|
15 | 15 | package tessera |
16 | 16 |
|
17 | 17 | import ( |
| 18 | + "bytes" |
18 | 19 | "context" |
| 20 | + "encoding/gob" |
| 21 | + "encoding/hex" |
19 | 22 | "errors" |
20 | 23 | "fmt" |
| 24 | + "io" |
21 | 25 | "iter" |
| 26 | + "log/slog" |
22 | 27 |
|
23 | 28 | "github.com/transparency-dev/tessera/api" |
24 | 29 | "github.com/transparency-dev/tessera/api/layout" |
| 30 | + "github.com/transparency-dev/tessera/internal/parse" |
25 | 31 | "golang.org/x/mod/sumdb/note" |
26 | 32 | ) |
27 | 33 |
|
@@ -133,12 +139,144 @@ type MirrorPackage struct { |
133 | 139 | // AddEntries processes a stream of entry packages, verifies subtree consistency proofs, |
134 | 140 | // and durably commits entries to the log. |
135 | 141 | // |
136 | | -// Returns the next required entry index, a recent pending checkpoint size, an opaque ticket for future invocations, and, optionally, a cosignature over a pending checkpoint whose size matches uploadEnd if one exists. |
137 | | -func (mt *MirrorTarget) AddEntries(ctx context.Context, uploadStart, uploadEnd uint64, ticket []byte, next func() (*MirrorPackage, error)) (uint64, uint64, []byte, []byte, error) { |
138 | | - return 0, 0, nil, nil, errors.New("unimplemented") |
| 142 | +// Returns the next required entry index, a recent pending checkpoint size, an opaque |
| 143 | +// ticket for future invocations, and, optionally, a cosignature over a pending checkpoint |
| 144 | +// whose size matches uploadEnd if one exists. |
| 145 | +func (mt *MirrorTarget) AddEntries(ctx context.Context, uploadStart, uploadEnd uint64, ticketBytes []byte, next func() (*MirrorPackage, error)) (nextEntry uint64, pendingSize uint64, newTicket []byte, cosigs []byte, err error) { |
| 146 | + curIntegratedSize, err := mt.reader.IntegratedSize(ctx) |
| 147 | + if err != nil { |
| 148 | + return 0, 0, nil, nil, fmt.Errorf("failed to read integrated size: %w", err) |
| 149 | + } |
| 150 | + var t *ticket |
| 151 | + if t, err = mt.openTicket(ctx, ticketBytes); err != nil { |
| 152 | + // Invalid or empty ticket, return a new one. |
| 153 | + pendingCP, err := mt.cpSource(ctx) |
| 154 | + if err != nil { |
| 155 | + return 0, 0, nil, nil, fmt.Errorf("failed to get pending checkpoint: %v", err) |
| 156 | + } |
| 157 | + if len(pendingCP) == 0 { |
| 158 | + return 0, 0, nil, nil, ErrNoPendingCheckpoint |
| 159 | + } |
| 160 | + t = &ticket{ |
| 161 | + PendingCP: pendingCP, |
| 162 | + } |
| 163 | + ticketBytes, err = mt.sealTicket(ctx, t) |
| 164 | + if err != nil { |
| 165 | + return 0, 0, nil, nil, fmt.Errorf("failed to create ticket: %v", err) |
| 166 | + } |
| 167 | + |
| 168 | + // If the client didn't provide a [valid] ticket, then we don't have a pending |
| 169 | + // checkpoint to validate against, so we return a new ticket with the |
| 170 | + // current checkpoint. |
| 171 | + _, pendingSize, _, err := parse.CheckpointUnsafe(t.PendingCP) |
| 172 | + if err != nil { |
| 173 | + slog.ErrorContext(ctx, "Invalid pending checkpoint from source", slog.String("pending_checkpoint", string(t.PendingCP)), slog.String("error", err.Error())) |
| 174 | + return 0, 0, nil, nil, fmt.Errorf("failed to parse pending checkpoint while creating ticket: %v", err) |
| 175 | + } |
| 176 | + return curIntegratedSize, pendingSize, ticketBytes, nil, ErrConflict |
| 177 | + } |
| 178 | + |
| 179 | + var pendingRoot []byte |
| 180 | + _, pendingSize, pendingRoot, err = parse.CheckpointUnsafe(t.PendingCP) |
| 181 | + if err != nil { |
| 182 | + slog.ErrorContext(ctx, "Invalid pending checkpoint in ticket", slog.String("pending_checkpoint", string(t.PendingCP)), slog.String("error", err.Error())) |
| 183 | + return 0, 0, nil, nil, fmt.Errorf("failed to parse pending checkpoint from ticket: %v", err) |
| 184 | + } |
| 185 | + |
| 186 | + // Handle 409 Conflicts: |
| 187 | + // - Zero-request check: If upload_start == 0 and upload_end == 0, the client is |
| 188 | + // requesting initial mirror information. |
| 189 | + // - upload_end: |
| 190 | + // * MUST be equal to the tree size of a known pending checkpoint value. |
| 191 | + // * MUST NOT be less than the mirror checkpoint's tree size. |
| 192 | + // - upload_start: |
| 193 | + // * MUST NOT be greater than the mirror's next expected entry index. |
| 194 | + // * MUST NOT be too far below the mirror's next entry index. |
| 195 | + if (uploadStart == 0 && uploadEnd == 0) || |
| 196 | + (uploadEnd != pendingSize || uploadEnd < curIntegratedSize) || |
| 197 | + (uploadStart > curIntegratedSize) { |
| 198 | + // TODO(al): add flexibility about re-writing some entries |
| 199 | + return curIntegratedSize, pendingSize, ticketBytes, nil, ErrConflict |
| 200 | + } |
| 201 | + |
| 202 | + |
| 203 | + bi := func(yield func(api.EntryBundle) bool) { |
| 204 | + for { |
| 205 | + pkg, err := next() |
| 206 | + if err != nil { |
| 207 | + if err == io.EOF { |
| 208 | + return |
| 209 | + } |
| 210 | + // TODO(al): handle this |
| 211 | + slog.WarnContext(ctx, "NextPackage returned an error", slog.String("error", err.Error())) |
| 212 | + return |
| 213 | + } |
| 214 | + |
| 215 | + // TODO(al): verify entries+proof under checkpoint (Failure -> 422 Unprocessable Entity). |
| 216 | + |
| 217 | + if !yield(api.EntryBundle{Entries: pkg.Entries}) { |
| 218 | + return |
| 219 | + } |
| 220 | + } |
| 221 | + } |
| 222 | + |
| 223 | + // TODO(al): Check uploadStart is aligned to EntryBundleWidth. |
| 224 | + bundleIdx := uploadStart/layout.EntryBundleWidth |
| 225 | + |
| 226 | + nextEntry, newRoot, err := mt.writer.IntegrateBundles(ctx, bundleIdx, bi) |
| 227 | + switch { |
| 228 | + case err != nil: |
| 229 | + return 0, 0, nil, nil, err |
| 230 | + case nextEntry == pendingSize: |
| 231 | + if !bytes.Equal(pendingRoot, newRoot) { |
| 232 | + slog.ErrorContext(ctx, "CORRUPTION DETECTED - pending root != calculated root", slog.String("calculated_root", hex.EncodeToString(newRoot)), slog.String("pending_checkpoint", string(t.PendingCP))) |
| 233 | + return 0, 0, nil, nil, errors.New("internal error") |
| 234 | + } |
| 235 | + // This is a complete upload. |
| 236 | + // TODO(al): |
| 237 | + // - cosign the pending checkpoint, |
| 238 | + // - publish it IFF we not overwriting a larger checkpoint |
| 239 | + // - If published, then return the cosig(s) to the caller. |
| 240 | + return nextEntry, pendingSize, nil, []byte("— test cosig\n"), nil |
| 241 | + case nextEntry > pendingSize: |
| 242 | + // TODO(al): ticket is stale, probably need to update the ticket? |
| 243 | + slog.WarnContext(ctx, "nextEntry > pendingSize", slog.Uint64("nextEntry", nextEntry), slog.Uint64("pendingSize", pendingSize)) |
| 244 | + return nextEntry, pendingSize, ticketBytes, nil, nil |
| 245 | + default: |
| 246 | + // Incomplete upload, return an updated ticket with the current checkpoint. |
| 247 | + return nextEntry, pendingSize, ticketBytes, nil, nil |
| 248 | + } |
139 | 249 | } |
140 | 250 |
|
141 | 251 | // IntegratedSize returns the size of the current integrated log. |
142 | 252 | func (mt *MirrorTarget) IntegratedSize(ctx context.Context) (uint64, error) { |
143 | 253 | return mt.reader.IntegratedSize(ctx) |
144 | 254 | } |
| 255 | + |
| 256 | +// ticket is the underlying structure of an add-entries ticket. |
| 257 | +type ticket struct { |
| 258 | + // PendingCP holds the raw pending checkpoint bytes. |
| 259 | + PendingCP []byte |
| 260 | +} |
| 261 | + |
| 262 | +func (mt *MirrorTarget) sealTicket(ctx context.Context, t *ticket) ([]byte, error) { |
| 263 | + out := bytes.Buffer{} |
| 264 | + if err := gob.NewEncoder(&out).Encode(t); err != nil { |
| 265 | + return nil, fmt.Errorf("ticket encoding failed: %v", err) |
| 266 | + } |
| 267 | + // TODO(al): harden ticket & bind to this particular log mirror. |
| 268 | + return out.Bytes(), nil |
| 269 | +} |
| 270 | + |
| 271 | +func (mt *MirrorTarget) openTicket(ctx context.Context, ticketBytes []byte) (*ticket, error) { |
| 272 | + if len(ticketBytes) == 0 { |
| 273 | + return nil, errors.New("empty ticket") |
| 274 | + } |
| 275 | + // TODO(al): harden ticket & verify it's for this particular log mirror. |
| 276 | + var t ticket |
| 277 | + if err := gob.NewDecoder(bytes.NewReader(ticketBytes)).Decode(&t); err != nil { |
| 278 | + return nil, fmt.Errorf("ticket decoding failed: %v", err) |
| 279 | + } |
| 280 | + return &t, nil |
| 281 | +} |
| 282 | + |
0 commit comments