Updated to generate binary format of the signed profile

Signed-off-by: Vasu1105 <vasundhara.jagdale@chef.io>

lib/inspec/errors.rb

@@ -22,4 +22,6 @@ module Inspec
     attr_accessor :gem_name
     attr_accessor :version
   end
+
+  class InvalidProfile < Error; end
 end

lib/inspec/exceptions.rb

@@ -8,5 +8,6 @@ module Inspec
     class ResourceFailed < StandardError; end
     class ResourceSkipped < StandardError; end
     class SecretsBackendNotFound < ArgumentError; end
+    class ProfileValidationKeyNotFound < ArgumentError; end
   end
 end

lib/inspec/file_provider.rb

@@ -20,7 +20,7 @@ module Inspec
         if iaf_file.valid?
           IafProvider.new(path)
         else
-          raise "Artifact is invalid"
+          raise Inspec::InvalidProfile, "Profile is invalid."
         end
       elsif File.exist?(path)
         DirProvider.new(path)
@@ -234,10 +234,12 @@ module Inspec
         while f.readline != "\n" do end
         content = f.read
         f.close
-      else
+      elsif version == "INSPEC-PROFILE-2"
-        f.readline.strip!
+        content = f.read
-        content = f.read[358..content.length]
         f.close
+        content = content.slice(490, content.length).lstrip
+      else
+        raise Inspec::InvalidProfile, "Profile is invalid."
       end
 
       tmpfile = nil

lib/inspec/iaf_file.rb

@@ -1,7 +1,6 @@
 require "base64" unless defined?(Base64)
 require "openssl" unless defined?(OpenSSL)
 
-# TODO: Refactor this once the binary format work gets merged.
 module Inspec
   class IafFile
     KEY_ALG = OpenSSL::PKey::RSA
@@ -42,18 +41,20 @@ module Inspec
         f.close
       elsif version == INSPEC_PROFILE_VERSION_2
         header << version
-        header << f.readline.strip!
         content = f.read
         f.close
 
-        header.concat(content[0..356].unpack("h*").pack("H*").split("."))
+        header_content = content.unpack("h*").pack("H*")
-        content = content[358..content.length]
+        header << header_content.slice(0, 100).rstrip
+        header << header_content.slice(100, 20).rstrip
+        header << header_content.slice(120, 370).rstrip + "\n" # \n at the end is require in this field
+        content = content.slice(490, content.length).lstrip
       else
         valid = false
       end
 
       unless File.exist?("#{header[1]}.pem.pub")
-        raise "Key not found"
+        raise Inspec::Exceptions::ProfileValidationKeyNotFound, "Profile validation key not found."
       end
 
       unless valid_header?(header)

lib/plugins/inspec-sign/lib/inspec-sign/base.rb

@@ -59,12 +59,11 @@ module InspecPlugins
           signature = signing_key.sign sha, content
           # convert the signature to Base64
           signature_base64 = Base64.encode64(signature)
+          content = (format("%-100s", options[:keyname]) + format("%-20s", ARTIFACT_DIGEST_NAME) + format("%-370s", signature_base64)).gsub(" ", "\0").unpack("H*").pack("h*") + "#{content}"
 
-          header = "#{ARTIFACT_DIGEST_NAME}.#{signature_base64}".unpack("H*").pack("h*") + ".#{content}"
           File.open(artifact_filename, "wb") do |f|
             f.puts INSPEC_PROFILE_VERSION_2
-            f.puts "#{options["keyname"]}"
+            f.write(content)
-            f.write(header)
           end
           puts "Successfully generated #{artifact_filename}"
         end
@@ -79,10 +78,13 @@ module InspecPlugins
 
         iaf_file = Inspec::IafFile.new(file_to_verifiy)
         if iaf_file.valid?
-          puts "Artifact is valid"
+          puts "Profile is valid."
         else
-          puts "Artifact is invalid"
+          puts "Profile is invalid"
         end
+      rescue Inspec::Exceptions::ProfileValidationKeyNotFound => e
+        $stderr.puts e.message
+        exit 1
       end
 
       def read_profile_metadata(path_to_profile)

test/functional/inspec_test.rb

@@ -52,7 +52,7 @@ describe "command tests" do
     it "outputs both core commands and v2 CLI plugins" do
       commands = %w{
         archive
-        artifact
+        sign
         check
         compliance
         automate