chore: removing audit-signature and add serverSigningPubKey

Signed-off-by: Michele Meloni <[email protected]>

Author: mmeloni

README.md

@@ -336,7 +336,7 @@ Environment variables:
   IMMUCLIENT_PKEY=./tools/mtls/4_client/private/localhost.key.pem
   IMMUCLIENT_CERTIFICATE=./tools/mtls/4_client/certs/localhost.cert.pem
   IMMUCLIENT_CLIENTCAS=./tools/mtls/2_intermediate/certs/ca-chain.cert.pem
-  IMMUCLIENT_PUBLIC_KEY=
+  IMMUCLIENT_SERVER_SIGNING_PUB_KEY=
 
 IMPORTANT: All get and safeget functions return base64-encoded keys and values, while all set and safeset functions expect base64-encoded inputs.
 

cmd/immuadmin/command/login_test.go

@@ -58,7 +58,8 @@ func TestCommandLine_Connect(t *testing.T) {
 	options := server.DefaultOptions().WithAuth(true)
 	bs := servertest.NewBufconnServer(options)
 
-	bs.Start()
+	err := bs.Start()
+	require.NoError(t, err)
 	defer bs.Stop()
 
 	defer os.RemoveAll(options.Dir)
@@ -73,7 +74,7 @@ func TestCommandLine_Connect(t *testing.T) {
 		context: context.Background(),
 		options: opts,
 	}
-	err := cmdl.connect(&cobra.Command{}, []string{})
+	err = cmdl.connect(&cobra.Command{}, []string{})
 	assert.Nil(t, err)
 }
 

cmd/immuclient/audit/auditagent.go

@@ -171,7 +171,7 @@ func options() *client.Options {
 	prometheusPort := viper.GetString("prometheus-port")
 	prometheusHost := viper.GetString("prometheus-host")
 	logfilename := viper.GetString("logfile")
-	publicKey := viper.GetString("public-key")
+	serverSigningPubKey := viper.GetString("server-signing-pub-key")
 	options := client.DefaultOptions().
 		WithPort(port).
 		WithAddress(address).
@@ -180,7 +180,7 @@ func options() *client.Options {
 		WithPrometheusPort(prometheusPort).
 		WithPrometheusHost(prometheusHost).
 		WithLogFileName(logfilename).
-		WithPublicKey(publicKey)
+		WithServerSigningPubKey(serverSigningPubKey)
 	if mtls {
 		// todo https://golang.org/src/crypto/x509/root_linux.go
 		options.MTLsOptions = client.DefaultMTLsOptions().

cmd/immuclient/audit/auditor.go

@@ -94,7 +94,6 @@ func (cAgent *auditAgent) InitAgent() (AuditAgent, error) {
 			auditDatabases = append(auditDatabases, dbPrefix)
 		}
 	}
-	auditSignature := viper.GetString("audit-signature")
 	auditNotificationURL := viper.GetString("audit-notification-url")
 	auditNotificationUsername := viper.GetString("audit-notification-username")
 	auditNotificationPassword := viper.GetString("audit-notification-password")
@@ -105,8 +104,8 @@ func (cAgent *auditAgent) InitAgent() (AuditAgent, error) {
 	}
 
 	var pk *ecdsa.PublicKey
-	if cliOpts.PublicKey != "" {
-		pk, err = signer.ParsePublicKeyFile(cliOpts.PublicKey)
+	if cliOpts.ServerSigningPubKey != "" {
+		pk, err = signer.ParsePublicKeyFile(cliOpts.ServerSigningPubKey)
 		if err != nil {
 			return nil, err
 		}
@@ -118,7 +117,6 @@ func (cAgent *auditAgent) InitAgent() (AuditAgent, error) {
 		auditUsername,
 		auditPassword,
 		auditDatabases,
-		auditSignature,
 		pk,
 		auditor.AuditNotificationConfig{
 			URL:            auditNotificationURL,

cmd/immuclient/command/init.go

@@ -49,11 +49,10 @@ func (cl *commandline) configureFlags(cmd *cobra.Command) error {
 	cmd.PersistentFlags().String("audit-username", "", "immudb username used to login during audit")
 	cmd.PersistentFlags().String("audit-password", "", "immudb password used to login during audit; can be plain-text or base64 encoded (must be prefixed with 'enc:' if it is encoded)")
 	cmd.PersistentFlags().String("audit-databases", "", "Optional comma-separated list of databases (names) to be audited. Can be full name(s) or just name prefix(es).")
-	cmd.PersistentFlags().String("audit-signature", "", "Audit signature mode. ignore|validate. If 'ignore' is set auditor doesn't check for the root server signature. If 'validate' is set auditor verify that the root is signed properly by immudb server. Default value is 'ignore'")
 	cmd.PersistentFlags().String("audit-notification-url", "", "If set, auditor will send a POST request at this URL with audit result details.")
 	cmd.PersistentFlags().String("audit-notification-username", "", "Username used to authenticate when publishing audit result to 'audit-notification-url'.")
 	cmd.PersistentFlags().String("audit-notification-password", "", "Password used to authenticate when publishing audit result to 'audit-notification-url'.")
-	cmd.PersistentFlags().String("public-key", "", "Path to the public key to verify signatures when presents")
+	cmd.PersistentFlags().String("server-signing-pub-key", "", "Path to the public key to verify signatures when presents")
 
 	viper.BindPFlag("immudb-port", cmd.PersistentFlags().Lookup("immudb-port"))
 	viper.BindPFlag("immudb-address", cmd.PersistentFlags().Lookup("immudb-address"))
@@ -72,11 +71,10 @@ func (cl *commandline) configureFlags(cmd *cobra.Command) error {
 	viper.BindPFlag("audit-username", cmd.PersistentFlags().Lookup("audit-username"))
 	viper.BindPFlag("audit-password", cmd.PersistentFlags().Lookup("audit-password"))
 	viper.BindPFlag("audit-databases", cmd.PersistentFlags().Lookup("audit-databases"))
-	viper.BindPFlag("audit-signature", cmd.PersistentFlags().Lookup("audit-signature"))
 	viper.BindPFlag("audit-notification-url", cmd.PersistentFlags().Lookup("audit-notification-url"))
 	viper.BindPFlag("audit-notification-username", cmd.PersistentFlags().Lookup("audit-notification-username"))
 	viper.BindPFlag("audit-notification-password", cmd.PersistentFlags().Lookup("audit-notification-password"))
-	viper.BindPFlag("public-key", cmd.PersistentFlags().Lookup("public-key"))
+	viper.BindPFlag("server-signing-pub-key", cmd.PersistentFlags().Lookup("server-signing-pub-key"))
 
 	viper.SetDefault("immudb-port", client.DefaultOptions().Port)
 	viper.SetDefault("immudb-address", client.DefaultOptions().Address)
@@ -93,12 +91,11 @@ func (cl *commandline) configureFlags(cmd *cobra.Command) error {
 	viper.SetDefault("roots-filepath", os.TempDir())
 	viper.SetDefault("audit-password", "")
 	viper.SetDefault("audit-username", "")
-	viper.SetDefault("audit-signature", "ignore")
 	viper.SetDefault("audit-databases", "")
 	viper.SetDefault("audit-notification-url", "")
 	viper.SetDefault("audit-notification-username", "")
 	viper.SetDefault("audit-notification-password", "")
-	viper.SetDefault("public-key", "")
+	viper.SetDefault("server-signing-pub-key", "")
 	viper.SetDefault("dir", os.TempDir())
 	return nil
 }

cmd/immuclient/command/root.go

@@ -37,7 +37,7 @@ Environment variables:
   IMMUCLIENT_PKEY=./tools/mtls/4_client/private/localhost.key.pem
   IMMUCLIENT_CERTIFICATE=./tools/mtls/4_client/certs/localhost.cert.pem
   IMMUCLIENT_CLIENTCAS=./tools/mtls/2_intermediate/certs/ca-chain.cert.pem
-  IMMUCLIENT_PUBLIC_KEY=
+  IMMUCLIENT_SERVER_SIGNING_PUB_KEY=
 
 IMPORTANT: All get and safeget functions return base64-encoded keys and values, while all set and safeset functions expect base64-encoded inputs.`,
 		DisableAutoGenTag: true,

cmd/immuclient/immuc/init.go

@@ -118,7 +118,7 @@ func Options() *client.Options {
 		WithTokenFileName(viper.GetString("tokenfile")).
 		WithMTLs(viper.GetBool("mtls")).
 		WithTokenService(client.NewTokenService().WithTokenFileName(viper.GetString("tokenfile")).WithHds(client.NewHomedirService())).
-		WithPublicKey(viper.GetString("public-key"))
+		WithServerSigningPubKey(viper.GetString("server-signing-pub-key"))
 
 	if viper.GetBool("mtls") {
 		// todo https://golang.org/src/crypto/x509/root_linux.go

configs/immuclient.toml

@@ -8,4 +8,4 @@ pkey = "./tools/mtls/4_client/private/localhost.key.pem"
 certificate = "./tools/mtls/4_client/certs/localhost.cert.pem"
 clientcas = "./tools/mtls/2_intermediate/certs/ca-chain.cert.pem"
 audit-signature = "ignore"
-public-key = "" #used to verify signatures
+server-signing-pub-key = "" #used to verify signatures

pkg/client/auditor/auditor.go

@@ -22,7 +22,6 @@ import (
 	"crypto/ecdsa"
 	"encoding/base64"
 	"encoding/json"
-	"errors"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -61,22 +60,21 @@ type AuditNotificationConfig struct {
 }
 
 type defaultAuditor struct {
-	index              uint64
-	databaseIndex      int
-	logger             logger.Logger
-	serverAddress      string
-	dialOptions        []grpc.DialOption
-	history            cache.HistoryCache
-	ts                 client.TimestampService
-	username           []byte
-	databases          []string
-	password           []byte
-	auditDatabases     []string
-	auditSignature     string
-	publicKey          *ecdsa.PublicKey
-	notificationConfig AuditNotificationConfig
-	serviceClient      schema.ImmuServiceClient
-	uuidProvider       state.UUIDProvider
+	index               uint64
+	databaseIndex       int
+	logger              logger.Logger
+	serverAddress       string
+	dialOptions         []grpc.DialOption
+	history             cache.HistoryCache
+	ts                  client.TimestampService
+	username            []byte
+	databases           []string
+	password            []byte
+	auditDatabases      []string
+	serverSigningPubKey *ecdsa.PublicKey
+	notificationConfig  AuditNotificationConfig
+	serviceClient       schema.ImmuServiceClient
+	uuidProvider        state.UUIDProvider
 
 	slugifyRegExp *regexp.Regexp
 	updateMetrics func(string, string, bool, bool, bool, *schema.ImmutableState, *schema.ImmutableState)
@@ -90,23 +88,14 @@ func DefaultAuditor(
 	username string,
 	passwordBase64 string,
 	auditDatabases []string,
-	auditSignature string,
-	publicKey *ecdsa.PublicKey,
+	serverSigningPubKey *ecdsa.PublicKey,
 	notificationConfig AuditNotificationConfig,
 	serviceClient schema.ImmuServiceClient,
 	uuidProvider state.UUIDProvider,
 	history cache.HistoryCache,
 	updateMetrics func(string, string, bool, bool, bool, *schema.ImmutableState, *schema.ImmutableState),
 	log logger.Logger) (Auditor, error) {
 
-	switch auditSignature {
-	case "validate":
-	case "ignore":
-	case "":
-	default:
-		return nil, errors.New("auditSignature allowed values are 'validate' or 'ignore'")
-	}
-
 	password, err := auth.DecodeBase64Password(passwordBase64)
 	if err != nil {
 		return nil, err
@@ -131,8 +120,7 @@ func DefaultAuditor(
 		nil,
 		[]byte(password),
 		auditDatabases,
-		auditSignature,
-		publicKey,
+		serverSigningPubKey,
 		notificationConfig,
 		serviceClient,
 		uuidProvider,
@@ -258,8 +246,8 @@ func (a *defaultAuditor) audit() error {
 		return noErr
 	}
 
-	if a.auditSignature == "validate" {
-		if okSig, err := state.CheckSignature(a.publicKey); err != nil || !okSig {
+	if a.serverSigningPubKey != nil {
+		if okSig, err := state.CheckSignature(a.serverSigningPubKey); err != nil || !okSig {
 			a.logger.Errorf(
 				"audit #%d aborted: could not verify signature on server state at %s @ %s",
 				a.index, serverID, a.serverAddress)

pkg/client/auditor/auditor_test.go

@@ -60,7 +60,6 @@ func TestDefaultAuditor(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		nil,
@@ -90,7 +89,6 @@ func TestDefaultAuditorPasswordDecodeErr(t *testing.T) {
 		"immudb",
 		"enc:"+string([]byte{0}),
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		nil,
@@ -124,7 +122,6 @@ func TestDefaultAuditorLoginErr(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		&serviceClient,
@@ -162,7 +159,6 @@ func TestDefaultAuditorDatabaseListErr(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		&serviceClient,
@@ -202,7 +198,6 @@ func TestDefaultAuditorDatabaseListEmpty(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		&serviceClient,
@@ -245,7 +240,6 @@ func TestDefaultAuditorUseDatabaseErr(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		&serviceClient,
@@ -291,7 +285,6 @@ func TestDefaultAuditorCurrentRootErr(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		&serviceClient,
@@ -329,7 +322,6 @@ func TestDefaultAuditorRunOnEmptyDb(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		serviceClient,
@@ -390,7 +382,6 @@ func TestDefaultAuditorRunOnDb(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"ignore",
 		nil,
 		AuditNotificationConfig{},
 		serviceClient,
@@ -467,7 +458,6 @@ func TestRepeatedAuditorRunOnDb(t *testing.T) {
 		"immudb",
 		"immudb",
 		[]string{"SomeNonExistentDb", ""},
-		"ignore",
 		nil,
 		alertConfig,
 		serviceClient,
@@ -543,7 +533,6 @@ func TestDefaultAuditorRunOnDbWithSignature(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"validate",
 		pk,
 		AuditNotificationConfig{},
 		serviceClient,
@@ -587,6 +576,9 @@ func TestDefaultAuditorRunOnDbWithFailSignature(t *testing.T) {
 		return &empty.Empty{}, nil
 	}
 
+	pk, err := signer.ParsePublicKeyFile("./../../../test/signer/ec1.pub")
+	require.NoError(t, err)
+
 	da, err := DefaultAuditor(
 		time.Duration(0),
 		fmt.Sprintf("%s:%d", "address", 0),
@@ -596,8 +588,7 @@ func TestDefaultAuditorRunOnDbWithFailSignature(t *testing.T) {
 		"immudb",
 		"immudb",
 		nil,
-		"validate",
-		nil,
+		pk,
 		AuditNotificationConfig{},
 		serviceClient,
 		state.NewUUIDProvider(serviceClient),
@@ -613,28 +604,6 @@ func TestDefaultAuditorRunOnDbWithFailSignature(t *testing.T) {
 	require.Nil(t, err)
 }
 
-func TestDefaultAuditorRunOnDbWithWrongAuditSignatureMode(t *testing.T) {
-	serviceClient := clienttest.ImmuServiceClientMock{}
-	_, err := DefaultAuditor(
-		time.Duration(0),
-		fmt.Sprintf("%s:%d", "address", 0),
-		&[]grpc.DialOption{
-			grpc.WithInsecure(),
-		},
-		"immudb",
-		"immudb",
-		nil,
-		"wrong",
-		nil,
-		AuditNotificationConfig{},
-		&serviceClient,
-		state.NewUUIDProvider(&serviceClient),
-		cache.NewHistoryFileCache(dirname),
-		func(string, string, bool, bool, bool, *schema.ImmutableState, *schema.ImmutableState) {},
-		logger.NewSimpleLogger("test", os.Stdout))
-	require.Errorf(t, err, "auditSignature allowed values are 'validate' or 'ignore'")
-}
-
 type PasswordReader struct {
 	Pass       []string
 	callNumber int