Skip to content

codenotary/immuproof

BranchesTags

Repository files navigation

Immuproof

Coverage Status

CAS Validation Service.

When immuproof is launched it fetches a fresh status from immudb the immutable database CAS is build on and it verifies the integrity compared to an older one stored locally. The validation service checks if the previous state is "included" in the new state of immudb. A REST service is also provided to allow the user to query the status of the validation as well as a Web UI to visualize data.

Public CAS validator URLs

Here you can find the public CAS validators:

Codenotary

AlmaLinux

Home Assistant

Golang version

Currently supported Go version is 1.17

Build

go build -o immuproof main.go

Usage

Local environment

immuproof serve --api-key {your CAS api key} --port 3324 --no-tls

CAS environment

immuproof serve --api-key {your CAS api key} --port 443 --host cas.codenotary.com

Usage with docker

docker pull codenotary/immuproof:latest
docker run -p 8091:8091 codenotary/immuproof serve --api-key {your api key} --port 443 --host cas.codenotary.com --audit-interval 1h --state-history-size 72

In order to keep the audit history and immudb status file it's recommended to run the service with a mounted volume inside the docker container using following flags:

--audit-state-folder={mountpoint inside container}
--state-history-file={mountpoint inside container/filename}

or environment variables:

IMMUPROOF_AUDIT_STATE_FOLDER={mountpoint inside container}
IMMUPROOF_STATE_HISTORY_FILE={mountpoint inside container/filename}

HTTPS

Following commands can be used to generate a self-signed certificate for the local server.

openssl ecparam -genkey -name secp384r1 -out server.key
openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650

Launch immuproof with the generated certificate:

immuproof serve --api-key {your CAS api key} --port 443 --host cas.codenotary.com --audit-interval 1s --state-history-size 72 --web-cert-file server.crt --web-key-file server.key

Environment variables

  IMMUPROOF_API_KEY=
  IMMUPROOF_PORT=
  IMMUPROOF_HOST=
  IMMUPROOF_SKIP_TLS_VERIFY=
  IMMUPROOF_NO_TLS=
  IMMUPROOF_CERT=
  IMMUPROOF_HOST=
  IMMUPROOF_AUDIT_INTERVAL=
  IMMUPROOF_AUDIT_STATE_FOLDER=
  IMMUPROOF_STATE_HISTORY_SIZE=
  IMMUPROOF_STATE_HISTORY_FILE=
  IMMUPROOF_WEB_PORT=
  IMMUPROOF_WEB_ADDRESS=
  IMMUPROOF_WEB_KEY_FILE=
  IMMUPROOF_WEB_CERT_FILE=
  IMMUPROOF_WEB_TITLE_TEXT=
  IMMUPROOF_WEB_HOSTED_BY_LOGO_URL=
  IMMUPROOF_WEB_HOSTED_BY_LOGO_LINK=
  IMMUPROOF_WEB_HOSTED_BY_TEXT=

Others serve options

Audit a ledger and launch an HTTP rest server to show audit results.

Eg:
# Collect 3 days of status checks (1 per hour) from CAS server
  immuproof serve --api-key {your CAS api-key} --port 443 --host cas.codenotary.com --audit-interval 1h --state-history-size 72

Usage:
  immuproof serve [flags]

Flags:
  --audit-interval duration          interval between audit runs (default 1h0m0s)
  --audit-state-folder string        folder to store immudb immutable state (default "HOME/.local/state/immuproof")
  -h, --help                         help for serve
  --state-history-file string        absolute file path to store history of immutable states. (JSON format) (default "HOME/.local/state/immuproof/state-history.json")
  --state-history-size int           max size of the history of immutable states. (default 90)
  --web-address string               rest server address (default "localhost")
  --web-cert-file string             certificate file absolute path
  --web-hosted-by-logo-link string   link for hosted by logo
  --web-hosted-by-logo-url string    URL to hosted by logo
  --web-hosted-by-text string        displayed subtitle for hosted by logo (default "Hosted by:")
  --web-key-file string              key file absolute path
  --web-port string                  rest server port (default "8091")
  --web-title-text string            displayed title text (default "COMMUNITY ATTESTATION SERVICE VALIDATOR")

Global Flags:
  --api-key strings   CAS api-keys. Can be specified multiple times. First key is used for signing. For each key provided related ledger is audit. If no key is provided, no audit is performed
  --cert string       local or absolute path to a certificate file needed to set up tls connection to a CAS server
  --config string     config file (default is /root/.config/immuproof/.immuproof.yaml) (default "HOME/.config/immuproof")
  -a, --host string       CAS server host address (default "localhost")
  --no-tls            allow insecure connections when connecting to a CAS server
  -p, --port int          CAS server port number (default 443)
  --skip-tls-verify   disables tls certificate verification when connecting to a CAS server

About

No description, website, or topics provided.

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

12 watching

Forks

0 forks
Report repository

Releases

7 tags

Packages

No packages published

Contributors 9

Languages