Since the API key can be specified as an environment variable and could
be thought of as an authentication credential, it should not be included
in the path to the created entry in the log.

Previously we simply appended the new entry's UUID to the full URL,
which was incorrect if an API key was specified as a query parameter.

Fixes #182

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Since the verification of a signature will, by definition, include
verifying the content has not been altered, it is unnecessary to require
users of the CLI or REST API to specify the SHA256 hash of the content
when creating a new entry into the log.

Note that the server will still compute the hash and store it in the log
for ease of comparison.

Fixes #180

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

All instances of projectrekor are now renamed to SigStore

This includes:

* Import paths
* Tests
* Readme's

Signed-off-by: Luke Hinds <lhinds@redhat.com>

* Bump github.com/google/trillian from 1.3.10 to 1.3.13

Bumps [github.com/google/trillian](https://github.com/google/trillian) from 1.3.10 to 1.3.13.
- [Release notes](https://github.com/google/trillian/releases)
- [Changelog](https://github.com/google/trillian/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/trillian/compare/v1.3.10...v1.3.13

)

Signed-off-by: dependabot[bot] <support@github.com>

* update to new package structure

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* register hasher

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* revert to original naming

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Bob Callaway <bcallawa@redhat.com>
Co-authored-by: Bob Callaway <bobcallaway@users.noreply.github.com>

This works! We can use it to track # of new entries over time.

The special keys "message" and "severity" are used to filter by default in the UI.

We also need to use this somehow in the log_proof command...

This is only toggled on for the server right now.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Co-authored-by: Dan Lorenc <dlorenc@google.com>

This should fix the rest of the errors.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

saves second pass over data

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

Still need to add some more e2e-style tests that go through the ArtifactFactory flow.

My swagger build introduced these, they're whitespace only but could
make larger PRs harder to review.

* add endpoint for public key and return signed tree head with loginfo

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

* Add support for ed25519/signify/minisign keys and signatures

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

also adds --log-index parameter to CLI verify command

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

The search API allows callers to look for multiple entries in the same request; this change parallelizes the lookups to help speed up processing.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

We can't insert a blank entry, so mark request body as required.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

QueuedLeafResponse holds the actual insertion response code, so check that instead of just the base GRPC status code.

also fixes middleware ordering issue

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

This allows us to skip sticking it onto each request context and retrieving it.

Signed-off-by: Dan Lorenc <dlorenc@google.com>

After #77, we have one global GRPC channel for the entire process. This
change causes each GRPC call to be made on the incoming HTTP request's
context such that if an HTTP client cancels prematurely, we will handle
the GRPC cleanup appropriately.

Signed-off-by: Bob Callaway <bcallawa@redhat.com>

- adds trillian API object to context
- improves request error logging pre and post validation
- use consistent request context throughout all GRPC calls
- improve validation of incoming UUID values
- disable swagger UI endpoint
- only print cacheable headers if response code is HTTP 2XX
- use GetLeavesByRange instead of deprecated GetLeavesByIndex API

Signed-off-by: Bob Callaway <bcallawa@redhat.com>