-
Notifications
You must be signed in to change notification settings - Fork 15
/
hash.go
69 lines (58 loc) · 1.74 KB
/
hash.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
// Copyright © 2023 Intel Corporation
// SPDX-License-Identifier: Apache-2.0
package cmd
import (
"encoding/hex"
"fmt"
"os"
"path/filepath"
"aconcli/cryptoutil"
"github.com/spf13/cobra"
)
var hashCmd = &cobra.Command{
Use: "hash certificate [manifest]...",
Short: "Compute SignerID and ImageIDs",
Long: `
Compute the digests of the specified certificate and manifest files using the
hash algorithm deduced from the certificate file.
Outputs from 'aconcli hash' are the SignerID of the certificate file and the
ImageIDs of the manifest files as if signed by that certificate.
`,
Args: cobra.MinimumNArgs(1),
RunE: func(cmd *cobra.Command, args []string) error {
return doHash(args)
},
}
func doHash(args []string) error {
certFile := args[0]
files := args[1:]
certDigest, hashAlgo, err := cryptoutil.GetCertDigest(certFile)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to get hash algorithm and digest for %s: %v\n", certFile, err)
return err
}
fmt.Fprintf(os.Stdout, "%s/%v\t%s\n", hashAlgo, hex.EncodeToString(certDigest), certFile)
for _, file := range files {
content, err := os.ReadFile(filepath.Clean(file))
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to read file %s: %v\n", file, err)
continue
}
content, err = canonicalJson(content)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to canonicalize file %s: %v\n", file, err)
continue
}
manifestDigest, err := cryptoutil.BytesDigest(content, hashAlgo)
if err != nil {
fmt.Fprintf(os.Stderr, "Failed to get digest for %s: %v\n", file, err)
continue
}
fmt.Fprintf(os.Stdout, "%s/%v/%v\t%s\n", hashAlgo,
hex.EncodeToString(certDigest), hex.EncodeToString(manifestDigest), file)
}
return nil
}
func init() {
rootCmd.AddCommand(hashCmd)
}