Merge pull request #201 from bobcallaway/log_root

Validate and return hash and size from signed root

Merge pull request #201 from bobcallaway/log_root
ccf05989 · dlorenc · GitHub · 3c6ce167 · bbefd6fd · ccf05989
Unverified Commit ccf05989 authored 4 years ago by dlorenc Committed by GitHub 4 years ago
--- a/cmd/cli/app/log_info.go
+++ b/cmd/cli/app/log_info.go
@@ -24,6 +24,7 @@ import (
 	"encoding/pem"
 	"errors"
 	"fmt"
+	"strings"

 	"github.com/sigstore/rekor/cmd/cli/app/state"

@@ -68,10 +69,6 @@ var logInfoCmd = &cobra.Command{
 		}

 		logInfo := result.GetPayload()
-		cmdOutput := &logInfoCmdOutput{
-			TreeSize: *logInfo.TreeSize,
-			RootHash: *logInfo.RootHash,
-		}

 		keyHint, err := base64.StdEncoding.DecodeString(logInfo.SignedTreeHead.KeyHint.String())
 		if err != nil {
@@ -117,6 +114,19 @@ var logInfoCmd = &cobra.Command{
 			return nil, err
 		}

+		if lr.TreeSize != uint64(*logInfo.TreeSize) {
+			return nil, errors.New("tree size in signed tree head does not match value returned in API call")
+		}
+
+		if !strings.EqualFold(hex.EncodeToString(lr.RootHash), *logInfo.RootHash) {
+			return nil, errors.New("root hash in signed tree head does not match value returned in API call")
+		}
+
+		cmdOutput := &logInfoCmdOutput{
+			TreeSize: int64(lr.TreeSize),
+			RootHash: hex.EncodeToString(lr.RootHash),
+		}
+
 		oldState := state.Load(serverURL)
 		if oldState != nil {
 			persistedSize := oldState.TreeSize