forked from sigstore/rekor
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtimestamp.go
More file actions
94 lines (78 loc) · 2.93 KB
/
timestamp.go
File metadata and controls
94 lines (78 loc) · 2.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
/*
Copyright The Rekor Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package api
import (
"bytes"
"context"
"encoding/asn1"
"io/ioutil"
"net/http"
"github.com/go-openapi/runtime/middleware"
"github.com/sassoftware/relic/lib/pkcs9"
"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
"github.com/sigstore/rekor/pkg/generated/restapi/operations/timestamp"
rfc3161_v001 "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
"github.com/sigstore/rekor/pkg/util"
)
func RequestFromRekor(ctx context.Context, req pkcs9.TimeStampReq) ([]byte, error) {
resp, err := util.CreateRfc3161Response(ctx, req, api.certChain, api.tsaSigner)
if err != nil {
return nil, err
}
body, err := asn1.Marshal(*resp)
if err != nil {
return nil, err
}
return body, nil
}
func TimestampResponseHandler(params timestamp.GetTimestampResponseParams) middleware.Responder {
// TODO: Add support for in-house JSON based timestamp response.
requestBytes, err := ioutil.ReadAll(params.Request)
if err != nil {
return handleRekorAPIError(params, http.StatusBadRequest, err, failedToGenerateTimestampResponse)
}
req, err := util.ParseTimestampRequest(requestBytes)
if err != nil {
return handleRekorAPIError(params, http.StatusBadRequest, err, failedToGenerateTimestampResponse)
}
// Create response
httpReq := params.HTTPRequest
ctx := httpReq.Context()
resp, err := RequestFromRekor(ctx, *req)
if err != nil {
return handleRekorAPIError(params, http.StatusInternalServerError, err, failedToGenerateTimestampResponse)
}
// Upload to transparency log and add entry UUID to location header.
cleReq := *httpReq
cleURL := entries.CreateLogEntryURL{}
cleReq.URL = cleURL.Must(cleURL.Build())
entryParams := entries.CreateLogEntryParams{
HTTPRequest: &cleReq,
ProposedEntry: rfc3161_v001.NewEntryFromBytes(resp),
}
// If middleware is returned, this indicates an error.
logEntry, middleware := createLogEntry(entryParams)
if middleware != nil {
return middleware
}
var uuid string
var newIndex int64
for location, entry := range logEntry {
uuid = location
newIndex = *entry.LogIndex
}
return timestamp.NewGetTimestampResponseCreated().WithPayload(ioutil.NopCloser(bytes.NewReader(resp))).WithLocation(getEntryURL(*cleReq.URL, uuid)).WithETag(uuid).WithIndex(newIndex)
}
func GetTimestampCertChainHandler(params timestamp.GetTimestampCertChainParams) middleware.Responder {
return timestamp.NewGetTimestampCertChainOK().WithPayload(api.certChainPem)
}