feat(rekor): add basework for rekor search UI (#46)

Author: abhinandan13jan

client/package.json

@@ -26,15 +26,22 @@
     "@patternfly/react-tokens": "^6.2.0",
     "@tanstack/react-query": "^5.61.0",
     "@tanstack/react-query-devtools": "^5.85.0",
+    "@peculiar/x509": "1.8.4",
     "axios": "^1.7.2",
     "dayjs": "^1.11.7",
+    "js-yaml": "^4.1.0",
     "file-saver": "^2.0.5",
     "oidc-client-ts": "^2.4.0",
+    "next": "^14.2.29",
+    "pvtsutils": "^1.3.6",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
     "react-error-boundary": "^4.0.13",
+    "react-hook-form": "^7.56.0",
     "react-oidc-context": "^2.3.1",
     "react-router-dom": "^6.21.1",
+    "react-syntax-highlighter": "^15.6.1",
+    "rekor": "^0.2.0",
     "victory": "^37.3.4"
   },
   "devDependencies": {

client/src/app/Routes.tsx

@@ -6,11 +6,13 @@ import { Bullseye, Spinner } from "@patternfly/react-core";
 import { ErrorFallback } from "./components/ErrorFallback";
 
 const TrustRoot = lazy(() => import("./pages/TrustRoot"));
+const RekorSearch = lazy(() => import("./pages/RekorSearch"));
 
 export const AppRoutes = () => {
   const allRoutes = useRoutes([
     { path: "/", element: <Navigate to="/trust-root" /> },
     { path: "/trust-root", element: <TrustRoot /> },
+    { path: "/rekor-search", element: <RekorSearch /> },
   ]);
 
   return (

client/src/app/api/context.tsx

@@ -0,0 +1,69 @@
+import {
+  createContext,
+  type FunctionComponent,
+  type PropsWithChildren,
+  useContext,
+  useEffect,
+  useMemo,
+  useState,
+} from "react";
+import { RekorClient } from "rekor";
+
+export interface RekorClientContext {
+  client: RekorClient;
+  baseUrl?: string;
+  setBaseUrl: (_base: string | undefined) => void;
+}
+
+export const RekorClientContext = createContext<RekorClientContext | undefined>(undefined);
+
+interface RekorClientProviderProps {
+  initialDomain?: string;
+}
+
+export const RekorClientProvider: FunctionComponent<PropsWithChildren<RekorClientProviderProps>> = ({
+  children,
+  initialDomain,
+}) => {
+  const [baseUrl, setBaseUrl] = useState<string | undefined>(initialDomain);
+
+  useEffect(() => {
+    if (baseUrl === undefined) {
+      if (process.env.NEXT_PUBLIC_REKOR_DEFAULT_DOMAIN) {
+        setBaseUrl(process.env.NEXT_PUBLIC_REKOR_DEFAULT_DOMAIN);
+      } else {
+        setBaseUrl("https://rekor.sigstore.dev");
+      }
+    }
+  }, [baseUrl]);
+
+  const context: RekorClientContext = useMemo(() => {
+    return {
+      client: new RekorClient({ BASE: baseUrl }),
+      baseUrl,
+      setBaseUrl,
+    };
+  }, [baseUrl]);
+
+  return <RekorClientContext.Provider value={context}>{children}</RekorClientContext.Provider>;
+};
+
+export function useRekorClient(): RekorClient {
+  const ctx = useContext(RekorClientContext);
+
+  if (!ctx) {
+    throw new Error("Hook useRekorClient requires RekorClientContext.");
+  }
+
+  return ctx.client;
+}
+
+export function useRekorBaseUrl(): [RekorClientContext["baseUrl"], RekorClientContext["setBaseUrl"]] {
+  const ctx = useContext(RekorClientContext);
+
+  if (!ctx) {
+    throw new Error("Hook useRekorBaseUrl requires RekorClientContext.");
+  }
+
+  return [ctx.baseUrl, ctx.setBaseUrl];
+}

client/src/app/api/rekor-api.ts

@@ -0,0 +1,105 @@
+import { useCallback } from "react";
+import { type LogEntry, RekorClient, type SearchIndex } from "rekor";
+import { useRekorClient } from "./context.tsx";
+
+const PAGE_SIZE = 20;
+
+export const ATTRIBUTES = ["email", "hash", "commitSha", "uuid", "logIndex"] as const;
+const ATTRIBUTES_SET = new Set<string>(ATTRIBUTES);
+
+export type Attribute = (typeof ATTRIBUTES)[number];
+
+export function isAttribute(input: string): input is Attribute {
+  return ATTRIBUTES_SET.has(input);
+}
+
+export type SearchQuery =
+  | {
+      attribute: "email" | "hash" | "commitSha" | "uuid";
+      query: string;
+    }
+  | {
+      attribute: "logIndex";
+      query: number;
+    };
+
+export interface RekorEntries {
+  totalCount: number;
+  entries: LogEntry[];
+}
+
+export function useRekorSearch() {
+  const client = useRekorClient();
+
+  return useCallback(
+    // eslint-disable-next-line @typescript-eslint/no-inferrable-types
+    async (search: SearchQuery, page: number = 1): Promise<RekorEntries> => {
+      switch (search.attribute) {
+        case "logIndex":
+          return {
+            totalCount: 1,
+            entries: [
+              await client.entries.getLogEntryByIndex({
+                logIndex: search.query,
+              }),
+            ],
+          };
+        case "uuid":
+          return {
+            totalCount: 1,
+            entries: [
+              await client.entries.getLogEntryByUuid({
+                entryUuid: search.query,
+              }),
+            ],
+          };
+        case "email":
+          return queryEntries(
+            client,
+            {
+              email: search.query,
+            },
+            page
+          );
+        case "hash":
+          return queryEntries(
+            client,
+            {
+              hash: search.query.startsWith("sha256:") ? search.query : `sha256:${search.query}`,
+            },
+            page
+          );
+        case "commitSha":
+          // eslint-disable-next-line no-case-declarations
+          const hash = await digestMessage(search.query);
+          return queryEntries(client, { hash }, page);
+      }
+    },
+    [client]
+  );
+}
+
+async function queryEntries(client: RekorClient, query: SearchIndex, page: number): Promise<RekorEntries> {
+  const logIndexes = await client.index.searchIndex({ query });
+
+  // Preventing entries from jumping between pages on refresh
+  logIndexes.sort();
+
+  const startIndex = (page - 1) * PAGE_SIZE;
+  const endIndex = startIndex + PAGE_SIZE;
+  const uuidToRetrieve = logIndexes.slice(startIndex, endIndex);
+
+  const entries = await Promise.all(uuidToRetrieve.map((entryUuid) => client.entries.getLogEntryByUuid({ entryUuid })));
+  return {
+    totalCount: logIndexes.length,
+    entries,
+  };
+}
+
+async function digestMessage(message: string): Promise<string> {
+  const msgUint8 = new TextEncoder().encode(message);
+  const hashBuffer = await crypto.subtle.digest("SHA-256", msgUint8);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hash = hashArray.map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `sha256:${hash}`;
+}

client/src/app/layout/default-layout.tsx

@@ -20,7 +20,7 @@ export const DefaultLayout: React.FC<DefaultLayoutProps> = ({ children }) => {
       masthead={<HeaderApp />}
       sidebar={<SidebarApp />}
       isManagedSidebar
-      defaultManagedSidebarIsOpen={false}
+      defaultManagedSidebarIsOpen
       skipToContent={PageSkipToContent}
       mainContainerId={pageId}
     >

client/src/app/layout/sidebar.tsx

@@ -23,6 +23,16 @@ export const SidebarApp: React.FC = () => {
               Trust root
             </NavLink>
           </li>
+          <li className={nav.navItem}>
+            <NavLink
+              to="/rekor-search"
+              className={({ isActive }) => {
+                return css(LINK_CLASS, isActive ? ACTIVE_LINK_CLASS : "");
+              }}
+            >
+              Rekor Search
+            </NavLink>
+          </li>
         </NavList>
       </Nav>
     );

client/src/app/pages/RekorSearch/RekorSearch.tsx

@@ -0,0 +1,13 @@
+import { PageSection } from "@patternfly/react-core";
+import { Explorer } from "./components/Explorer";
+import { RekorClientProvider } from "@app/api/context";
+
+export const RekorSearch: React.FC = () => {
+  return (
+    <PageSection>
+      <RekorClientProvider>
+        <Explorer />
+      </RekorClientProvider>
+    </PageSection>
+  );
+};

client/src/app/pages/RekorSearch/Template/Intoto001.tsx

@@ -0,0 +1,49 @@
+import { dump } from "js-yaml";
+import NextLink from "next/link";
+import { Prism as SyntaxHighlighter } from "react-syntax-highlighter";
+import { atomDark } from "react-syntax-highlighter/dist/cjs/styles/prism";
+import { type IntotoV001Schema } from "rekor";
+import { decodex509 } from "./x509/decode";
+import { Panel } from "@patternfly/react-core";
+
+export function IntotoViewer001({ intoto }: { intoto: IntotoV001Schema }) {
+  const certContent = window.atob(intoto.publicKey || "");
+
+  const publicKey = {
+    title: "Public Key",
+    content: certContent,
+  };
+  if (certContent.includes("BEGIN CERTIFICATE")) {
+    publicKey.title = "Public Key Certificate";
+    publicKey.content = dump(decodex509(certContent), {
+      noArrayIndent: true,
+      lineWidth: -1,
+    });
+  }
+
+  return (
+    <Panel>
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>
+        <NextLink
+          href={`/?hash=${intoto.content.payloadHash?.algorithm}:${intoto.content.payloadHash?.value}`}
+          passHref
+        >
+          Hash
+        </NextLink>
+      </h5>
+
+      <SyntaxHighlighter language="text" style={atomDark}>
+        {`${intoto.content.payloadHash?.algorithm}:${intoto.content.payloadHash?.value}`}
+      </SyntaxHighlighter>
+
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>Signature</h5>
+      <SyntaxHighlighter language="text" style={atomDark}>
+        {"Missing for intoto v0.0.1 entries"}
+      </SyntaxHighlighter>
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>{publicKey.title}</h5>
+      <SyntaxHighlighter language="yaml" style={atomDark}>
+        {publicKey.content}
+      </SyntaxHighlighter>
+    </Panel>
+  );
+}

client/src/app/pages/RekorSearch/Template/Intoto002.tsx

@@ -0,0 +1,45 @@
+import { dump } from "js-yaml";
+import Link from "next/link";
+import { Prism as SyntaxHighlighter } from "react-syntax-highlighter";
+import { atomDark } from "react-syntax-highlighter/dist/cjs/styles/prism";
+import { type IntotoV002Schema } from "rekor";
+import { decodex509 } from "./x509/decode";
+import { Panel } from "@patternfly/react-core";
+
+export function IntotoViewer002({ intoto }: { intoto: IntotoV002Schema }) {
+  const signature = intoto.content.envelope?.signatures[0];
+  const certContent = window.atob(signature?.publicKey || "");
+
+  const publicKey = {
+    title: "Public Key",
+    content: certContent,
+  };
+  if (certContent.includes("BEGIN CERTIFICATE")) {
+    publicKey.title = "Public Key Certificate";
+    publicKey.content = dump(decodex509(certContent), {
+      noArrayIndent: true,
+      lineWidth: -1,
+    });
+  }
+
+  return (
+    <Panel>
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>
+        <Link href={`/?hash=${intoto.content.payloadHash?.algorithm}:${intoto.content.payloadHash?.value}`}>Hash</Link>
+      </h5>
+
+      <SyntaxHighlighter language="text" style={atomDark}>
+        {`${intoto.content.payloadHash?.algorithm}:${intoto.content.payloadHash?.value}`}
+      </SyntaxHighlighter>
+
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>Signature</h5>
+      <SyntaxHighlighter language="text" style={atomDark}>
+        {window.atob(signature?.sig || "")}
+      </SyntaxHighlighter>
+      <h5 style={{ paddingTop: "1.5em", paddingBottom: "1.5em" }}>{publicKey.title}</h5>
+      <SyntaxHighlighter language="yaml" style={atomDark}>
+        {publicKey.content}
+      </SyntaxHighlighter>
+    </Panel>
+  );
+}

client/src/app/pages/RekorSearch/Template/x509/constants.tsx

@@ -0,0 +1,13 @@
+import { KeyUsageFlags } from "@peculiar/x509";
+
+export const KEY_USAGE_NAMES: Record<KeyUsageFlags, string> = {
+  [KeyUsageFlags.digitalSignature]: "Digital Signature",
+  [KeyUsageFlags.nonRepudiation]: "Non Repudiation",
+  [KeyUsageFlags.keyEncipherment]: "Key Encipherment",
+  [KeyUsageFlags.dataEncipherment]: "Data Encipherment",
+  [KeyUsageFlags.keyAgreement]: "Key Agreement",
+  [KeyUsageFlags.keyCertSign]: "Key Certificate Sign",
+  [KeyUsageFlags.cRLSign]: "Certificate Revocation List Sign",
+  [KeyUsageFlags.encipherOnly]: "Encipher Only",
+  [KeyUsageFlags.decipherOnly]: "Decipher Only",
+};