From 854f17428ae7880adaaeec64aa10d2078327ff55 Mon Sep 17 00:00:00 2001 From: Priya Wadhwa Date: Wed, 28 Sep 2022 13:12:03 -0700 Subject: [PATCH] Fix searching by hash Signed-off-by: Priya Wadhwa --- .gitignore | 1 + pkg/api/entries.go | 32 +++++++++++++++++--------------- tests/sharding-e2e-test.sh | 13 +++++++------ 3 files changed, 25 insertions(+), 21 deletions(-) diff --git a/.gitignore b/.gitignore index 5f5eb843e..55fce30e7 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ trillianServerImagerefs trillianSignerImagerefs cosign.* signature +rekor.pub diff --git a/pkg/api/entries.go b/pkg/api/entries.go index 520328f10..07f95be83 100644 --- a/pkg/api/entries.go +++ b/pkg/api/entries.go @@ -350,7 +350,6 @@ func GetLogEntryByUUIDHandler(params entries.GetLogEntryByUUIDParams) middleware func SearchLogQueryHandler(params entries.SearchLogQueryParams) middleware.Responder { httpReqCtx := params.HTTPRequest.Context() resultPayload := []models.LogEntry{} - tc := NewTrillianClient(httpReqCtx) totalQueries := len(params.Entry.EntryUUIDs) + len(params.Entry.Entries()) + len(params.Entry.LogIndexes) if totalQueries > maxSearchQueries { @@ -415,24 +414,31 @@ func SearchLogQueryHandler(params entries.SearchLogQueryParams) middleware.Respo searchHashes = append(searchHashes, hash) } - searchByHashResults := make([][]*trillian.GetEntryAndProofResponse, len(searchHashes)) + searchByHashResults := make([]map[int64]*trillian.GetEntryAndProofResponse, len(searchHashes)) g, _ = errgroup.WithContext(httpReqCtx) for i, hash := range searchHashes { i, hash := i, hash // https://golang.org/doc/faq#closures_and_goroutines g.Go(func() error { - var results []*trillian.GetEntryAndProofResponse + var results map[int64]*trillian.GetEntryAndProofResponse for _, shard := range api.logRanges.AllShards() { tcs := NewTrillianClientFromTreeID(httpReqCtx, shard) resp := tcs.getLeafAndProofByHash(hash) if resp.status != codes.OK { continue } + if resp.err != nil { + continue + } leafResult := resp.getLeafAndProofResult if leafResult != nil && leafResult.Leaf != nil { - results = append(results, resp.getLeafAndProofResult) + if results == nil { + results = map[int64]*trillian.GetEntryAndProofResponse{} + } + results[shard] = resp.getLeafAndProofResult } } if results == nil { + code = http.StatusNotFound return fmt.Errorf("no responses found") } searchByHashResults[i] = results @@ -444,17 +450,13 @@ func SearchLogQueryHandler(params entries.SearchLogQueryParams) middleware.Respo return handleRekorAPIError(params, code, err, err.Error()) } - var flattenedHashResults []*trillian.GetEntryAndProofResponse - for _, s := range searchByHashResults { - flattenedHashResults = append(flattenedHashResults, s...) - } - - for _, leafResp := range flattenedHashResults { - if leafResp == nil { - continue - } - for _, shard := range api.logRanges.AllShards() { - logEntry, err := logEntryFromLeaf(httpReqCtx, api.signer, tc, leafResp.Leaf, leafResp.SignedLogRoot, leafResp.Proof, shard, api.logRanges) + for _, hashMap := range searchByHashResults { + for shard, leafResp := range hashMap { + if leafResp == nil { + continue + } + tcs := NewTrillianClientFromTreeID(httpReqCtx, shard) + logEntry, err := logEntryFromLeaf(httpReqCtx, api.signer, tcs, leafResp.Leaf, leafResp.SignedLogRoot, leafResp.Proof, shard, api.logRanges) if err != nil { continue } diff --git a/tests/sharding-e2e-test.sh b/tests/sharding-e2e-test.sh index 257610ff3..f9cadb6b5 100755 --- a/tests/sharding-e2e-test.sh +++ b/tests/sharding-e2e-test.sh @@ -24,8 +24,8 @@ set -ex echo "Installing createtree..." go install github.com/google/trillian/cmd/createtree@latest -echo "Installing cosign..." -go install github.com/sigstore/cosign/cmd/cosign@latest +# echo "Installing cosign..." +# go install github.com/sigstore/cosign/cmd/cosign@latest echo "starting services" docker-compose up -d @@ -134,7 +134,7 @@ echo "the new shard ID is $SHARD_TREE_ID" $REKOR_CLI loginfo --rekor_server http://localhost:3000 # Get the public key for the active tree for later -ENCODED_PUBLIC_KEY=$(curl http://localhost:3000/api/v1/log/publicKey | base64 -w 0) +ENCODED_PUBLIC_KEY=$(curl http://localhost:3000/api/v1/log/publicKey | base64) # Spin down the rekor server echo "stopping the rekor server..." @@ -227,12 +227,12 @@ $REKOR_CLI logproof --last-size 2 --tree-id $INITIAL_TREE_ID --rekor_server http $REKOR_CLI logproof --last-size 1 --rekor_server http://localhost:3000 echo "Getting public key for inactive shard..." -GOT_PUB_KEY=$(curl "http://localhost:3000/api/v1/log/publicKey?treeID=$INITIAL_TREE_ID" | base64 -w 0) +GOT_PUB_KEY=$(curl "http://localhost:3000/api/v1/log/publicKey?treeID=$INITIAL_TREE_ID" | base64) echo "Got encoded public key $GOT_PUB_KEY, making sure this matches the public key we got earlier..." stringsMatch $ENCODED_PUBLIC_KEY $GOT_PUB_KEY echo "Getting the public key for the active tree..." -NEW_PUB_KEY=$(curl "http://localhost:3000/api/v1/log/publicKey" | base64 -w 0) +NEW_PUB_KEY=$(curl "http://localhost:3000/api/v1/log/publicKey" | base64) echo "Making sure the public key for the active shard is different from the inactive shard..." if [[ "$ENCODED_PUBLIC_KEY" == "$NEW_PUB_KEY" ]]; then echo @@ -255,7 +255,8 @@ NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Con stringsMatch $NUM_ELEMENTS "1" # Make sure we can verify the blob we entered into the now-inactive shard -COSIGN_EXPERIMENTAL=1 cosign verify-blob README.md --key cosign.pub --rekor-url http://localhost:3000 --signature ./signature +echo $NEW_PUB_KEY > rekor.pub +COSIGN_EXPERIMENTAL=1 SIGSTORE_REKOR_PUBLIC_KEY=./rekor.pub cosign verify-blob README.md --key cosign.pub --rekor-url http://localhost:3000 --signature ./signature # -f makes sure we exit on failure NUM_ELEMENTS=$(curl -f http://localhost:3000/api/v1/log/entries/retrieve -H "Content-Type: application/json" -H "Accept: application/json" -d "{ \"entryUUIDs\": [\"$ENTRY_ID_1\", \"$ENTRY_ID_2\"]}" | jq '. | length')