Add new type rfc3161 for RFC 3161 timestamp responses (sigstore#324)

Signed-off-by: Appu Goundan <appu@google.com>

Author: loosebazooka

Makefile

@@ -57,6 +57,8 @@ lint:
 gosec:
 	$(GOBIN)/gosec ./...
 
+gen: $(GENSRC)
+
 rekor-cli: $(SRCS)
 	CGO_ENABLED=0 go build -ldflags $(CLI_LDFLAGS) -o rekor-cli ./cmd/rekor-cli
 

cmd/rekor-cli/app/pflags.go

@@ -39,6 +39,7 @@ import (
 	intoto_v001 "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1"
 	jar_v001 "github.com/sigstore/rekor/pkg/types/jar/v0.0.1"
 	rekord_v001 "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1"
+	rfc3161_v001 "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
 	rpm_v001 "github.com/sigstore/rekor/pkg/types/rpm/v0.0.1"
 )
 
@@ -139,7 +140,7 @@ func validateArtifactPFlags(uuidValid, indexValid bool) error {
 		if signature == "" && typeStr == "rekord" {
 			return errors.New("--signature is required when --artifact is used")
 		}
-		if publicKey == "" && typeStr != "jar" {
+		if publicKey == "" && typeStr != "jar" && typeStr != "rfc3161" {
 			return errors.New("--public-key is required when --artifact is used")
 		}
 	}
@@ -247,6 +248,31 @@ func CreateIntotoFromPFlags() (models.ProposedEntry, error) {
 	return &returnVal, nil
 }
 
+func CreateRFC3161FromPFlags() (models.ProposedEntry, error) {
+	//TODO: how to select version of item to create
+	returnVal := models.Rfc3161{}
+
+	rfc3161 := viper.GetString("artifact")
+	b, err := ioutil.ReadFile(filepath.Clean(rfc3161))
+	if err != nil {
+		return nil, fmt.Errorf("error reading public key file: %w", err)
+	}
+
+	b64 := strfmt.Base64(b)
+	re := rfc3161_v001.V001Entry{
+		Rfc3161Obj: models.Rfc3161V001Schema{
+			Tsr: &models.Rfc3161V001SchemaTsr{
+				Content: &b64,
+			},
+		},
+	}
+
+	returnVal.Spec = re.Rfc3161Obj
+	returnVal.APIVersion = swag.String(re.APIVersion())
+
+	return &returnVal, nil
+}
+
 func CreateRpmFromPFlags() (models.ProposedEntry, error) {
 	//TODO: how to select version of item to create
 	returnVal := models.Rpm{}
@@ -464,16 +490,17 @@ func (t *typeFlag) String() string {
 
 func (t *typeFlag) Set(s string) error {
 	set := map[string]struct{}{
-		"rekord": {},
-		"rpm":    {},
-		"jar":    {},
-		"intoto": {},
+		"rekord":  {},
+		"rpm":     {},
+		"jar":     {},
+		"intoto":  {},
+		"rfc3161": {},
 	}
 	if _, ok := set[s]; ok {
 		t.value = s
 		return nil
 	}
-	return fmt.Errorf("value specified is invalid: [%s] supported values are: [rekord, rpm, jar, intoto]", s)
+	return fmt.Errorf("value specified is invalid: [%s] supported values are: [rekord, rpm, jar, intoto, rfc3161]", s)
 }
 
 type pkiFormatFlag struct {

cmd/rekor-cli/app/upload.go

@@ -95,6 +95,11 @@ var uploadCmd = &cobra.Command{
 			if err != nil {
 				return nil, err
 			}
+		case "rfc3161":
+			entry, err = CreateRFC3161FromPFlags()
+			if err != nil {
+				return nil, err
+			}
 		default:
 			return nil, errors.New("unknown type specified")
 		}

cmd/rekor-server/app/serve.go

@@ -34,6 +34,8 @@ import (
 	jar_v001 "github.com/sigstore/rekor/pkg/types/jar/v0.0.1"
 	"github.com/sigstore/rekor/pkg/types/rekord"
 	rekord_v001 "github.com/sigstore/rekor/pkg/types/rekord/v0.0.1"
+	"github.com/sigstore/rekor/pkg/types/rfc3161"
+	rfc3161_v001 "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
 	"github.com/sigstore/rekor/pkg/types/rpm"
 	rpm_v001 "github.com/sigstore/rekor/pkg/types/rpm/v0.0.1"
 )
@@ -72,10 +74,11 @@ var serveCmd = &cobra.Command{
 
 		// these trigger loading of package and therefore init() methods to run
 		pluggableTypeMap := map[string]string{
-			rekord.KIND: rekord_v001.APIVERSION,
-			rpm.KIND:    rpm_v001.APIVERSION,
-			jar.KIND:    jar_v001.APIVERSION,
-			intoto.KIND: intoto_v001.APIVERSION,
+			rekord.KIND:  rekord_v001.APIVERSION,
+			rpm.KIND:     rpm_v001.APIVERSION,
+			jar.KIND:     jar_v001.APIVERSION,
+			intoto.KIND:  intoto_v001.APIVERSION,
+			rfc3161.KIND: rfc3161_v001.APIVERSION,
 		}
 
 		for k, v := range pluggableTypeMap {

openapi.yaml

@@ -351,6 +351,23 @@ definitions:
         - spec
       additionalProperties: false
 
+  rfc3161:
+    type: object
+    description: RFC3161 Timestamp
+    allOf:
+    - $ref: '#/definitions/ProposedEntry'
+    - properties:
+        apiVersion:
+          type: string
+          pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$
+        spec:
+          type: object
+          $ref: 'pkg/types/rfc3161/rfc3161_schema.json'
+      required:
+        - apiVersion
+        - spec
+      additionalProperties: false
+
   LogEntry:
     type: object
     additionalProperties: