Updated to generate binary format of the signed profile

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
Vasu1105 2022-05-01 18:06:13 +05:30
parent 6bb06eee5f
commit 9ef83bfce8
6 changed files with 23 additions and 15 deletions

View file

@ -22,4 +22,6 @@ module Inspec
attr_accessor :gem_name
attr_accessor :version
end
class InvalidProfile < Error; end
end

View file

@ -8,5 +8,6 @@ module Inspec
class ResourceFailed < StandardError; end
class ResourceSkipped < StandardError; end
class SecretsBackendNotFound < ArgumentError; end
class ProfileValidationKeyNotFound < ArgumentError; end
end
end

View file

@ -20,7 +20,7 @@ module Inspec
if iaf_file.valid?
IafProvider.new(path)
else
raise "Artifact is invalid"
raise Inspec::InvalidProfile, "Profile is invalid."
end
elsif File.exist?(path)
DirProvider.new(path)
@ -234,10 +234,12 @@ module Inspec
while f.readline != "\n" do end
content = f.read
f.close
else
f.readline.strip!
content = f.read[358..content.length]
elsif version == "INSPEC-PROFILE-2"
content = f.read
f.close
content = content.slice(490, content.length).lstrip
else
raise Inspec::InvalidProfile, "Profile is invalid."
end
tmpfile = nil

View file

@ -1,7 +1,6 @@
require "base64" unless defined?(Base64)
require "openssl" unless defined?(OpenSSL)
# TODO: Refactor this once the binary format work gets merged.
module Inspec
class IafFile
KEY_ALG = OpenSSL::PKey::RSA
@ -42,18 +41,20 @@ module Inspec
f.close
elsif version == INSPEC_PROFILE_VERSION_2
header << version
header << f.readline.strip!
content = f.read
f.close
header.concat(content[0..356].unpack("h*").pack("H*").split("."))
content = content[358..content.length]
header_content = content.unpack("h*").pack("H*")
header << header_content.slice(0, 100).rstrip
header << header_content.slice(100, 20).rstrip
header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
content = content.slice(490, content.length).lstrip
else
valid = false
end
unless File.exist?("#{header[1]}.pem.pub")
raise "Key not found"
raise Inspec::Exceptions::ProfileValidationKeyNotFound, "Profile validation key not found."
end
unless valid_header?(header)

View file

@ -59,12 +59,11 @@ module InspecPlugins
signature = signing_key.sign sha, content
# convert the signature to Base64
signature_base64 = Base64.encode64(signature)
content = (format("%-100s", options[:keyname]) + format("%-20s", ARTIFACT_DIGEST_NAME) + format("%-370s", signature_base64)).gsub(" ", "\0").unpack("H*").pack("h*") + "#{content}"
header = "#{ARTIFACT_DIGEST_NAME}.#{signature_base64}".unpack("H*").pack("h*") + ".#{content}"
File.open(artifact_filename, "wb") do |f|
f.puts INSPEC_PROFILE_VERSION_2
f.puts "#{options["keyname"]}"
f.write(header)
f.write(content)
end
puts "Successfully generated #{artifact_filename}"
end
@ -79,10 +78,13 @@ module InspecPlugins
iaf_file = Inspec::IafFile.new(file_to_verifiy)
if iaf_file.valid?
puts "Artifact is valid"
puts "Profile is valid."
else
puts "Artifact is invalid"
puts "Profile is invalid"
end
rescue Inspec::Exceptions::ProfileValidationKeyNotFound => e
$stderr.puts e.message
exit 1
end
def read_profile_metadata(path_to_profile)

View file

@ -52,7 +52,7 @@ describe "command tests" do
it "outputs both core commands and v2 CLI plugins" do
commands = %w{
archive
artifact
sign
check
compliance
automate