...

Source file src/github.com/theupdateframework/go-tuf/cmd/tuf/add_signatures.go

Documentation: github.com/theupdateframework/go-tuf/cmd/tuf

     1  package main
     2  
     3  import (
     4  	"encoding/base64"
     5  	"encoding/json"
     6  	"fmt"
     7  	"os"
     8  
     9  	"github.com/flynn/go-docopt"
    10  	"github.com/theupdateframework/go-tuf"
    11  	"github.com/theupdateframework/go-tuf/data"
    12  )
    13  
    14  func init() {
    15  	register("add-signatures", cmdAddSignature, `
    16  usage: tuf add-signatures [--signatures <sig_file>] [--format=<format>] [--key-id=<key-id>] <metadata>
    17  
    18  Adds signatures (the output of "sign-payload") to the given role metadata file.
    19  
    20  If the signature does not verify, it will not be added.
    21  
    22  Options:
    23    --signatures=<sig_file>   The path to the file containing the signatures to add. If not present, the contents are read from stdin
    24    --format=<format>    One of 'json', 'hex', or 'base64'. Defaults to 'json'
    25    --key-id=<key-id>    The key-id of the signature being added. Only required if the format is not 'json'
    26  `)
    27  }
    28  
    29  func cmdAddSignature(args *docopt.Args, repo *tuf.Repo) error {
    30  	roleFilename := args.String["<metadata>"]
    31  
    32  	f := args.String["--signatures"]
    33  	var sigBytes []byte
    34  	var err error
    35  	if f != "" {
    36  		sigBytes, err = os.ReadFile(f)
    37  		if err != nil {
    38  			return err
    39  		}
    40  	} else {
    41  		var input string
    42  		_, err := fmt.Scan(&input)
    43  		if err != nil {
    44  			return err
    45  		}
    46  		sigBytes = []byte(input)
    47  	}
    48  	sigs := []data.Signature{}
    49  	switch args.String["--format"] {
    50  	case "base64":
    51  		base64bytes, err := base64.StdEncoding.DecodeString(string(sigBytes))
    52  		if err != nil {
    53  			return err
    54  		}
    55  		sigs = append(sigs, data.Signature{KeyID: args.String["--key-id"], Signature: base64bytes})
    56  	case "hex":
    57  		hex := data.HexBytes{}
    58  		if err = hex.FromString(sigBytes); err != nil {
    59  			return err
    60  		}
    61  		sigs = append(sigs, data.Signature{KeyID: args.String["--key-id"], Signature: hex})
    62  	case "json":
    63  	default:
    64  		if err = json.Unmarshal(sigBytes, &sigs); err != nil {
    65  			return err
    66  		}
    67  	}
    68  	for _, sig := range sigs {
    69  		if err = repo.AddOrUpdateSignature(roleFilename, sig); err != nil {
    70  			return err
    71  		}
    72  	}
    73  	fmt.Fprintln(os.Stderr, "tuf: added", len(sigs), "new signature(s)")
    74  	return nil
    75  }
    76  

View as plain text