Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Previously we returned an HTTP 500 "error canonicalizing entry" error if
Rekor was unable to parse or verify the proposed content of a new log
entry. This adds a new error type ValidationError that allows
implementers of the Canonicalize method to delineate between internal,
transient errors and errors that clients can rectify.

With this patch, errors parsing or validating (provided or referenced)
artifacts will return an HTTP 400 message to the client with a message
about the issue.

Fixes: #362

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

This causes a JAR to be fetched over a local HTTP server in the
e2e test harness instead of the external Jenkins mirror. Also causes the
JAR input to be randomized so we can re-use the createSignedJar method
in multiple tests.

Fixes: #375

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>

* Added Helm type

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Cleaned up helm type

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Correct Helm schema required fields

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Regenerated Helm schema

Signed-off-by: Andrew Block <andy.block@gmail.com>

* Adopt new signing/verification APIs from sigstore

This uses the new APIs introduced in sigstore/sigstore/pkg/signature and
removes most of the calls directly to the golang crypto APIs.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* Move GetRekorClient into util directory

Since other sigstore projects are using GetRekorClient, this moves it
into the pkg/util directory so that the number of dependencies this
brings with it can be minimized.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* move to pkg/client

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This adds support for the alpine package format used by Alpine Linux,
which is the concatenation of three tgz files (signature, control data,
and then the actual package files).

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* upload all generated timestamps

Signed-off-by: Asra Ali <asraa@google.com>

* address bazooka comments

Signed-off-by: Asra Ali <asraa@google.com>

* simplify params

Signed-off-by: Asra Ali <asraa@google.com>

* address changes

Signed-off-by: Asra Ali <asraa@google.com>

* forgot to run swagger

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Appu Goundan <appu@google.com>

This adds an "Attestation" method to the entry interface. Entries can
return an attestation that they would like to store.

The attestations are currently stored in GCS, but it supports any blob store.
The feature is turned off with a flag, and we can set a max size as well.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This uses a custom fork of in-toto-golang because not all the changes are merged
in one place.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This saves an if err != nil... check.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

* Add timestamps

Signed-off-by: Asra Ali <asraa@google.com>

* change

Signed-off-by: Asra Ali <asraa@google.com>

* address comments

Signed-off-by: Asra Ali <asraa@google.com>

* address comments

Signed-off-by: Asra Ali <asraa@google.com>

* fix binary writer

Signed-off-by: Asra Ali <asraa@google.com>

* add tsa

Signed-off-by: Asra Ali <asraa@google.com>

* distangle cert chain creation from new signer

Signed-off-by: Asra Ali <asraa@google.com>

* revert some now unncessary changes

Signed-off-by: Asra Ali <asraa@google.com>

* cert chain 404

Signed-off-by: Asra Ali <asraa@google.com>

* fix

Signed-off-by: Asra Ali <asraa@google.com>

* GetLogByIndexHandler returns 404 for missing index

GRPC return codes have changed after switching the Trillian GRPC calls
due to recent changes; therefore we need to adapt for InvalidArgument
which should be returned as a 404 Not Found error to callers.

Fixes #296

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

* Add sha256 prefix to index keys for artifact hashes

This change adds the `sha256:` prefix to index values that are created to simplify searching the transparency log for artifacts. In case we shift to using a different hashing algorithm in the future, this will provide a way to specify it.

Fixes #289

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* Add signature to LogEntry for offline verification

Also add an integration test for this.

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

* Address code review comments:
- Canonicalize payload before signing it
- Change name of signature to signedEntryTimestamp
- move signedEntryTimestamp and inclusionProof into separate Verification field in LogEntry

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

* Create helper func for extracting log entry

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

* Add info around verifying signedEntryTimestamp as comments in openapi.yaml

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

* Generalize verification instructions

Signed-off-by: Priya Wadhwa <priyawadhwa@google.com>

This is required when uploading jars by URL.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Signed-off-by: Asra Ali <asraa@google.com>

Signed-off-by: Asra Ali <asraa@google.com>

* Improve code sharing in pluggable type support

This patch removes some of the duplicate logic from specific type implementations and moves it into the base design which hopefully makes writing pluggable types a bit easier.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* Add new type for JAR archives

This adds support for a new pluggable type that can extract signatures
from signed JAR files. Per the JAR spec, a special manifest file is
created with the digest hashes of all included content in the JAR file.
It is this special manifest file that is then signed, and included in a
file within the archive in PKCS7 format. The PKCS7 file also includes
the X509 certificate that can be used to verify the signed manifest file
inside of the JAR.

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

* update boilerplate header and apply go fmt

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* lints: fix golangci-lint issues

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

* updated based on feedback

Signed-off-by: Carlos Panato <ctadeu@gmail.com>

This makes the binaries "go installable" by their canonical names.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

* Remove gzip processing flow completely from rekor

Issue #208 reported different handling of gzipped content via fetch vs
direct upload to rekor server. The code should be consistent, regardless
of whether content was compressed or not - by always attempting to
verify the signature against the (unmodified) byte stream.

This patch removes the gzip decoding completely from rekor and verifies
the bytes supplied or referenced.

Also fixes issue in E2E tests where sending SIGKILL to watch process
caused message to be printed to stderr, which fails the test when
running on MacOS.

Fixes #208

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

them to GCS.

We don't always have a new one, and under load there might be "batches" of entries
all integrated into the same STH. This means there is no guaranteed frequency of updates
or even a guarantee that every index will exist.

The values (and timestamps) should be monotonically increasing though.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Signed-off-by: Dan Lorenc <dlorenc@google.com>

This will allow us to use types.NewEntry() to unmarshal returned
values in clients.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

Since the API key can be specified as an environment variable and could
be thought of as an authentication credential, it should not be included
in the path to the created entry in the log.

Previously we simply appended the new entry's UUID to the full URL,
which was incorrect if an API key was specified as a query parameter.

Fixes #182

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

In our CI environment there is an artifical delay in between starting
the Rekor services via docker-compose and when the E2E tests are
actually executed due to Go modules being downloaded. In a local
development environment, the download may not be required so the tests
can start before the docker-compose services are actually running.

This introduces a healthcheck for services (where possible), and blocks
the start of the e2e tests until the services are reporting as healthy.
It also forces the use of an empty homedir and rekor config file to
ensure no collision between the tests and the developer's environment.

Fixes #183

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

All instances of projectrekor are now renamed to SigStore

This includes:

* Import paths
* Tests
* Readme's

Signed-off-by: Luke Hinds <lhinds@redhat.com>

By using viper.GetString(flag), viper will return the values of that
argument from a precedence order (including CLI arguments). However, if
a value was passed in through an environment variable or as a value in
the config file, it would skip the validation step since that logic was
defined against the FlagSet for command line arguments.

This change causes validation to be done across all input methods.

Fixes #157

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

I noticed this when running some tests locally.