def main():
child_parser = argparse.ArgumentParser(parents=[],
add_help=True,
epilog=textwrap.dedent('''\
IMPORTANT:
This command wraps the in-toto-run command
See the help for in-toto-run below for required and optional paramaters
'''))
child_parser.add_argument(
"--assetID",
type=str,
required=False,
metavar="<assetID>",
help=("ID of the asset that a link is being created for "))
child_parser.add_argument(
"--channelID",
type=str,
required=False,
metavar="<channelID>",
help=("ID of the channel the asset is stored on "))
child_parser.add_argument(
"--repoID",
type=str,
required=False,
metavar="<repoID>",
help=("ID of the DBoM repo the asset is stored in "))
child_parser.add_argument("--gatewayAddress",
type=str,
required=False,
metavar="<gatewayAddress>",
help=("The http address of the DBoM gateway "))
child_parser.add_argument("--inTotoHelp",
action="store_true",
required=False,
dest="in_toto_help",
help=("Returns help response for in-toto-run "))
parent_parser = argparse.ArgumentParser(parents=[], add_help=False)
parent_parser.add_argument("-k",
"--layout-keys",
type=str,
metavar="<path>",
nargs="+")
try:
child_args, rest = child_parser.parse_known_args()
except:
print(
"\n-------------------- in-toto-verify help --------------------\n"
)
os.system('in-toto-verify --help')
sys.exit(1)
asset_id = child_args.assetID if child_args.assetID is not None else ASSET_ID
if asset_id is None:
LOG.error("Missing AssetID")
sys.exit(1)
channel_id = child_args.channelID if child_args.channelID is not None else CHANNEL_ID
if channel_id is None:
LOG.error("Missing ChannelID")
sys.exit(1)
repo_id = child_args.repoID if child_args.repoID is not None else REPO_ID
if repo_id is None:
LOG.error("Missing RepoID")
sys.exit(1)
gateway_address = child_args.gatewayAddress if child_args.gatewayAddress is not None else GATEWAY_ADDRESS
if gateway_address is None:
LOG.error("Missing GatewayAddress")
sys.exit(1)
LOG.debug("childArgs")
LOG.debug(child_args)
LOG.debug(rest)
rest_arg = ['in-toto-verify']
rest_arg.extend(rest)
sys.argv = rest_arg
#subprocess.Popen(rest_arg).wait()
args, rest = parent_parser.parse_known_args()
#Read the dbom asset
url = gateway_address + "/api/v1/repo/" + repo_id + "/chan/" + channel_id + "/asset/" + asset_id
LOG.debug(url)
res = requests.get(url=url)
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
asset = res.json()
asset = dbom_helper.decodeDict(asset)
LOG.debug(json.dumps(asset))
#Validate asset has in-toto data
if 'inToto' not in asset['assetMetadata']:
LOG.error("Not in-toto data found for assetID " + asset_id)
sys.exit(1)
if 'links' not in asset['assetMetadata']['inToto']:
LOG.error("No in-toto link data found for assetID " + asset_id)
sys.exit(1)
if 'layouts' not in asset['assetMetadata']['inToto']:
LOG.error("No in-toto layout data found for assetID " + asset_id)
sys.exit(1)
#Open a temp directory to do the validation and write all the in-toto links, layouts, and public keys to the directory
with tempfile.TemporaryDirectory() as directory:
copy_tree("./", directory)
os.chdir(directory)
#f = open("demofile3.txt", "w")
LOG.debug('The created temporary directory is %s' % directory)
for linkFile in asset['assetMetadata']['inToto']['links']:
LOG.debug('---------- ' + linkFile + ' ----------')
#print(json.dumps(asset['assetMetadata']['inToto']['links'][linkFile]))
f = open(linkFile, "w")
f.write(
json.dumps(
asset['assetMetadata']['inToto']['links'][linkFile]))
f.close()
for layoutFile in asset['assetMetadata']['inToto']['layouts']:
LOG.debug('---------- ' + layoutFile + ' ----------')
#print(json.dumps(asset['assetMetadata']['inToto']['layouts'][layoutFile]))
f = open(layoutFile, "w")
f.write(
json.dumps(
asset['assetMetadata']['inToto']['layouts'][layoutFile]))
f.close()
f = open("./" + args.layout_keys[0], "w")
LOG.debug(asset['assetMetadata']['inToto']['ownerKey'])
key_bytes = base64.standard_b64decode(
asset['assetMetadata']['inToto']['ownerKey'])
key = key_bytes.decode('utf-8')
LOG.debug(key)
f.write(key)
f.close()
#run in-toto-verify
with subprocess.Popen(rest_arg, stdout=subprocess.PIPE) as proc:
LOG.info("---------- Started in-toto-verify ----------")
proc.wait()
if proc.returncode != 0:
LOG.error("---------- Failed in-toto-verify ----------")
LOG.error(proc.returncode)
sys.exit(1)
LOG.info("---------- Success in-toto-verify ----------")
def save_layout(self, path, asset_id, *args, **kwargs):
LOG.info("DbomMetablock.save_layout")
"""Saves an in-toto layout to an asset's DBoM
Arguments:
path: The path to write the file to.
asset_id: DBoM asset id
Key Arguments:
channel_id: DBoM channel to access
gateway_address: Address of the chainsource gateway
repo_id: DBoM repo to access
"""
channel_id = kwargs.get("channelID", environ.get('CHANNEL_ID'))
repo_id = kwargs.get("repoID", environ.get('REPO_ID'))
gateway_address = kwargs.get("gatewayAddress",
environ.get('GATEWAY_ADDRESS'))
LOG.debug(asset_id)
if asset_id is None:
LOG.error("Missing AssetID")
sys.exit(1)
LOG.debug(channel_id)
if channel_id is None:
LOG.error("Missing ChannelID")
sys.exit(1)
LOG.debug(repo_id)
if repo_id is None:
LOG.error("Missing RepoID")
sys.exit(1)
LOG.debug(gateway_address)
if gateway_address is None:
LOG.error("Missing GatewayAddress")
sys.exit(1)
LOG.info("---------- Get asset ----------")
url = gateway_address + "/api/v1/repo/" + repo_id + "/chan/" + channel_id + "/asset/" + asset_id
LOG.debug(url)
res = requests.get(url=url)
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
asset = res.json()
LOG.debug(asset)
if 'inToto' not in asset['assetMetadata']:
asset['assetMetadata']['inToto'] = {}
if 'layouts' not in asset['assetMetadata']['inToto']:
asset['assetMetadata']['inToto']['layouts'] = {}
LOG.debug(json.loads("{}".format(self)))
asset = dbom_helper.decodeDict(asset)
asset['assetMetadata']['inToto']['layouts'][path] = json.loads(
"{}".format(self))
LOG.debug("---------- Updated Metadata ----------")
LOG.debug(json.dumps(asset))
LOG.info("---------- Update asset ----------")
res = requests.put(url=url,
data=json.dumps(dbom_helper.encodeDict(asset)))
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
response = res.json()
LOG.debug(response)
LOG.info("---------- Updated asset ----------")
def main():
child_parser = argparse.ArgumentParser(parents=[],
add_help=True,
epilog=textwrap.dedent('''\
IMPORTANT:
This command wraps the in-toto-run command
See the help for in-toto-run below for required and optional paramaters
'''))
child_parser.add_argument(
"--assetID",
type=str,
required=False,
metavar="<assetID>",
help=("ID of the asset that a link is being created for "))
child_parser.add_argument(
"--channelID",
type=str,
required=False,
metavar="<channelID>",
help=("ID of the channel the asset is stored on "))
child_parser.add_argument(
"--repoID",
type=str,
required=False,
metavar="<repoID>",
help=("ID of the DBoM repo the asset is stored in "))
child_parser.add_argument("--gatewayAddress",
type=str,
required=False,
metavar="<gatewayAddress>",
help=("The http address of the DBoM gateway "))
child_parser.add_argument("--inTotoHelp",
action="store_true",
required=False,
dest="in_toto_help",
help=("Returns help response for in-toto-run "))
parent_parser = argparse.ArgumentParser(parents=[], add_help=False)
parent_parser.add_argument("-n",
"--step-name",
type=str,
required=True,
metavar="<name>")
try:
child_args, rest = child_parser.parse_known_args()
except:
print("\n-------------------- in-toto-run help --------------------\n")
os.system('in-toto-run --help')
sys.exit(1)
asset_id = child_args.assetID if child_args.assetID is not None else ASSET_ID
if asset_id is None:
LOG.error("Missing AssetID")
sys.exit(1)
channel_id = child_args.channelID if child_args.channelID is not None else CHANNEL_ID
if channel_id is None:
LOG.error("Missing ChannelID")
sys.exit(1)
repo_id = child_args.repoID if child_args.repoID is not None else REPO_ID
if repo_id is None:
LOG.error("Missing RepoID")
sys.exit(1)
gateway_address = child_args.gatewayAddress if child_args.gatewayAddress is not None else GATEWAY_ADDRESS
if gateway_address is None:
LOG.error("Missing GatewayAddress")
sys.exit(1)
LOG.debug("---------- childArgs ----------")
LOG.debug(child_args)
LOG.debug(rest)
rest_arg = ['in-toto-run']
rest_arg.extend(rest)
sys.argv = rest_arg
#subprocess.Popen(rest_arg).wait()
with subprocess.Popen(rest_arg, stdout=subprocess.PIPE) as proc:
LOG.info("---------- Started in-toto-run ----------")
proc.wait()
if proc.returncode != 0:
LOG.error("---------- Failed in-toto-run ----------")
LOG.error(proc.returncode)
sys.exit(1)
LOG.info("---------- Success in-toto-run ----------")
#dir_path = os.getcwd()
#f = []
#print("---------- Matching Files ----------")
#os.chdir(dir_path)
#for file in glob.glob(args.step_name+".*"):
# print(file)
args, rest = parent_parser.parse_known_args()
list_of_files = glob.glob(args.step_name + ".*")
latest_file = max(list_of_files, key=os.path.getctime)
LOG.debug("---------- Latest File ----------")
LOG.debug(latest_file)
with open(latest_file) as json_file:
data = json.load(json_file)
LOG.debug(data)
LOG.info("---------- Get asset ----------")
url = gateway_address + "/api/v1/repo/" + repo_id + "/chan/" + channel_id + "/asset/" + asset_id
LOG.debug(url)
res = requests.get(url=url)
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
asset = res.json()
LOG.debug(asset)
if 'inToto' not in asset['assetMetadata']:
asset['assetMetadata']['inToto'] = {}
if 'links' not in asset['assetMetadata']['inToto']:
asset['assetMetadata']['inToto']['links'] = {}
asset = dbom_helper.decodeDict(asset)
asset['assetMetadata']['inToto']['links'][latest_file] = data
LOG.debug("---------- Updated Metadata ----------")
LOG.debug(json.dumps(asset))
LOG.info("---------- Update asset ----------")
res = requests.put(url=url,
data=json.dumps(dbom_helper.encodeDict(asset)))
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
response = res.json()
LOG.debug(response)
LOG.info("---------- Update complete ----------")
def save_owner_key(self, key, asset_id, *args, **kwargs):
"""Saves an in-toto owner's key to an asset's DBoM
Arguments:
key: The owner's key
asset_id: DBoM asset id
Key Arguments:
channel_id: DBoM channel to access
gateway_address: Address of the chainsource gateway
repo_id: DBoM repo to access
"""
LOG.info("DbomMetablock.save_owner_key")
signature = Metablock.sign(self, key)
write_dbom = kwargs.get("writeDBoM", False)
channel_id = kwargs.get("channelID", environ.get('CHANNEL_ID'))
repo_id = kwargs.get("repoID", environ.get('REPO_ID'))
gateway_address = kwargs.get("gatewayAddress",
environ.get('GATEWAY_ADDRESS'))
LOG.debug(asset_id)
if asset_id is None:
LOG.error("Missing AssetID")
sys.exit(1)
LOG.debug(channel_id)
if channel_id is None:
LOG.error("Missing ChannelID")
sys.exit(1)
LOG.debug(repo_id)
if repo_id is None:
LOG.error("Missing RepoID")
sys.exit(1)
LOG.debug(gateway_address)
if gateway_address is None:
LOG.error("Missing GatewayAddress")
sys.exit(1)
LOG.info("---------- Get asset ----------")
url = gateway_address + "/api/v1/repo/" + repo_id + "/chan/" + channel_id + "/asset/" + asset_id
LOG.debug(url)
res = requests.get(url=url)
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
asset = res.json()
LOG.debug(asset)
if 'inToto' not in asset['assetMetadata']:
asset['assetMetadata']['inToto'] = {}
key_bytes = base64.standard_b64encode(
key['keyval']['public'].encode('utf-8'))
asset = dbom_helper.decodeDict(asset)
asset['assetMetadata']['inToto']['ownerKey'] = key_bytes.decode(
'utf-8')
LOG.debug("---------- Updated Metadata ----------")
LOG.debug(json.dumps(asset))
LOG.info("---------- Update asset ----------")
res = requests.put(url=url,
data=json.dumps(dbom_helper.encodeDict(asset)))
LOG.debug(res)
if res.status_code != 200:
LOG.error(res.json())
sys.exit(1)
response = res.json()
LOG.debug(response)
LOG.info("---------- Updated asset ----------")