From 6f5383a323bf7526b75aa4d73d04027e3411617e Mon Sep 17 00:00:00 2001 From: Asra Ali Date: Mon, 29 Aug 2022 14:43:22 -0500 Subject: [PATCH] fix: use entry uuid uniformly Signed-off-by: Asra Ali update Signed-off-by: Asra Ali --- cmd/rekor-cli/app/get.go | 23 ++++++++++++++++++++--- cmd/rekor-cli/app/verify.go | 7 +++++-- pkg/api/entries.go | 16 +++++++++------- tests/sharding-e2e-test.sh | 12 +++--------- 4 files changed, 37 insertions(+), 21 deletions(-) diff --git a/cmd/rekor-cli/app/get.go b/cmd/rekor-cli/app/get.go index b75f8a5b5..ce7b951b0 100644 --- a/cmd/rekor-cli/app/get.go +++ b/cmd/rekor-cli/app/get.go @@ -58,7 +58,7 @@ func (g *getCmdOutput) String() string { s += fmt.Sprintf("Index: %d\n", g.LogIndex) dt := time.Unix(g.IntegratedTime, 0).UTC().Format(time.RFC3339) s += fmt.Sprintf("IntegratedTime: %s\n", dt) - s += fmt.Sprintf("UUID: %s\n", g.UUID) + s += fmt.Sprintf("Entry UUID: %s\n", g.UUID) var b bytes.Buffer e := json.NewEncoder(&b) e.SetIndent("", " ") @@ -127,13 +127,30 @@ var getCmd = &cobra.Command{ return nil, err } - u, err := sharding.GetUUIDFromIDString(params.EntryUUID) + paramsUUID, err := sharding.GetUUIDFromIDString(params.EntryUUID) if err != nil { return nil, err } + paramsTreeID, err := sharding.GetTreeIDFromIDString(params.EntryUUID) + if !errors.Is(err, sharding.ErrPlainUUID) { + return nil, err + } for k, entry := range resp.Payload { - if k != u { + outputUUID, err := sharding.GetUUIDFromIDString(k) + if err != nil { + return nil, err + } + outTreeID, err := sharding.GetTreeIDFromIDString(k) + if !errors.Is(err, sharding.ErrPlainUUID) { + return nil, err + } + + // Compare against expected UUID and Tree ID (if present). + if outputUUID != paramsUUID { + continue + } + if paramsTreeID != "" && outTreeID != "" && paramsTreeID != outTreeID { continue } diff --git a/cmd/rekor-cli/app/verify.go b/cmd/rekor-cli/app/verify.go index bf80b31a3..c6216b9d8 100644 --- a/cmd/rekor-cli/app/verify.go +++ b/cmd/rekor-cli/app/verify.go @@ -164,8 +164,11 @@ var verifyCmd = &cobra.Command{ } } - // Note: the returned entry UUID is the UUID (not include the Tree ID) - leafHash, _ := hex.DecodeString(o.EntryUUID) + outputUUID, err := sharding.GetUUIDFromIDString(o.EntryUUID) + if err != nil { + return nil, err + } + leafHash, _ := hex.DecodeString(outputUUID) if !bytes.Equal(rfc6962.DefaultHasher.HashLeaf(entryBytes), leafHash) { return nil, fmt.Errorf("computed leaf hash did not match entry UUID") } diff --git a/pkg/api/entries.go b/pkg/api/entries.go index 5be6a6202..a6064b80a 100644 --- a/pkg/api/entries.go +++ b/pkg/api/entries.go @@ -96,6 +96,13 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC } uuid := hex.EncodeToString(leaf.MerkleLeafHash) + activeTree := fmt.Sprintf("%x", tc.logID) + entryIDstruct, err := sharding.CreateEntryIDFromParts(activeTree, uuid) + if err != nil { + return nil, fmt.Errorf("error creating EntryID from active treeID %v and uuid %v: %w", activeTree, uuid, err) + } + entryID := entryIDstruct.ReturnEntryIDString() + if viper.GetBool("enable_attestation_storage") { pe, err := models.UnmarshalProposedEntry(bytes.NewReader(leaf.LeafValue), runtime.JSONConsumer()) if err != nil { @@ -119,11 +126,6 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC } // if looking up by key failed or we weren't able to generate a key, try looking up by uuid if attKey == "" || fetchErr != nil { - activeTree := fmt.Sprintf("%x", tc.logID) - entryIDstruct, err := sharding.CreateEntryIDFromParts(activeTree, uuid) - if err != nil { - return nil, fmt.Errorf("error creating EntryID from active treeID %v and uuid %v: %w", activeTree, uuid, err) - } att, fetchErr = storageClient.FetchAttestation(ctx, entryIDstruct.UUID) if fetchErr != nil { log.ContextLogger(ctx).Errorf("error fetching attestation by uuid: %s %v", entryIDstruct.UUID, fetchErr) @@ -143,7 +145,7 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC } return models.LogEntry{ - uuid: logEntryAnon}, nil + entryID: logEntryAnon}, nil } // GetLogEntryAndProofByIndexHandler returns the entry and inclusion proof for a specified log index @@ -262,7 +264,7 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl } logEntry := models.LogEntry{ - uuid: logEntryAnon, + entryID: logEntryAnon, } return logEntry, nil } diff --git a/tests/sharding-e2e-test.sh b/tests/sharding-e2e-test.sh index c4416115b..b72b79f10 100755 --- a/tests/sharding-e2e-test.sh +++ b/tests/sharding-e2e-test.sh @@ -243,20 +243,14 @@ fi echo echo "Testing /api/v1/log/entries/retrieve endpoint..." -UUID1=$($REKOR_CLI get --log-index 1 --rekor_server http://localhost:3000 --format json | jq -r .UUID) -UUID2=$($REKOR_CLI get --log-index 3 --rekor_server http://localhost:3000 --format json | jq -r .UUID) +ENTRY_ID_1=$($REKOR_CLI get --log-index 1 --rekor_server http://localhost:3000 --format json | jq -r .UUID) +ENTRY_ID_2=$($REKOR_CLI get --log-index 3 --rekor_server http://localhost:3000 --format json | jq -r .UUID) # Make sure retrieve by UUID in the inactive shard works -NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$UUID1\"]}" | jq '. | length') +NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\"]}" | jq '. | length') stringsMatch $NUM_ELEMENTS "1" -HEX_INITIAL_TREE_ID=$(printf "%x" $INITIAL_TREE_ID | awk '{ for(c = 0; c < 16 ; c++) s = s"0"; s = s$1; print substr(s, 1 + length(s) - 16);}') -HEX_INITIAL_SHARD_ID=$(printf "%x" $SHARD_TREE_ID | awk '{ for(c = 0; c < 16 ; c++) s = s"0"; s = s$1; print substr(s, 1 + length(s) - 16);}') - -ENTRY_ID_1=$(echo -n "$HEX_INITIAL_TREE_ID$UUID1" | xargs echo -n) -ENTRY_ID_2=$(echo -n "$HEX_INITIAL_SHARD_ID$UUID2" | xargs echo -n) - # -f makes sure we exit on failure NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\", \"$ENTRY_ID_2\"]}" | jq '. | length') stringsMatch $NUM_ELEMENTS "2"