Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Hackathon: monitor page #804

Open
wants to merge 57 commits into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
57 commits
Select commit Hold shift + click to select a range
20f3b16
WIP: monitor binary
liamsi Jul 12, 2017
f681eb8
revert local changes, add TODOs
liamsi Jul 28, 2017
77a14fb
Add to kubernetes config and deploy script
liamsi Jul 31, 2017
bb41010
Add to kubernetes config and deploy script
liamsi Jul 31, 2017
ad4af54
Review comments:
liamsi Aug 10, 2017
1bcaa67
* Change mutator interface to accept SignedKV objects directly
liamsi Aug 9, 2017
fa1eb0b
Change mutator interface to accept proto.Message
liamsi Aug 9, 2017
d6eddf0
Use nil in Update/Mutate instead &tpb.Entry{}
liamsi Aug 9, 2017
be831c5
Use nil in Update/Mutate instead &tpb.Entry{} on keyserver as well
liamsi Aug 9, 2017
23c0a7d
Use nil in Update/Mutate instead &tpb.Entry{} on signer as well
liamsi Aug 9, 2017
cd4edd5
Add helper method to Entry to avoid code duplication
liamsi Aug 9, 2017
0a2850d
Add helper method to Entry to avoid code duplication (tests)
liamsi Aug 9, 2017
4d3a88d
Use helper method to Entry to avoid code duplication
liamsi Aug 9, 2017
f2840cd
gofmt
liamsi Aug 9, 2017
01fba58
compile again
liamsi Aug 10, 2017
16db4f7
TODO verification
liamsi Aug 10, 2017
4c8831b
Work in progress: compute new root hash
liamsi Aug 11, 2017
a0c9404
Minor cleanup
liamsi Aug 14, 2017
972eb31
Merge branch 'master' into mvp_monitor
liamsi Aug 14, 2017
7c54e26
Some cleanup, further splitting up into core/impl
liamsi Aug 14, 2017
fda51ba
Merge branch 'master' into mvp_monitor
liamsi Aug 14, 2017
3e6ed89
Merge branch 'master' into mvp_monitor
liamsi Aug 15, 2017
bac1ab6
Merge remote-tracking branch 'origin/master' into mvp_monitor
liamsi Aug 18, 2017
08e7e11
Merge remote-tracking branch 'origin/master' into mvp_monitor
liamsi Aug 18, 2017
de1845f
Merge remote-tracking branch 'origin/master' into mvp_monitor
liamsi Aug 18, 2017
c3a0907
Some of the review comments (this should go to #768)
liamsi Aug 18, 2017
48b5f69
Minor changes: compiles
liamsi Aug 21, 2017
352d299
Keep imports relative
liamsi Aug 21, 2017
6f75fda
obsolete change to mutation service proto's gen.go
liamsi Aug 21, 2017
d2aaf7d
Use "autoconfig" from domain info, split transportCreds
liamsi Aug 21, 2017
e487368
remove libtool dependency from monitor dockerfile
liamsi Aug 21, 2017
ac156ea
remove verification logic completely
liamsi Aug 21, 2017
9a5e2f9
remove everything from proto which is not needed by a non-verifying m…
liamsi Aug 21, 2017
4646ef8
Merge branch 'master' into non_verifying_monitor
liamsi Aug 21, 2017
8603214
update docker-compose, remove kube-config, always use autoconfig
liamsi Aug 21, 2017
42a855b
linter checks
liamsi Aug 22, 2017
cdc64de
Some fixes to the docker files
liamsi Aug 22, 2017
b881c04
WIP: restructuring monitor implementation, split up into client, serv…
liamsi Aug 22, 2017
94f7508
restructured non-verifiying monitor
liamsi Aug 23, 2017
04b4354
gometalinter
liamsi Aug 23, 2017
1544646
Merge branch 'master' into non_verifying_monitor
liamsi Aug 23, 2017
16724f5
renamed API urls
liamsi Aug 23, 2017
f881945
Merge remote-tracking branch 'isma-fork/non_verifying_monitor' into n…
liamsi Aug 23, 2017
2152cd4
WIP: reintroduce verification
liamsi Aug 23, 2017
aedfd9b
Merge remote-tracking branch 'origin/master' into monitor_verification
liamsi Aug 24, 2017
64fef84
Merge branch 'master' into monitor_verification
liamsi Aug 24, 2017
e6e9a7d
more verification steps
liamsi Aug 24, 2017
1b14d9d
first crack on the integration tests
liamsi Aug 24, 2017
acfe0f7
2nd first crack on the integration tests
liamsi Aug 24, 2017
6a5e468
Don't create new tree on deployed server if they already exist
liamsi Aug 25, 2017
26c0124
Don't create new tree on deployed server if they already exist
liamsi Aug 25, 2017
0f4b582
use client.LogVerifier instead merkler.LogVerifier
liamsi Aug 25, 2017
c3cedaf
Use trillian logverifier instead
liamsi Aug 25, 2017
269d042
WIP: fix mutator bug
liamsi Aug 25, 2017
d550d59
All verifications pass
liamsi Aug 25, 2017
913b298
remove debug output, some minor cleanup
liamsi Aug 25, 2017
d25aa7e
Hacky monitor result web-site
liamsi Aug 25, 2017
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 65 additions & 20 deletions cmd/keytransparency-monitor/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,18 +42,22 @@ import (
spb "github.com/google/keytransparency/impl/proto/keytransparency_v1_service"
mopb "github.com/google/keytransparency/impl/proto/monitor_v1_service"
mupb "github.com/google/keytransparency/impl/proto/mutation_v1_service"
_ "github.com/google/trillian/merkle/coniks" // Register coniks
tlogcli "github.com/google/trillian/client"
"github.com/google/trillian/crypto/keys/der"
_ "github.com/google/trillian/merkle/coniks" // Register coniks
"github.com/google/trillian/merkle/hashers"
_ "github.com/google/trillian/merkle/objhasher" // Register objhasher
"html/template"
)

var (
addr = flag.String("addr", ":8099", "The ip:port combination to listen on")
keyFile = flag.String("tls-key", "genfiles/server.key", "TLS private key file")
certFile = flag.String("tls-cert", "genfiles/server.pem", "TLS cert file")
keyFile = flag.String("tls-key", "../../genfiles/server.key", "TLS private key file")
certFile = flag.String("tls-cert", "../../genfiles/server.pem", "TLS cert file")

signingKey = flag.String("sign-key", "genfiles/monitor_sign-key.pem", "Path to private key PEM for SMH signing")
signingKey = flag.String("sign-key", "../../genfiles/monitor_sign-key.pem", "Path to private key PEM for SMH signing")
signingKeyPassword = flag.String("password", "towel", "Password of the private key PEM file for SMH signing")
ktURL = flag.String("kt-url", "localhost:8080", "URL of key-server.")
ktURL = flag.String("kt-url", "35.184.134.53:8080", "URL of key-server.")
insecure = flag.Bool("insecure", false, "Skip TLS checks")
ktCert = flag.String("kt-cert", "genfiles/server.crt", "Path to kt-server's public key")

Expand All @@ -65,11 +69,11 @@ var (

func grpcGatewayMux(addr string) (*runtime.ServeMux, error) {
ctx := context.Background()
creds, err := credentials.NewClientTLSFromFile(*certFile, "")
if err != nil {
return nil, err
}
dopts := []grpc.DialOption{grpc.WithTransportCredentials(creds)}
//creds, err := credentials.NewClientTLSFromFile(*certFile, "")
//if err != nil {
// return nil, err
//}
dopts := []grpc.DialOption{grpc.WithInsecure()}
gwmux := runtime.NewServeMux()
if err := mopb.RegisterMonitorServiceHandlerFromEndpoint(ctx, gwmux, addr, dopts); err != nil {
return nil, err
Expand All @@ -92,19 +96,47 @@ func grpcHandlerFunc(grpcServer *grpc.Server, otherHandler http.Handler) http.Ha
})
}

func main() {
flag.Parse()
// Hackathon only code. Remove later!
type resHandler struct {
store *storage.Storage
}

creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile)
func (h *resHandler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
max := h.store.LatestEpoch()
results := make([]*storage.MonitoringResult, max)
for i:=int64(1); i<= max ; i++ {
monRes, err := h.store.Get(i)
if err != nil {
glog.Errorf("Couldn't retrieve mon result: %v", err)
}
results[i-1] = monRes
}
// TODO(ismail) make this file path configurable so that it can be found in
// docker as well
tmpl, err := template.ParseFiles("/Users/khoffi/go/src/github.com/google/keytransparency/cmd/keytransparency-monitor/web/monitoring.tmpl")
if err != nil {
glog.Errorf("Could not parse template: %v", err)
}

err = tmpl.Execute(w, results)
if err != nil {
glog.Exitf("Failed to load server credentials %v", err)
glog.Errorf("Could not write result: %v", err)
}
}

func main() {
flag.Parse()

//creds, err := credentials.NewServerTLSFromFile(*certFile, *keyFile)
//if err != nil {
// glog.Exitf("Failed to load server credentials %v", err)
//}

// Create gRPC server.
grpcServer := grpc.NewServer(
grpc.Creds(creds),
//grpc.Creds(creds),
grpc.StreamInterceptor(grpc_prometheus.StreamServerInterceptor),
grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
//grpc.UnaryInterceptor(grpc_prometheus.UnaryServerInterceptor),
)

// Connect to the kt-server's mutation API:
Expand Down Expand Up @@ -140,14 +172,27 @@ func main() {

// Insert handlers for other http paths here.
mux := http.NewServeMux()

resultHandler := &resHandler{store:store}
mux.Handle("/monitor", resultHandler)

mux.Handle("/", gwmux)
logHasher, err := hashers.NewLogHasher(logTree.GetHashStrategy())
if err != nil {
glog.Fatalf("Could not initialize log hasher: %v", err)
}
logPubKey, err := der.UnmarshalPublicKey(logTree.GetPublicKey().GetDer())
if err != nil {
glog.Fatalf("Failed parsing Log public key: %v", err)
}
logVerifier := tlogcli.NewLogVerifier(logHasher, logPubKey)

// initialize the mutations API client and feed the responses it got
// into the monitor:
mon, err := cmon.New(logTree, mapTree, crypto.NewSHA256Signer(key), store)
mon, err := cmon.New(logVerifier, mapTree, crypto.NewSHA256Signer(key), store)
if err != nil {
glog.Exitf("Failed to initialize monitor: %v", err)
}
// initialize the mutations API client and feed the responses it got
// into the monitor:
mutCli := client.New(mcc, *pollPeriod)
responses, errs := mutCli.StartPolling(1)
go func() {
Expand All @@ -169,7 +214,7 @@ func main() {

// Serve HTTP2 server over TLS.
glog.Infof("Listening on %v", *addr)
if err := http.ListenAndServeTLS(*addr, *certFile, *keyFile,
if err := http.ListenAndServe(*addr, /**certFile, *keyFile,*/
grpcHandlerFunc(grpcServer, mux)); err != nil {
glog.Errorf("ListenAndServeTLS: %v", err)
}
Expand Down
19 changes: 19 additions & 0 deletions cmd/keytransparency-monitor/web/monitoring.tmpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{range .}}
<table>
<tr><td>Epoch: {{.Response.Epoch}}</td></tr>
<tr><td>Map-id: {{.Response.Smr.MapId}}</td></tr>
<tr><td>Log-id: {{.Response.LogRoot.LogId}}</td></tr>
<tr><td>SMR roothash: {{.Response.Smr.RootHash}}</td></tr>
<tr><td>&nbsp;</td></tr>
<tr><td>Errors: </td></tr>
{{range .Errors}}
<tr>
<td>&nbsp;&nbsp;&nbsp;Error: {{.}}</td>
</tr>
{{end}}
<hr>
<hr>
<hr>
&nbsp;
</table>
{{end}}
34 changes: 17 additions & 17 deletions core/monitor/monitor.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,39 +25,39 @@ import (
ktpb "github.com/google/keytransparency/core/proto/keytransparency_v1_types"

"github.com/google/trillian"
"github.com/google/trillian/client"
tcrypto "github.com/google/trillian/crypto"
"github.com/google/trillian/merkle"
"github.com/google/trillian/crypto/keys/der"
"github.com/google/trillian/merkle/hashers"
)

// Monitor holds the internal state for a monitor accessing the mutations API
// and for verifying its responses.
type Monitor struct {
hasher hashers.MapHasher
logPubKey crypto.PublicKey
mapID int64
mapHasher hashers.MapHasher
mapPubKey crypto.PublicKey
logVerifier merkle.LogVerifier
logVerifier client.LogVerifier
signer *tcrypto.Signer
// TODO(ismail): update last trusted signed log root
//trusted trillian.SignedLogRoot
store *storage.Storage
trusted *trillian.SignedLogRoot
store *storage.Storage
}

// New creates a new instance of the monitor.
func New(logTree, mapTree *trillian.Tree, signer *tcrypto.Signer, store *storage.Storage) (*Monitor, error) {
logHasher, err := hashers.NewLogHasher(logTree.GetHashStrategy())
if err != nil {
return nil, fmt.Errorf("Failed creating LogHasher: %v", err)
}
func New(logverifierCli client.LogVerifier, mapTree *trillian.Tree, signer *tcrypto.Signer, store *storage.Storage) (*Monitor, error) {
mapHasher, err := hashers.NewMapHasher(mapTree.GetHashStrategy())
if err != nil {
return nil, fmt.Errorf("Failed creating MapHasher: %v", err)
}
mapPubKey, err := der.UnmarshalPublicKey(mapTree.GetPublicKey().GetDer())
if err != nil {
return nil, fmt.Errorf("Could not unmarshal map public key: %v", err)
}
return &Monitor{
hasher: mapHasher,
logVerifier: merkle.NewLogVerifier(logHasher),
logPubKey: logTree.GetPublicKey(),
mapPubKey: mapTree.GetPublicKey(),
logVerifier: logverifierCli,
mapID: mapTree.TreeId,
mapHasher: mapHasher,
mapPubKey: mapPubKey,
signer: signer,
store: store,
}, nil
Expand All @@ -70,7 +70,7 @@ func (m *Monitor) Process(resp *ktpb.GetMutationsResponse) error {
var smr *trillian.SignedMapRoot
var err error
seen := time.Now().Unix()
errs := m.verifyMutationsResponse(resp)
errs := m.VerifyMutationsResponse(resp)
if len(errs) == 0 {
glog.Infof("Successfully verified mutations response for epoch: %v", resp.Epoch)
smr, err = m.signMapRoot(resp)
Expand Down
Loading