Skip to content

Commit

Permalink
Improvements / Changes to Link Attestor (#428)
Browse files Browse the repository at this point in the history
* adding flag logic for outfile
---------
Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: John Kjell <john@testifysec.com>
Co-authored-by: John Kjell <john@testifysec.com>
  • Loading branch information
ChaosInTheCRD authored Apr 7, 2024
1 parent 1836ab9 commit b8e9f51
Show file tree
Hide file tree
Showing 6 changed files with 422 additions and 158 deletions.
5 changes: 1 addition & 4 deletions cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,6 @@ func rsakeypair(t *testing.T) (privatePem *os.File, publicPem *os.File) {
}

return privatePem, publicPem

}

// ref: https://jamielinux.com/docs/openssl-certificate-authority/appendix/intermediate-configuration-file.html
Expand Down Expand Up @@ -189,7 +188,7 @@ func fullChain(t *testing.T) (caPem *os.File, intermediatePems []*os.File, leafP
t.Fatal(err)
}

//common name must be different than the CA name
// common name must be different than the CA name
intermediate := &x509.Certificate{
SerialNumber: big.NewInt(43),
Subject: pkix.Name{
Expand Down Expand Up @@ -261,7 +260,6 @@ func fullChain(t *testing.T) (caPem *os.File, intermediatePems []*os.File, leafP
}

leafkeyPem, err = os.CreateTemp(workingDir, "leaf.key")

if err != nil {
t.Fatal(err)
}
Expand All @@ -272,5 +270,4 @@ func fullChain(t *testing.T) (caPem *os.File, intermediatePems []*os.File, leafP
}

return caPem, intermediatePems, leafPem, leafkeyPem

}
56 changes: 45 additions & 11 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"context"
"encoding/json"
"fmt"
"path/filepath"

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/archivista"
Expand Down Expand Up @@ -138,26 +139,59 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
return err
}

for _, result := range results {
for i, result := range results {
signedBytes, err := json.Marshal(&result.SignedEnvelope)
if err != nil {
return fmt.Errorf("failed to marshal envelope: %w", err)
}

// TODO: Find out explicit way to describe "prefix" in CLI options
outfile := ro.OutFilePath
if result.AttestorName != "" {
outfile += "-" + result.AttestorName + ".json"
var outfile string
// NOTE: This is a temporary fix until https://github.com/in-toto/witness/pull/350 is merged
if ro.OutFile != "" && ro.OutFilePath != "" {
return fmt.Errorf("cannot use both --outfile and --output")
}
if ro.OutFile != "" {
log.Warn("--outfile is deprecated, please use --output instead")
if len(results) > 1 {
atts := "collection"
for _, r := range results {
if r.AttestorName != "" {
atts = fmt.Sprintf("%s, %s", atts, r.AttestorName)
}
}
return fmt.Errorf("multiple attestations (%s) were created but only one output file was specified", atts)
}
outfile = ro.OutFile
} else if ro.OutFilePath != "" {
var prefix string
if ro.OutFilePrefix != "" {
prefix = ro.OutFilePrefix
} else {
prefix = ro.StepName
}

out, err := loadOutfile(outfile)
if err != nil {
return fmt.Errorf("failed to open out file: %w", err)
if result.AttestorName != "" {
outfile = filepath.Join(ro.OutFilePath, fmt.Sprintf("%s.%s.json", prefix, result.AttestorName))
} else if result.Collection.Name != "" {
outfile = filepath.Join(ro.OutFilePath, fmt.Sprintf("%s.collection.json", prefix))
}
// We only want to warn the user wants so logging on the first iteration
} else if ro.OutFilePrefix != "" && i == 0 {
log.Warn("--output-prefix is ignored unless --output is set")
}
defer out.Close()

if _, err := out.Write(signedBytes); err != nil {
return fmt.Errorf("failed to write envelope to out file: %w", err)
if outfile != "" {
out, err := loadOutfile(outfile)
if err != nil {
return fmt.Errorf("failed to open out file: %w", err)
}
defer out.Close()

if _, err := out.Write(signedBytes); err != nil {
return fmt.Errorf("failed to write envelope to out file: %w", err)
}

log.Info("attestation written to ", outfile)
}

if ro.ArchivistaOptions.Enable {
Expand Down
Loading

0 comments on commit b8e9f51

Please sign in to comment.