Merge pull request #17 from dlorenc/proof

Proof

Merge pull request #17 from dlorenc/proof
5b530723 · Luke Hinds · GitHub · 0f5db9dd · fd863402 · 5b530723
Unverified Commit 5b530723 authored 4 years ago by Luke Hinds Committed by GitHub 4 years ago
--- a/cmd/add.go
+++ b/cmd/add.go
@@ -97,7 +97,6 @@ For more information, visit [domain]`,
 		if err != nil {
 			log.Fatal(err)
 		}
-
 		fmt.Println(string(content))
 	},
 }

--- a/cmd/get.go
+++ b/cmd/get.go
@@ -17,17 +17,32 @@ package cmd

 import (
 	"context"
+	"crypto"
+	"crypto/x509"
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"time"

+	tcrypto "github.com/google/trillian/crypto"
+
+	tclient "github.com/google/trillian/client"
+
+	"github.com/google/trillian"
+	"github.com/google/trillian/merkle"
+	"github.com/google/trillian/merkle/rfc6962"
 	"github.com/projectrekor/rekor-cli/log"
 	"github.com/spf13/viper"

 	"github.com/spf13/cobra"
 )

+type getProofResponse struct {
+	Proof *trillian.GetInclusionProofByHashResponse
+	Key   []byte
+}
+
 // getCmd represents the get command
 var getCmd = &cobra.Command{
 	Use:   "get",
@@ -38,7 +53,7 @@ For more information, visit [domain]`,
 	Run: func(cmd *cobra.Command, args []string) {
 		log := log.Logger
 		rekorServer := viper.GetString("rekor_server")
-		url := rekorServer + "/api/v1/get"
+		url := rekorServer + "/api/v1/getproof"
 		linkfile := viper.GetString("linkfile")

 		// Set Context with Timeout for connects to thde log rpc server
@@ -63,12 +78,40 @@ For more information, visit [domain]`,
 		defer response.Body.Close()

 		content, err := ioutil.ReadAll(response.Body)
-
 		if err != nil {
 			log.Fatal(err)
 		}

 		fmt.Println(string(content))
+
+		resp := getProofResponse{}
+		if err := json.Unmarshal(content, &resp); err != nil {
+			log.Fatal(err)
+		}
+
+		pub, err := x509.ParsePKIXPublicKey(resp.Key)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		f, err := ioutil.ReadFile(linkfile)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		leafHash := rfc6962.DefaultHasher.HashLeaf(f)
+		verifier := tclient.NewLogVerifier(rfc6962.DefaultHasher, pub, crypto.SHA256)
+		root, err := tcrypto.VerifySignedLogRoot(verifier.PubKey, verifier.SigHash, resp.Proof.SignedLogRoot)
+		if err != nil {
+			log.Fatal(err)
+		}
+
+		v := merkle.NewLogVerifier(rfc6962.DefaultHasher)
+		proof := resp.Proof.Proof[0]
+		if err := v.VerifyInclusionProof(proof.LeafIndex, int64(root.TreeSize), proof.Hashes, root.RootHash, leafHash); err != nil {
+			log.Fatal(err)
+		}
+		log.Info("proof correct!")
 	},
 }