Merging to release-5.11.1: [TT-16554]: Change bundle loading logic when reloaded (#7745) (#7763)

Cherry-pick of `756e53cd32ff8340b528750bdc14287d049d9f26` from `master`
to `release-5.11.1` requires manual resolution.

  **Conflicts detected:** 3
   - gateway/server.go
  
  Tips:
- Check out this branch locally and run: `git cherry-pick -x
756e53c`
- Resolve conflicts (including submodules if any), then push back to
this branch.
  
Original commit:
756e53c

---------

Co-authored-by: Tyk Bot <bot@tyk.io>
Co-authored-by: Kofo Okesola <okesolakofo@gmail.com>

Author: 3 people

gateway/coprocess_bundle.go

@@ -10,6 +10,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"hash"
 	"io"
 	"io/ioutil"
 	"net/http"
@@ -25,8 +26,6 @@ import (
 
 	"github.com/sirupsen/logrus"
 
-	"github.com/TykTechnologies/goverify"
-
 	"github.com/TykTechnologies/tyk/apidef"
 	"github.com/TykTechnologies/tyk/internal/sanitize"
 )
@@ -36,6 +35,40 @@ var (
 	bundleMaxBackoffRetries uint64  = 4
 )
 
+type bundleChecksumVerifyFunction func(bundle *Bundle, bundleFs afero.Fs) (sha256Hash hash.Hash, err error)
+
+func defaultBundleVerifyFunction(b *Bundle, bundleFs afero.Fs) (sha256Hash hash.Hash, err error) {
+	md5Hash := md5.New()
+	sha256Hash = sha256.New()
+
+	w := io.MultiWriter(sha256Hash, md5Hash)
+	buf, ok := bundleVerifyPool.Get().(*[]byte)
+	if !ok {
+		return nil, errors.New("error verifying bundle, please try again")
+	}
+	defer bundleVerifyPool.Put(buf)
+
+	for _, f := range b.Manifest.FileList {
+		extractedPath := filepath.Join(b.Path, f)
+		file, err := bundleFs.Open(extractedPath)
+		if err != nil {
+			return nil, err
+		}
+		_, err = io.CopyBuffer(w, file, *buf)
+		file.Close()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	checksum := fmt.Sprintf("%x", md5Hash.Sum(nil))
+	if checksum != b.Manifest.Checksum {
+		return nil, errors.New("invalid checksum")
+	}
+
+	return sha256Hash, nil
+}
+
 // Bundle is the basic bundle data structure, it holds the bundle name and the data.
 type Bundle struct {
 	Name     string
@@ -53,67 +86,73 @@ var bundleVerifyPool = sync.Pool{
 	},
 }
 
-// Verify performs signature verification on the bundle file.
-func (b *Bundle) Verify(bundleFs afero.Fs) error {
+func (b *Bundle) DeepVerify(bundleFs afero.Fs) error {
 	log.WithFields(logrus.Fields{
 		"prefix": "main",
 	}).Info("----> Verifying bundle: ", b.Spec.CustomMiddlewareBundle)
+	hasKey := b.Gw.GetConfig().PublicKeyPath != ""
+	hasSignature := b.Manifest.Signature != ""
 
-	var useSignature = b.Gw.GetConfig().PublicKeyPath != ""
-
-	var (
-		verifier goverify.Verifier
-		err      error
-	)
+	if hasKey && !hasSignature {
+		return errors.New("Bundle isn't signed")
+	}
 
-	if useSignature {
-		// Perform signature verification if a public key path is set:
-		if b.Manifest.Signature == "" {
-			// Error: A public key is set, but the bundle isn't signed.
-			return errors.New("Bundle isn't signed")
+	// check hash first then check signature
+	sha256Hash, err := b.Gw.BundleChecksumVerifier(b, bundleFs)
+	if err != nil {
+		return err
+	}
+	if hasKey {
+		verifier, err := b.Gw.SignatureVerifier()
+		if err != nil {
+			return err
 		}
-		verifier, err = b.Gw.SignatureVerifier()
+		signed, err := base64.StdEncoding.DecodeString(b.Manifest.Signature)
 		if err != nil {
 			return err
 		}
+		if err := verifier.VerifyHash(sha256Hash.Sum(nil), signed); err != nil {
+			return err
+		}
 	}
+	return nil
+}
 
-	md5Hash := md5.New()
-	sha256Hash := sha256.New()
+func (b *Bundle) PartialVerify(bundleFs afero.Fs, skipVerify bool) error {
+	if skipVerify {
+		return nil
+	}
 
-	var w io.Writer = md5Hash
-	if useSignature {
-		w = io.MultiWriter(md5Hash, sha256Hash)
+	hasKey := b.Gw.GetConfig().PublicKeyPath != ""
+	hasSignature := b.Manifest.Signature != ""
+
+	if !hasSignature {
+		return nil
 	}
 
-	buf := bundleVerifyPool.Get().(*[]byte)
-	defer bundleVerifyPool.Put(buf)
+	log.WithFields(logrus.Fields{
+		"prefix": "main",
+	}).Info("----> Verifying bundle: ", b.Spec.CustomMiddlewareBundle)
+	// Make a single call to compute both hashes if needed
+	sha256Hash, err := b.Gw.BundleChecksumVerifier(b, bundleFs)
+	if err != nil {
+		return err
+	}
 
-	for _, f := range b.Manifest.FileList {
-		extractedPath := filepath.Join(b.Path, f)
-		file, err := bundleFs.Open(extractedPath)
+	if hasKey {
+		verifier, err := b.Gw.SignatureVerifier()
 		if err != nil {
 			return err
 		}
-		_, err = io.CopyBuffer(w, file, *buf)
-		file.Close()
+		signed, err := base64.StdEncoding.DecodeString(b.Manifest.Signature)
 		if err != nil {
 			return err
 		}
-	}
-
-	checksum := fmt.Sprintf("%x", md5Hash.Sum(nil))
-	if checksum != b.Manifest.Checksum {
-		return errors.New("Invalid checksum")
-	}
-
-	if useSignature {
-		signed, err := base64.StdEncoding.DecodeString(b.Manifest.Signature)
-		if err != nil {
+		if err := verifier.VerifyHash(sha256Hash.Sum(nil), signed); err != nil {
 			return err
 		}
-		return verifier.VerifyHash(sha256Hash.Sum(nil), signed)
 	}
+
 	return nil
 }
 
@@ -353,7 +392,7 @@ func saveBundle(bundleFs afero.Fs, bundle *Bundle, destPath string, spec *APISpe
 }
 
 // loadBundleManifest will parse the manifest file and return the bundle parameters.
-func loadBundleManifest(bundleFs afero.Fs, bundle *Bundle, spec *APISpec, skipVerification bool) error {
+func loadBundleManifest(bundleFs afero.Fs, bundle *Bundle, spec *APISpec, partial bool, skipVerification bool) error {
 	log.WithFields(logrus.Fields{
 		"prefix": "main",
 	}).Info("----> Loading bundle: ", spec.CustomMiddlewareBundle)
@@ -372,16 +411,18 @@ func loadBundleManifest(bundleFs afero.Fs, bundle *Bundle, spec *APISpec, skipVe
 		return err
 	}
 
-	if skipVerification {
-		return nil
+	if partial {
+		err = bundle.PartialVerify(bundleFs, skipVerification)
+	} else {
+		err = bundle.DeepVerify(bundleFs)
 	}
-
-	if err := bundle.Verify(bundleFs); err != nil {
+	if err != nil {
 		log.WithFields(logrus.Fields{
 			"prefix": "main",
 		}).Info("----> Bundle verification failed: ", spec.CustomMiddlewareBundle)
 		return err
 	}
+
 	return nil
 }
 
@@ -443,7 +484,7 @@ func (gw *Gateway) loadBundleWithFs(spec *APISpec, bundleFs afero.Fs) error {
 			Gw:   gw,
 		}
 
-		err = loadBundleManifest(bundleFs, &bundle, spec, gw.GetConfig().SkipVerifyExistingPluginBundle)
+		err = loadBundleManifest(bundleFs, &bundle, spec, true, gw.GetConfig().SkipVerifyExistingPluginBundle)
 		if err != nil {
 			log.WithFields(logrus.Fields{
 				"prefix": "main",
@@ -484,7 +525,7 @@ func (gw *Gateway) loadBundleWithFs(spec *APISpec, bundleFs afero.Fs) error {
 	// Set the destination path:
 	bundle.Path = destPath
 
-	if err := loadBundleManifest(bundleFs, &bundle, spec, false); err != nil {
+	if err := loadBundleManifest(bundleFs, &bundle, spec, false, false); err != nil {
 		bundleError(spec, err, "Couldn't load bundle")
 
 		if removeErr := bundleFs.RemoveAll(bundle.Path); removeErr != nil {