vikarti.anatra/safing-jess
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add support for verifying files from stdin

Browse source
This commit is contained in:
Daniel 2022-07-11 17:02:17 +02:00
parent d398ae6956
commit a33fe9b9cf
1 changed files with 18 additions and 3 deletions

21
filesig/helpers.go
View file

@ -4,13 +4,17 @@ import (
"errors" "errors"
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"os"
"strings" "strings"
"github.com/safing/jess" "github.com/safing/jess"
"github.com/safing/jess/hashtools" "github.com/safing/jess/hashtools"
"github.com/safing/jess/lhash"
) )
// SignFile signs a file and replaces the signature file with a new one. // SignFile signs a file and replaces the signature file with a new one.
// If the dataFilePath is "-", the file data is read from stdin.
// Existing jess signatures in the signature file are removed.
func SignFile(dataFilePath, signatureFilePath string, metaData map[string]string, envelope *jess.Envelope, trustStore jess.TrustStore) (fileData *FileData, err error) { func SignFile(dataFilePath, signatureFilePath string, metaData map[string]string, envelope *jess.Envelope, trustStore jess.TrustStore) (fileData *FileData, err error) {
// Load encryption suite. // Load encryption suite.
if err := envelope.LoadSuite(); err != nil { if err := envelope.LoadSuite(); err != nil {
@ -21,7 +25,7 @@ func SignFile(dataFilePath, signatureFilePath string, metaData map[string]string
var hashTool *hashtools.HashTool var hashTool *hashtools.HashTool
for _, toolID := range envelope.Suite().Tools { for _, toolID := range envelope.Suite().Tools {
if strings.Contains(toolID, "(") { if strings.Contains(toolID, "(") {
hashToolID := strings.Trim(strings.Split(toolID, "(")[0], "()") hashToolID := strings.Trim(strings.Split(toolID, "(")[1], "()")
hashTool, _ = hashtools.Get(hashToolID) hashTool, _ = hashtools.Get(hashToolID)
break break
} }
@ -31,7 +35,12 @@ func SignFile(dataFilePath, signatureFilePath string, metaData map[string]string
} }
// Hash the data file. // Hash the data file.
fileHash, err := hashTool.LabeledHasher().DigestFile(dataFilePath) var fileHash *lhash.LabeledHash
if dataFilePath == "-" {
fileHash, err = hashTool.LabeledHasher().DigestFromReader(os.Stdin)
} else {
fileHash, err = hashTool.LabeledHasher().DigestFile(dataFilePath)
}
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to hash file: %w", err) return nil, fmt.Errorf("failed to hash file: %w", err)
} }
@ -57,6 +66,7 @@ func SignFile(dataFilePath, signatureFilePath string, metaData map[string]string
} }
// VerifyFile verifies the given files and returns the verified file data. // VerifyFile verifies the given files and returns the verified file data.
// If the dataFilePath is "-", the file data is read from stdin.
// If an error is returned, there was an error in at least some part of the process. // If an error is returned, there was an error in at least some part of the process.
// Any returned file data struct must be checked for an verification error. // Any returned file data struct must be checked for an verification error.
func VerifyFile(dataFilePath, signatureFilePath string, metaData map[string]string, trustStore jess.TrustStore) (verifiedFileData []*FileData, err error) { func VerifyFile(dataFilePath, signatureFilePath string, metaData map[string]string, trustStore jess.TrustStore) (verifiedFileData []*FileData, err error) {
@ -95,7 +105,12 @@ func VerifyFile(dataFilePath, signatureFilePath string, metaData map[string]stri
} }
// Hash the file. // Hash the file.
fileHash, err := fileData.FileHash().Algorithm().DigestFile(dataFilePath) var fileHash *lhash.LabeledHash
if dataFilePath == "-" {
fileHash, err = fileData.FileHash().Algorithm().DigestFromReader(os.Stdin)
} else {
fileHash, err = fileData.FileHash().Algorithm().DigestFile(dataFilePath)
}
if err != nil { if err != nil {
lastErr = err lastErr = err
fileData.verificationError = err fileData.verificationError = err