/
ext_req.go
320 lines (283 loc) · 9.41 KB
/
ext_req.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
/*
* Copyright 2020 Guardtime, Inc.
*
* This file is part of the Guardtime client SDK.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* http://www.apache.org/licenses/LICENSE-2.0
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES, CONDITIONS, OR OTHER LICENSES OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
* "Guardtime" and "KSI" are trademarks or registered trademarks of
* Guardtime, Inc., and no license to trademarks is granted; Guardtime
* reserves and retains all trademark rights.
*/
package pdu
import (
"context"
"fmt"
"time"
"github.com/guardtime/goksi/errors"
"github.com/guardtime/goksi/hash"
"github.com/guardtime/goksi/hmac"
"github.com/guardtime/goksi/log"
"github.com/guardtime/goksi/templates"
"github.com/guardtime/goksi/tlv"
)
// ExtendingReqSetting is functional option setter for extending request.
type (
ExtendingReqSetting func(*extenderReq) error
extenderReq struct {
obj ExtenderReq
}
)
// NewExtendingReq constructs a new extending request.
// Start parameter is the time of the aggregation round from which the calendar hash chain should start.
// Optionally additional configuration settings can be added via settings parameter.
func NewExtendingReq(start time.Time, settings ...ExtendingReqSetting) (*ExtenderReq, error) {
tmp := extenderReq{obj: ExtenderReq{
extReq: &ExtReq{
id: newUint64(0),
aggrTime: newUint64(uint64(start.Unix())),
},
}}
// Setup adjust settings with provided.
for _, setter := range settings {
if err := setter(&tmp); err != nil {
return nil, errors.KsiErr(err).AppendMessage("Unable to setup extender request.")
}
}
if tmp.obj.extReq.pubTime != nil {
if *tmp.obj.extReq.pubTime < *tmp.obj.extReq.aggrTime {
err := errors.New(errors.KsiServiceExtenderInvalidTimeRange).
AppendMessage("The request asked for a hash chain going backwards in time.").
AppendMessage(fmt.Sprintf("Aggregation time %v is more recent than publication time %v.", *tmp.obj.extReq.aggrTime, *tmp.obj.extReq.pubTime))
return nil, err
}
}
return &tmp.obj, nil
}
// ExtReqSetPubTime sets the time of the calendar root hash value to which the aggregation hash value should
// be connected by the calendar hash chain. Its absence means a request for a calendar hash chain from
// aggregation time to the most recent calendar record the server has (the 'calendar last time' field in the
// response and configuration messages).
func ExtReqSetPubTime(end time.Time) ExtendingReqSetting {
return func(r *extenderReq) error {
if r == nil || r.obj.extReq == nil {
return errors.New(errors.KsiInvalidArgumentError).AppendMessage("Missing extending request base object.")
}
if !end.IsZero() {
r.obj.extReq.pubTime = newUint64(uint64(end.Unix()))
}
return nil
}
}
// ExtReqSetRequestID is aggregation request configuration method for setting request ID, a number used to establish
// a relation between the request and the corresponding responses.
// Should be used with care.
func ExtReqSetRequestID(id uint64) ExtendingReqSetting {
return func(r *extenderReq) error {
if r == nil || r.obj.extReq == nil {
return errors.New(errors.KsiInvalidArgumentError).AppendMessage("Missing extending request base object.")
}
*r.obj.extReq.id = id
return nil
}
}
// SetHeader is request header setter.
func (r *ExtenderReq) SetHeader(hdr *Header) error {
if r == nil {
return errors.New(errors.KsiInvalidArgumentError)
}
r.header = hdr
return nil
}
// UpdateHmac updates the request HMAC. The MAC is computed over all PDU message bytes up to (but excluding)
// the hash value within the imprint in the MAC field:
// 1. the TLV header of the PDU element itself;
// 2. the complete header element (both the TLV header and the value of the element);
// 3. the complete payload elements in the order in which they appear in the PDU;
// 4. the TLV header of the MAC element;
// 5. the hash algorithm identifier part of the imprint representing the MAC value.
func (r *ExtenderReq) UpdateHMAC(alg hash.Algorithm, key string) error {
if r == nil {
return errors.New(errors.KsiInvalidArgumentError)
}
if r.header == nil {
return errors.New(errors.KsiInvalidFormatError).AppendMessage("Missing request header.")
}
if !alg.Registered() {
return errors.New(errors.KsiUnknownHashAlgorithm).AppendMessage("Can not calculate HMAC using an unknown hash algorithm.")
}
if !alg.Trusted() {
return errors.New(errors.KsiInvalidStateError).AppendMessage("Algorithm algorithm is not trusted.")
}
// Initialize the HMAC with a null digest.
r.mac = newImprint(alg.ZeroImprint())
raw, err := r.Encode()
if err != nil {
return err
}
hsr, err := hmac.New(alg, []byte(key))
if err != nil {
return err
}
if _, err := hsr.Write(raw[:(len(raw) - alg.Size())]); err != nil {
return err
}
mac, err := hsr.Imprint()
if err != nil {
return err
}
r.mac = &mac
return nil
}
// UpdateRequestID updates extending request ID in case it is not set explicitly.
func (r *ExtenderReq) UpdateRequestID(id uint64) error {
if r == nil {
return errors.New(errors.KsiInvalidArgumentError)
}
// Update the request in case of aggregation request.
if r.extReq != nil {
if r.extReq.id == nil || *r.extReq.id == 0 {
r.extReq.id = &id
}
}
return nil
}
// Encode serializes the extender request into binary TLV.
func (r *ExtenderReq) Encode() ([]byte, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
pduTemplate, err := templates.Get("ExtenderReq")
if err != nil {
return nil, err
}
// Get TLV from template.
rTlv, err := tlv.NewTlv(tlv.ConstructFromObject(r, pduTemplate))
if err != nil {
return nil, err
}
log.Debug(rTlv)
return rTlv.Raw, nil
}
// Clone returns a deep copy of the origin, or nil in case of an error.
// Note that only request part of the ExtenderReq will be cloned, meaning header and HMAC are ignored.
func (r *ExtenderReq) Clone() (*ExtenderReq, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
tmp := &ExtenderReq{}
if r.extReq != nil {
clone, err := clonePDU(r.extReq)
if err != nil {
return nil, err
}
tmp.extReq = clone.(*ExtReq)
}
if r.confReq != nil {
clone, err := clonePDU(r.confReq)
if err != nil {
return nil, err
}
tmp.confReq = clone.(*Config)
}
return tmp, nil
}
// NewExtenderConfigReq constructs a new aggregator configuration request.
func NewExtenderConfigReq() (*ExtenderReq, error) {
return &ExtenderReq{
// Initialize the conf request with empty instance.
confReq: &Config{},
}, nil
}
// Config returns request config instance.
// Note that in case the configuration is not part of the request, nil is returned.
func (r *ExtenderReq) Config() (*Config, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
return r.confReq, nil
}
// ExtendingReq returns extending request component from the receiver container.
// In case the extending request is missing, nil is returned.
func (r *ExtenderReq) ExtendingReq() (*ExtReq, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
return r.extReq, nil
}
// AggregationTime returns the time of the aggregation round from which the calendar hash chain should start.
func (r *ExtReq) AggregationTime() (time.Time, error) {
if r == nil {
return time.Time{}, errors.New(errors.KsiInvalidArgumentError)
}
if r.aggrTime == nil {
return time.Time{}, errors.New(errors.KsiInvalidStateError).AppendMessage("Inconsistent extending request.")
}
return time.Unix(int64(*r.aggrTime), 0), nil
}
// PublicationTime returns the time of the calendar root hash value to which the aggregation hash value should
// be connected by the calendar hash chain.
// If not present, 0 is returned (see time.(Time).IsZero()).
func (r *ExtReq) PublicationTime() (time.Time, error) {
if r == nil {
return time.Time{}, errors.New(errors.KsiInvalidArgumentError)
}
if r.pubTime == nil {
return time.Time{}, nil
}
return time.Unix(int64(*r.pubTime), 0), nil
}
// RequestID returns the request identifier.
func (r *ExtReq) RequestID() (uint64, error) {
if r == nil {
return 0, errors.New(errors.KsiInvalidArgumentError)
}
if r.id == nil {
return 0, nil
}
return *r.id, nil
}
// HMAC returns the request message authentication code, or nil if not present.
func (r *ExtenderReq) HMAC() (hash.Imprint, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
return *r.mac, nil
}
// Header returns the request message header, or nil if not present.
func (r *ExtenderReq) Header() (*Header, error) {
if r == nil {
return nil, errors.New(errors.KsiInvalidArgumentError)
}
return r.header, nil
}
// WithContext returns the original r with its context changed to ctx.
// In case of an error, nil is returned.
func (r *ExtenderReq) WithContext(ctx context.Context) *ExtenderReq {
if r == nil {
return nil
}
switch {
case ctx == nil:
r.ctx = context.Background()
default:
r.ctx = ctx
}
return r
}
// Context returns the request's context.
//
// The returned context is always non-nil, it defaults to the background context.
func (r *ExtenderReq) Context() context.Context {
if r.ctx != nil {
return r.ctx
}
return context.Background()
}