Merge pull request #7 from lukehinds/verify-inclusion

Basic inclusion command for GetInclusionProofByHash

Merge pull request #7 from lukehinds/verify-inclusion
193be3e3 · Luke Hinds · GitHub · 0a9e6250 · 91582526 · 193be3e3
Unverified Commit 193be3e3 authored 4 years ago by Luke Hinds Committed by GitHub 4 years ago
--- a/cmd/inclusion.go
+++ b/cmd/inclusion.go
+/*
+Copyright © 2020 NAME HERE <EMAIL ADDRESS>
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package cmd
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"time"
+
+	"github.com/google/trillian"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"google.golang.org/grpc"
+)
+
+// inclusionCmd represents the inclusion command
+var inclusionCmd = &cobra.Command{
+	Use:   "inclusion",
+	Short: "Rekor CLI",
+	Long: `Rekor interacts with a transparency log
+
+For more information, visit [domain]`,
+	Run: func(cmd *cobra.Command, args []string) {
+		logRpcServer := viper.GetString("log_rpc_server")
+		tLogID := viper.GetInt64("tlog_id")
+		linkfile := viper.GetString("linkfile")
+
+		ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
+		defer cancel()
+
+		// Set up and test connection to rpc server
+		conn, err := grpc.DialContext(ctx, logRpcServer, grpc.WithInsecure())
+		if err != nil {
+			fmt.Println("Failed to connect to log server:", err)
+		}
+		defer conn.Close()
+
+		jsonFile, err := os.Open(linkfile)
+
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+
+		byteValue, _ := ioutil.ReadAll(jsonFile)
+		defer jsonFile.Close()
+
+		tLogClient := trillian.NewTrillianLogClient(conn)
+		server := serverInstance(tLogClient, tLogID)
+
+		resp := &Response{}
+
+		resp, err = server.getInclusion(byteValue, tLogID)
+		log.Printf("Server PUT Response: %s", resp)
+	},
+}
+
+func init() {
+	rootCmd.AddCommand(inclusionCmd)
+}
--- a/cmd/log_server.go
+++ b/cmd/log_server.go
@@ -19,20 +19,32 @@ package cmd
 import (
 	"context"
 	"fmt"
+	"log"
+	"time"
+
 	"github.com/google/trillian"
+	"github.com/google/trillian/client"
+	"github.com/google/trillian/merkle"
 	"github.com/google/trillian/merkle/rfc6962"
+	"github.com/google/trillian/types"
 	"google.golang.org/grpc/codes"
-	"log"
+	"google.golang.org/grpc/status"
 )

 type server struct {
+	lc     *client.LogClient
 	client trillian.TrillianLogClient
 	logID  int64
 	ctx    context.Context
 }

 type Response struct {
-	status string
+	status   string
+	leafhash string
+}
+
+type InclusionResponse struct {
+	status   string
 	leafhash string
 }

@@ -43,6 +55,70 @@ func serverInstance(client trillian.TrillianLogClient, tLogID int64) *server {
 	}
 }

+func (s *server) root() (types.LogRootV1, error) {
+	rqst := &trillian.GetLatestSignedLogRootRequest{
+		LogId: s.logID,
+	}
+	resp, err := s.client.GetLatestSignedLogRoot(context.Background(), rqst)
+	if err != nil {
+		return types.LogRootV1{}, err
+	}
+	var root types.LogRootV1
+	if err := root.UnmarshalBinary(resp.SignedLogRoot.LogRoot); err != nil {
+		return types.LogRootV1{}, err
+	}
+	return root, nil
+}
+
+func (s *server) getInclusion(byteValue []byte, tLogID int64) (*Response, error) {
+
+	ctx, cancel := context.WithTimeout(context.Background(), 20*time.Second)
+	defer cancel()
+
+	root, err := s.root()
+	if err != nil {
+		return &Response{}, err
+	}
+
+	log.Printf("[server:wait] Root hash: %x", root.RootHash)
+
+	hasher := rfc6962.DefaultHasher
+	leafHash := hasher.HashLeaf(byteValue)
+
+	resp, err := s.client.GetInclusionProofByHash(ctx,
+		&trillian.GetInclusionProofByHashRequest{
+			LogId:    tLogID,
+			LeafHash: leafHash,
+			TreeSize: int64(root.TreeSize),
+		})
+	if err != nil {
+		fmt.Println("one")
+		return nil, status.Errorf(codes.Internal, "failed to get inclusion proof: %v", err)
+	}
+	if err != nil {
+		fmt.Println("two")
+		return &Response{}, err
+	}
+	if len(resp.Proof) < 1 {
+		fmt.Println("three")
+		return &Response{}, nil
+	}
+
+	v := merkle.NewLogVerifier(rfc6962.DefaultHasher)
+	for i, proof := range resp.Proof {
+		hashes := proof.GetHashes()
+		for j, hash := range hashes {
+			log.Printf("Proof[%d],hash[%d] == %x\n", i, j, hash)
+		}
+		if err := v.VerifyInclusionProof(proof.LeafIndex, int64(root.TreeSize), hashes, root.RootHash, leafHash); err != nil {
+			return &Response{}, err
+		}
+	}
+	return &Response{
+		status: "ok",
+	}, nil
+}
+
 func (s *server) addLeaf(byteValue []byte, tLogID int64) (*Response, error) {

 	leaf := &trillian.LogLeaf{