@@ -3,12 +3,17 @@ package cli
33import (
44 "crypto/x509"
55 "fmt"
6+ "io"
67 "os"
8+ "strings"
79
810 cms "github.com/github/smimesign/ietf-cms"
911 "github.com/spf13/cobra"
1012 "golang.org/x/xerrors"
1113
14+ "cdr.dev/slog"
15+ "github.com/coder/code-marketplace/storage/easyzip"
16+
1217 "github.com/coder/code-marketplace/extensionsign"
1318 "github.com/coder/code-marketplace/extensionsign/verify"
1419)
@@ -20,15 +25,22 @@ func signature() *cobra.Command {
2025 Hidden : true , // Debugging tools
2126 Aliases : []string {"sig" , "sigs" , "signatures" },
2227 }
28+
2329 cmd .AddCommand (compareSignatureSigZips (), verifyCmd (), decodeSigCmd ())
2430 return cmd
2531}
2632
2733func decodeSigCmd () * cobra.Command {
2834 cmd := & cobra.Command {
29- Use : "decode" ,
30- Args : cobra .ExactArgs (1 ),
35+
36+ Use : "decode" ,
37+ Short : "Decode a signature archive." ,
38+ Args : cobra .ExactArgs (1 ),
3139 RunE : func (cmd * cobra.Command , args []string ) error {
40+ logger := cmdLogger (cmd )
41+ ctx := cmd .Context ()
42+ logger .Info (ctx , fmt .Sprintf ("Decoding %q" , args [0 ]))
43+
3244 data , err := os .ReadFile (args [0 ])
3345 if err != nil {
3446 return xerrors .Errorf ("read %q: %w" , args [0 ], err )
@@ -39,6 +51,15 @@ func decodeSigCmd() *cobra.Command {
3951 return xerrors .Errorf ("extract p7s: %w" , err )
4052 }
4153
54+ detachedDataR , err := easyzip .GetZipFileReader (data , ".signature.manifest" )
55+ if err != nil {
56+ return xerrors .Errorf ("get manifest: %w" , err )
57+ }
58+ detachedData , err := io .ReadAll (detachedDataR )
59+ if err != nil {
60+ return xerrors .Errorf ("read manifest: %w" , err )
61+ }
62+
4263 sd , err := cms .ParseSignedData (signed )
4364 if err != nil {
4465 return xerrors .Errorf ("new signed data: %w" , err )
@@ -57,18 +78,51 @@ func decodeSigCmd() *cobra.Command {
5778 }
5879 fmt .Println ("Data:" , len (sdData ))
5980
60- vcerts , err := sd .Verify (x509.VerifyOptions {})
81+ var verifyErr error
82+ var vcerts [][][]* x509.Certificate
83+
84+ sys , err := x509 .SystemCertPool ()
6185 if err != nil {
62- return xerrors .Errorf ("verify: %w" , err )
86+ return xerrors .Errorf ("system cert pool: %w" , err )
87+ }
88+ opts := x509.VerifyOptions {
89+ Intermediates : sys ,
90+ Roots : sys ,
91+ }
92+
93+ if sd .IsDetached () {
94+ vcerts , verifyErr = sd .VerifyDetached (detachedData , opts )
95+ } else {
96+ vcerts , verifyErr = sd .Verify (opts )
97+ }
98+ if verifyErr != nil {
99+ logger .Fatal (ctx , "verify" , slog .Error (verifyErr ))
63100 }
64- var _ = vcerts
101+
102+ certChain := dimensions (vcerts )
103+ fmt .Println ("Verified!" )
104+ fmt .Println (certChain )
65105
66106 return nil
67107 },
68108 }
69109 return cmd
70110}
71111
112+ func dimensions (chain [][][]* x509.Certificate ) string {
113+ var str strings.Builder
114+ for _ , top := range chain {
115+ str .WriteString (fmt .Sprintf ("Chain, len=%d\n " , len (top )))
116+ for _ , second := range top {
117+ str .WriteString (fmt .Sprintf (" Certs len=%d\n " , len (second )))
118+ for _ , cert := range second {
119+ str .WriteString (fmt .Sprintf (" Cert: %s\n " , cert .Subject ))
120+ }
121+ }
122+ }
123+ return str .String ()
124+ }
125+
72126func verifyCmd () * cobra.Command {
73127 cmd := & cobra.Command {
74128 Use : "verify" ,
0 commit comments