file tree
Hide file tree
Showing 6 changed files with 325 additions and 283 deletions.
4 changes: 2 additions & 2 deletions cmd/rekor-cli/app/format/wrap.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ import (

rekor_pb "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1"

"github.com/sigstore/rekor/pkg/client"
"github.com/sigstore/rekor/pkg/log"
tleutils "github.com/sigstore/rekor/pkg/tle"
"github.com/spf13/cobra"
"github.com/spf13/viper"
)
Expand Down Expand Up @@ -51,7 +51,7 @@ func WrapCmd(f formatCmd) CobraCmd {
fmt.Println(toJSON(obj))
case "tle":
if tle, ok := obj.(*rekor_pb.TransparencyLogEntry); ok {
json, err := client.MarshalTLEToJSON(tle)
json, err := tleutils.MarshalTLEToJSON(tle)
if err != nil {
log.CliLogger.Fatalf("error converting to transparency log entry: %v", err)
}
Expand Down
3 changes: 2 additions & 1 deletion cmd/rekor-cli/app/get.go
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ import (
"github.com/sigstore/rekor/pkg/generated/models"
"github.com/sigstore/rekor/pkg/log"
"github.com/sigstore/rekor/pkg/sharding"
"github.com/sigstore/rekor/pkg/tle"
"github.com/sigstore/rekor/pkg/types"
"github.com/sigstore/rekor/pkg/verify"
)
Expand Down Expand Up @@ -204,7 +205,7 @@ func compareEntryUUIDs(requestEntryUUID string, responseEntryUUID string) error

func parseEntry(uuid string, e models.LogEntryAnon) (interface{}, error) {
if viper.GetString("format") == "tle" {
return client.GenerateTransparencyLogEntry(e)
return tle.GenerateTransparencyLogEntry(e)
}

b, err := base64.StdEncoding.DecodeString(e.Body.(string))
Expand Down
76 changes: 0 additions & 76 deletions pkg/client/rekor_client.go
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,7 @@
package client

import (
"bytes"
"crypto/tls"
"encoding/base64"
"encoding/hex"
"fmt"
"net/http"
"net/url"

Expand All @@ -28,13 +24,8 @@ import (
"github.com/go-openapi/strfmt"
"github.com/hashicorp/go-cleanhttp"
retryablehttp "github.com/hashicorp/go-retryablehttp"
rekor_pb_common "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
rekor_pb "github.com/sigstore/protobuf-specs/gen/pb-go/rekor/v1"
"github.com/sigstore/rekor/pkg/generated/client"
"github.com/sigstore/rekor/pkg/generated/models"
"github.com/sigstore/rekor/pkg/types"
"github.com/sigstore/rekor/pkg/util"
"google.golang.org/protobuf/encoding/protojson"
)

func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error) {
Expand Down Expand Up @@ -73,70 +64,3 @@ func GetRekorClient(rekorServerURL string, opts ...Option) (*client.Rekor, error
registry.Add("signedCheckpoint", &util.SignedNote{}, util.SignedCheckpointValidator)
return client.New(rt, registry), nil
}

// GenerateTransparencyLogEntry returns a sigstore/protobuf-specs compliant message containing a
// TransparencyLogEntry as defined at https://github.com/sigstore/protobuf-specs/blob/main/protos/sigstore_rekor.proto
func GenerateTransparencyLogEntry(anon models.LogEntryAnon) (*rekor_pb.TransparencyLogEntry, error) {
logIDHash, err := hex.DecodeString(*anon.LogID)
if err != nil {
return nil, fmt.Errorf("decoding logID string: %w", err)
}

rootHash, err := hex.DecodeString(*anon.Verification.InclusionProof.RootHash)
if err != nil {
return nil, fmt.Errorf("decoding inclusion proof root hash: %w", err)
}

inclusionProofHashes := make([][]byte, len(anon.Verification.InclusionProof.Hashes))
for i, hash := range anon.Verification.InclusionProof.Hashes {
hashBytes, err := hex.DecodeString(hash)
if err != nil {
return nil, fmt.Errorf("decoding inclusion proof hash: %w", err)
}
inclusionProofHashes[i] = hashBytes
}

b, err := base64.StdEncoding.DecodeString(anon.Body.(string))
if err != nil {
return nil, fmt.Errorf("base64 decoding body: %w", err)
}

pe, err := models.UnmarshalProposedEntry(bytes.NewReader(b), runtime.JSONConsumer())
if err != nil {
return nil, err
}
eimpl, err := types.UnmarshalEntry(pe)
if err != nil {
return nil, err
}

return &rekor_pb.TransparencyLogEntry{
LogIndex: *anon.LogIndex,
LogId: &rekor_pb_common.LogId{
KeyId: logIDHash,
},
KindVersion: &rekor_pb.KindVersion{
Kind: pe.Kind(),
Version: eimpl.APIVersion(),
},
IntegratedTime: *anon.IntegratedTime,
InclusionPromise: &rekor_pb.InclusionPromise{
SignedEntryTimestamp: anon.Verification.SignedEntryTimestamp,
},
InclusionProof: &rekor_pb.InclusionProof{
LogIndex: *anon.LogIndex,
RootHash: rootHash,
TreeSize: *anon.Verification.InclusionProof.TreeSize,
Hashes: inclusionProofHashes,
Checkpoint: &rekor_pb.Checkpoint{
Envelope: *anon.Verification.InclusionProof.Checkpoint,
},
},
CanonicalizedBody: b, // we don't call eimpl.Canonicalize in the case that the logic is different in this caller vs when it was persisted in the log
}, nil
}

// MarshalTLEToJSON marshals a TransparencyLogEntry message to JSON according to the protobuf JSON encoding rules
func MarshalTLEToJSON(tle *rekor_pb.TransparencyLogEntry) ([]byte, error) {
return protojson.Marshal(tle)
}
Loading

0 comments on commit 55a5a33

Please sign in to comment.