mirror of
https://github.com/inspec/inspec
synced 2024-11-26 22:50:36 +00:00
Updated to generate binary format of the signed profile
Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>
This commit is contained in:
parent
6bb06eee5f
commit
9ef83bfce8
6 changed files with 23 additions and 15 deletions
|
@ -22,4 +22,6 @@ module Inspec
|
||||||
attr_accessor :gem_name
|
attr_accessor :gem_name
|
||||||
attr_accessor :version
|
attr_accessor :version
|
||||||
end
|
end
|
||||||
|
|
||||||
|
class InvalidProfile < Error; end
|
||||||
end
|
end
|
||||||
|
|
|
@ -8,5 +8,6 @@ module Inspec
|
||||||
class ResourceFailed < StandardError; end
|
class ResourceFailed < StandardError; end
|
||||||
class ResourceSkipped < StandardError; end
|
class ResourceSkipped < StandardError; end
|
||||||
class SecretsBackendNotFound < ArgumentError; end
|
class SecretsBackendNotFound < ArgumentError; end
|
||||||
|
class ProfileValidationKeyNotFound < ArgumentError; end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -20,7 +20,7 @@ module Inspec
|
||||||
if iaf_file.valid?
|
if iaf_file.valid?
|
||||||
IafProvider.new(path)
|
IafProvider.new(path)
|
||||||
else
|
else
|
||||||
raise "Artifact is invalid"
|
raise Inspec::InvalidProfile, "Profile is invalid."
|
||||||
end
|
end
|
||||||
elsif File.exist?(path)
|
elsif File.exist?(path)
|
||||||
DirProvider.new(path)
|
DirProvider.new(path)
|
||||||
|
@ -234,10 +234,12 @@ module Inspec
|
||||||
while f.readline != "\n" do end
|
while f.readline != "\n" do end
|
||||||
content = f.read
|
content = f.read
|
||||||
f.close
|
f.close
|
||||||
else
|
elsif version == "INSPEC-PROFILE-2"
|
||||||
f.readline.strip!
|
content = f.read
|
||||||
content = f.read[358..content.length]
|
|
||||||
f.close
|
f.close
|
||||||
|
content = content.slice(490, content.length).lstrip
|
||||||
|
else
|
||||||
|
raise Inspec::InvalidProfile, "Profile is invalid."
|
||||||
end
|
end
|
||||||
|
|
||||||
tmpfile = nil
|
tmpfile = nil
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
require "base64" unless defined?(Base64)
|
require "base64" unless defined?(Base64)
|
||||||
require "openssl" unless defined?(OpenSSL)
|
require "openssl" unless defined?(OpenSSL)
|
||||||
|
|
||||||
# TODO: Refactor this once the binary format work gets merged.
|
|
||||||
module Inspec
|
module Inspec
|
||||||
class IafFile
|
class IafFile
|
||||||
KEY_ALG = OpenSSL::PKey::RSA
|
KEY_ALG = OpenSSL::PKey::RSA
|
||||||
|
@ -42,18 +41,20 @@ module Inspec
|
||||||
f.close
|
f.close
|
||||||
elsif version == INSPEC_PROFILE_VERSION_2
|
elsif version == INSPEC_PROFILE_VERSION_2
|
||||||
header << version
|
header << version
|
||||||
header << f.readline.strip!
|
|
||||||
content = f.read
|
content = f.read
|
||||||
f.close
|
f.close
|
||||||
|
|
||||||
header.concat(content[0..356].unpack("h*").pack("H*").split("."))
|
header_content = content.unpack("h*").pack("H*")
|
||||||
content = content[358..content.length]
|
header << header_content.slice(0, 100).rstrip
|
||||||
|
header << header_content.slice(100, 20).rstrip
|
||||||
|
header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
|
||||||
|
content = content.slice(490, content.length).lstrip
|
||||||
else
|
else
|
||||||
valid = false
|
valid = false
|
||||||
end
|
end
|
||||||
|
|
||||||
unless File.exist?("#{header[1]}.pem.pub")
|
unless File.exist?("#{header[1]}.pem.pub")
|
||||||
raise "Key not found"
|
raise Inspec::Exceptions::ProfileValidationKeyNotFound, "Profile validation key not found."
|
||||||
end
|
end
|
||||||
|
|
||||||
unless valid_header?(header)
|
unless valid_header?(header)
|
||||||
|
|
|
@ -59,12 +59,11 @@ module InspecPlugins
|
||||||
signature = signing_key.sign sha, content
|
signature = signing_key.sign sha, content
|
||||||
# convert the signature to Base64
|
# convert the signature to Base64
|
||||||
signature_base64 = Base64.encode64(signature)
|
signature_base64 = Base64.encode64(signature)
|
||||||
|
content = (format("%-100s", options[:keyname]) + format("%-20s", ARTIFACT_DIGEST_NAME) + format("%-370s", signature_base64)).gsub(" ", "\0").unpack("H*").pack("h*") + "#{content}"
|
||||||
|
|
||||||
header = "#{ARTIFACT_DIGEST_NAME}.#{signature_base64}".unpack("H*").pack("h*") + ".#{content}"
|
|
||||||
File.open(artifact_filename, "wb") do |f|
|
File.open(artifact_filename, "wb") do |f|
|
||||||
f.puts INSPEC_PROFILE_VERSION_2
|
f.puts INSPEC_PROFILE_VERSION_2
|
||||||
f.puts "#{options["keyname"]}"
|
f.write(content)
|
||||||
f.write(header)
|
|
||||||
end
|
end
|
||||||
puts "Successfully generated #{artifact_filename}"
|
puts "Successfully generated #{artifact_filename}"
|
||||||
end
|
end
|
||||||
|
@ -79,10 +78,13 @@ module InspecPlugins
|
||||||
|
|
||||||
iaf_file = Inspec::IafFile.new(file_to_verifiy)
|
iaf_file = Inspec::IafFile.new(file_to_verifiy)
|
||||||
if iaf_file.valid?
|
if iaf_file.valid?
|
||||||
puts "Artifact is valid"
|
puts "Profile is valid."
|
||||||
else
|
else
|
||||||
puts "Artifact is invalid"
|
puts "Profile is invalid"
|
||||||
end
|
end
|
||||||
|
rescue Inspec::Exceptions::ProfileValidationKeyNotFound => e
|
||||||
|
$stderr.puts e.message
|
||||||
|
exit 1
|
||||||
end
|
end
|
||||||
|
|
||||||
def read_profile_metadata(path_to_profile)
|
def read_profile_metadata(path_to_profile)
|
||||||
|
|
|
@ -52,7 +52,7 @@ describe "command tests" do
|
||||||
it "outputs both core commands and v2 CLI plugins" do
|
it "outputs both core commands and v2 CLI plugins" do
|
||||||
commands = %w{
|
commands = %w{
|
||||||
archive
|
archive
|
||||||
artifact
|
sign
|
||||||
check
|
check
|
||||||
compliance
|
compliance
|
||||||
automate
|
automate
|
||||||
|
|
Loading…
Reference in a new issue