From e7233cf9906c06c2762610e07b8904032f10d0ad Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Tue, 15 Feb 2022 20:25:06 -0800 Subject: [PATCH 01/10] expose log level since logger is internal pkg --- examples/signer-server/signer-server.go | 1 + examples/verifier-parser/verifier-parser.go | 1 + examples/verifier-server/verifier-server.go | 1 + internal/server/server_reference_implementation.go | 1 + pkg/adscert/signatory/signatory_local_impl.go | 2 ++ 5 files changed, 6 insertions(+) diff --git a/examples/signer-server/signer-server.go b/examples/signer-server/signer-server.go index 8cfcf1c6..f82509ce 100644 --- a/examples/signer-server/signer-server.go +++ b/examples/signer-server/signer-server.go @@ -33,6 +33,7 @@ func main() { base64PrivateKeys := signatory.GenerateFakePrivateKeysForTesting(*origin) signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( + "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/examples/verifier-parser/verifier-parser.go b/examples/verifier-parser/verifier-parser.go index 30fa17f8..047d80fc 100644 --- a/examples/verifier-parser/verifier-parser.go +++ b/examples/verifier-parser/verifier-parser.go @@ -35,6 +35,7 @@ func main() { base64PrivateKeys := signatory.GenerateFakePrivateKeysForTesting(*origin) signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( + "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/examples/verifier-server/verifier-server.go b/examples/verifier-server/verifier-server.go index 4a654a0c..7525a1a4 100644 --- a/examples/verifier-server/verifier-server.go +++ b/examples/verifier-server/verifier-server.go @@ -44,6 +44,7 @@ func main() { } signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( + "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/internal/server/server_reference_implementation.go b/internal/server/server_reference_implementation.go index bdc93209..9518397c 100644 --- a/internal/server/server_reference_implementation.go +++ b/internal/server/server_reference_implementation.go @@ -22,6 +22,7 @@ import ( func SetUpAdsCertSignatoryServer(grpcServer *grpc.Server, adscertCallSign string, domainCheckInterval time.Duration, domainRenewalInterval time.Duration, privateKeys []string) { signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( + "info", adscertCallSign, crypto_rand.Reader, clock.New(), diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index da0733c9..30b3ad62 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -18,6 +18,7 @@ import ( ) func NewLocalAuthenticatedConnectionsSignatory( + logLevel string, originCallsign string, secureRandom io.Reader, clock clock.Clock, @@ -26,6 +27,7 @@ func NewLocalAuthenticatedConnectionsSignatory( domainCheckInterval time.Duration, domainRenewalInterval time.Duration, base64PrivateKeys []string) *LocalAuthenticatedConnectionsSignatory { + logger.SetLevel(logger.GetLevelFromString(logLevel)) return &LocalAuthenticatedConnectionsSignatory{ originCallsign: originCallsign, secureRandom: secureRandom, From f9514972c3959c47ee12cdfa3250e2fad20f4836 Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Tue, 15 Feb 2022 20:22:23 -0800 Subject: [PATCH 02/10] add multiple callsign domain support --- api/adscert.proto | 2 + cmd/server/main.go | 4 - examples/signer-client/signer-client.go | 4 + .../formats/adscert_connection_signature.go | 15 +- pkg/adscert/api/adscert.pb.go | 305 +++++++++--------- pkg/adscert/api/adscert_grpc.pb.go | 4 + pkg/adscert/discovery/domain_indexer_impl.go | 47 +-- pkg/adscert/discovery/internal_base_key.go | 23 +- pkg/adscert/signatory/signatory_local_impl.go | 15 +- 9 files changed, 233 insertions(+), 186 deletions(-) diff --git a/api/adscert.proto b/api/adscert.proto index b5217908..4efa5566 100644 --- a/api/adscert.proto +++ b/api/adscert.proto @@ -11,6 +11,8 @@ message RequestInfo { bytes url_hash = 2; bytes body_hash = 3; repeated SignatureInfo signature_info = 4; + // useful if 1 signatory is managing multiple origin domains such as in resellers case. + string origin_domain = 5; } // SignatureInfo captures the signature generated for the signing request. It diff --git a/cmd/server/main.go b/cmd/server/main.go index 34afe09d..e6c9e919 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -28,10 +28,6 @@ func main() { logger.SetLevel(parsedLogLevel) logger.Infof("Log Level: %s, parsed as iota %v", *logLevel, parsedLogLevel) - if *origin == "" { - logger.Fatalf("Origin ads.cert Call Sign domain name is required") - } - if *privateKey == "" { logger.Fatalf("Private key is required") } diff --git a/examples/signer-client/signer-client.go b/examples/signer-client/signer-client.go index f1dd2a29..a3641323 100644 --- a/examples/signer-client/signer-client.go +++ b/examples/signer-client/signer-client.go @@ -16,6 +16,7 @@ import ( var ( serverAddress = flag.String("server_address", "localhost:3000", "address of grpc server") + originDomain = flag.String("origin_domain", "", "Origin domain") destinationURL = flag.String("url", "https://google.com/gen_204", "URL to invoke") body = flag.String("body", "", "POST request body") signingTimeout = flag.Duration("signing_timeout", 5*time.Millisecond, "Specifies how long this client will wait for signing to finish before abandoning.") @@ -49,6 +50,9 @@ func main() { // destination URL and body, setting these value on the RequestInfo message. reqInfo := &api.RequestInfo{} signatory.SetRequestInfo(reqInfo, *destinationURL, []byte(*body)) + if originDomain != nil { + reqInfo.OriginDomain = *originDomain + } // Request the signature. logger.Infof("signing request for url: %v", *destinationURL) diff --git a/internal/formats/adscert_connection_signature.go b/internal/formats/adscert_connection_signature.go index 1085ce20..961e7ae2 100644 --- a/internal/formats/adscert_connection_signature.go +++ b/internal/formats/adscert_connection_signature.go @@ -132,22 +132,21 @@ func EncodeSignatureSuffix( } func NewAuthenticatedConnectionSignature(status AuthenticatedConnectionProtocolStatus, from string, invoking string) (*AuthenticatedConnectionSignature, error) { + s := &AuthenticatedConnectionSignature{} + s.status = status + s.from = from + s.invoking = invoking if status == StatusUnspecified { - return nil, ErrParamMissingStatus + return s, ErrParamMissingStatus } if from == "" { - return nil, ErrParamMissingFrom + return s, ErrParamMissingFrom } if invoking == "" { - return nil, ErrParamMissingInvoking + return s, ErrParamMissingInvoking } - s := &AuthenticatedConnectionSignature{} - s.status = status - s.from = from - s.invoking = invoking - return s, nil } diff --git a/pkg/adscert/api/adscert.pb.go b/pkg/adscert/api/adscert.pb.go index 75f3cf89..77dadfb5 100644 --- a/pkg/adscert/api/adscert.pb.go +++ b/pkg/adscert/api/adscert.pb.go @@ -208,6 +208,8 @@ type RequestInfo struct { UrlHash []byte `protobuf:"bytes,2,opt,name=url_hash,json=urlHash,proto3" json:"url_hash,omitempty"` BodyHash []byte `protobuf:"bytes,3,opt,name=body_hash,json=bodyHash,proto3" json:"body_hash,omitempty"` SignatureInfo []*SignatureInfo `protobuf:"bytes,4,rep,name=signature_info,json=signatureInfo,proto3" json:"signature_info,omitempty"` + // useful if 1 signatory is managing multiple origin domains such as in resellers case. + OriginDomain string `protobuf:"bytes,5,opt,name=origin_domain,json=originDomain,proto3" json:"origin_domain,omitempty"` } func (x *RequestInfo) Reset() { @@ -270,6 +272,13 @@ func (x *RequestInfo) GetSignatureInfo() []*SignatureInfo { return nil } +func (x *RequestInfo) GetOriginDomain() string { + if x != nil { + return x.OriginDomain + } + return "" +} + // SignatureInfo captures the signature generated for the signing request. It // also provides structured metadata about the signature operation, useful in // the integrating application for diagnostics. @@ -650,7 +659,7 @@ var File_api_adscert_proto protoreflect.FileDescriptor var file_api_adscert_proto_rawDesc = []byte{ 0x0a, 0x11, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x64, 0x73, 0x63, 0x65, 0x72, 0x74, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x61, 0x70, 0x69, 0x22, 0xa9, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x71, + 0x6f, 0x74, 0x6f, 0x12, 0x03, 0x61, 0x70, 0x69, 0x22, 0xce, 0x01, 0x0a, 0x0b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x6f, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6e, 0x76, 0x6f, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x6f, 0x6d, 0x61, 0x69, @@ -661,156 +670,158 @@ var file_api_adscert_proto_rawDesc = []byte{ 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, - 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xfc, 0x01, 0x0a, 0x0d, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x65, 0x73, 0x73, - 0x61, 0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x73, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x69, 0x67, - 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x66, 0x72, - 0x6f, 0x6d, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x66, 0x72, 0x6f, 0x6d, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x66, - 0x72, 0x6f, 0x6d, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x66, - 0x72, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x69, 0x6e, 0x76, 0x6f, 0x6b, 0x69, - 0x6e, 0x67, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0e, 0x69, 0x6e, 0x76, 0x6f, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, - 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x15, 0x0a, 0x06, - 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, - 0x4b, 0x65, 0x79, 0x22, 0x6d, 0x0a, 0x17, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x65, - 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x52, - 0x0a, 0x17, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x64, 0x65, 0x63, 0x6f, - 0x64, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0e, 0x32, - 0x1a, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x44, - 0x65, 0x63, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x15, 0x73, 0x69, 0x67, - 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x44, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x22, 0x92, 0x01, 0x0a, 0x27, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x33, - 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, - 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, - 0x70, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x22, 0xbc, 0x01, 0x0a, 0x28, 0x41, 0x75, 0x74, 0x68, + 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x23, 0x0a, 0x0d, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x64, + 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x6f, 0x72, 0x69, + 0x67, 0x69, 0x6e, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x22, 0xfc, 0x01, 0x0a, 0x0d, 0x53, 0x69, + 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x2b, 0x0a, 0x11, 0x73, + 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x69, 0x67, 0x6e, + 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, + 0x1f, 0x0a, 0x0b, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x66, 0x72, 0x6f, 0x6d, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, + 0x12, 0x19, 0x0a, 0x08, 0x66, 0x72, 0x6f, 0x6d, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x66, 0x72, 0x6f, 0x6d, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x69, + 0x6e, 0x76, 0x6f, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6e, 0x76, 0x6f, 0x6b, 0x69, 0x6e, 0x67, 0x44, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x1b, 0x0a, 0x09, 0x74, 0x6f, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x6f, 0x44, 0x6f, 0x6d, 0x61, 0x69, + 0x6e, 0x12, 0x15, 0x0a, 0x06, 0x74, 0x6f, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x74, 0x6f, 0x4b, 0x65, 0x79, 0x22, 0x6d, 0x0a, 0x17, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, + 0x6e, 0x66, 0x6f, 0x12, 0x52, 0x0a, 0x17, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, + 0x5f, 0x64, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x0e, 0x32, 0x1a, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, + 0x74, 0x75, 0x72, 0x65, 0x44, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x52, 0x15, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x44, 0x65, 0x63, 0x6f, 0x64, + 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x22, 0x92, 0x01, 0x0a, 0x27, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5b, 0x0a, 0x1a, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1d, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x53, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x18, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, - 0x72, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x33, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x6e, 0x66, - 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x72, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0x61, 0x0a, 0x2a, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, - 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x33, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, - 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xde, 0x01, 0x0a, 0x2b, 0x41, 0x75, - 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x64, 0x0a, 0x1d, 0x76, 0x65, 0x72, - 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x20, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, - 0x75, 0x73, 0x52, 0x1b, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, - 0x49, 0x0a, 0x11, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x61, 0x70, 0x69, - 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x10, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2a, 0xc9, 0x03, 0x0a, 0x15, 0x53, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x44, 0x65, 0x63, 0x6f, 0x64, 0x65, 0x53, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x12, 0x25, 0x0a, 0x21, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, - 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x2e, 0x0a, 0x2a, 0x53, - 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, - 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x42, 0x4f, 0x44, 0x59, 0x5f, 0x41, 0x4e, 0x44, 0x5f, - 0x55, 0x52, 0x4c, 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x01, 0x12, 0x26, 0x0a, 0x22, 0x53, - 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, - 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x42, 0x4f, 0x44, 0x59, 0x5f, 0x56, 0x41, 0x4c, 0x49, - 0x44, 0x10, 0x02, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, - 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x49, - 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, - 0x10, 0x03, 0x12, 0x31, 0x0a, 0x2d, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, - 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, - 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x50, 0x52, 0x45, 0x53, - 0x45, 0x4e, 0x54, 0x10, 0x04, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, - 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, - 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4d, 0x41, 0x4c, 0x46, 0x4f, - 0x52, 0x4d, 0x45, 0x44, 0x10, 0x05, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, - 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x55, 0x4e, 0x52, 0x45, 0x4c, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x53, 0x49, 0x47, 0x4e, - 0x41, 0x54, 0x55, 0x52, 0x45, 0x10, 0x06, 0x12, 0x35, 0x0a, 0x31, 0x53, 0x49, 0x47, 0x4e, 0x41, + 0x69, 0x6f, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x12, 0x33, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, + 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x14, 0x0a, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6e, 0x6f, 0x6e, 0x63, 0x65, 0x22, 0xbc, 0x01, 0x0a, + 0x28, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x5b, 0x0a, 0x1a, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1d, 0x2e, + 0x61, 0x70, 0x69, 0x2e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x70, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x18, 0x73, 0x69, + 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x33, 0x0a, 0x0c, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x0b, + 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0x61, 0x0a, 0x2a, 0x41, + 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, + 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x33, 0x0a, 0x0c, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x10, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, + 0x6f, 0x52, 0x0b, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x49, 0x6e, 0x66, 0x6f, 0x22, 0xde, + 0x01, 0x0a, 0x2b, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x64, + 0x0a, 0x1d, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, + 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x56, 0x65, 0x72, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x1b, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x12, 0x49, 0x0a, 0x11, 0x76, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x6e, 0x66, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x56, 0x65, 0x72, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x52, 0x10, 0x76, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x6e, 0x66, 0x6f, 0x2a, + 0xc9, 0x03, 0x0a, 0x15, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x44, 0x65, 0x63, + 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x25, 0x0a, 0x21, 0x53, 0x49, 0x47, + 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, + 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x2e, 0x0a, 0x2a, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, + 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x42, 0x4f, 0x44, 0x59, + 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x55, 0x52, 0x4c, 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x01, + 0x12, 0x26, 0x0a, 0x22, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, + 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x42, 0x4f, 0x44, 0x59, + 0x5f, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x02, 0x12, 0x2d, 0x0a, 0x29, 0x53, 0x49, 0x47, 0x4e, + 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x5f, 0x53, 0x49, 0x47, 0x4e, + 0x41, 0x54, 0x55, 0x52, 0x45, 0x10, 0x03, 0x12, 0x31, 0x0a, 0x2d, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, - 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x50, 0x41, 0x52, 0x54, 0x59, 0x5f, - 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x07, 0x12, 0x36, - 0x0a, 0x32, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, - 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4e, 0x4f, 0x5f, 0x53, 0x48, 0x41, - 0x52, 0x45, 0x44, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x5f, 0x41, 0x56, 0x41, 0x49, 0x4c, - 0x41, 0x42, 0x4c, 0x45, 0x10, 0x08, 0x2a, 0x88, 0x02, 0x0a, 0x18, 0x53, 0x69, 0x67, 0x6e, 0x61, - 0x74, 0x75, 0x72, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, - 0x74, 0x75, 0x73, 0x12, 0x28, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, - 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, - 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x21, 0x0a, - 0x1d, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, - 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4f, 0x4b, 0x10, 0x01, - 0x12, 0x34, 0x0a, 0x30, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, - 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, - 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x41, 0x43, 0x54, 0x49, 0x56, - 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x37, 0x0a, 0x33, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, - 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, - 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x49, - 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, - 0x30, 0x0a, 0x2c, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, - 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4d, 0x41, - 0x4c, 0x46, 0x4f, 0x52, 0x4d, 0x45, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, - 0x04, 0x2a, 0x9a, 0x02, 0x0a, 0x1b, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x12, 0x2b, 0x0a, 0x27, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, - 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x24, - 0x0a, 0x20, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, - 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, - 0x4f, 0x4b, 0x10, 0x01, 0x12, 0x37, 0x0a, 0x33, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, - 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, - 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, - 0x44, 0x45, 0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x3a, 0x0a, - 0x36, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, - 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, - 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, - 0x4c, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x33, 0x0a, 0x2f, 0x56, 0x45, 0x52, + 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4e, 0x4f, 0x54, + 0x5f, 0x50, 0x52, 0x45, 0x53, 0x45, 0x4e, 0x54, 0x10, 0x04, 0x12, 0x2f, 0x0a, 0x2b, 0x53, 0x49, + 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, + 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, + 0x4d, 0x41, 0x4c, 0x46, 0x4f, 0x52, 0x4d, 0x45, 0x44, 0x10, 0x05, 0x12, 0x2f, 0x0a, 0x2b, 0x53, + 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, + 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x52, 0x45, 0x4c, 0x41, 0x54, 0x45, 0x44, + 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x10, 0x06, 0x12, 0x35, 0x0a, 0x31, + 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, + 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x43, 0x4f, 0x55, 0x4e, 0x54, 0x45, 0x52, 0x50, + 0x41, 0x52, 0x54, 0x59, 0x5f, 0x4c, 0x4f, 0x4f, 0x4b, 0x55, 0x50, 0x5f, 0x45, 0x52, 0x52, 0x4f, + 0x52, 0x10, 0x07, 0x12, 0x36, 0x0a, 0x32, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, + 0x5f, 0x44, 0x45, 0x43, 0x4f, 0x44, 0x45, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4e, + 0x4f, 0x5f, 0x53, 0x48, 0x41, 0x52, 0x45, 0x44, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x5f, + 0x41, 0x56, 0x41, 0x49, 0x4c, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x08, 0x2a, 0x88, 0x02, 0x0a, 0x18, + 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x28, 0x0a, 0x24, 0x53, 0x49, 0x47, 0x4e, + 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, + 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, + 0x10, 0x00, 0x12, 0x21, 0x0a, 0x1d, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, + 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, + 0x5f, 0x4f, 0x4b, 0x10, 0x01, 0x12, 0x34, 0x0a, 0x30, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, + 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, + 0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x45, 0x44, 0x10, 0x02, 0x12, 0x37, 0x0a, 0x33, 0x53, + 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, + 0x4f, 0x52, 0x59, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x45, 0x52, 0x52, + 0x4f, 0x52, 0x10, 0x03, 0x12, 0x30, 0x0a, 0x2c, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x55, 0x52, + 0x45, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, + 0x55, 0x53, 0x5f, 0x4d, 0x41, 0x4c, 0x46, 0x4f, 0x52, 0x4d, 0x45, 0x44, 0x5f, 0x52, 0x45, 0x51, + 0x55, 0x45, 0x53, 0x54, 0x10, 0x04, 0x2a, 0x9a, 0x02, 0x0a, 0x1b, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x2b, 0x0a, 0x27, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, + 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x24, 0x0a, 0x20, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, + 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, + 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4f, 0x4b, 0x10, 0x01, 0x12, 0x37, 0x0a, 0x33, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, - 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x4d, 0x41, 0x4c, 0x46, 0x4f, - 0x52, 0x4d, 0x45, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x10, 0x04, 0x32, 0x97, - 0x02, 0x0a, 0x10, 0x41, 0x64, 0x73, 0x43, 0x65, 0x72, 0x74, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, - 0x6f, 0x72, 0x79, 0x12, 0x7c, 0x0a, 0x1b, 0x53, 0x69, 0x67, 0x6e, 0x41, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x2c, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x1a, 0x2d, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x69, - 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, - 0x00, 0x12, 0x84, 0x01, 0x0a, 0x1d, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x41, 0x75, 0x74, 0x68, + 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, + 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x41, 0x43, 0x54, 0x49, 0x56, 0x41, 0x54, 0x45, 0x44, + 0x10, 0x02, 0x12, 0x3a, 0x0a, 0x36, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x4f, 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, + 0x54, 0x55, 0x53, 0x5f, 0x53, 0x49, 0x47, 0x4e, 0x41, 0x54, 0x4f, 0x52, 0x59, 0x5f, 0x49, 0x4e, + 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x5f, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, 0x33, + 0x0a, 0x2f, 0x56, 0x45, 0x52, 0x49, 0x46, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4f, + 0x50, 0x45, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x53, 0x54, 0x41, 0x54, 0x55, 0x53, 0x5f, + 0x4d, 0x41, 0x4c, 0x46, 0x4f, 0x52, 0x4d, 0x45, 0x44, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, + 0x54, 0x10, 0x04, 0x32, 0x97, 0x02, 0x0a, 0x10, 0x41, 0x64, 0x73, 0x43, 0x65, 0x72, 0x74, 0x53, + 0x69, 0x67, 0x6e, 0x61, 0x74, 0x6f, 0x72, 0x79, 0x12, 0x7c, 0x0a, 0x1b, 0x53, 0x69, 0x67, 0x6e, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2c, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, + 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2d, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, - 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x2f, 0x5a, 0x2d, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x49, 0x41, 0x42, 0x54, 0x65, 0x63, 0x68, 0x4c, 0x61, - 0x62, 0x2f, 0x61, 0x64, 0x73, 0x63, 0x65, 0x72, 0x74, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x64, - 0x73, 0x63, 0x65, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x69, 0x6f, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x12, 0x84, 0x01, 0x0a, 0x1d, 0x56, 0x65, 0x72, 0x69, 0x66, + 0x79, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2f, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x41, + 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, 0x6e, + 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x30, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x43, 0x6f, 0x6e, + 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x2f, 0x5a, + 0x2d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x49, 0x41, 0x42, 0x54, + 0x65, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x2f, 0x61, 0x64, 0x73, 0x63, 0x65, 0x72, 0x74, 0x2f, 0x70, + 0x6b, 0x67, 0x2f, 0x61, 0x64, 0x73, 0x63, 0x65, 0x72, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x62, 0x06, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/adscert/api/adscert_grpc.pb.go b/pkg/adscert/api/adscert_grpc.pb.go index 4fd0e305..d8f5d9f2 100644 --- a/pkg/adscert/api/adscert_grpc.pb.go +++ b/pkg/adscert/api/adscert_grpc.pb.go @@ -1,4 +1,8 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.1.0 +// - protoc v3.17.3 +// source: api/adscert.proto package api diff --git a/pkg/adscert/discovery/domain_indexer_impl.go b/pkg/adscert/discovery/domain_indexer_impl.go index 61b34449..b42f111f 100644 --- a/pkg/adscert/discovery/domain_indexer_impl.go +++ b/pkg/adscert/discovery/domain_indexer_impl.go @@ -31,6 +31,7 @@ func NewDefaultDomainIndexer(dnsResolver DNSResolver, domainStore DomainStore, d domainRenewalInterval: domainRenewalInterval, dnsResolver: dnsResolver, domainStore: domainStore, + currentPrivateKey: make(map[string]keyAlias), } myPrivateKeys, err := privateKeysToKeyMap(base64PrivateKeys) @@ -39,12 +40,14 @@ func NewDefaultDomainIndexer(dnsResolver DNSResolver, domainStore DomainStore, d } di.myPrivateKeys = myPrivateKeys - for _, privateKey := range di.myPrivateKeys { - // since iterating over a map is non-deterministic, we can make sure to set the key - // either if it is not already set or it is alphabetically less than current key at the index when - // iterating over the private keys map. - if di.currentPrivateKey == "" || di.currentPrivateKey < privateKey.alias { - di.currentPrivateKey = privateKey.alias + for originCallsign := range di.myPrivateKeys { + for _, privateKey := range di.myPrivateKeys[originCallsign] { + // since iterating over a map is non-deterministic, we can make sure to set the key + // either if it is not already set or it is alphabetically less than current key at the index when + // iterating over the private keys map. + if di.currentPrivateKey[originCallsign] == "" || di.currentPrivateKey[originCallsign] < privateKey.alias { + di.currentPrivateKey[originCallsign] = privateKey.alias + } } } @@ -62,8 +65,8 @@ type defaultDomainIndexer struct { lastRun time.Time lastRunLock sync.RWMutex - myPrivateKeys keyMap - currentPrivateKey keyAlias + myPrivateKeys map[string]keyMap + currentPrivateKey map[string]keyAlias dnsResolver DNSResolver domainStore DomainStore @@ -227,21 +230,27 @@ func (di *defaultDomainIndexer) checkDomainForKeyRecords(ctx context.Context, cu } // create shared secrets for each private key + public key combination - for _, myKey := range di.myPrivateKeys { - for _, theirKey := range currentDomainInfo.allPublicKeys { - keyPairAlias := newKeyPairAlias(myKey.alias, theirKey.alias) - if currentDomainInfo.allSharedSecrets[keyPairAlias] == nil { - currentDomainInfo.allSharedSecrets[keyPairAlias], err = calculateSharedSecret(myKey, theirKey) - if err != nil { - logger.Warningf("error calculating shared secret for record %s: %v", currentDomainInfo.Domain, err) - currentDomainInfo.domainStatus = DomainStatusErrorOnSharedSecretCalculation + for originCallsign := range di.myPrivateKeys { + if originCallsign != currentDomainInfo.Domain { + continue + } + + for _, myKey := range di.myPrivateKeys[originCallsign] { + for _, theirKey := range currentDomainInfo.allPublicKeys { + keyPairAlias := newKeyPairAlias(myKey.alias, theirKey.alias) + if currentDomainInfo.allSharedSecrets[keyPairAlias] == nil { + currentDomainInfo.allSharedSecrets[keyPairAlias], err = calculateSharedSecret(myKey, theirKey) + if err != nil { + logger.Warningf("error calculating shared secret for record %s: %v", currentDomainInfo.Domain, err) + currentDomainInfo.domainStatus = DomainStatusErrorOnSharedSecretCalculation + } } } } - } - currentDomainInfo.currentSharedSecretId = newKeyPairAlias(di.currentPrivateKey, currentDomainInfo.currentPublicKeyId) - currentDomainInfo.lastUpdateTime = time.Now() + currentDomainInfo.currentSharedSecretId = newKeyPairAlias(di.currentPrivateKey[originCallsign], currentDomainInfo.currentPublicKeyId) + currentDomainInfo.lastUpdateTime = time.Now() + } } func parsePolicyRecords(baseSubdomain string, baseSubdomainRecords []string) (foundDomains []string, parseError bool) { diff --git a/pkg/adscert/discovery/internal_base_key.go b/pkg/adscert/discovery/internal_base_key.go index f7a65007..a232d29c 100644 --- a/pkg/adscert/discovery/internal_base_key.go +++ b/pkg/adscert/discovery/internal_base_key.go @@ -1,7 +1,9 @@ package discovery import ( + "errors" "fmt" + "strings" "github.com/IABTechLab/adscert/internal/formats" "github.com/IABTechLab/adscert/pkg/adscert/logger" @@ -76,11 +78,14 @@ func calculateSharedSecret(originPrivateKey *x25519Key, remotePublicKey *x25519K return result, err } -func privateKeysToKeyMap(privateKeys []string) (keyMap, error) { - result := keyMap{} - +func privateKeysToKeyMap(privateKeys []string) (map[string]keyMap, error) { + results := map[string]keyMap{} for _, privateKeyBase64 := range privateKeys { - privateKey, err := parseKeyFromString(privateKeyBase64) + sp := strings.SplitN(privateKeyBase64, "|", 2) + if len(sp) < 2 { + return nil, errors.New("missing origin callsign") + } + privateKey, err := parseKeyFromString(sp[1]) if err != nil { return nil, err } @@ -90,10 +95,16 @@ func privateKeysToKeyMap(privateKeys []string) (keyMap, error) { keyAlias := keyAlias(formats.ExtractKeyAliasFromPublicKeyBase64(formats.EncodeKeyBase64(publicBytes[:]))) privateKey.alias = keyAlias - result[keyAlias] = privateKey + + km := results[sp[0]] + if km == nil { + km = keyMap{} + } + km[keyAlias] = privateKey + results[sp[0]] = km } - return result, nil + return results, nil } func parseKeyFromString(base64EncodedKey string) (*x25519Key, error) { diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index 30b3ad62..6d34d06d 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -28,6 +28,11 @@ func NewLocalAuthenticatedConnectionsSignatory( domainRenewalInterval time.Duration, base64PrivateKeys []string) *LocalAuthenticatedConnectionsSignatory { logger.SetLevel(logger.GetLevelFromString(logLevel)) + if originCallsign != "" { + for i := range base64PrivateKeys { + base64PrivateKeys[i] = originCallsign + "|" + base64PrivateKeys[i] + } + } return &LocalAuthenticatedConnectionsSignatory{ originCallsign: originCallsign, secureRandom: secureRandom, @@ -93,9 +98,15 @@ func (s *LocalAuthenticatedConnectionsSignatory) SignAuthenticatedConnection(req } func (s *LocalAuthenticatedConnectionsSignatory) signSingleMessage(request *api.AuthenticatedConnectionSignatureRequest, domainInfo discovery.DomainInfo) (*api.SignatureInfo, error) { - sigInfo := &api.SignatureInfo{} - acs, err := formats.NewAuthenticatedConnectionSignature(formats.StatusOK, s.originCallsign, request.RequestInfo.InvokingDomain) + + var originCallsign string + if request.RequestInfo.OriginDomain != "" { + originCallsign = request.RequestInfo.OriginDomain + } else { + originCallsign = s.originCallsign + } + acs, err := formats.NewAuthenticatedConnectionSignature(formats.StatusOK, originCallsign, request.RequestInfo.InvokingDomain) if err != nil { acs.SetStatus(formats.StatusErrorOnSignature) setSignatureInfoFromAuthenticatedConnection(sigInfo, acs) From 33df0e3bbe8c1e4d354efb2c11c9c03c14cc5f72 Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Tue, 15 Feb 2022 20:31:37 -0800 Subject: [PATCH 03/10] fix nil acs on failed instance creation --- pkg/adscert/signatory/signatory_local_impl.go | 2 -- 1 file changed, 2 deletions(-) diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index da0733c9..b7c4711f 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -95,8 +95,6 @@ func (s *LocalAuthenticatedConnectionsSignatory) signSingleMessage(request *api. sigInfo := &api.SignatureInfo{} acs, err := formats.NewAuthenticatedConnectionSignature(formats.StatusOK, s.originCallsign, request.RequestInfo.InvokingDomain) if err != nil { - acs.SetStatus(formats.StatusErrorOnSignature) - setSignatureInfoFromAuthenticatedConnection(sigInfo, acs) return sigInfo, fmt.Errorf("error constructing authenticated connection signature format: %v", err) } From d5e9a8f6e4629c5d1b82ee5d12e5c55f9cc12392 Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Wed, 16 Feb 2022 10:10:52 -0800 Subject: [PATCH 04/10] revert --- internal/formats/adscert_connection_signature.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/internal/formats/adscert_connection_signature.go b/internal/formats/adscert_connection_signature.go index 961e7ae2..1085ce20 100644 --- a/internal/formats/adscert_connection_signature.go +++ b/internal/formats/adscert_connection_signature.go @@ -132,21 +132,22 @@ func EncodeSignatureSuffix( } func NewAuthenticatedConnectionSignature(status AuthenticatedConnectionProtocolStatus, from string, invoking string) (*AuthenticatedConnectionSignature, error) { - s := &AuthenticatedConnectionSignature{} - s.status = status - s.from = from - s.invoking = invoking if status == StatusUnspecified { - return s, ErrParamMissingStatus + return nil, ErrParamMissingStatus } if from == "" { - return s, ErrParamMissingFrom + return nil, ErrParamMissingFrom } if invoking == "" { - return s, ErrParamMissingInvoking + return nil, ErrParamMissingInvoking } + s := &AuthenticatedConnectionSignature{} + s.status = status + s.from = from + s.invoking = invoking + return s, nil } From dc3d2cb80aed12d1e12e1773857a640176637c9c Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Wed, 16 Feb 2022 13:09:54 -0800 Subject: [PATCH 05/10] return acs on error --- internal/formats/adscert_connection_signature.go | 16 ++++++++-------- pkg/adscert/signatory/signatory_local_impl.go | 2 ++ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/internal/formats/adscert_connection_signature.go b/internal/formats/adscert_connection_signature.go index 1085ce20..c88cfa93 100644 --- a/internal/formats/adscert_connection_signature.go +++ b/internal/formats/adscert_connection_signature.go @@ -133,21 +133,21 @@ func EncodeSignatureSuffix( func NewAuthenticatedConnectionSignature(status AuthenticatedConnectionProtocolStatus, from string, invoking string) (*AuthenticatedConnectionSignature, error) { + s := &AuthenticatedConnectionSignature{} + s.status = status + s.from = from + s.invoking = invoking + if status == StatusUnspecified { - return nil, ErrParamMissingStatus + return s, ErrParamMissingStatus } if from == "" { - return nil, ErrParamMissingFrom + return s, ErrParamMissingFrom } if invoking == "" { - return nil, ErrParamMissingInvoking + return s, ErrParamMissingInvoking } - s := &AuthenticatedConnectionSignature{} - s.status = status - s.from = from - s.invoking = invoking - return s, nil } diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index b7c4711f..da0733c9 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -95,6 +95,8 @@ func (s *LocalAuthenticatedConnectionsSignatory) signSingleMessage(request *api. sigInfo := &api.SignatureInfo{} acs, err := formats.NewAuthenticatedConnectionSignature(formats.StatusOK, s.originCallsign, request.RequestInfo.InvokingDomain) if err != nil { + acs.SetStatus(formats.StatusErrorOnSignature) + setSignatureInfoFromAuthenticatedConnection(sigInfo, acs) return sigInfo, fmt.Errorf("error constructing authenticated connection signature format: %v", err) } From c6ac516c27e588cdf6b6db4e2f0e75efcd799ead Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Wed, 16 Feb 2022 13:50:26 -0800 Subject: [PATCH 06/10] revert the logger --- examples/signer-server/signer-server.go | 1 - examples/verifier-parser/verifier-parser.go | 1 - examples/verifier-server/verifier-server.go | 1 - internal/server/server_reference_implementation.go | 1 - pkg/adscert/signatory/signatory_local_impl.go | 2 -- 5 files changed, 6 deletions(-) diff --git a/examples/signer-server/signer-server.go b/examples/signer-server/signer-server.go index f82509ce..8cfcf1c6 100644 --- a/examples/signer-server/signer-server.go +++ b/examples/signer-server/signer-server.go @@ -33,7 +33,6 @@ func main() { base64PrivateKeys := signatory.GenerateFakePrivateKeysForTesting(*origin) signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( - "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/examples/verifier-parser/verifier-parser.go b/examples/verifier-parser/verifier-parser.go index 047d80fc..30fa17f8 100644 --- a/examples/verifier-parser/verifier-parser.go +++ b/examples/verifier-parser/verifier-parser.go @@ -35,7 +35,6 @@ func main() { base64PrivateKeys := signatory.GenerateFakePrivateKeysForTesting(*origin) signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( - "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/examples/verifier-server/verifier-server.go b/examples/verifier-server/verifier-server.go index 7525a1a4..4a654a0c 100644 --- a/examples/verifier-server/verifier-server.go +++ b/examples/verifier-server/verifier-server.go @@ -44,7 +44,6 @@ func main() { } signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( - "info", *origin, crypto_rand.Reader, clock.New(), diff --git a/internal/server/server_reference_implementation.go b/internal/server/server_reference_implementation.go index 9518397c..bdc93209 100644 --- a/internal/server/server_reference_implementation.go +++ b/internal/server/server_reference_implementation.go @@ -22,7 +22,6 @@ import ( func SetUpAdsCertSignatoryServer(grpcServer *grpc.Server, adscertCallSign string, domainCheckInterval time.Duration, domainRenewalInterval time.Duration, privateKeys []string) { signatoryApi := signatory.NewLocalAuthenticatedConnectionsSignatory( - "info", adscertCallSign, crypto_rand.Reader, clock.New(), diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index 91e9285b..98e08efd 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -18,7 +18,6 @@ import ( ) func NewLocalAuthenticatedConnectionsSignatory( - logLevel string, originCallsign string, secureRandom io.Reader, clock clock.Clock, @@ -27,7 +26,6 @@ func NewLocalAuthenticatedConnectionsSignatory( domainCheckInterval time.Duration, domainRenewalInterval time.Duration, base64PrivateKeys []string) *LocalAuthenticatedConnectionsSignatory { - logger.SetLevel(logger.GetLevelFromString(logLevel)) if originCallsign != "" { for i := range base64PrivateKeys { base64PrivateKeys[i] = originCallsign + "|" + base64PrivateKeys[i] From e1800f82dcbe190220f7df37b9dc5cc2e38fde3e Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Wed, 16 Feb 2022 14:02:28 -0800 Subject: [PATCH 07/10] fix tests --- .../formats/adscert_connection_signature_test.go | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/internal/formats/adscert_connection_signature_test.go b/internal/formats/adscert_connection_signature_test.go index d682f572..5104d5d1 100644 --- a/internal/formats/adscert_connection_signature_test.go +++ b/internal/formats/adscert_connection_signature_test.go @@ -29,7 +29,6 @@ func TestNewAuthenticatedConnectionSignature(t *testing.T) { nonce string wantNewACSErr error - wantNilACS bool wantAddParamsForSignatureErr error wantUnsignedBaseMessage string wantUnsignedExtendedMessage string @@ -58,7 +57,6 @@ func TestNewAuthenticatedConnectionSignature(t *testing.T) { invoking: "invoking.com", wantNewACSErr: formats.ErrParamMissingStatus, - wantNilACS: true, }, { desc: "check ErrParamMissingFrom", @@ -67,7 +65,6 @@ func TestNewAuthenticatedConnectionSignature(t *testing.T) { invoking: "invoking.com", wantNewACSErr: formats.ErrParamMissingFrom, - wantNilACS: true, }, { desc: "check ErrParamMissingInvoking", @@ -76,7 +73,6 @@ func TestNewAuthenticatedConnectionSignature(t *testing.T) { invoking: "", wantNewACSErr: formats.ErrParamMissingInvoking, - wantNilACS: true, }, { @@ -167,12 +163,12 @@ func TestNewAuthenticatedConnectionSignature(t *testing.T) { t.Errorf("NewAuthenticatedConnectionSignature() %s error check: got %v, want %v", tC.desc, gotErr, tC.wantNewACSErr) } - gotNilACS := (acs == nil) - if tC.wantNilACS != gotNilACS { - t.Fatalf("NewAuthenticatedConnectionSignature() %s nil check: got (acs == nil) %v, want %v", tC.desc, gotNilACS, tC.wantNilACS) + if acs == nil { + t.Fatalf("NewAuthenticatedConnectionSignature() %s nil check: got (acs == nil), should not be nil", tC.desc) } - if gotNilACS { + // skip rest of tests if an error was returned + if gotErr != nil { return } From a7616798946819814b44e7dc58f50084690ec864 Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Mon, 28 Feb 2022 21:11:39 -0800 Subject: [PATCH 08/10] log origin callsigns --- internal/server/server_reference_implementation.go | 2 ++ pkg/adscert/discovery/domain_indexer_api.go | 1 + pkg/adscert/discovery/domain_indexer_impl.go | 8 ++++++++ 3 files changed, 11 insertions(+) diff --git a/internal/server/server_reference_implementation.go b/internal/server/server_reference_implementation.go index bdc93209..4a17b5fe 100644 --- a/internal/server/server_reference_implementation.go +++ b/internal/server/server_reference_implementation.go @@ -31,6 +31,8 @@ func SetUpAdsCertSignatoryServer(grpcServer *grpc.Server, adscertCallSign string domainRenewalInterval, privateKeys) + logger.Debugf("Origin ads.cert Call Sign domains: %v", strings.Join(signatoryApi.GetOriginCallsigns(), ",")) + handler := &server.AdsCertSignatoryServer{ SignatoryAPI: signatoryApi, } diff --git a/pkg/adscert/discovery/domain_indexer_api.go b/pkg/adscert/discovery/domain_indexer_api.go index 59c2864f..0573e8c5 100644 --- a/pkg/adscert/discovery/domain_indexer_api.go +++ b/pkg/adscert/discovery/domain_indexer_api.go @@ -5,4 +5,5 @@ import "time" type DomainIndexer interface { LookupIdentitiesForDomain(domain string) ([]DomainInfo, error) GetLastRun() time.Time + GetOriginCallsigns() []string } diff --git a/pkg/adscert/discovery/domain_indexer_impl.go b/pkg/adscert/discovery/domain_indexer_impl.go index b42f111f..a749bc29 100644 --- a/pkg/adscert/discovery/domain_indexer_impl.go +++ b/pkg/adscert/discovery/domain_indexer_impl.go @@ -72,6 +72,14 @@ type defaultDomainIndexer struct { domainStore DomainStore } +func (di *defaultDomainIndexer) GetOriginCallsigns() []string { + var originCallsigns []string + for oc := range di.myPrivateKeys { + originCallsigns = append(originCallsigns, oc) + } + return originCallsigns +} + func (di *defaultDomainIndexer) GetLastRun() time.Time { di.lastRunLock.RLock() t := di.lastRun From 0efe7d9019c28b7a01147346144449e606612e0f Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Mon, 28 Feb 2022 21:12:03 -0800 Subject: [PATCH 09/10] parse multiple private key flags --- cmd/server/main.go | 30 ++++++++++++++++--- .../server/server_reference_implementation.go | 2 ++ pkg/adscert/discovery/internal_base_key.go | 2 +- pkg/adscert/signatory/signatory_local_impl.go | 23 ++++++++++++-- 4 files changed, 50 insertions(+), 7 deletions(-) diff --git a/cmd/server/main.go b/cmd/server/main.go index e6c9e919..b449994e 100644 --- a/cmd/server/main.go +++ b/cmd/server/main.go @@ -2,6 +2,7 @@ package main import ( "flag" + "strings" "time" "github.com/IABTechLab/adscert/internal/server" @@ -17,10 +18,32 @@ var ( origin = flag.String("origin", utils.GetEnvVarString("ORIGIN", ""), "ads.cert Call Sign domain name for this party's Signatory service deployment") domainCheckInterval = flag.Duration("domain_check_interval", time.Duration(utils.GetEnvVarInt("DOMAIN_CHECK_INTERVAL", 30))*time.Second, "interval for checking domain records") domainRenewalInterval = flag.Duration("domain_renewal_interval", time.Duration(utils.GetEnvVarInt("DOMAIN_RENEWAL_INTERVAL", 300))*time.Second, "interval before considering domain records for renewal") - privateKey = flag.String("private_key", utils.GetEnvVarString("PRIVATE_KEY", ""), "base-64 encoded private key") ) +type privateKeyFlags []string + +func (i *privateKeyFlags) String() string { + return strings.Join(*i, ",") +} + +func (i *privateKeyFlags) Set(value string) error { + if value != "" { + for _, v := range strings.Split(value, ",") { + *i = append(*i, v) + } + } + return nil +} + func main() { + var privateKeys privateKeyFlags + flag.Var(&privateKeys, "private_key", "base-64 encoded private key") + + if value := utils.GetEnvVarString("PRIVATE_KEY", ""); value != "" { + for _, k := range strings.Split(value, ",") { + privateKeys = append(privateKeys, k) + } + } flag.Parse() @@ -28,7 +51,7 @@ func main() { logger.SetLevel(parsedLogLevel) logger.Infof("Log Level: %s, parsed as iota %v", *logLevel, parsedLogLevel) - if *privateKey == "" { + if len(privateKeys) == 0 { logger.Fatalf("Private key is required") } @@ -41,11 +64,10 @@ func main() { }() logger.Infof("Starting AdsCert API server") - logger.Infof("Origin ads.cert Call Sign domain: %v", *origin) logger.Infof("Port: %v", *serverPort) grpcServer := grpc.NewServer() - server.SetUpAdsCertSignatoryServer(grpcServer, *origin, *domainCheckInterval, *domainRenewalInterval, []string{*privateKey}) + server.SetUpAdsCertSignatoryServer(grpcServer, *origin, *domainCheckInterval, *domainRenewalInterval, privateKeys) if err := server.StartServingRequests(grpcServer, *serverPort); err != nil { logger.Fatalf("gRPC server failure: %v", err) } diff --git a/internal/server/server_reference_implementation.go b/internal/server/server_reference_implementation.go index 4a17b5fe..c79810bd 100644 --- a/internal/server/server_reference_implementation.go +++ b/internal/server/server_reference_implementation.go @@ -6,10 +6,12 @@ import ( "fmt" "net" "net/http" + "strings" "time" "github.com/IABTechLab/adscert/pkg/adscert/api" "github.com/IABTechLab/adscert/pkg/adscert/discovery" + "github.com/IABTechLab/adscert/pkg/adscert/logger" "github.com/IABTechLab/adscert/pkg/adscert/metrics" "github.com/IABTechLab/adscert/pkg/adscert/server" "github.com/IABTechLab/adscert/pkg/adscert/signatory" diff --git a/pkg/adscert/discovery/internal_base_key.go b/pkg/adscert/discovery/internal_base_key.go index a232d29c..ff1b0b5d 100644 --- a/pkg/adscert/discovery/internal_base_key.go +++ b/pkg/adscert/discovery/internal_base_key.go @@ -81,7 +81,7 @@ func calculateSharedSecret(originPrivateKey *x25519Key, remotePublicKey *x25519K func privateKeysToKeyMap(privateKeys []string) (map[string]keyMap, error) { results := map[string]keyMap{} for _, privateKeyBase64 := range privateKeys { - sp := strings.SplitN(privateKeyBase64, "|", 2) + sp := strings.SplitN(privateKeyBase64, "=", 2) if len(sp) < 2 { return nil, errors.New("missing origin callsign") } diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index de2cf810..a91c03c3 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -6,6 +6,7 @@ import ( "errors" "fmt" "io" + "strings" "time" "github.com/IABTechLab/adscert/internal/adscerterrors" @@ -28,17 +29,31 @@ func NewLocalAuthenticatedConnectionsSignatory( base64PrivateKeys []string) *LocalAuthenticatedConnectionsSignatory { if originCallsign != "" { for i := range base64PrivateKeys { - base64PrivateKeys[i] = originCallsign + "|" + base64PrivateKeys[i] + if !strings.Contains(strings.TrimRight(base64PrivateKeys[i], "="), "=") { + base64PrivateKeys[i] = originCallsign + "=" + base64PrivateKeys[i] + } } } return &LocalAuthenticatedConnectionsSignatory{ originCallsign: originCallsign, secureRandom: secureRandom, clock: clock, - counterpartyManager: discovery.NewDefaultDomainIndexer(dnsResolver, domainStore, domainCheckInterval, domainRenewalInterval, base64PrivateKeys), + counterpartyManager: discovery.NewDefaultDomainIndexer(dnsResolver, domainStore, domainCheckInterval, domainRenewalInterval, dedupKeys(base64PrivateKeys)), } } +func dedupKeys(privateKeys []string) []string { + m := make(map[string]bool) + for _, k := range privateKeys { + m[k] = true + } + var dedup []string + for k := range m { + dedup = append(dedup, k) + } + return dedup +} + type LocalAuthenticatedConnectionsSignatory struct { originCallsign string secureRandom io.Reader @@ -237,3 +252,7 @@ func (s *LocalAuthenticatedConnectionsSignatory) generateNonce() (string, error) } return formats.B64truncate(nonce[:], 12), nil } + +func (s *LocalAuthenticatedConnectionsSignatory) GetOriginCallsigns() []string { + return s.counterpartyManager.GetOriginCallsigns() +} From 3fad64dbc8e10927645ef7c5ab56aff7f044e1c0 Mon Sep 17 00:00:00 2001 From: bretkikehara Date: Mon, 28 Feb 2022 23:19:26 -0800 Subject: [PATCH 10/10] fix the reseller signing --- pkg/adscert/discovery/domain_indexer_impl.go | 11 +++-------- pkg/adscert/discovery/domain_info.go | 6 +++--- pkg/adscert/signatory/signatory_local_impl.go | 12 ++++++------ 3 files changed, 12 insertions(+), 17 deletions(-) diff --git a/pkg/adscert/discovery/domain_indexer_impl.go b/pkg/adscert/discovery/domain_indexer_impl.go index a749bc29..3090ba86 100644 --- a/pkg/adscert/discovery/domain_indexer_impl.go +++ b/pkg/adscert/discovery/domain_indexer_impl.go @@ -239,10 +239,6 @@ func (di *defaultDomainIndexer) checkDomainForKeyRecords(ctx context.Context, cu // create shared secrets for each private key + public key combination for originCallsign := range di.myPrivateKeys { - if originCallsign != currentDomainInfo.Domain { - continue - } - for _, myKey := range di.myPrivateKeys[originCallsign] { for _, theirKey := range currentDomainInfo.allPublicKeys { keyPairAlias := newKeyPairAlias(myKey.alias, theirKey.alias) @@ -255,10 +251,9 @@ func (di *defaultDomainIndexer) checkDomainForKeyRecords(ctx context.Context, cu } } } - - currentDomainInfo.currentSharedSecretId = newKeyPairAlias(di.currentPrivateKey[originCallsign], currentDomainInfo.currentPublicKeyId) - currentDomainInfo.lastUpdateTime = time.Now() + currentDomainInfo.currentSharedSecretId[originCallsign] = newKeyPairAlias(di.currentPrivateKey[originCallsign], currentDomainInfo.currentPublicKeyId) } + currentDomainInfo.lastUpdateTime = time.Now() } func parsePolicyRecords(baseSubdomain string, baseSubdomainRecords []string) (foundDomains []string, parseError bool) { @@ -329,7 +324,7 @@ func initializeDomainInfo(domain string) DomainInfo { Domain: domain, IdentityDomains: []string{}, currentPublicKeyId: "", - currentSharedSecretId: keyPairAlias{}, + currentSharedSecretId: map[string]keyPairAlias{}, allPublicKeys: map[keyAlias]*x25519Key{}, allSharedSecrets: keyPairMap{}, domainStatus: DomainStatusNotYetChecked, diff --git a/pkg/adscert/discovery/domain_info.go b/pkg/adscert/discovery/domain_info.go index dc791fa9..1f1ec93a 100644 --- a/pkg/adscert/discovery/domain_info.go +++ b/pkg/adscert/discovery/domain_info.go @@ -8,7 +8,7 @@ type DomainInfo struct { Domain string // root domain for this record, can be invoking or identity domain IdentityDomains []string // used to map from invoking domain to parent identity domains currentPublicKeyId keyAlias - currentSharedSecretId keyPairAlias + currentSharedSecretId map[string]keyPairAlias allPublicKeys keyMap allSharedSecrets keyPairMap @@ -30,7 +30,7 @@ func (c *DomainInfo) GetStatus() DomainStatus { return c.domainStatus } -func (c *DomainInfo) GetSharedSecret() (SharedSecret, bool) { - sharedSecret, ok := c.allSharedSecrets[c.currentSharedSecretId] +func (c *DomainInfo) GetSharedSecret(originDomain string) (SharedSecret, bool) { + sharedSecret, ok := c.allSharedSecrets[c.currentSharedSecretId[originDomain]] return sharedSecret, ok } diff --git a/pkg/adscert/signatory/signatory_local_impl.go b/pkg/adscert/signatory/signatory_local_impl.go index a91c03c3..0ccb1c4c 100644 --- a/pkg/adscert/signatory/signatory_local_impl.go +++ b/pkg/adscert/signatory/signatory_local_impl.go @@ -132,7 +132,7 @@ func (s *LocalAuthenticatedConnectionsSignatory) signSingleMessage(request *api. return sigInfo, fmt.Errorf("domain info is not available: %v", err) } - sharedSecret, hasSecret := domainInfo.GetSharedSecret() + sharedSecret, hasSecret := domainInfo.GetSharedSecret(originCallsign) if hasSecret { err = acs.AddParametersForSignature(sharedSecret.LocalKeyID(), domainInfo.GetAdsCertIdentityDomain(), sharedSecret.RemoteKeyID(), request.Timestamp, request.Nonce) if err != nil { @@ -150,7 +150,7 @@ func (s *LocalAuthenticatedConnectionsSignatory) signSingleMessage(request *api. acs.SetStatus(formats.StatusOK) setSignatureInfoFromAuthenticatedConnection(sigInfo, acs) message := acs.EncodeMessage() - bodyHMAC, urlHMAC := generateSignatures(domainInfo, []byte(message), request.RequestInfo.BodyHash[:], request.RequestInfo.UrlHash[:]) + bodyHMAC, urlHMAC := generateSignatures(originCallsign, domainInfo, []byte(message), request.RequestInfo.BodyHash[:], request.RequestInfo.UrlHash[:]) sigInfo.SignatureMessage = message + formats.EncodeSignatureSuffix(bodyHMAC, urlHMAC) return sigInfo, nil @@ -201,13 +201,13 @@ func (s *LocalAuthenticatedConnectionsSignatory) checkSingleSignature(requestInf } for _, domainInfo := range domainInfos { - if _, hasSecret := domainInfo.GetSharedSecret(); !hasSecret { + if _, hasSecret := domainInfo.GetSharedSecret(requestInfo.OriginDomain); !hasSecret { logger.Infof("no shared secret") metrics.RecordVerify(adscerterrors.ErrVerifyMissingSharedSecret) return api.SignatureDecodeStatus_SIGNATURE_DECODE_STATUS_NO_SHARED_SECRET_AVAILABLE } - bodyHMAC, urlHMAC := generateSignatures(domainInfo, []byte(acs.EncodeMessage()), requestInfo.BodyHash[:], requestInfo.UrlHash[:]) + bodyHMAC, urlHMAC := generateSignatures(requestInfo.OriginDomain, domainInfo, []byte(acs.EncodeMessage()), requestInfo.BodyHash[:], requestInfo.UrlHash[:]) bodyValid, urlValid := acs.CompareSignatures(bodyHMAC, urlHMAC) if bodyValid && urlValid { metrics.RecordVerify(nil) @@ -226,9 +226,9 @@ func (s *LocalAuthenticatedConnectionsSignatory) IsHealthy() bool { return time.Since(s.counterpartyManager.GetLastRun()) <= 5*time.Minute } -func generateSignatures(domainInfo discovery.DomainInfo, message []byte, bodyHash []byte, urlHash []byte) ([]byte, []byte) { +func generateSignatures(originDomain string, domainInfo discovery.DomainInfo, message []byte, bodyHash []byte, urlHash []byte) ([]byte, []byte) { - sharedSecret, _ := domainInfo.GetSharedSecret() + sharedSecret, _ := domainInfo.GetSharedSecret(originDomain) h := hmac.New(sha256.New, sharedSecret.Secret()[:]) h.Write([]byte(message))