From b8c268c9ffe03337fe0426761d189c2b34ed3f0d Mon Sep 17 00:00:00 2001 From: Hayden Blauzvern Date: Tue, 30 Aug 2022 01:34:07 +0000 Subject: [PATCH] Include checkpoint (STH) in entry upload and retrieve responses This associates a root hash in an inclusion proof with a signed commitment from the log. Previously, without this included, there was no connection between an inclusion proof and the log. An inclusion proof and checkpoint can be an alternative proof of inclusion instead of a SET. Ref #988 Signed-off-by: Hayden Blauzvern --- cmd/rekor-cli/app/upload.go | 42 ++++++++++++ cmd/rekor-cli/app/verify.go | 38 +++++++++-- openapi.yaml | 5 ++ pkg/api/entries.go | 68 +++++++++++++++++-- pkg/api/trillian_client.go | 2 + .../entries/create_log_entry_parameters.go | 8 ++- .../entries/create_log_entry_responses.go | 12 ++-- .../client/entries/entries_client.go | 13 ++-- .../get_log_entry_by_index_parameters.go | 8 ++- .../get_log_entry_by_index_responses.go | 9 ++- .../get_log_entry_by_uuid_parameters.go | 8 ++- .../get_log_entry_by_uuid_responses.go | 9 ++- .../entries/search_log_query_parameters.go | 8 ++- .../entries/search_log_query_responses.go | 9 ++- pkg/generated/client/index/index_client.go | 2 +- .../client/index/search_index_parameters.go | 8 ++- .../client/index/search_index_responses.go | 9 ++- .../pubkey/get_public_key_parameters.go | 8 ++- .../client/pubkey/get_public_key_responses.go | 6 +- pkg/generated/client/pubkey/pubkey_client.go | 4 +- .../server/get_rekor_version_parameters.go | 8 ++- .../server/get_rekor_version_responses.go | 6 +- pkg/generated/client/server/server_client.go | 2 +- .../client/tlog/get_log_info_parameters.go | 8 ++- .../client/tlog/get_log_info_responses.go | 6 +- .../client/tlog/get_log_proof_parameters.go | 8 ++- .../client/tlog/get_log_proof_responses.go | 9 ++- pkg/generated/client/tlog/tlog_client.go | 8 +-- pkg/generated/models/alpine_schema.go | 2 +- pkg/generated/models/alpine_v001_schema.go | 2 +- pkg/generated/models/cose_schema.go | 2 +- pkg/generated/models/cose_v001_schema.go | 2 +- pkg/generated/models/hashedrekord_schema.go | 2 +- .../models/hashedrekord_v001_schema.go | 2 +- pkg/generated/models/helm_schema.go | 2 +- pkg/generated/models/helm_v001_schema.go | 2 +- pkg/generated/models/inclusion_proof.go | 17 +++++ pkg/generated/models/intoto_schema.go | 2 +- pkg/generated/models/intoto_v001_schema.go | 2 +- pkg/generated/models/intoto_v002_schema.go | 2 +- pkg/generated/models/jar_schema.go | 2 +- pkg/generated/models/jar_v001_schema.go | 2 +- pkg/generated/models/rekord_schema.go | 2 +- pkg/generated/models/rekord_v001_schema.go | 2 +- pkg/generated/models/rfc3161_schema.go | 2 +- pkg/generated/models/rfc3161_v001_schema.go | 2 +- pkg/generated/models/rpm_schema.go | 2 +- pkg/generated/models/rpm_v001_schema.go | 2 +- pkg/generated/models/tuf_schema.go | 2 +- pkg/generated/models/tuf_v001_schema.go | 2 +- pkg/generated/restapi/doc.go | 26 +++---- pkg/generated/restapi/embedded_spec.go | 16 ++++- .../operations/entries/create_log_entry.go | 7 +- .../entries/create_log_entry_responses.go | 12 ++-- .../entries/get_log_entry_by_index.go | 4 +- .../get_log_entry_by_index_responses.go | 9 ++- .../entries/get_log_entry_by_uuid.go | 6 +- .../get_log_entry_by_uuid_responses.go | 9 ++- .../operations/entries/search_log_query.go | 4 +- .../entries/search_log_query_responses.go | 9 ++- .../restapi/operations/index/search_index.go | 4 +- .../index/search_index_responses.go | 9 ++- .../operations/pubkey/get_public_key.go | 6 +- .../pubkey/get_public_key_responses.go | 6 +- .../operations/server/get_rekor_version.go | 4 +- .../server/get_rekor_version_responses.go | 6 +- .../restapi/operations/tlog/get_log_info.go | 6 +- .../operations/tlog/get_log_info_responses.go | 6 +- .../restapi/operations/tlog/get_log_proof.go | 6 +- .../tlog/get_log_proof_responses.go | 9 ++- tests/e2e_test.go | 2 + 71 files changed, 394 insertions(+), 162 deletions(-) diff --git a/cmd/rekor-cli/app/upload.go b/cmd/rekor-cli/app/upload.go index 32739e409..62d44ddc4 100644 --- a/cmd/rekor-cli/app/upload.go +++ b/cmd/rekor-cli/app/upload.go @@ -19,6 +19,9 @@ import ( "context" "crypto/ecdsa" "crypto/sha256" + "encoding/base64" + "encoding/hex" + "errors" "fmt" "io" "net/http" @@ -31,6 +34,8 @@ import ( "github.com/go-openapi/swag" "github.com/spf13/cobra" "github.com/spf13/viper" + "github.com/transparency-dev/merkle/proof" + "github.com/transparency-dev/merkle/rfc6962" "github.com/sigstore/rekor/cmd/rekor-cli/app/format" "github.com/sigstore/rekor/pkg/client" @@ -185,6 +190,43 @@ func verifyLogEntry(ctx context.Context, rekorClient *genclient.Rekor, logEntry if !ecdsa.VerifyASN1(rekorPubKey, hash[:], []byte(logEntry.Verification.SignedEntryTimestamp)) { return false, fmt.Errorf("unable to verify") } + + // verify inclusion proof if present + if logEntry.Verification.InclusionProof != nil { + // verify inclusion proof + entryBytes, err := base64.StdEncoding.DecodeString(logEntry.Body.(string)) + if err != nil { + return false, err + } + leafHash := rfc6962.DefaultHasher.HashLeaf(entryBytes) + rootHash, err := hex.DecodeString(*logEntry.Verification.InclusionProof.RootHash) + if err != nil { + return false, err + } + hashes := [][]byte{} + for _, h := range logEntry.Verification.InclusionProof.Hashes { + hb, _ := hex.DecodeString(h) + hashes = append(hashes, hb) + } + if err := proof.VerifyInclusion(rfc6962.DefaultHasher, uint64(*logEntry.LogIndex), uint64(*logEntry.Verification.InclusionProof.TreeSize), + leafHash, hashes, rootHash); err != nil { + return false, fmt.Errorf("verifying inclusion proof: %w", err) + + } + // verify checkpoint + sth := &util.SignedCheckpoint{} + if err := sth.UnmarshalText([]byte(*logEntry.Verification.InclusionProof.Checkpoint)); err != nil { + return false, fmt.Errorf("unmarshalling logEntry checkpoint to SignedCheckpoint: %w", err) + } + verifier, err := loadVerifier(rekorClient) + if err != nil { + return false, err + } + if !sth.Verify(verifier) { + return false, errors.New("error verifying signed checkpoint") + } + } + return true, nil } diff --git a/cmd/rekor-cli/app/verify.go b/cmd/rekor-cli/app/verify.go index bf80b31a3..2252f65e5 100644 --- a/cmd/rekor-cli/app/verify.go +++ b/cmd/rekor-cli/app/verify.go @@ -20,6 +20,7 @@ import ( "context" "encoding/base64" "encoding/hex" + "errors" "fmt" "math/bits" "strconv" @@ -36,21 +37,28 @@ import ( "github.com/sigstore/rekor/pkg/log" "github.com/sigstore/rekor/pkg/sharding" "github.com/sigstore/rekor/pkg/types" + "github.com/sigstore/rekor/pkg/util" ) type verifyCmdOutput struct { - RootHash string - EntryUUID string - Index int64 - Size int64 - Hashes []string + RootHash string + EntryUUID string + Index int64 + Size int64 + Hashes []string + Checkpoint string } func (v *verifyCmdOutput) String() string { s := fmt.Sprintf("Current Root Hash: %v\n", v.RootHash) s += fmt.Sprintf("Entry Hash: %v\n", v.EntryUUID) s += fmt.Sprintf("Entry Index: %v\n", v.Index) - s += fmt.Sprintf("Current Tree Size: %v\n\n", v.Size) + s += fmt.Sprintf("Current Tree Size: %v\n", v.Size) + if len(v.Checkpoint) > 0 { + s += fmt.Sprintf("Checkpoint:\n%v\n\n", v.Checkpoint) + } else { + s += "\n" + } s += "Inclusion Proof:\n" hasher := rfc6962.DefaultHasher @@ -148,6 +156,9 @@ var verifyCmd = &cobra.Command{ Size: *v.Verification.InclusionProof.TreeSize, Hashes: v.Verification.InclusionProof.Hashes, } + if v.Verification.InclusionProof.Checkpoint != nil { + o.Checkpoint = *v.Verification.InclusionProof.Checkpoint + } entryBytes, err = base64.StdEncoding.DecodeString(v.Body.(string)) if err != nil { return nil, err @@ -181,6 +192,21 @@ var verifyCmd = &cobra.Command{ if err := proof.VerifyInclusion(rfc6962.DefaultHasher, uint64(o.Index), uint64(o.Size), leafHash, hashes, rootHash); err != nil { return nil, err } + + if len(o.Checkpoint) > 0 { + sth := &util.SignedCheckpoint{} + if err := sth.UnmarshalText([]byte(o.Checkpoint)); err != nil { + return nil, fmt.Errorf("unmarshalling o.Checkpoint to SignedCheckpoint: %w", err) + } + verifier, err := loadVerifier(rekorClient) + if err != nil { + return nil, err + } + if !sth.Verify(verifier) { + return nil, errors.New("error verifying signed checkpoint") + } + } + return o, err }), } diff --git a/openapi.yaml b/openapi.yaml index 93af089b6..d6311e302 100644 --- a/openapi.yaml +++ b/openapi.yaml @@ -631,11 +631,16 @@ definitions: type: string description: SHA256 hash value expressed in hexadecimal format pattern: '^[0-9a-fA-F]{64}$' + checkpoint: + type: string + format: signedCheckpoint + description: The checkpoint (signed tree head) that the inclusion proof is based on required: - logIndex - rootHash - treeSize - hashes + - checkpoint Error: type: object diff --git a/pkg/api/entries.go b/pkg/api/entries.go index abc3cefad..ea8b465f5 100644 --- a/pkg/api/entries.go +++ b/pkg/api/entries.go @@ -42,6 +42,7 @@ import ( "github.com/sigstore/rekor/pkg/log" "github.com/sigstore/rekor/pkg/sharding" "github.com/sigstore/rekor/pkg/types" + "github.com/sigstore/rekor/pkg/util" "github.com/sigstore/sigstore/pkg/signature" "github.com/sigstore/sigstore/pkg/signature/options" ) @@ -92,11 +93,32 @@ func logEntryFromLeaf(ctx context.Context, signer signature.Signer, tc TrillianC return nil, fmt.Errorf("signing entry error: %w", err) } + // sign a checkpoint as a commitment to the current root hash + sth, err := util.CreateSignedCheckpoint(util.Checkpoint{ + Origin: fmt.Sprintf("%s - %d", viper.GetString("rekor_server.hostname"), tc.logID), + Size: root.TreeSize, + Hash: root.RootHash, + }) + if err != nil { + return nil, fmt.Errorf("error marshalling checkpoint: %w", err) + } + sth.SetTimestamp(uint64(*logEntryAnon.IntegratedTime)) + _, err = sth.Sign(viper.GetString("rekor_server.hostname"), api.signer, options.WithContext(ctx)) + if err != nil { + return nil, fmt.Errorf("error signing checkpoint: %w", err) + } + scBytes, err := sth.SignedNote.MarshalText() + if err != nil { + return nil, fmt.Errorf("error marshalling checkpoint: %w", err) + } + scString := string(scBytes) + inclusionProof := models.InclusionProof{ - TreeSize: swag.Int64(int64(root.TreeSize)), - RootHash: swag.String(hex.EncodeToString(root.RootHash)), - LogIndex: swag.Int64(proof.GetLeafIndex()), - Hashes: hashes, + TreeSize: swag.Int64(int64(root.TreeSize)), + RootHash: swag.String(hex.EncodeToString(root.RootHash)), + LogIndex: swag.Int64(proof.GetLeafIndex()), + Hashes: hashes, + Checkpoint: &scString, } uuid := hex.EncodeToString(leaf.MerkleLeafHash) @@ -261,7 +283,45 @@ func createLogEntry(params entries.CreateLogEntryParams) (models.LogEntry, middl return nil, handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("signing entry error: %v", err), signingError) } + root := &ttypes.LogRootV1{} + if err := root.UnmarshalBinary(resp.getLeafAndProofResult.SignedLogRoot.LogRoot); err != nil { + return nil, handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("error unmarshalling log root: %v", err), sthGenerateError) + } + hashes := []string{} + for _, hash := range resp.getLeafAndProofResult.Proof.Hashes { + hashes = append(hashes, hex.EncodeToString(hash)) + } + + // sign a checkpoint as a commitment to the current root hash + sth, err := util.CreateSignedCheckpoint(util.Checkpoint{ + Origin: fmt.Sprintf("%s - %d", viper.GetString("rekor_server.hostname"), tc.logID), + Size: root.TreeSize, + Hash: root.RootHash, + }) + if err != nil { + return nil, handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("error creating checkpoint: %v", err), sthGenerateError) + } + sth.SetTimestamp(uint64(*logEntryAnon.IntegratedTime)) + _, err = sth.Sign(viper.GetString("rekor_server.hostname"), api.signer, options.WithContext(ctx)) + if err != nil { + return nil, handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("error signing checkpoint: %v", err), sthGenerateError) + } + scBytes, err := sth.SignedNote.MarshalText() + if err != nil { + return nil, handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("error marshalling checkpoint: %v", err), sthGenerateError) + } + scString := string(scBytes) + + inclusionProof := models.InclusionProof{ + TreeSize: swag.Int64(int64(root.TreeSize)), + RootHash: swag.String(hex.EncodeToString(root.RootHash)), + LogIndex: swag.Int64(queuedLeaf.LeafIndex), + Hashes: hashes, + Checkpoint: &scString, + } + logEntryAnon.Verification = &models.LogEntryAnonVerification{ + InclusionProof: &inclusionProof, SignedEntryTimestamp: strfmt.Base64(signature), } diff --git a/pkg/api/trillian_client.go b/pkg/api/trillian_client.go index cf625aa16..6e9278d8b 100644 --- a/pkg/api/trillian_client.go +++ b/pkg/api/trillian_client.go @@ -185,6 +185,8 @@ func (t *TrillianClient) addLeaf(byteValue []byte) *Response { status: status.Code(err), err: err, getAddResult: resp, + // include getLeafAndProofResult for inclusion proof + getLeafAndProofResult: leafResp.getLeafAndProofResult, } } diff --git a/pkg/generated/client/entries/create_log_entry_parameters.go b/pkg/generated/client/entries/create_log_entry_parameters.go index c5ccd2128..481fa2bda 100644 --- a/pkg/generated/client/entries/create_log_entry_parameters.go +++ b/pkg/generated/client/entries/create_log_entry_parameters.go @@ -70,10 +70,12 @@ func NewCreateLogEntryParamsWithHTTPClient(client *http.Client) *CreateLogEntryP } } -/* CreateLogEntryParams contains all the parameters to send to the API endpoint - for the create log entry operation. +/* +CreateLogEntryParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the create log entry operation. + + Typically these are written to a http.Request. */ type CreateLogEntryParams struct { diff --git a/pkg/generated/client/entries/create_log_entry_responses.go b/pkg/generated/client/entries/create_log_entry_responses.go index 135bf9ca7..e0e3ee156 100644 --- a/pkg/generated/client/entries/create_log_entry_responses.go +++ b/pkg/generated/client/entries/create_log_entry_responses.go @@ -75,7 +75,8 @@ func NewCreateLogEntryCreated() *CreateLogEntryCreated { return &CreateLogEntryCreated{} } -/* CreateLogEntryCreated describes a response with status code 201, with default header values. +/* +CreateLogEntryCreated describes a response with status code 201, with default header values. Returns the entry created in the transparency log */ @@ -134,7 +135,8 @@ func NewCreateLogEntryBadRequest() *CreateLogEntryBadRequest { return &CreateLogEntryBadRequest{} } -/* CreateLogEntryBadRequest describes a response with status code 400, with default header values. +/* +CreateLogEntryBadRequest describes a response with status code 400, with default header values. The content supplied to the server was invalid */ @@ -166,7 +168,8 @@ func NewCreateLogEntryConflict() *CreateLogEntryConflict { return &CreateLogEntryConflict{} } -/* CreateLogEntryConflict describes a response with status code 409, with default header values. +/* +CreateLogEntryConflict describes a response with status code 409, with default header values. The request conflicts with the current state of the transparency log */ @@ -213,7 +216,8 @@ func NewCreateLogEntryDefault(code int) *CreateLogEntryDefault { } } -/* CreateLogEntryDefault describes a response with status code -1, with default header values. +/* +CreateLogEntryDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/entries/entries_client.go b/pkg/generated/client/entries/entries_client.go index 05c6abb92..fe2630eaf 100644 --- a/pkg/generated/client/entries/entries_client.go +++ b/pkg/generated/client/entries/entries_client.go @@ -56,10 +56,9 @@ type ClientService interface { } /* - CreateLogEntry creates an entry in the transparency log - - Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified. +CreateLogEntry creates an entry in the transparency log +Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified. */ func (a *Client) CreateLogEntry(params *CreateLogEntryParams, opts ...ClientOption) (*CreateLogEntryCreated, error) { // TODO: Validate the params before sending @@ -96,7 +95,7 @@ func (a *Client) CreateLogEntry(params *CreateLogEntryParams, opts ...ClientOpti } /* - GetLogEntryByIndex retrieves an entry and inclusion proof from the transparency log if it exists by index +GetLogEntryByIndex retrieves an entry and inclusion proof from the transparency log if it exists by index */ func (a *Client) GetLogEntryByIndex(params *GetLogEntryByIndexParams, opts ...ClientOption) (*GetLogEntryByIndexOK, error) { // TODO: Validate the params before sending @@ -133,9 +132,9 @@ func (a *Client) GetLogEntryByIndex(params *GetLogEntryByIndexParams, opts ...Cl } /* - GetLogEntryByUUID gets log entry and information required to generate an inclusion proof for the entry in the transparency log +GetLogEntryByUUID gets log entry and information required to generate an inclusion proof for the entry in the transparency log - Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log +Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log */ func (a *Client) GetLogEntryByUUID(params *GetLogEntryByUUIDParams, opts ...ClientOption) (*GetLogEntryByUUIDOK, error) { // TODO: Validate the params before sending @@ -172,7 +171,7 @@ func (a *Client) GetLogEntryByUUID(params *GetLogEntryByUUIDParams, opts ...Clie } /* - SearchLogQuery searches transparency log for one or more log entries +SearchLogQuery searches transparency log for one or more log entries */ func (a *Client) SearchLogQuery(params *SearchLogQueryParams, opts ...ClientOption) (*SearchLogQueryOK, error) { // TODO: Validate the params before sending diff --git a/pkg/generated/client/entries/get_log_entry_by_index_parameters.go b/pkg/generated/client/entries/get_log_entry_by_index_parameters.go index 405dee67c..e22522751 100644 --- a/pkg/generated/client/entries/get_log_entry_by_index_parameters.go +++ b/pkg/generated/client/entries/get_log_entry_by_index_parameters.go @@ -69,10 +69,12 @@ func NewGetLogEntryByIndexParamsWithHTTPClient(client *http.Client) *GetLogEntry } } -/* GetLogEntryByIndexParams contains all the parameters to send to the API endpoint - for the get log entry by index operation. +/* +GetLogEntryByIndexParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get log entry by index operation. + + Typically these are written to a http.Request. */ type GetLogEntryByIndexParams struct { diff --git a/pkg/generated/client/entries/get_log_entry_by_index_responses.go b/pkg/generated/client/entries/get_log_entry_by_index_responses.go index 8b510fcad..fd8419e17 100644 --- a/pkg/generated/client/entries/get_log_entry_by_index_responses.go +++ b/pkg/generated/client/entries/get_log_entry_by_index_responses.go @@ -68,7 +68,8 @@ func NewGetLogEntryByIndexOK() *GetLogEntryByIndexOK { return &GetLogEntryByIndexOK{} } -/* GetLogEntryByIndexOK describes a response with status code 200, with default header values. +/* +GetLogEntryByIndexOK describes a response with status code 200, with default header values. the entry in the transparency log requested along with an inclusion proof */ @@ -98,7 +99,8 @@ func NewGetLogEntryByIndexNotFound() *GetLogEntryByIndexNotFound { return &GetLogEntryByIndexNotFound{} } -/* GetLogEntryByIndexNotFound describes a response with status code 404, with default header values. +/* +GetLogEntryByIndexNotFound describes a response with status code 404, with default header values. The content requested could not be found */ @@ -121,7 +123,8 @@ func NewGetLogEntryByIndexDefault(code int) *GetLogEntryByIndexDefault { } } -/* GetLogEntryByIndexDefault describes a response with status code -1, with default header values. +/* +GetLogEntryByIndexDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go b/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go index 560bee016..5c88b5265 100644 --- a/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go +++ b/pkg/generated/client/entries/get_log_entry_by_uuid_parameters.go @@ -68,10 +68,12 @@ func NewGetLogEntryByUUIDParamsWithHTTPClient(client *http.Client) *GetLogEntryB } } -/* GetLogEntryByUUIDParams contains all the parameters to send to the API endpoint - for the get log entry by UUID operation. +/* +GetLogEntryByUUIDParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get log entry by UUID operation. + + Typically these are written to a http.Request. */ type GetLogEntryByUUIDParams struct { diff --git a/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go b/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go index 9d46b2fa4..2f800f38a 100644 --- a/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go +++ b/pkg/generated/client/entries/get_log_entry_by_uuid_responses.go @@ -68,7 +68,8 @@ func NewGetLogEntryByUUIDOK() *GetLogEntryByUUIDOK { return &GetLogEntryByUUIDOK{} } -/* GetLogEntryByUUIDOK describes a response with status code 200, with default header values. +/* +GetLogEntryByUUIDOK describes a response with status code 200, with default header values. Information needed for a client to compute the inclusion proof */ @@ -98,7 +99,8 @@ func NewGetLogEntryByUUIDNotFound() *GetLogEntryByUUIDNotFound { return &GetLogEntryByUUIDNotFound{} } -/* GetLogEntryByUUIDNotFound describes a response with status code 404, with default header values. +/* +GetLogEntryByUUIDNotFound describes a response with status code 404, with default header values. The content requested could not be found */ @@ -121,7 +123,8 @@ func NewGetLogEntryByUUIDDefault(code int) *GetLogEntryByUUIDDefault { } } -/* GetLogEntryByUUIDDefault describes a response with status code -1, with default header values. +/* +GetLogEntryByUUIDDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/entries/search_log_query_parameters.go b/pkg/generated/client/entries/search_log_query_parameters.go index 459f1208e..ed158ce23 100644 --- a/pkg/generated/client/entries/search_log_query_parameters.go +++ b/pkg/generated/client/entries/search_log_query_parameters.go @@ -70,10 +70,12 @@ func NewSearchLogQueryParamsWithHTTPClient(client *http.Client) *SearchLogQueryP } } -/* SearchLogQueryParams contains all the parameters to send to the API endpoint - for the search log query operation. +/* +SearchLogQueryParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the search log query operation. + + Typically these are written to a http.Request. */ type SearchLogQueryParams struct { diff --git a/pkg/generated/client/entries/search_log_query_responses.go b/pkg/generated/client/entries/search_log_query_responses.go index c459c0cce..6107ec807 100644 --- a/pkg/generated/client/entries/search_log_query_responses.go +++ b/pkg/generated/client/entries/search_log_query_responses.go @@ -68,7 +68,8 @@ func NewSearchLogQueryOK() *SearchLogQueryOK { return &SearchLogQueryOK{} } -/* SearchLogQueryOK describes a response with status code 200, with default header values. +/* +SearchLogQueryOK describes a response with status code 200, with default header values. Returns zero or more entries from the transparency log, according to how many were included in request query */ @@ -98,7 +99,8 @@ func NewSearchLogQueryBadRequest() *SearchLogQueryBadRequest { return &SearchLogQueryBadRequest{} } -/* SearchLogQueryBadRequest describes a response with status code 400, with default header values. +/* +SearchLogQueryBadRequest describes a response with status code 400, with default header values. The content supplied to the server was invalid */ @@ -132,7 +134,8 @@ func NewSearchLogQueryDefault(code int) *SearchLogQueryDefault { } } -/* SearchLogQueryDefault describes a response with status code -1, with default header values. +/* +SearchLogQueryDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/index/index_client.go b/pkg/generated/client/index/index_client.go index f80b04afb..35964c0d6 100644 --- a/pkg/generated/client/index/index_client.go +++ b/pkg/generated/client/index/index_client.go @@ -50,7 +50,7 @@ type ClientService interface { } /* - SearchIndex searches index by entry metadata +SearchIndex searches index by entry metadata */ func (a *Client) SearchIndex(params *SearchIndexParams, opts ...ClientOption) (*SearchIndexOK, error) { // TODO: Validate the params before sending diff --git a/pkg/generated/client/index/search_index_parameters.go b/pkg/generated/client/index/search_index_parameters.go index d54879b0f..c1694193e 100644 --- a/pkg/generated/client/index/search_index_parameters.go +++ b/pkg/generated/client/index/search_index_parameters.go @@ -70,10 +70,12 @@ func NewSearchIndexParamsWithHTTPClient(client *http.Client) *SearchIndexParams } } -/* SearchIndexParams contains all the parameters to send to the API endpoint - for the search index operation. +/* +SearchIndexParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the search index operation. + + Typically these are written to a http.Request. */ type SearchIndexParams struct { diff --git a/pkg/generated/client/index/search_index_responses.go b/pkg/generated/client/index/search_index_responses.go index 587a93817..34d4d9712 100644 --- a/pkg/generated/client/index/search_index_responses.go +++ b/pkg/generated/client/index/search_index_responses.go @@ -68,7 +68,8 @@ func NewSearchIndexOK() *SearchIndexOK { return &SearchIndexOK{} } -/* SearchIndexOK describes a response with status code 200, with default header values. +/* +SearchIndexOK describes a response with status code 200, with default header values. Returns zero or more entry UUIDs from the transparency log based on search query */ @@ -98,7 +99,8 @@ func NewSearchIndexBadRequest() *SearchIndexBadRequest { return &SearchIndexBadRequest{} } -/* SearchIndexBadRequest describes a response with status code 400, with default header values. +/* +SearchIndexBadRequest describes a response with status code 400, with default header values. The content supplied to the server was invalid */ @@ -132,7 +134,8 @@ func NewSearchIndexDefault(code int) *SearchIndexDefault { } } -/* SearchIndexDefault describes a response with status code -1, with default header values. +/* +SearchIndexDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/pubkey/get_public_key_parameters.go b/pkg/generated/client/pubkey/get_public_key_parameters.go index d878ea00d..b4248c933 100644 --- a/pkg/generated/client/pubkey/get_public_key_parameters.go +++ b/pkg/generated/client/pubkey/get_public_key_parameters.go @@ -68,10 +68,12 @@ func NewGetPublicKeyParamsWithHTTPClient(client *http.Client) *GetPublicKeyParam } } -/* GetPublicKeyParams contains all the parameters to send to the API endpoint - for the get public key operation. +/* +GetPublicKeyParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get public key operation. + + Typically these are written to a http.Request. */ type GetPublicKeyParams struct { diff --git a/pkg/generated/client/pubkey/get_public_key_responses.go b/pkg/generated/client/pubkey/get_public_key_responses.go index 10f69739f..babe73ca0 100644 --- a/pkg/generated/client/pubkey/get_public_key_responses.go +++ b/pkg/generated/client/pubkey/get_public_key_responses.go @@ -62,7 +62,8 @@ func NewGetPublicKeyOK() *GetPublicKeyOK { return &GetPublicKeyOK{} } -/* GetPublicKeyOK describes a response with status code 200, with default header values. +/* +GetPublicKeyOK describes a response with status code 200, with default header values. The public key */ @@ -94,7 +95,8 @@ func NewGetPublicKeyDefault(code int) *GetPublicKeyDefault { } } -/* GetPublicKeyDefault describes a response with status code -1, with default header values. +/* +GetPublicKeyDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/pubkey/pubkey_client.go b/pkg/generated/client/pubkey/pubkey_client.go index 0f780ad9b..714d2de26 100644 --- a/pkg/generated/client/pubkey/pubkey_client.go +++ b/pkg/generated/client/pubkey/pubkey_client.go @@ -50,9 +50,9 @@ type ClientService interface { } /* - GetPublicKey retrieves the public key that can be used to validate the signed tree head +GetPublicKey retrieves the public key that can be used to validate the signed tree head - Returns the public key that can be used to validate the signed tree head +Returns the public key that can be used to validate the signed tree head */ func (a *Client) GetPublicKey(params *GetPublicKeyParams, opts ...ClientOption) (*GetPublicKeyOK, error) { // TODO: Validate the params before sending diff --git a/pkg/generated/client/server/get_rekor_version_parameters.go b/pkg/generated/client/server/get_rekor_version_parameters.go index 419217f70..fd4e30c2b 100644 --- a/pkg/generated/client/server/get_rekor_version_parameters.go +++ b/pkg/generated/client/server/get_rekor_version_parameters.go @@ -68,10 +68,12 @@ func NewGetRekorVersionParamsWithHTTPClient(client *http.Client) *GetRekorVersio } } -/* GetRekorVersionParams contains all the parameters to send to the API endpoint - for the get rekor version operation. +/* +GetRekorVersionParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get rekor version operation. + + Typically these are written to a http.Request. */ type GetRekorVersionParams struct { timeout time.Duration diff --git a/pkg/generated/client/server/get_rekor_version_responses.go b/pkg/generated/client/server/get_rekor_version_responses.go index fe165eae3..4c84daf90 100644 --- a/pkg/generated/client/server/get_rekor_version_responses.go +++ b/pkg/generated/client/server/get_rekor_version_responses.go @@ -62,7 +62,8 @@ func NewGetRekorVersionOK() *GetRekorVersionOK { return &GetRekorVersionOK{} } -/* GetRekorVersionOK describes a response with status code 200, with default header values. +/* +GetRekorVersionOK describes a response with status code 200, with default header values. A JSON object with the running rekor version */ @@ -96,7 +97,8 @@ func NewGetRekorVersionDefault(code int) *GetRekorVersionDefault { } } -/* GetRekorVersionDefault describes a response with status code -1, with default header values. +/* +GetRekorVersionDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/server/server_client.go b/pkg/generated/client/server/server_client.go index f48e55062..fb7a6222f 100644 --- a/pkg/generated/client/server/server_client.go +++ b/pkg/generated/client/server/server_client.go @@ -50,7 +50,7 @@ type ClientService interface { } /* - GetRekorVersion gets the current version of the rekor server +GetRekorVersion gets the current version of the rekor server */ func (a *Client) GetRekorVersion(params *GetRekorVersionParams, opts ...ClientOption) (*GetRekorVersionOK, error) { // TODO: Validate the params before sending diff --git a/pkg/generated/client/tlog/get_log_info_parameters.go b/pkg/generated/client/tlog/get_log_info_parameters.go index f051485ae..e0ae2cdd3 100644 --- a/pkg/generated/client/tlog/get_log_info_parameters.go +++ b/pkg/generated/client/tlog/get_log_info_parameters.go @@ -68,10 +68,12 @@ func NewGetLogInfoParamsWithHTTPClient(client *http.Client) *GetLogInfoParams { } } -/* GetLogInfoParams contains all the parameters to send to the API endpoint - for the get log info operation. +/* +GetLogInfoParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get log info operation. + + Typically these are written to a http.Request. */ type GetLogInfoParams struct { timeout time.Duration diff --git a/pkg/generated/client/tlog/get_log_info_responses.go b/pkg/generated/client/tlog/get_log_info_responses.go index d8157506a..7d6d15405 100644 --- a/pkg/generated/client/tlog/get_log_info_responses.go +++ b/pkg/generated/client/tlog/get_log_info_responses.go @@ -62,7 +62,8 @@ func NewGetLogInfoOK() *GetLogInfoOK { return &GetLogInfoOK{} } -/* GetLogInfoOK describes a response with status code 200, with default header values. +/* +GetLogInfoOK describes a response with status code 200, with default header values. A JSON object with the root hash and tree size as properties */ @@ -96,7 +97,8 @@ func NewGetLogInfoDefault(code int) *GetLogInfoDefault { } } -/* GetLogInfoDefault describes a response with status code -1, with default header values. +/* +GetLogInfoDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/tlog/get_log_proof_parameters.go b/pkg/generated/client/tlog/get_log_proof_parameters.go index 8d504b6cf..2b21ad887 100644 --- a/pkg/generated/client/tlog/get_log_proof_parameters.go +++ b/pkg/generated/client/tlog/get_log_proof_parameters.go @@ -69,10 +69,12 @@ func NewGetLogProofParamsWithHTTPClient(client *http.Client) *GetLogProofParams } } -/* GetLogProofParams contains all the parameters to send to the API endpoint - for the get log proof operation. +/* +GetLogProofParams contains all the parameters to send to the API endpoint - Typically these are written to a http.Request. + for the get log proof operation. + + Typically these are written to a http.Request. */ type GetLogProofParams struct { diff --git a/pkg/generated/client/tlog/get_log_proof_responses.go b/pkg/generated/client/tlog/get_log_proof_responses.go index 76ebadb10..2ec83fcaf 100644 --- a/pkg/generated/client/tlog/get_log_proof_responses.go +++ b/pkg/generated/client/tlog/get_log_proof_responses.go @@ -68,7 +68,8 @@ func NewGetLogProofOK() *GetLogProofOK { return &GetLogProofOK{} } -/* GetLogProofOK describes a response with status code 200, with default header values. +/* +GetLogProofOK describes a response with status code 200, with default header values. All hashes required to compute the consistency proof */ @@ -100,7 +101,8 @@ func NewGetLogProofBadRequest() *GetLogProofBadRequest { return &GetLogProofBadRequest{} } -/* GetLogProofBadRequest describes a response with status code 400, with default header values. +/* +GetLogProofBadRequest describes a response with status code 400, with default header values. The content supplied to the server was invalid */ @@ -134,7 +136,8 @@ func NewGetLogProofDefault(code int) *GetLogProofDefault { } } -/* GetLogProofDefault describes a response with status code -1, with default header values. +/* +GetLogProofDefault describes a response with status code -1, with default header values. There was an internal error in the server while processing the request */ diff --git a/pkg/generated/client/tlog/tlog_client.go b/pkg/generated/client/tlog/tlog_client.go index 7fd8ffa19..f53f6c7f8 100644 --- a/pkg/generated/client/tlog/tlog_client.go +++ b/pkg/generated/client/tlog/tlog_client.go @@ -52,9 +52,9 @@ type ClientService interface { } /* - GetLogInfo gets information about the current state of the transparency log +GetLogInfo gets information about the current state of the transparency log - Returns the current root hash and size of the merkle tree used to store the log entries. +Returns the current root hash and size of the merkle tree used to store the log entries. */ func (a *Client) GetLogInfo(params *GetLogInfoParams, opts ...ClientOption) (*GetLogInfoOK, error) { // TODO: Validate the params before sending @@ -91,9 +91,9 @@ func (a *Client) GetLogInfo(params *GetLogInfoParams, opts ...ClientOption) (*Ge } /* - GetLogProof gets information required to generate a consistency proof for the transparency log +GetLogProof gets information required to generate a consistency proof for the transparency log - Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log +Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log */ func (a *Client) GetLogProof(params *GetLogProofParams, opts ...ClientOption) (*GetLogProofOK, error) { // TODO: Validate the params before sending diff --git a/pkg/generated/models/alpine_schema.go b/pkg/generated/models/alpine_schema.go index 49dd12b6b..edd25408b 100644 --- a/pkg/generated/models/alpine_schema.go +++ b/pkg/generated/models/alpine_schema.go @@ -23,7 +23,7 @@ package models // AlpineSchema Alpine Package Schema // -// Schema for Alpine package objects +// # Schema for Alpine package objects // // swagger:model alpineSchema type AlpineSchema interface{} diff --git a/pkg/generated/models/alpine_v001_schema.go b/pkg/generated/models/alpine_v001_schema.go index 999a48697..6cf1181b0 100644 --- a/pkg/generated/models/alpine_v001_schema.go +++ b/pkg/generated/models/alpine_v001_schema.go @@ -33,7 +33,7 @@ import ( // AlpineV001Schema Alpine v0.0.1 Schema // -// Schema for Alpine Package entries +// # Schema for Alpine Package entries // // swagger:model alpineV001Schema type AlpineV001Schema struct { diff --git a/pkg/generated/models/cose_schema.go b/pkg/generated/models/cose_schema.go index 1d4f0dca1..e653f2202 100644 --- a/pkg/generated/models/cose_schema.go +++ b/pkg/generated/models/cose_schema.go @@ -23,7 +23,7 @@ package models // CoseSchema COSE Schema // -// COSE for Rekord objects +// # COSE for Rekord objects // // swagger:model coseSchema type CoseSchema interface{} diff --git a/pkg/generated/models/cose_v001_schema.go b/pkg/generated/models/cose_v001_schema.go index caadb44d4..ea7f467da 100644 --- a/pkg/generated/models/cose_v001_schema.go +++ b/pkg/generated/models/cose_v001_schema.go @@ -33,7 +33,7 @@ import ( // CoseV001Schema cose v0.0.1 Schema // -// Schema for cose object +// # Schema for cose object // // swagger:model coseV001Schema type CoseV001Schema struct { diff --git a/pkg/generated/models/hashedrekord_schema.go b/pkg/generated/models/hashedrekord_schema.go index 49d5831f8..387a9392b 100644 --- a/pkg/generated/models/hashedrekord_schema.go +++ b/pkg/generated/models/hashedrekord_schema.go @@ -23,7 +23,7 @@ package models // HashedrekordSchema Rekor Schema // -// Schema for Rekord objects +// # Schema for Rekord objects // // swagger:model hashedrekordSchema type HashedrekordSchema interface{} diff --git a/pkg/generated/models/hashedrekord_v001_schema.go b/pkg/generated/models/hashedrekord_v001_schema.go index fb9edfb38..72937c640 100644 --- a/pkg/generated/models/hashedrekord_v001_schema.go +++ b/pkg/generated/models/hashedrekord_v001_schema.go @@ -33,7 +33,7 @@ import ( // HashedrekordV001Schema Hashed Rekor v0.0.1 Schema // -// Schema for Hashed Rekord object +// # Schema for Hashed Rekord object // // swagger:model hashedrekordV001Schema type HashedrekordV001Schema struct { diff --git a/pkg/generated/models/helm_schema.go b/pkg/generated/models/helm_schema.go index a6981eb63..0ab87df9c 100644 --- a/pkg/generated/models/helm_schema.go +++ b/pkg/generated/models/helm_schema.go @@ -23,7 +23,7 @@ package models // HelmSchema Helm Schema // -// Schema for Helm objects +// # Schema for Helm objects // // swagger:model helmSchema type HelmSchema interface{} diff --git a/pkg/generated/models/helm_v001_schema.go b/pkg/generated/models/helm_v001_schema.go index 1512dad32..e0942574b 100644 --- a/pkg/generated/models/helm_v001_schema.go +++ b/pkg/generated/models/helm_v001_schema.go @@ -33,7 +33,7 @@ import ( // HelmV001Schema Helm v0.0.1 Schema // -// Schema for Helm object +// # Schema for Helm object // // swagger:model helmV001Schema type HelmV001Schema struct { diff --git a/pkg/generated/models/inclusion_proof.go b/pkg/generated/models/inclusion_proof.go index 61399816c..86f0d7b94 100644 --- a/pkg/generated/models/inclusion_proof.go +++ b/pkg/generated/models/inclusion_proof.go @@ -36,6 +36,10 @@ import ( // swagger:model InclusionProof type InclusionProof struct { + // The checkpoint (signed tree head) that the inclusion proof is based on + // Required: true + Checkpoint *string `json:"checkpoint"` + // A list of hashes required to compute the inclusion proof, sorted in order from leaf to root // Required: true Hashes []string `json:"hashes"` @@ -60,6 +64,10 @@ type InclusionProof struct { func (m *InclusionProof) Validate(formats strfmt.Registry) error { var res []error + if err := m.validateCheckpoint(formats); err != nil { + res = append(res, err) + } + if err := m.validateHashes(formats); err != nil { res = append(res, err) } @@ -82,6 +90,15 @@ func (m *InclusionProof) Validate(formats strfmt.Registry) error { return nil } +func (m *InclusionProof) validateCheckpoint(formats strfmt.Registry) error { + + if err := validate.Required("checkpoint", "body", m.Checkpoint); err != nil { + return err + } + + return nil +} + func (m *InclusionProof) validateHashes(formats strfmt.Registry) error { if err := validate.Required("hashes", "body", m.Hashes); err != nil { diff --git a/pkg/generated/models/intoto_schema.go b/pkg/generated/models/intoto_schema.go index 3533f9d59..a7fdaa6a6 100644 --- a/pkg/generated/models/intoto_schema.go +++ b/pkg/generated/models/intoto_schema.go @@ -23,7 +23,7 @@ package models // IntotoSchema Intoto Schema // -// Intoto for Rekord objects +// # Intoto for Rekord objects // // swagger:model intotoSchema type IntotoSchema interface{} diff --git a/pkg/generated/models/intoto_v001_schema.go b/pkg/generated/models/intoto_v001_schema.go index e43e699f7..dffbecd33 100644 --- a/pkg/generated/models/intoto_v001_schema.go +++ b/pkg/generated/models/intoto_v001_schema.go @@ -33,7 +33,7 @@ import ( // IntotoV001Schema intoto v0.0.1 Schema // -// Schema for intoto object +// # Schema for intoto object // // swagger:model intotoV001Schema type IntotoV001Schema struct { diff --git a/pkg/generated/models/intoto_v002_schema.go b/pkg/generated/models/intoto_v002_schema.go index 3e3b7bb69..86c0b47f5 100644 --- a/pkg/generated/models/intoto_v002_schema.go +++ b/pkg/generated/models/intoto_v002_schema.go @@ -34,7 +34,7 @@ import ( // IntotoV002Schema intoto v0.0.2 Schema // -// Schema for intoto object +// # Schema for intoto object // // swagger:model intotoV002Schema type IntotoV002Schema struct { diff --git a/pkg/generated/models/jar_schema.go b/pkg/generated/models/jar_schema.go index d45c53da7..e7b9a590e 100644 --- a/pkg/generated/models/jar_schema.go +++ b/pkg/generated/models/jar_schema.go @@ -23,7 +23,7 @@ package models // JarSchema JAR Schema // -// Schema for JAR objects +// # Schema for JAR objects // // swagger:model jarSchema type JarSchema interface{} diff --git a/pkg/generated/models/jar_v001_schema.go b/pkg/generated/models/jar_v001_schema.go index 24f6d3b2b..7a49b3e2e 100644 --- a/pkg/generated/models/jar_v001_schema.go +++ b/pkg/generated/models/jar_v001_schema.go @@ -33,7 +33,7 @@ import ( // JarV001Schema JAR v0.0.1 Schema // -// Schema for JAR entries +// # Schema for JAR entries // // swagger:model jarV001Schema type JarV001Schema struct { diff --git a/pkg/generated/models/rekord_schema.go b/pkg/generated/models/rekord_schema.go index 7bf278330..e85442ae9 100644 --- a/pkg/generated/models/rekord_schema.go +++ b/pkg/generated/models/rekord_schema.go @@ -23,7 +23,7 @@ package models // RekordSchema Rekor Schema // -// Schema for Rekord objects +// # Schema for Rekord objects // // swagger:model rekordSchema type RekordSchema interface{} diff --git a/pkg/generated/models/rekord_v001_schema.go b/pkg/generated/models/rekord_v001_schema.go index ddc6ec290..3d0446a5b 100644 --- a/pkg/generated/models/rekord_v001_schema.go +++ b/pkg/generated/models/rekord_v001_schema.go @@ -33,7 +33,7 @@ import ( // RekordV001Schema Rekor v0.0.1 Schema // -// Schema for Rekord object +// # Schema for Rekord object // // swagger:model rekordV001Schema type RekordV001Schema struct { diff --git a/pkg/generated/models/rfc3161_schema.go b/pkg/generated/models/rfc3161_schema.go index 90667a4aa..826013a28 100644 --- a/pkg/generated/models/rfc3161_schema.go +++ b/pkg/generated/models/rfc3161_schema.go @@ -23,7 +23,7 @@ package models // Rfc3161Schema Timestamp Schema // -// Schema for RFC 3161 timestamp objects +// # Schema for RFC 3161 timestamp objects // // swagger:model rfc3161Schema type Rfc3161Schema interface{} diff --git a/pkg/generated/models/rfc3161_v001_schema.go b/pkg/generated/models/rfc3161_v001_schema.go index 49f317a76..fe668412d 100644 --- a/pkg/generated/models/rfc3161_v001_schema.go +++ b/pkg/generated/models/rfc3161_v001_schema.go @@ -32,7 +32,7 @@ import ( // Rfc3161V001Schema Timestamp v0.0.1 Schema // -// Schema for RFC3161 entries +// # Schema for RFC3161 entries // // swagger:model rfc3161V001Schema type Rfc3161V001Schema struct { diff --git a/pkg/generated/models/rpm_schema.go b/pkg/generated/models/rpm_schema.go index 0304bbe77..5cb378366 100644 --- a/pkg/generated/models/rpm_schema.go +++ b/pkg/generated/models/rpm_schema.go @@ -23,7 +23,7 @@ package models // RpmSchema RPM Schema // -// Schema for RPM objects +// # Schema for RPM objects // // swagger:model rpmSchema type RpmSchema interface{} diff --git a/pkg/generated/models/rpm_v001_schema.go b/pkg/generated/models/rpm_v001_schema.go index 6f3cb07c9..82a75c1de 100644 --- a/pkg/generated/models/rpm_v001_schema.go +++ b/pkg/generated/models/rpm_v001_schema.go @@ -33,7 +33,7 @@ import ( // RpmV001Schema RPM v0.0.1 Schema // -// Schema for RPM entries +// # Schema for RPM entries // // swagger:model rpmV001Schema type RpmV001Schema struct { diff --git a/pkg/generated/models/tuf_schema.go b/pkg/generated/models/tuf_schema.go index 425a546ec..37dca8b68 100644 --- a/pkg/generated/models/tuf_schema.go +++ b/pkg/generated/models/tuf_schema.go @@ -23,7 +23,7 @@ package models // TUFSchema TUF Schema // -// Schema for TUF metadata objects +// # Schema for TUF metadata objects // // swagger:model tufSchema type TUFSchema interface{} diff --git a/pkg/generated/models/tuf_v001_schema.go b/pkg/generated/models/tuf_v001_schema.go index d015607ff..f8bf4b020 100644 --- a/pkg/generated/models/tuf_v001_schema.go +++ b/pkg/generated/models/tuf_v001_schema.go @@ -32,7 +32,7 @@ import ( // TUFV001Schema TUF v0.0.1 Schema // -// Schema for TUF metadata entries +// # Schema for TUF metadata entries // // swagger:model tufV001Schema type TUFV001Schema struct { diff --git a/pkg/generated/restapi/doc.go b/pkg/generated/restapi/doc.go index 72dfdc654..8b8735f1c 100644 --- a/pkg/generated/restapi/doc.go +++ b/pkg/generated/restapi/doc.go @@ -17,19 +17,19 @@ // Package restapi Rekor // -// Rekor is a cryptographically secure, immutable transparency log for signed software releases. -// Schemes: -// http -// Host: rekor.sigstore.dev -// BasePath: / -// Version: 0.0.1 -// -// Consumes: -// - application/json -// -// Produces: -// - application/x-pem-file -// - application/json +// Rekor is a cryptographically secure, immutable transparency log for signed software releases. +// Schemes: +// http +// Host: rekor.sigstore.dev +// BasePath: / +// Version: 0.0.1 +// +// Consumes: +// - application/json +// +// Produces: +// - application/x-pem-file +// - application/json // // swagger:meta package restapi diff --git a/pkg/generated/restapi/embedded_spec.go b/pkg/generated/restapi/embedded_spec.go index 708261d4e..ad13f3fd5 100644 --- a/pkg/generated/restapi/embedded_spec.go +++ b/pkg/generated/restapi/embedded_spec.go @@ -432,9 +432,15 @@ func init() { "logIndex", "rootHash", "treeSize", - "hashes" + "hashes", + "checkpoint" ], "properties": { + "checkpoint": { + "description": "The checkpoint (signed tree head) that the inclusion proof is based on", + "type": "string", + "format": "signedCheckpoint" + }, "hashes": { "description": "A list of hashes required to compute the inclusion proof, sorted in order from leaf to root", "type": "array", @@ -1831,9 +1837,15 @@ func init() { "logIndex", "rootHash", "treeSize", - "hashes" + "hashes", + "checkpoint" ], "properties": { + "checkpoint": { + "description": "The checkpoint (signed tree head) that the inclusion proof is based on", + "type": "string", + "format": "signedCheckpoint" + }, "hashes": { "description": "A list of hashes required to compute the inclusion proof, sorted in order from leaf to root", "type": "array", diff --git a/pkg/generated/restapi/operations/entries/create_log_entry.go b/pkg/generated/restapi/operations/entries/create_log_entry.go index 6860514d3..b95c892fb 100644 --- a/pkg/generated/restapi/operations/entries/create_log_entry.go +++ b/pkg/generated/restapi/operations/entries/create_log_entry.go @@ -45,13 +45,12 @@ func NewCreateLogEntry(ctx *middleware.Context, handler CreateLogEntryHandler) * return &CreateLogEntry{Context: ctx, Handler: handler} } -/* CreateLogEntry swagger:route POST /api/v1/log/entries entries createLogEntry +/* + CreateLogEntry swagger:route POST /api/v1/log/entries entries createLogEntry -Creates an entry in the transparency log +# Creates an entry in the transparency log Creates an entry in the transparency log for a detached signature, public key, and content. Items can be included in the request or fetched by the server when URLs are specified. - - */ type CreateLogEntry struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/entries/create_log_entry_responses.go b/pkg/generated/restapi/operations/entries/create_log_entry_responses.go index ddc2839c1..3ff2489f0 100644 --- a/pkg/generated/restapi/operations/entries/create_log_entry_responses.go +++ b/pkg/generated/restapi/operations/entries/create_log_entry_responses.go @@ -33,7 +33,8 @@ import ( // CreateLogEntryCreatedCode is the HTTP code returned for type CreateLogEntryCreated const CreateLogEntryCreatedCode int = 201 -/*CreateLogEntryCreated Returns the entry created in the transparency log +/* +CreateLogEntryCreated Returns the entry created in the transparency log swagger:response createLogEntryCreated */ @@ -124,7 +125,8 @@ func (o *CreateLogEntryCreated) WriteResponse(rw http.ResponseWriter, producer r // CreateLogEntryBadRequestCode is the HTTP code returned for type CreateLogEntryBadRequest const CreateLogEntryBadRequestCode int = 400 -/*CreateLogEntryBadRequest The content supplied to the server was invalid +/* +CreateLogEntryBadRequest The content supplied to the server was invalid swagger:response createLogEntryBadRequest */ @@ -168,7 +170,8 @@ func (o *CreateLogEntryBadRequest) WriteResponse(rw http.ResponseWriter, produce // CreateLogEntryConflictCode is the HTTP code returned for type CreateLogEntryConflict const CreateLogEntryConflictCode int = 409 -/*CreateLogEntryConflict The request conflicts with the current state of the transparency log +/* +CreateLogEntryConflict The request conflicts with the current state of the transparency log swagger:response createLogEntryConflict */ @@ -231,7 +234,8 @@ func (o *CreateLogEntryConflict) WriteResponse(rw http.ResponseWriter, producer } } -/*CreateLogEntryDefault There was an internal error in the server while processing the request +/* +CreateLogEntryDefault There was an internal error in the server while processing the request swagger:response createLogEntryDefault */ diff --git a/pkg/generated/restapi/operations/entries/get_log_entry_by_index.go b/pkg/generated/restapi/operations/entries/get_log_entry_by_index.go index a27e5f608..ee804e5b9 100644 --- a/pkg/generated/restapi/operations/entries/get_log_entry_by_index.go +++ b/pkg/generated/restapi/operations/entries/get_log_entry_by_index.go @@ -45,10 +45,10 @@ func NewGetLogEntryByIndex(ctx *middleware.Context, handler GetLogEntryByIndexHa return &GetLogEntryByIndex{Context: ctx, Handler: handler} } -/* GetLogEntryByIndex swagger:route GET /api/v1/log/entries entries getLogEntryByIndex +/* + GetLogEntryByIndex swagger:route GET /api/v1/log/entries entries getLogEntryByIndex Retrieves an entry and inclusion proof from the transparency log (if it exists) by index - */ type GetLogEntryByIndex struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/entries/get_log_entry_by_index_responses.go b/pkg/generated/restapi/operations/entries/get_log_entry_by_index_responses.go index 3b14b1a36..08d6215ec 100644 --- a/pkg/generated/restapi/operations/entries/get_log_entry_by_index_responses.go +++ b/pkg/generated/restapi/operations/entries/get_log_entry_by_index_responses.go @@ -32,7 +32,8 @@ import ( // GetLogEntryByIndexOKCode is the HTTP code returned for type GetLogEntryByIndexOK const GetLogEntryByIndexOKCode int = 200 -/*GetLogEntryByIndexOK the entry in the transparency log requested along with an inclusion proof +/* +GetLogEntryByIndexOK the entry in the transparency log requested along with an inclusion proof swagger:response getLogEntryByIndexOK */ @@ -79,7 +80,8 @@ func (o *GetLogEntryByIndexOK) WriteResponse(rw http.ResponseWriter, producer ru // GetLogEntryByIndexNotFoundCode is the HTTP code returned for type GetLogEntryByIndexNotFound const GetLogEntryByIndexNotFoundCode int = 404 -/*GetLogEntryByIndexNotFound The content requested could not be found +/* +GetLogEntryByIndexNotFound The content requested could not be found swagger:response getLogEntryByIndexNotFound */ @@ -100,7 +102,8 @@ func (o *GetLogEntryByIndexNotFound) WriteResponse(rw http.ResponseWriter, produ rw.WriteHeader(404) } -/*GetLogEntryByIndexDefault There was an internal error in the server while processing the request +/* +GetLogEntryByIndexDefault There was an internal error in the server while processing the request swagger:response getLogEntryByIndexDefault */ diff --git a/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid.go b/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid.go index ea40f9025..eb04b8693 100644 --- a/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid.go +++ b/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid.go @@ -45,12 +45,12 @@ func NewGetLogEntryByUUID(ctx *middleware.Context, handler GetLogEntryByUUIDHand return &GetLogEntryByUUID{Context: ctx, Handler: handler} } -/* GetLogEntryByUUID swagger:route GET /api/v1/log/entries/{entryUUID} entries getLogEntryByUuid +/* + GetLogEntryByUUID swagger:route GET /api/v1/log/entries/{entryUUID} entries getLogEntryByUuid -Get log entry and information required to generate an inclusion proof for the entry in the transparency log +# Get log entry and information required to generate an inclusion proof for the entry in the transparency log Returns the entry, root hash, tree size, and a list of hashes that can be used to calculate proof of an entry being included in the transparency log - */ type GetLogEntryByUUID struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_responses.go b/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_responses.go index ccabfba23..1e45fb1cd 100644 --- a/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_responses.go +++ b/pkg/generated/restapi/operations/entries/get_log_entry_by_uuid_responses.go @@ -32,7 +32,8 @@ import ( // GetLogEntryByUUIDOKCode is the HTTP code returned for type GetLogEntryByUUIDOK const GetLogEntryByUUIDOKCode int = 200 -/*GetLogEntryByUUIDOK Information needed for a client to compute the inclusion proof +/* +GetLogEntryByUUIDOK Information needed for a client to compute the inclusion proof swagger:response getLogEntryByUuidOK */ @@ -79,7 +80,8 @@ func (o *GetLogEntryByUUIDOK) WriteResponse(rw http.ResponseWriter, producer run // GetLogEntryByUUIDNotFoundCode is the HTTP code returned for type GetLogEntryByUUIDNotFound const GetLogEntryByUUIDNotFoundCode int = 404 -/*GetLogEntryByUUIDNotFound The content requested could not be found +/* +GetLogEntryByUUIDNotFound The content requested could not be found swagger:response getLogEntryByUuidNotFound */ @@ -100,7 +102,8 @@ func (o *GetLogEntryByUUIDNotFound) WriteResponse(rw http.ResponseWriter, produc rw.WriteHeader(404) } -/*GetLogEntryByUUIDDefault There was an internal error in the server while processing the request +/* +GetLogEntryByUUIDDefault There was an internal error in the server while processing the request swagger:response getLogEntryByUuidDefault */ diff --git a/pkg/generated/restapi/operations/entries/search_log_query.go b/pkg/generated/restapi/operations/entries/search_log_query.go index 098e225d7..343f3ec52 100644 --- a/pkg/generated/restapi/operations/entries/search_log_query.go +++ b/pkg/generated/restapi/operations/entries/search_log_query.go @@ -45,10 +45,10 @@ func NewSearchLogQuery(ctx *middleware.Context, handler SearchLogQueryHandler) * return &SearchLogQuery{Context: ctx, Handler: handler} } -/* SearchLogQuery swagger:route POST /api/v1/log/entries/retrieve entries searchLogQuery +/* + SearchLogQuery swagger:route POST /api/v1/log/entries/retrieve entries searchLogQuery Searches transparency log for one or more log entries - */ type SearchLogQuery struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/entries/search_log_query_responses.go b/pkg/generated/restapi/operations/entries/search_log_query_responses.go index 3694ef3d8..10d09ff2b 100644 --- a/pkg/generated/restapi/operations/entries/search_log_query_responses.go +++ b/pkg/generated/restapi/operations/entries/search_log_query_responses.go @@ -32,7 +32,8 @@ import ( // SearchLogQueryOKCode is the HTTP code returned for type SearchLogQueryOK const SearchLogQueryOKCode int = 200 -/*SearchLogQueryOK Returns zero or more entries from the transparency log, according to how many were included in request query +/* +SearchLogQueryOK Returns zero or more entries from the transparency log, according to how many were included in request query swagger:response searchLogQueryOK */ @@ -79,7 +80,8 @@ func (o *SearchLogQueryOK) WriteResponse(rw http.ResponseWriter, producer runtim // SearchLogQueryBadRequestCode is the HTTP code returned for type SearchLogQueryBadRequest const SearchLogQueryBadRequestCode int = 400 -/*SearchLogQueryBadRequest The content supplied to the server was invalid +/* +SearchLogQueryBadRequest The content supplied to the server was invalid swagger:response searchLogQueryBadRequest */ @@ -120,7 +122,8 @@ func (o *SearchLogQueryBadRequest) WriteResponse(rw http.ResponseWriter, produce } } -/*SearchLogQueryDefault There was an internal error in the server while processing the request +/* +SearchLogQueryDefault There was an internal error in the server while processing the request swagger:response searchLogQueryDefault */ diff --git a/pkg/generated/restapi/operations/index/search_index.go b/pkg/generated/restapi/operations/index/search_index.go index 5848525c2..f3c1ac6ca 100644 --- a/pkg/generated/restapi/operations/index/search_index.go +++ b/pkg/generated/restapi/operations/index/search_index.go @@ -45,10 +45,10 @@ func NewSearchIndex(ctx *middleware.Context, handler SearchIndexHandler) *Search return &SearchIndex{Context: ctx, Handler: handler} } -/* SearchIndex swagger:route POST /api/v1/index/retrieve index searchIndex +/* + SearchIndex swagger:route POST /api/v1/index/retrieve index searchIndex Searches index by entry metadata - */ type SearchIndex struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/index/search_index_responses.go b/pkg/generated/restapi/operations/index/search_index_responses.go index 4a160125d..6211b99eb 100644 --- a/pkg/generated/restapi/operations/index/search_index_responses.go +++ b/pkg/generated/restapi/operations/index/search_index_responses.go @@ -32,7 +32,8 @@ import ( // SearchIndexOKCode is the HTTP code returned for type SearchIndexOK const SearchIndexOKCode int = 200 -/*SearchIndexOK Returns zero or more entry UUIDs from the transparency log based on search query +/* +SearchIndexOK Returns zero or more entry UUIDs from the transparency log based on search query swagger:response searchIndexOK */ @@ -79,7 +80,8 @@ func (o *SearchIndexOK) WriteResponse(rw http.ResponseWriter, producer runtime.P // SearchIndexBadRequestCode is the HTTP code returned for type SearchIndexBadRequest const SearchIndexBadRequestCode int = 400 -/*SearchIndexBadRequest The content supplied to the server was invalid +/* +SearchIndexBadRequest The content supplied to the server was invalid swagger:response searchIndexBadRequest */ @@ -120,7 +122,8 @@ func (o *SearchIndexBadRequest) WriteResponse(rw http.ResponseWriter, producer r } } -/*SearchIndexDefault There was an internal error in the server while processing the request +/* +SearchIndexDefault There was an internal error in the server while processing the request swagger:response searchIndexDefault */ diff --git a/pkg/generated/restapi/operations/pubkey/get_public_key.go b/pkg/generated/restapi/operations/pubkey/get_public_key.go index 939566b94..688c7bb36 100644 --- a/pkg/generated/restapi/operations/pubkey/get_public_key.go +++ b/pkg/generated/restapi/operations/pubkey/get_public_key.go @@ -45,12 +45,12 @@ func NewGetPublicKey(ctx *middleware.Context, handler GetPublicKeyHandler) *GetP return &GetPublicKey{Context: ctx, Handler: handler} } -/* GetPublicKey swagger:route GET /api/v1/log/publicKey pubkey getPublicKey +/* + GetPublicKey swagger:route GET /api/v1/log/publicKey pubkey getPublicKey -Retrieve the public key that can be used to validate the signed tree head +# Retrieve the public key that can be used to validate the signed tree head Returns the public key that can be used to validate the signed tree head - */ type GetPublicKey struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/pubkey/get_public_key_responses.go b/pkg/generated/restapi/operations/pubkey/get_public_key_responses.go index 6ecb5bf19..1cd51a9df 100644 --- a/pkg/generated/restapi/operations/pubkey/get_public_key_responses.go +++ b/pkg/generated/restapi/operations/pubkey/get_public_key_responses.go @@ -32,7 +32,8 @@ import ( // GetPublicKeyOKCode is the HTTP code returned for type GetPublicKeyOK const GetPublicKeyOKCode int = 200 -/*GetPublicKeyOK The public key +/* +GetPublicKeyOK The public key swagger:response getPublicKeyOK */ @@ -71,7 +72,8 @@ func (o *GetPublicKeyOK) WriteResponse(rw http.ResponseWriter, producer runtime. } } -/*GetPublicKeyDefault There was an internal error in the server while processing the request +/* +GetPublicKeyDefault There was an internal error in the server while processing the request swagger:response getPublicKeyDefault */ diff --git a/pkg/generated/restapi/operations/server/get_rekor_version.go b/pkg/generated/restapi/operations/server/get_rekor_version.go index 0297c5202..461be3017 100644 --- a/pkg/generated/restapi/operations/server/get_rekor_version.go +++ b/pkg/generated/restapi/operations/server/get_rekor_version.go @@ -45,10 +45,10 @@ func NewGetRekorVersion(ctx *middleware.Context, handler GetRekorVersionHandler) return &GetRekorVersion{Context: ctx, Handler: handler} } -/* GetRekorVersion swagger:route GET /api/v1/version server getRekorVersion +/* + GetRekorVersion swagger:route GET /api/v1/version server getRekorVersion Get the current version of the rekor server - */ type GetRekorVersion struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/server/get_rekor_version_responses.go b/pkg/generated/restapi/operations/server/get_rekor_version_responses.go index 8845dce14..28c607895 100644 --- a/pkg/generated/restapi/operations/server/get_rekor_version_responses.go +++ b/pkg/generated/restapi/operations/server/get_rekor_version_responses.go @@ -32,7 +32,8 @@ import ( // GetRekorVersionOKCode is the HTTP code returned for type GetRekorVersionOK const GetRekorVersionOKCode int = 200 -/*GetRekorVersionOK A JSON object with the running rekor version +/* +GetRekorVersionOK A JSON object with the running rekor version swagger:response getRekorVersionOK */ @@ -73,7 +74,8 @@ func (o *GetRekorVersionOK) WriteResponse(rw http.ResponseWriter, producer runti } } -/*GetRekorVersionDefault There was an internal error in the server while processing the request +/* +GetRekorVersionDefault There was an internal error in the server while processing the request swagger:response getRekorVersionDefault */ diff --git a/pkg/generated/restapi/operations/tlog/get_log_info.go b/pkg/generated/restapi/operations/tlog/get_log_info.go index 2c7ccbcab..e5395bd77 100644 --- a/pkg/generated/restapi/operations/tlog/get_log_info.go +++ b/pkg/generated/restapi/operations/tlog/get_log_info.go @@ -45,12 +45,12 @@ func NewGetLogInfo(ctx *middleware.Context, handler GetLogInfoHandler) *GetLogIn return &GetLogInfo{Context: ctx, Handler: handler} } -/* GetLogInfo swagger:route GET /api/v1/log tlog getLogInfo +/* + GetLogInfo swagger:route GET /api/v1/log tlog getLogInfo -Get information about the current state of the transparency log +# Get information about the current state of the transparency log Returns the current root hash and size of the merkle tree used to store the log entries. - */ type GetLogInfo struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/tlog/get_log_info_responses.go b/pkg/generated/restapi/operations/tlog/get_log_info_responses.go index 94efef292..28e747fda 100644 --- a/pkg/generated/restapi/operations/tlog/get_log_info_responses.go +++ b/pkg/generated/restapi/operations/tlog/get_log_info_responses.go @@ -32,7 +32,8 @@ import ( // GetLogInfoOKCode is the HTTP code returned for type GetLogInfoOK const GetLogInfoOKCode int = 200 -/*GetLogInfoOK A JSON object with the root hash and tree size as properties +/* +GetLogInfoOK A JSON object with the root hash and tree size as properties swagger:response getLogInfoOK */ @@ -73,7 +74,8 @@ func (o *GetLogInfoOK) WriteResponse(rw http.ResponseWriter, producer runtime.Pr } } -/*GetLogInfoDefault There was an internal error in the server while processing the request +/* +GetLogInfoDefault There was an internal error in the server while processing the request swagger:response getLogInfoDefault */ diff --git a/pkg/generated/restapi/operations/tlog/get_log_proof.go b/pkg/generated/restapi/operations/tlog/get_log_proof.go index c05f21197..18872a172 100644 --- a/pkg/generated/restapi/operations/tlog/get_log_proof.go +++ b/pkg/generated/restapi/operations/tlog/get_log_proof.go @@ -45,12 +45,12 @@ func NewGetLogProof(ctx *middleware.Context, handler GetLogProofHandler) *GetLog return &GetLogProof{Context: ctx, Handler: handler} } -/* GetLogProof swagger:route GET /api/v1/log/proof tlog getLogProof +/* + GetLogProof swagger:route GET /api/v1/log/proof tlog getLogProof -Get information required to generate a consistency proof for the transparency log +# Get information required to generate a consistency proof for the transparency log Returns a list of hashes for specified tree sizes that can be used to confirm the consistency of the transparency log - */ type GetLogProof struct { Context *middleware.Context diff --git a/pkg/generated/restapi/operations/tlog/get_log_proof_responses.go b/pkg/generated/restapi/operations/tlog/get_log_proof_responses.go index 7f842ad5c..34900c4ad 100644 --- a/pkg/generated/restapi/operations/tlog/get_log_proof_responses.go +++ b/pkg/generated/restapi/operations/tlog/get_log_proof_responses.go @@ -32,7 +32,8 @@ import ( // GetLogProofOKCode is the HTTP code returned for type GetLogProofOK const GetLogProofOKCode int = 200 -/*GetLogProofOK All hashes required to compute the consistency proof +/* +GetLogProofOK All hashes required to compute the consistency proof swagger:response getLogProofOK */ @@ -76,7 +77,8 @@ func (o *GetLogProofOK) WriteResponse(rw http.ResponseWriter, producer runtime.P // GetLogProofBadRequestCode is the HTTP code returned for type GetLogProofBadRequest const GetLogProofBadRequestCode int = 400 -/*GetLogProofBadRequest The content supplied to the server was invalid +/* +GetLogProofBadRequest The content supplied to the server was invalid swagger:response getLogProofBadRequest */ @@ -117,7 +119,8 @@ func (o *GetLogProofBadRequest) WriteResponse(rw http.ResponseWriter, producer r } } -/*GetLogProofDefault There was an internal error in the server while processing the request +/* +GetLogProofDefault There was an internal error in the server while processing the request swagger:response getLogProofDefault */ diff --git a/tests/e2e_test.go b/tests/e2e_test.go index 545a90c44..5857c925c 100644 --- a/tests/e2e_test.go +++ b/tests/e2e_test.go @@ -154,6 +154,7 @@ func TestUploadVerifyRekord(t *testing.T) { // Now we should be able to verify it. out = runCli(t, "verify", "--artifact", artifactPath, "--signature", sigPath, "--public-key", pubPath) outputContains(t, out, "Inclusion Proof:") + outputContains(t, out, "Checkpoint:") } func TestUploadVerifyHashedRekord(t *testing.T) { @@ -183,6 +184,7 @@ func TestUploadVerifyHashedRekord(t *testing.T) { // Now we should be able to verify it. out = runCli(t, "verify", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath) outputContains(t, out, "Inclusion Proof:") + outputContains(t, out, "Checkpoint:") } func TestUploadVerifyRpm(t *testing.T) {