From 8da382069f42f6d88d3abf914dd38d7e40a845bc Mon Sep 17 00:00:00 2001
From: Rasmus Dahlberg <rasmus@mullvad.net>
Date: Wed, 2 Mar 2022 23:16:43 +0100
Subject: initial commit

---
 cmd/sigsum/cmd.go | 131 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 131 insertions(+)
 create mode 100644 cmd/sigsum/cmd.go

(limited to 'cmd/sigsum/cmd.go')

diff --git a/cmd/sigsum/cmd.go b/cmd/sigsum/cmd.go
new file mode 100644
index 0000000..70a1c51
--- /dev/null
+++ b/cmd/sigsum/cmd.go
@@ -0,0 +1,131 @@
+package main
+
+import (
+	"bytes"
+	"context"
+	"fmt"
+	"io/ioutil"
+	"time"
+
+	"git.sigsum.org/sigsum-lib-go/pkg/requests"
+	"git.sigsum.org/sigsum-lib-go/pkg/types"
+	"git.sigsum.org/sigsum-tool-go/pkg/client"
+	"git.sigsum.org/sigsum-tool-go/pkg/policy"
+	"git.sigsum.org/sigsum-tool-go/pkg/signatures"
+	"git.sigsum.org/sigsum-tool-go/pkg/signatures/minisign"
+	"git.sigsum.org/sigsum-tool-go/pkg/signatures/signify"
+	"git.sigsum.org/sigsum-tool-go/pkg/signatures/ssh"
+)
+
+func cmdVerify(args []string, policy policy.Policy, optVerifyType, optVerifyKey string) error {
+	return fmt.Errorf("TODO")
+}
+
+func cmdBundle(args []string, policy policy.Policy, optBundleType, optBundleKey, optBundleDomainHint string) error {
+	if len(args) == 0 {
+		return fmt.Errorf("bundle: need at least one file")
+	}
+
+	var parser signatures.Parser
+	switch optBundleType {
+	case "signify":
+		parser = &signify.Parser{}
+	case "minisign":
+		parser = &minisign.Parser{}
+	case "ssh":
+		parser = &ssh.Parser{}
+	default:
+		return fmt.Errorf("bundle: invalid key type %q", optBundleType)
+	}
+
+	b, err := ioutil.ReadFile(optBundleKey)
+	if err != nil {
+		return fmt.Errorf("bundle: failed reading file %q: %v", optBundleKey, err)
+	}
+	pub, err := parser.PublicKey(bytes.NewBuffer(b))
+	if err != nil {
+		return fmt.Errorf("bundle: %v", err)
+	}
+	// TODO: check that domain hint is valid for public key
+
+	var reqs []requests.Leaf
+	for _, path := range args {
+		checksum, err := fileHash(path)
+		if err != nil {
+			return fmt.Errorf("bundle: %v", err)
+		}
+
+		sigPath := path + parser.SignatureSuffix()
+		b, err := ioutil.ReadFile(sigPath)
+		if err != nil {
+			return fmt.Errorf("bundle: failed reading file %q: %v", sigPath, err)
+		}
+		sig, err := parser.Signature(bytes.NewBuffer(b))
+		if err != nil {
+			return fmt.Errorf("bundle: %v", err)
+		}
+
+		req := requests.Leaf{
+			Statement: types.Statement{
+				ShardHint: policy.ShardHint(),
+				Checksum:  *checksum,
+			},
+			Signature:       *sig,
+			VerificationKey: *pub,
+			DomainHint:      optBundleDomainHint,
+		}
+		if !req.Statement.Verify(&req.VerificationKey, &req.Signature) {
+			return fmt.Errorf("bundle: invalid signature for file %q", path)
+		}
+		reqs = append(reqs, req)
+	}
+
+	sc := client.NewSubmitClient(policy)
+	ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
+	defer cancel()
+	bundles, err := sc.AddLeaves(ctx, reqs)
+	if err != nil {
+		return fmt.Errorf("bundle: %v", err)
+	}
+
+	// TODO: verify bundles
+	// TODO: write to files
+	fmt.Printf("got %d bundles\n", len(bundles))
+	return nil
+}
+
+func cmdFormat(args []string, policy policy.Policy) error {
+	if len(args) != 1 {
+		return fmt.Errorf("format: need exactly one file")
+	}
+
+	checksum, err := fileHash(args[0])
+	if err != nil {
+		return fmt.Errorf("format: %v", err)
+	}
+	stm := types.Statement{
+		ShardHint: policy.ShardHint(),
+		Checksum:  *checksum,
+	}
+
+	fmt.Printf("%s", stm.ToBinary())
+	return nil
+}
+
+func cmdNamespace(args []string, policy policy.Policy) error {
+	if len(args) != 0 {
+		return fmt.Errorf("namespace: got trailing arguments")
+	}
+
+	fmt.Printf("tree_leaf:v0:%d@sigsum.org", policy.ShardHint())
+	return nil
+}
+
+// TODO: don't read full file into memory at once
+func fileHash(path string) (*types.Hash, error) {
+	b, err := ioutil.ReadFile(path)
+	if err != nil {
+		return nil, fmt.Errorf("failed reading file %q", path)
+	}
+	return types.HashFn(b), nil
+}
-- 
cgit v1.2.3