Add gobindClient package and a gobind friendly interface to core/client/kt/verify.go#736
Conversation
|
This depends on google/trillian#734 being merged first. In particular, I am using this trillian: https://github.com/AMarcedone/trillian/tree/signerfactory_replace |
|
Would you mind rebasing this on #716 ? |
| "google.golang.org/grpc" | ||
| "google.golang.org/grpc/credentials" | ||
| "google.golang.org/grpc/credentials/oauth" | ||
| "github.com/google/trillian/crypto/keys/pem" |
There was a problem hiding this comment.
Looks like this file needs a gofmt to keep the imports alphabetized
I've just configured gometalinter for this project. You might enjoy linking it up to your IDE.
core/client/gobindClient/client.go
Outdated
| package gobindClient | ||
|
|
||
| import ( | ||
| "context" |
There was a problem hiding this comment.
It's our convention to organize the imports as follows:
import(
"golang imports"
"keytransparency and trillian"
"third party imports"
"underscore and renamed imports"
)
core/client/gobindClient/client.go
Outdated
| LogPEM []byte | ||
| } | ||
|
|
||
| // TODO(amarcedone) consider persisting the client or at least the trusted smr, to gain efficiency and stronger consistency guarantees. |
There was a problem hiding this comment.
Indeed, the design is for the client to persist the trusted SMR itself.
Please create a place for it. Later on we can store and retrieve it from storage etc.
core/client/gobindClient/client.go
Outdated
|
|
||
| // TODO(amarcedone) consider persisting the client or at least the trusted smr, to gain efficiency and stronger consistency guarantees. | ||
|
|
||
| func NewBClientParams(KtURL string, MapID int64, KtTLSCertPEM, VrfPubPEM, KtSigPubKey, LogPEM []byte) *BClientParams { |
There was a problem hiding this comment.
Would it be easier to pass the PEMs as strings?
core/client/gobindClient/client.go
Outdated
| return &BClientParams{KtURL, MapID, cKtTLSCertPEM, cVrfPubPEM, cKtSigPubKey, cLogPEM} | ||
| } | ||
|
|
||
| func BGetEntry(timeoutInMilliseconds int, clientParams *BClientParams, userID, appID string) ([]byte, error) { |
There was a problem hiding this comment.
BClientParams is interesting. It looks like it's functioning as a class object?
- Could we make it a proper class object?
- If not, it should at least be the first parameter in all function calls.
There was a problem hiding this comment.
It can be a proper class (i.e. one can use the syntax BClientParams.MyMethod(myparam) ), but to be directly visible from the Java code it has to only contain members which are gobind friendly.
Another option to increase performance would be to create a client and save it as a global variable of this package, and have GetEntry just use this global client to make requests.
On the java side, we can ensure that there is only one copy of the client available (so only one set of client parameters such as kt address/verification keys can be used at the same time).
Even more, we could use a global variable to store a map of clients (essentially getting around the gobind limitation of not being able to pass around references to arbitrary objects by creating our own reference mechanism), but not sure if that is worth it. Probably one variable as reference would be good for now.
Any thoughts?
core/client/gobindClient/client.go
Outdated
| } | ||
| log := client.NewLogVerifier(hasher, logPubKey) | ||
|
|
||
| verifier, err := keymaster.NewVerifierFromPEM(clientParams.KtSigPubKey) |
There was a problem hiding this comment.
consider using the trillian/crypto/keys package for this
core/client/gobindClient/client.go
Outdated
| // Local copy of io.Writer interface used to redirect logs. | ||
| type BWriter interface { | ||
| Write(p []byte) (n int, err error) | ||
| } No newline at end of file |
core/client/kt/verify.go
Outdated
| return err | ||
| } | ||
|
|
||
| // TODO(amarcedone) Is context.Background() appropriate here? |
There was a problem hiding this comment.
Context should be created from whatever the equivalent of main is, and passed in as the first argument.
|
Regarding the rebase, this PR does not expose a commitment interface directly to gobind so I do not think it would make any difference. |
AMarcedone
force-pushed
the
gobind_getEntry
branch
from
1fc04ce to
ade075c
Compare
…ated through gobind. Add support for fetching entries from go directly (i.e. client.GetEntry) and to verify a proto GetEntryResponse obtained separately.
AMarcedone
force-pushed
the
gobind_getEntry
branch
from
90f971c to
7006ebf
Compare
core/client/gobindClient/client.go
Outdated
| return nil | ||
| } | ||
|
|
||
| func BInit(timeoutInMs int32) error { |
There was a problem hiding this comment.
Let's not use B as a function prefix
core/client/gobindClient/client.go
Outdated
|
|
||
| func BAddKtServer(ktURL string, insecureTLS bool, ktTLSCertPEM []byte, domainInfoHash []byte) error { | ||
| if _, exists := clients[ktURL]; exists == true { | ||
| fmt.Errorf("The KtServer connection for %v already exists", ktURL) |
| fmt.Errorf("The KtServer connection for %v already exists", ktURL) | ||
| } | ||
|
|
||
| // TODO Add URL validation here. |
| return []byte{}, err | ||
| } | ||
|
|
||
| client, exists := clients[ktURL] |
core/client/gobindClient/client.go
Outdated
| ) | ||
|
|
||
| var ( | ||
| initialized bool |
core/client/gobindClient/client.go
Outdated
| Vlog = log.New(ioutil.Discard, "", 0) | ||
| ) | ||
|
|
||
| func checkInitialized() error { |
core/client/gobindClient/client.go
Outdated
|
|
||
| func BGetEntry(ktURL, userID, appID string) ([]byte, error) { | ||
|
|
||
| if err := checkInitialized(); err != nil { |
| timeout = time.Duration(ms) * time.Millisecond | ||
| } | ||
|
|
||
| func AddKtServer(ktURL string, insecureTLS bool, ktTLSCertPEM []byte, domainInfoHash []byte) error { |
gdbelvin
left a comment
gdbelvin
left a comment
There was a problem hiding this comment.
This is looking good. Just make Travis happy.
…gcat, as well as standard log. Optionally, vlog can be redirected to a custom java writer
core/client/gobindClient/client.go
Outdated
| var ( | ||
| clients map[string]*grpcc.Client = make(map[string]*grpcc.Client) | ||
|
|
||
| timeout time.Duration = time.Duration(500) * time.Millisecond |
There was a problem hiding this comment.
just remove the extra cast
core/client/gobindClient/multiLog.go
Outdated
| if m.writers == nil { | ||
| m.writers = []io.Writer{} | ||
| } | ||
| log.Printf("Added writer: %v", w) |
There was a problem hiding this comment.
remove extra logging statements
core/client/gobindClient/multiLog.go
Outdated
|
|
||
| type MultiIoWriter struct { | ||
| writers []io.Writer | ||
| } |
There was a problem hiding this comment.
This belongs in it's own package. client/mutlilogger
Then you can do multilogger.New
2 participants
This PR is the first step in modifying the go code to make it gobind friendly.
It allows an android app to make a GetEntry request (which implicitly verifies the response) or to verify a wire encoded proto GetEntryResponse obtained separately.
The code is not ready to merge (you can see lots of TODOs), but early feedback is appreciated.
Will update with a reference to the corresponding PR in keytransparency-java to give you an idea of how the code is used.