Skip to content
This repository has been archived by the owner on Oct 11, 2024. It is now read-only.

Client/domaininfo #752

Merged
merged 5 commits into from
Aug 15, 2017
Merged

Client/domaininfo #752

merged 5 commits into from
Aug 15, 2017

Conversation

gdbelvin
Copy link
Contributor

@gdbelvin gdbelvin commented Aug 14, 2017
edited
Loading

Configure the client using the info published at v1/domain/info

This saves users from needing to do a lot of complicated configuration.

Changes:

  • Adds an --autoconfig flag, defaulting to true, which reads configuration information from v1/domain/info
  • Adds an --insecure flag in case users want to connect to a server with a self-signed certificate.
  • uses crypto.PublicKey as the return type for vrf.Public()

@codecov-io
Copy link

codecov-io commented Aug 15, 2017
edited
Loading

Codecov Report

Merging #752 into master will increase coverage by 0.25%.
The diff coverage is 63.63%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #752      +/-   ##
==========================================
+ Coverage   48.92%   49.18%   +0.25%     
==========================================
  Files          30       30              
  Lines        2520     2507      -13     
==========================================
  Hits         1233     1233              
+ Misses       1090     1077      -13     
  Partials      197      197
Impacted Files Coverage Δ
core/crypto/vrf/vrf.go 100% <ø> (ø) ⬆️
core/keyserver/keyserver.go 0% <0%> (ø) ⬆️
core/crypto/vrf/p256/p256.go 79.88% <77.77%> (+4.74%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a6c5b55...7988dd0. Read the comment docs.

@gdbelvin
Configure client from v1/domain/info
063cc86
@gdbelvin
Add insecure flag
0742884 
- Use der.ToPublicProto for generating and parsing keyspb.PublicKey
- Add insecure flag so people can try out the test server without
  messing with the self signed cert.
- Set the test server as the default server URL.
- Cleaned up the dial function by separating transport from client
  credentials.
@gdbelvin gdbelvin requested a review from liamsi August 15, 2017 11:47
@gdbelvin
return crypto.PublicKey from vrf.Public()
49bf27a 
Also return interfaces instead of concrete types.
@gdbelvin
update readme
6dbce76
@gdbelvin
nits
7988dd0
@gdbelvin gdbelvin requested a review from taknira August 15, 2017 12:24
liamsi
liamsi approved these changes Aug 15, 2017
View reviewed changes
Copy link
Contributor

@liamsi liamsi left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a lot for this PR!
Besides a few nits this LGTM.

I think you can ignore the comments about the documenting how the different flags depend on each other (autoconfig,vrf,log-key, and map-key as well as fake-auth-userid, client-secret and service-key) and merge it as it is.
If it really turns out to be confusing we can fix this in a separate pull!

cmd/keytransparency-client/cmd/root.go
RootCmd.PersistentFlags().String("kt-cert", "genfiles/server.crt", "Path to public key for Key Transparency")
RootCmd.PersistentFlags().Bool("autoconfig", true, "Fetch config info from the server's /v1/domain/info")
RootCmd.PersistentFlags().Bool("insecure", false, "Skip TLS checks")

RootCmd.PersistentFlags().String("vrf", "genfiles/vrf-pubkey.pem", "path to vrf public key")

RootCmd.PersistentFlags().String("log-key", "genfiles/trillian-log.pem", "Path to public key PEM for Trillian Log server")
RootCmd.PersistentFlags().String("map-key", "genfiles/trillian-map.pem", "Path to public key PEM for Trillian Map server")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Maybe add a comment stating that these flags will be set automatically if --autoconfig=true? Or, even add this to the viper description string. Otherwise, it might be unclear what will be set automatically and what not.

(If --autoconfig=true, which is default, it doesn't matter what you set for the vrf, log-key, and map-key)

cmd/keytransparency-client/cmd/root.go
RootCmd.PersistentFlags().String("vrf", "genfiles/vrf-pubkey.pem", "path to vrf public key")

RootCmd.PersistentFlags().String("log-key", "genfiles/trillian-log.pem", "Path to public key PEM for Trillian Log server")
RootCmd.PersistentFlags().String("map-key", "genfiles/trillian-map.pem", "Path to public key PEM for Trillian Map server")

RootCmd.PersistentFlags().String("client-secret", "", "Path to client_secret.json file for user creds")
RootCmd.PersistentFlags().String("service-key", "", "Path to service_key.json file for anonymous creds")
RootCmd.PersistentFlags().String("fake-auth-userid", "", "userid to present to the server as identity for authentication. Only succeeds if fake auth is enabled on the server side.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggestion: Document the "priority" here as well? If fake-auth-userid is set, client-secret and service-key will be ignored, etc. I wonder if viper provides and automatic way to warn you that it doesn't make sense to set all of these 3.

cmd/keytransparency-client/cmd/root.go

case ktCert != "": // Custom CA Cert.
return credentials.NewClientTLSFromFile(ktCert, host)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove newline.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here.

cmd/keytransparency-client/cmd/root.go
return credentials.NewTLS(&tls.Config{
InsecureSkipVerify: true,
}), nil

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove superfluous newline?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the newlines visually break up the cases

@gdbelvin gdbelvin merged commit 5a851ef into google:master Aug 15, 2017
@gdbelvin gdbelvin mentioned this pull request Aug 15, 2017
Closed
@gdbelvin gdbelvin deleted the client/domaininfo branch March 3, 2018 13:54
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@liamsi liamsi liamsi approved these changes

@taknira taknira Awaiting requested review from taknira

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gdbelvin @codecov-io @liamsi