Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exit with failure on empty signing key #5297

Merged
merged 6 commits into from Nov 2, 2022
Merged

Exit with failure on empty signing key #5297

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
2c40f6f
Exit with failure on empty signing key
Joffref Oct 24, 2022
ddfed68
Merge branch 'main' into joffref/4972
srenatus Oct 27, 2022
bf473ac
Exit with failure on empty signing key
Joffref Nov 1, 2022
fae3487
Merge remote-tracking branch 'origin/joffref/4972' into joffref/4972
Joffref Nov 1, 2022
3caa83f
Merge branch 'main' into joffref/4972
srenatus Nov 2, 2022
21fc598
Merge branch 'main' into joffref/4972
srenatus Nov 2, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
15 changes: 10 additions & 5 deletions cmd/build.go
View file
Open in desktop
Expand Up @@ -261,7 +261,10 @@ func dobuild(params buildParams, args []string) error {
return err
}

bsc := buildSigningConfig(params.key, params.algorithm, params.claimsFile, params.plugin)
bsc, err := buildSigningConfig(params.key, params.algorithm, params.claimsFile, params.plugin)
if err != nil {
return err
}

if bvc != nil || bsc != nil {
if !params.bundleMode {
Expand Down Expand Up @@ -346,10 +349,12 @@ func buildVerificationConfig(pubKey, pubKeyID, alg, scope string, excludeFiles [
return bundle.NewVerificationConfig(map[string]*keys.Config{pubKeyID: keyConfig}, pubKeyID, scope, excludeFiles), nil
}

func buildSigningConfig(key, alg, claimsFile, plugin string) *bundle.SigningConfig {
func buildSigningConfig(key, alg, claimsFile, plugin string) (*bundle.SigningConfig, error) {
if key == "" && (plugin != "" || claimsFile != "" || alg != "") {
return nil, fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)")
}
if key == "" {
return nil
return nil, nil
}

return bundle.NewSigningConfig(key, alg, claimsFile).WithPlugin(plugin)
return bundle.NewSigningConfig(key, alg, claimsFile).WithPlugin(plugin), nil
}
5 changes: 4 additions & 1 deletion cmd/sign.go
View file
Open in desktop
Expand Up @@ -170,7 +170,10 @@ func doSign(args []string, params signCmdParams) error {
return err
}

signingConfig := buildSigningConfig(params.key, params.algorithm, params.claimsFile, params.plugin)
signingConfig, err := buildSigningConfig(params.key, params.algorithm, params.claimsFile, params.plugin)
if err != nil {
return err
}

token, err := bundle.GenerateSignedToken(files, signingConfig, "")
if err != nil {
Expand Down
5 changes: 5 additions & 0 deletions cmd/sign_test.go
View file
Open in desktop
Expand Up @@ -147,6 +147,11 @@ func TestValidateSignParams(t *testing.T) {
newSignCmdParams(),
true, fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)"),
},
"empty_signing_key": {
[]string{"foo"},
signCmdParams{key: "", bundleMode: true},
true, fmt.Errorf("specify the secret (HMAC) or path of the PEM file containing the private key (RSA and ECDSA)"),
},
"non_bundle_mode": {
[]string{"foo"},
signCmdParams{key: "foo"},
Expand Down