sigstore · dlorenc · Jun 23, 2021 · Jun 17, 2021 · Jun 18, 2021 · Jun 21, 2021
@@ -27,6 +27,7 @@ import (
 	"path/filepath"
 	"strconv"
 	"strings"
+	"time"
 
 	"github.com/sassoftware/relic/lib/pkcs9"
 	"github.com/sassoftware/relic/lib/x509tools"
@@ -94,7 +95,6 @@ func addTimestampFlags(cmd *cobra.Command) error {
 
 	cmd.Flags().String("out", "response.tsr", "path to a file to write response.")
 
-	// TODO: Add a flag to upload a pre-formed timestamp response to the log.
 	// TODO: Add a flag to indicate a JSON formatted timestamp request/response.
 	return nil
 }
@@ -175,13 +175,15 @@ func createRequestFromFlags() (*pkcs9.TimeStampReq, error) {
 }
 
 type timestampCmdOutput struct {
-	Location string
+	Timestamp time.Time
+	Location  string
+	UUID      string
+	Index     int64
 }
 
 func (t *timestampCmdOutput) String() string {
-	return fmt.Sprintf(`
-Wrote response to: %v
-`, t.Location)
+	return fmt.Sprintf("Artifact timestamped at %s\nWrote timestamp response to %v\nCreated entry at index %d, available at: %v%v\n",
+		t.Timestamp, t.Location, t.Index, viper.GetString("rekor_server"), t.UUID)
 }
 
 var timestampCmd = &cobra.Command{
@@ -218,12 +220,17 @@ var timestampCmd = &cobra.Command{
 		params.Request = ioutil.NopCloser(bytes.NewReader(requestBytes))
 
 		var respBytes bytes.Buffer
-		_, err = rekorClient.Timestamp.GetTimestampResponse(params, &respBytes)
+		resp, err := rekorClient.Timestamp.GetTimestampResponse(params, &respBytes)
 		if err != nil {
 			return nil, err
 		}
 		// Sanity check response and check if the TimeStampToken was successfully created
-		if _, err = timestampReq.ParseResponse(respBytes.Bytes()); err != nil {
+		psd, err := timestampReq.ParseResponse(respBytes.Bytes())
+		if err != nil {
+			return nil, err
+		}
+		genTime, err := util.GetSigningTime(psd)
+		if err != nil {
 			return nil, err
 		}
 
@@ -238,7 +245,10 @@ var timestampCmd = &cobra.Command{
 
 		// TODO: Add log index after support for uploading to transparency log is added.
 		return &timestampCmdOutput{
-			Location: outStr,
+			Location:  outStr,
+			UUID:      string(resp.Location),
+			Timestamp: genTime,
+			Index:     resp.Index,
 		}, nil
 	}),
 }

@@ -249,6 +249,17 @@ paths:
           schema:
             type: string
             format: binary
+          headers:
+            ETag:
+              type: string
+              description: UUID of log entry
+            Location:
+              type: string
+              description: URI location of log entry
+              format: uri
+            Index:
+              type: integer
+              description: Log index of the log entry
         400:
           $ref: '#/responses/BadContent'
         501:

@@ -127,26 +127,22 @@ func GetLogEntryByIndexHandler(params entries.GetLogEntryByIndexParams) middlewa
 	return entries.NewGetLogEntryByIndexOK().WithPayload(logEntry)
 }
 
-// CreateLogEntryHandler creates new entry into log
-func CreateLogEntryHandler(params entries.CreateLogEntryParams) middleware.Responder {
-	ctx := params.HTTPRequest.Context()
-	httpReq := params.HTTPRequest
+func createLogEntry(ctx context.Context, params entries.CreateLogEntryParams) (models.LogEntry, int, string, error) {
 	entry, err := types.NewEntry(params.ProposedEntry)
 	if err != nil {
-		return handleRekorAPIError(params, http.StatusBadRequest, err, err.Error())
+		return nil, http.StatusBadRequest, err.Error(), err
 	}
-
-	leaf, err := entry.Canonicalize(httpReq.Context())
+	leaf, err := entry.Canonicalize(ctx)
 	if err != nil {
-		return handleRekorAPIError(params, http.StatusInternalServerError, err, failedToGenerateCanonicalEntry)
+		return nil, http.StatusInternalServerError, failedToGenerateCanonicalEntry, err
 	}
 
-	tc := NewTrillianClient(httpReq.Context())
+	tc := NewTrillianClient(ctx)
 
 	resp := tc.addLeaf(leaf)
 	// this represents overall GRPC response state (not the results of insertion into the log)
 	if resp.status != codes.OK {
-		return handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("grpc error: %w", resp.err), trillianUnexpectedResult)
+		return nil, http.StatusInternalServerError, trillianUnexpectedResult, fmt.Errorf("grpc error: %w", resp.err)
 	}
 
 	// this represents the results of inserting the proposed leaf into the log; status is nil in success path
@@ -156,9 +152,9 @@ func CreateLogEntryHandler(params entries.CreateLogEntryParams) middleware.Respo
 		case int32(code.Code_OK):
 		case int32(code.Code_ALREADY_EXISTS), int32(code.Code_FAILED_PRECONDITION):
 			existingUUID := hex.EncodeToString(rfc6962.DefaultHasher.HashLeaf(leaf))
-			return handleRekorAPIError(params, http.StatusConflict, fmt.Errorf("grpc error: %v", insertionStatus.String()), fmt.Sprintf(entryAlreadyExists, existingUUID), "entryURL", getEntryURL(*httpReq.URL, existingUUID))
+			return nil, http.StatusConflict, fmt.Sprintf("%s%s%s, ", fmt.Sprintf(entryAlreadyExists, existingUUID), "entryURL", getEntryURL(*params.HTTPRequest.URL, existingUUID)), fmt.Errorf("grpc error: %v", insertionStatus.String())
 		default:
-			return handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("grpc error: %v", insertionStatus.String()), trillianUnexpectedResult)
+			return nil, http.StatusInternalServerError, trillianUnexpectedResult, fmt.Errorf("grpc error: %v", insertionStatus.String())
 		}
 	}
 
@@ -201,7 +197,7 @@ func CreateLogEntryHandler(params entries.CreateLogEntryParams) middleware.Respo
 
 	signature, err := signEntry(ctx, api.signer, logEntryAnon)
 	if err != nil {
-		return handleRekorAPIError(params, http.StatusInternalServerError, fmt.Errorf("signing entry error: %v", err), signingError)
+		return nil, http.StatusInternalServerError, signingError, fmt.Errorf("signing entry error: %v", err)
 	}
 
 	logEntryAnon.Verification = &models.LogEntryAnonVerification{
@@ -211,6 +207,23 @@ func CreateLogEntryHandler(params entries.CreateLogEntryParams) middleware.Respo
 	logEntry := models.LogEntry{
 		uuid: logEntryAnon,
 	}
+	return logEntry, http.StatusOK, "", nil
+}
+
+// CreateLogEntryHandler creates new entry into log
+func CreateLogEntryHandler(params entries.CreateLogEntryParams) middleware.Responder {
+	ctx := params.HTTPRequest.Context()
+	httpReq := params.HTTPRequest
+
+	logEntry, code, message, err := createLogEntry(ctx, params)
+	if err != nil {
+		return handleRekorAPIError(params, code, err, message)
+	}
+
+	var uuid string
+	for location := range logEntry {
+		uuid = location
+	}
 
 	return entries.NewCreateLogEntryCreated().WithPayload(logEntry).WithLocation(getEntryURL(*httpReq.URL, uuid)).WithETag(uuid)
 }

@@ -24,10 +24,14 @@ import (
 	"net/http"
 
 	"github.com/go-openapi/runtime/middleware"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
 	"github.com/pkg/errors"
 	"github.com/sassoftware/relic/lib/pkcs9"
+	"github.com/sigstore/rekor/pkg/generated/models"
+	"github.com/sigstore/rekor/pkg/generated/restapi/operations/entries"
 	"github.com/sigstore/rekor/pkg/generated/restapi/operations/timestamp"
-	"github.com/sigstore/rekor/pkg/log"
+	rfc3161_v001 "github.com/sigstore/rekor/pkg/types/rfc3161/v0.0.1"
 	"github.com/sigstore/rekor/pkg/util"
 )
 
@@ -45,6 +49,22 @@ func RequestFromRekor(ctx context.Context, req pkcs9.TimeStampReq) ([]byte, erro
 	return body, nil
 }
 
+func createRFC3161FromBytes(resp []byte) models.ProposedEntry {
+	b64 := strfmt.Base64(resp)
+	re := rfc3161_v001.V001Entry{
+		Rfc3161Obj: models.Rfc3161V001Schema{
+			Tsr: &models.Rfc3161V001SchemaTsr{
+				Content: &b64,
+			},
+		},
+	}
+
+	return &models.Rfc3161{
+		Spec:       re.Rfc3161Obj,
+		APIVersion: swag.String(re.APIVersion()),
+	}
+}
+
 func TimestampResponseHandler(params timestamp.GetTimestampResponseParams) middleware.Responder {
 	// Fail early if we don't haven't configured rekor with a certificate for timestamping.
 	if len(api.certChain) == 0 {
@@ -62,15 +82,32 @@ func TimestampResponseHandler(params timestamp.GetTimestampResponseParams) middl
 	}
 
 	// Create response
-	ctx := params.HTTPRequest.Context()
+	httpReq := params.HTTPRequest
+	ctx := httpReq.Context()
 	resp, err := RequestFromRekor(ctx, *req)
 	if err != nil {
 		return handleRekorAPIError(params, http.StatusInternalServerError, err, failedToGenerateTimestampResponse)
 	}
 
-	// TODO: Upload to transparency log and add entry UUID to location header.
-	log.Logger.Errorf("generated OK")
-	return timestamp.NewGetTimestampResponseOK().WithPayload(ioutil.NopCloser(bytes.NewReader(resp)))
+	// Upload to transparency log and add entry UUID to location header.
+	entryParams := entries.CreateLogEntryParams{
+		HTTPRequest:   httpReq,
+		ProposedEntry: createRFC3161FromBytes(resp),
+	}
+
+	logEntry, code, msg, err := createLogEntry(ctx, entryParams)
+	if err != nil {
+		return handleRekorAPIError(params, code, err, msg)
+	}
+
+	var uuid string
+	var newIndex int64
+	for location, entry := range logEntry {
+		uuid = location
+		newIndex = *entry.LogIndex
+	}
+
+	return timestamp.NewGetTimestampResponseOK().WithPayload(ioutil.NopCloser(bytes.NewReader(resp))).WithLocation(getEntryURL(*httpReq.URL, uuid)).WithETag(uuid).WithIndex(newIndex)
 }
 
 func GetTimestampCertChainHandler(params timestamp.GetTimestampCertChainParams) middleware.Responder {