...
1 package main
2
3 import (
4 "encoding/base64"
5 "encoding/json"
6 "fmt"
7 "os"
8
9 "github.com/flynn/go-docopt"
10 "github.com/theupdateframework/go-tuf"
11 "github.com/theupdateframework/go-tuf/data"
12 )
13
14 func init() {
15 register("add-signatures", cmdAddSignature, `
16 usage: tuf add-signatures [--signatures <sig_file>] [--format=<format>] [--key-id=<key-id>] <metadata>
17
18 Adds signatures (the output of "sign-payload") to the given role metadata file.
19
20 If the signature does not verify, it will not be added.
21
22 Options:
23 --signatures=<sig_file> The path to the file containing the signatures to add. If not present, the contents are read from stdin
24 --format=<format> One of 'json', 'hex', or 'base64'. Defaults to 'json'
25 --key-id=<key-id> The key-id of the signature being added. Only required if the format is not 'json'
26 `)
27 }
28
29 func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error {
30 roleFilename := args.String["<metadata>"]
31
32 f := args.String["--signatures"]
33 var sigBytes []byte
34 var err error
35 if f != "" {
36 sigBytes, err = os.ReadFile(f)
37 if err != nil {
38 return err
39 }
40 } else {
41 var input string
42 _, err := fmt.Scan(&input)
43 if err != nil {
44 return err
45 }
46 sigBytes = []byte(input)
47 }
48 sigs := []data.Signature{}
49 switch args.String["--format"] {
50 case "base64":
51 base64bytes, err := base64.StdEncoding.DecodeString(string(sigBytes))
52 if err != nil {
53 return err
54 }
55 sigs = append(sigs, data.Signature{KeyID: args.String["--key-id"], Signature: base64bytes})
56 case "hex":
57 hex := data.HexBytes{}
58 if err = hex.FromString(sigBytes); err != nil {
59 return err
60 }
61 sigs = append(sigs, data.Signature{KeyID: args.String["--key-id"], Signature: hex})
62 case "json":
63 default:
64 if err = json.Unmarshal(sigBytes, &sigs); err != nil {
65 return err
66 }
67 }
68 for _, sig := range sigs {
69 if err = repo.AddOrUpdateSignature(roleFilename, sig); err != nil {
70 return err
71 }
72 }
73 fmt.Fprintln(os.Stderr, "tuf: added", len(sigs), "new signature(s)")
74 return nil
75 }
76
View as plain text