mirror of
https://github.com/inspec/inspec
synced 2024-11-22 20:53:11 +00:00
Updated to generate binary format of the signed profile
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
6bb06eee5f
commit
9ef83bfce8
6 changed files with 23 additions and 15 deletions
|
@ -22,4 +22,6 @@ module Inspec
|
|||
attr_accessor :gem_name
|
||||
attr_accessor :version
|
||||
end
|
||||
|
||||
class InvalidProfile < Error; end
|
||||
end
|
||||
|
|
|
@ -8,5 +8,6 @@ module Inspec
|
|||
class ResourceFailed < StandardError; end
|
||||
class ResourceSkipped < StandardError; end
|
||||
class SecretsBackendNotFound < ArgumentError; end
|
||||
class ProfileValidationKeyNotFound < ArgumentError; end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -20,7 +20,7 @@ module Inspec
|
|||
if iaf_file.valid?
|
||||
IafProvider.new(path)
|
||||
else
|
||||
raise "Artifact is invalid"
|
||||
raise Inspec::InvalidProfile, "Profile is invalid."
|
||||
end
|
||||
elsif File.exist?(path)
|
||||
DirProvider.new(path)
|
||||
|
@ -234,10 +234,12 @@ module Inspec
|
|||
while f.readline != "\n" do end
|
||||
content = f.read
|
||||
f.close
|
||||
else
|
||||
f.readline.strip!
|
||||
content = f.read[358..content.length]
|
||||
elsif version == "INSPEC-PROFILE-2"
|
||||
content = f.read
|
||||
f.close
|
||||
content = content.slice(490, content.length).lstrip
|
||||
else
|
||||
raise Inspec::InvalidProfile, "Profile is invalid."
|
||||
end
|
||||
|
||||
tmpfile = nil
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
require "base64" unless defined?(Base64)
|
||||
require "openssl" unless defined?(OpenSSL)
|
||||
|
||||
# TODO: Refactor this once the binary format work gets merged.
|
||||
module Inspec
|
||||
class IafFile
|
||||
KEY_ALG = OpenSSL::PKey::RSA
|
||||
|
@ -42,18 +41,20 @@ module Inspec
|
|||
f.close
|
||||
elsif version == INSPEC_PROFILE_VERSION_2
|
||||
header << version
|
||||
header << f.readline.strip!
|
||||
content = f.read
|
||||
f.close
|
||||
|
||||
header.concat(content[0..356].unpack("h*").pack("H*").split("."))
|
||||
content = content[358..content.length]
|
||||
header_content = content.unpack("h*").pack("H*")
|
||||
header << header_content.slice(0, 100).rstrip
|
||||
header << header_content.slice(100, 20).rstrip
|
||||
header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
|
||||
content = content.slice(490, content.length).lstrip
|
||||
else
|
||||
valid = false
|
||||
end
|
||||
|
||||
unless File.exist?("#{header[1]}.pem.pub")
|
||||
raise "Key not found"
|
||||
raise Inspec::Exceptions::ProfileValidationKeyNotFound, "Profile validation key not found."
|
||||
end
|
||||
|
||||
unless valid_header?(header)
|
||||
|
|
|
@ -59,12 +59,11 @@ module InspecPlugins
|
|||
signature = signing_key.sign sha, content
|
||||
# convert the signature to Base64
|
||||
signature_base64 = Base64.encode64(signature)
|
||||
content = (format("%-100s", options[:keyname]) + format("%-20s", ARTIFACT_DIGEST_NAME) + format("%-370s", signature_base64)).gsub(" ", "\0").unpack("H*").pack("h*") + "#{content}"
|
||||
|
||||
header = "#{ARTIFACT_DIGEST_NAME}.#{signature_base64}".unpack("H*").pack("h*") + ".#{content}"
|
||||
File.open(artifact_filename, "wb") do |f|
|
||||
f.puts INSPEC_PROFILE_VERSION_2
|
||||
f.puts "#{options["keyname"]}"
|
||||
f.write(header)
|
||||
f.write(content)
|
||||
end
|
||||
puts "Successfully generated #{artifact_filename}"
|
||||
end
|
||||
|
@ -79,10 +78,13 @@ module InspecPlugins
|
|||
|
||||
iaf_file = Inspec::IafFile.new(file_to_verifiy)
|
||||
if iaf_file.valid?
|
||||
puts "Artifact is valid"
|
||||
puts "Profile is valid."
|
||||
else
|
||||
puts "Artifact is invalid"
|
||||
puts "Profile is invalid"
|
||||
end
|
||||
rescue Inspec::Exceptions::ProfileValidationKeyNotFound => e
|
||||
$stderr.puts e.message
|
||||
exit 1
|
||||
end
|
||||
|
||||
def read_profile_metadata(path_to_profile)
|
||||
|
|
|
@ -52,7 +52,7 @@ describe "command tests" do
|
|||
it "outputs both core commands and v2 CLI plugins" do
|
||||
commands = %w{
|
||||
archive
|
||||
artifact
|
||||
sign
|
||||
check
|
||||
compliance
|
||||
automate
|
||||
|
|
Loading…
Reference in a new issue