persist URL along with state for comparison (#143)

* persist URL along with state for comparison * change to map so we can store state from multiple Rekor instances concurrently Signed-off-by: Bob Callaway <bcallawa@redhat.com>

persist URL along with state for comparison (#143)
4e1445ff · Bob Callaway · GitHub · 8c34aec7 · 4e1445ff · 4e1445ff
Unverified Commit 4e1445ff authored 4 years ago by Bob Callaway Committed by GitHub 4 years ago
--- a/cmd/cli/app/log_info.go
+++ b/cmd/cli/app/log_info.go
@@ -16,6 +16,7 @@ limitations under the License.
 package app

 import (
+	"bytes"
 	"crypto"
 	"crypto/x509"
 	"encoding/base64"
@@ -55,7 +56,8 @@ var logInfoCmd = &cobra.Command{
 	Short: "Rekor loginfo command",
 	Long:  `Prints info about the transparency log`,
 	Run: format.WrapCmd(func(args []string) (interface{}, error) {
-		rekorClient, err := GetRekorClient(viper.GetString("rekor_server"))
+		serverURL := viper.GetString("rekor_server")
+		rekorClient, err := GetRekorClient(serverURL)
 		if err != nil {
 			return nil, err
 		}
@@ -115,34 +117,44 @@ var logInfoCmd = &cobra.Command{
 			return nil, err
 		}

-		oldState := state.Load()
+		oldState := state.Load(serverURL)
 		if oldState != nil {
-			log.CliLogger.Infof("Found previous log state, proving consistency between %d and %d", oldState.TreeSize, lr.TreeSize)
-			params := tlog.NewGetLogProofParams()
-			firstSize := int64(oldState.TreeSize)
-			params.FirstSize = &firstSize
-			params.LastSize = int64(lr.TreeSize)
-			proof, err := rekorClient.Tlog.GetLogProof(params)
-			if err != nil {
-				return nil, err
-			}
-			hashes := [][]byte{}
-			for _, h := range proof.Payload.Hashes {
-				b, _ := hex.DecodeString(h)
-				hashes = append(hashes, b)
-			}
-			v := merkle.NewLogVerifier(rfc6962.DefaultHasher)
-			if err := v.VerifyConsistencyProof(firstSize, int64(lr.TreeSize), oldState.RootHash,
-				lr.RootHash, hashes); err != nil {
-				return nil, err
+			persistedSize := oldState.TreeSize
+			if persistedSize < lr.TreeSize {
+				log.CliLogger.Infof("Found previous log state, proving consistency between %d and %d", oldState.TreeSize, lr.TreeSize)
+				params := tlog.NewGetLogProofParams()
+				firstSize := int64(persistedSize)
+				params.FirstSize = &firstSize
+				params.LastSize = int64(lr.TreeSize)
+				proof, err := rekorClient.Tlog.GetLogProof(params)
+				if err != nil {
+					return nil, err
+				}
+				hashes := [][]byte{}
+				for _, h := range proof.Payload.Hashes {
+					b, _ := hex.DecodeString(h)
+					hashes = append(hashes, b)
+				}
+				v := merkle.NewLogVerifier(rfc6962.DefaultHasher)
+				if err := v.VerifyConsistencyProof(firstSize, int64(lr.TreeSize), oldState.RootHash,
+					lr.RootHash, hashes); err != nil {
+					return nil, err
+				}
+				log.CliLogger.Infof("Consistency proof valid!")
+			} else if persistedSize == lr.TreeSize {
+				if !bytes.Equal(oldState.RootHash, lr.RootHash) {
+					return nil, errors.New("Root hash returned from server does not match previously persisted state")
+				}
+				log.CliLogger.Infof("Persisted log state matches the current state of the log")
+			} else if persistedSize > lr.TreeSize {
+				return nil, fmt.Errorf("Current size of tree reported from server %d is less than previously persisted state %d", lr.TreeSize, persistedSize)
 			}
-			log.CliLogger.Infof("Consistency proof valid!")
 		} else {
 			log.CliLogger.Infof("No previous log state stored, unable to prove consistency")
 		}

 		if viper.GetBool("store_tree_state") {
-			if err := state.Dump(lr); err != nil {
+			if err := state.Dump(serverURL, lr); err != nil {
 				log.CliLogger.Infof("Unable to store previous state: %v", err)
 			}
 		}

--- a/cmd/cli/app/root.go
+++ b/cmd/cli/app/root.go
@@ -84,7 +84,14 @@ func initConfig() {
 	viper.SetEnvPrefix("rekor")
 	viper.AutomaticEnv()

-	if err := viper.ReadInConfig(); err == nil {
+	if err := viper.ReadInConfig(); err != nil {
+		switch err.(type) {
+		case viper.ConfigFileNotFoundError:
+		default:
+			fmt.Println(fmt.Errorf("Error parsing config file %v: %w", viper.ConfigFileUsed(), err))
+			os.Exit(1)
+		}
+	} else if viper.GetString("format") == "default" {
 		fmt.Println("Using config file:", viper.ConfigFileUsed())
 	}
 }
@@ -155,6 +162,6 @@ func (f *formatFlag) Set(s string) error {
 	return fmt.Errorf("invalid flag value: %s, valid values are [default, json]", s)
 }

-func (u *formatFlag) Type() string {
+func (f *formatFlag) Type() string {
 	return "format"
 }
--- a/cmd/cli/app/state/state.go
+++ b/cmd/cli/app/state/state.go
@@ -26,14 +26,22 @@ import (
 	"github.com/mitchellh/go-homedir"
 )

-func Dump(lr *types.LogRootV1) error {
+type persistedState map[string]*types.LogRootV1
+
+func Dump(url string, lr *types.LogRootV1) error {
 	rekorDir, err := getRekorDir()
 	if err != nil {
 		return err
 	}
 	statePath := filepath.Join(rekorDir, "state.json")

-	b, err := json.Marshal(lr)
+	state := loadStateFile()
+	if state == nil {
+		state = make(persistedState)
+	}
+	state[url] = lr
+
+	b, err := json.Marshal(&state)
 	if err != nil {
 		return err
 	}
@@ -43,7 +51,7 @@ func Dump(lr *types.LogRootV1) error {
 	return nil
 }

-func Load() *types.LogRootV1 {
+func loadStateFile() persistedState {
 	rekorDir, err := getRekorDir()
 	if err != nil {
 		return nil
@@ -53,13 +61,20 @@ func Load() *types.LogRootV1 {
 	if err != nil {
 		return nil
 	}
-	result := &types.LogRootV1{}
-	if err := json.Unmarshal(b, result); err != nil {
+	result := persistedState{}
+	if err := json.Unmarshal(b, &result); err != nil {
 		return nil
 	}
 	return result
 }

+func Load(url string) *types.LogRootV1 {
+	if state := loadStateFile(); state != nil {
+		return state[url]
+	}
+	return nil
+}
+
 func getRekorDir() (string, error) {
 	home, err := homedir.Dir()
 	if err != nil {