bindle push-invoice gets status 400

[FrankYang0529]

Follow Using Bindle example,, we can't get the expected result.

1. Setup bindle-server

# Build
make build

# Create signing key
BINDLE_TEMP=$(mktemp -d)
./target/debug/bindle keys create "VishnuJin<me@example.com>" -f $BINDLE_TEMP/secret_keys.toml

# Run server
export RUST_LOG=error,warp=info,bindle=debug
./target/debug/bindle-server --unauthenticated -d $BINDLE_TEMP --signing-keys $BINDLE_TEMP/secret_keys.toml

2. Use bindle to push an invoice

$ cat <<EOF > invoice.toml
bindleVersion = "1.0.0"

[bindle]
name = "mybindle"
version = "0.1.0"
authors = ["Matt Butcher <matt.butcher@microsoft.com>"]
description = "My first bindle"

[annotations]
myname = "myvalue"
EOF

export BINDLE_URL="http://localhost:8080/v1/"
./target/debug/bindle sign-invoice -o signed-invoice.toml invoice.toml
./target/debug/bindle push-invoice signed-invoice.toml

We will get error logs in the server like following:

2022-09-15T16:24:06.167539Z  INFO request{method=POST path=/v1/_i version=HTTP/1.1 remote.addr=127.0.0.1:61085}: warp::filters::trace: processing request
2022-09-15T16:24:06.200357Z DEBUG request{method=POST path=/v1/_i version=HTTP/1.1 remote.addr=127.0.0.1:61085}: bindle::server::reply: Parsed accept header into list accept_value=application/toml accept_items=["application/toml"]
2022-09-15T16:24:06.201014Z DEBUG request{method=POST path=/v1/_i version=HTTP/1.1 remote.addr=127.0.0.1:61085}: bindle::server::reply: Selected a best-fit MIME best_fit=application/toml
2022-09-15T16:24:06.202589Z  INFO request{method=POST path=/v1/_i version=HTTP/1.1 remote.addr=127.0.0.1:61085}: warp::filters::trace: finished processing with success status=400

ref: #343

[vdice]

@FrankYang0529 I spent some time re-familiarizing myself with the signing flow. I believe the functionality is all working as intended at the HEAD commit of this repo. I used the following script to test (note some of the in-line comments): https://gist.github.com/vdice/1debda26d2e9f928c9a852bac5a8bacd

For your reproduction above, the error is in supplying --signing-keys $BINDLE_TEMP/secret_keys.toml to the bindle server process. This shouldn't be the file holding the secret signing keys for clients pushing bindles to the server; rather, this file should hold signing key(s) with the 'host' role that the bindle server uses to assert its identity in hosting the bindle -- which, by default, the bindle client will validate. One way to re-test your flow above is to remove the --signing-keys argument -- by default, the bindle server will create its own key in the designated default signing keys directory.

Note that you will also need to supply the exact client signing key label as well as the designated secret keys location on the sign-invoice command. So the full command would be:

./target/debug/bindle sign-invoice invoice.toml \
  -o signed-invoice.toml \
  -l "VishnuJin<me@example.com>" \
  -f $BINDLE_TEMP/secret_keys.toml

[FrankYang0529]

Hi @vdice, thanks for your detailed instruction, and sorry for the misunderstanding about signing keys and keyring. I added docker test case for Using Bindle example. I will also update the integration test in #343 (comment). It looks like we need to add our keyring before starting the bindle-server. Closed the issue. Thank you 👍