diff --git a/contract/contract.go b/contract/contract.go index f9719da..3fab7a6 100644 --- a/contract/contract.go +++ b/contract/contract.go @@ -14,128 +14,149 @@ const ( ) // HpcrText - function to generate base64 data and checksum from string -func HpcrText(plainText string) (string, string, error) { +func HpcrText(plainText string) (string, string, string, error) { if gen.CheckIfEmpty(plainText) { - return "", "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) } - return gen.EncodeToBase64(plainText), gen.GenerateSha256(plainText), nil + hpcrTextStr := gen.EncodeToBase64(plainText) + + return hpcrTextStr, gen.GenerateSha256(plainText), gen.GenerateSha256(hpcrTextStr), nil } // HpcrJson - function to generate base64 data and checksum from JSON string -func HpcrJson(plainJson string) (string, string, error) { +func HpcrJson(plainJson string) (string, string, string, error) { if !gen.IsJSON(plainJson) { - return "", "", fmt.Errorf("not a JSON data") + return "", "", "", fmt.Errorf("not a JSON data") } - return gen.EncodeToBase64(plainJson), gen.GenerateSha256(plainJson), nil + + hpcrJsonStr := gen.EncodeToBase64(plainJson) + + return hpcrJsonStr, gen.GenerateSha256(plainJson), gen.GenerateSha256(hpcrJsonStr), nil } // HpcrTextEncrypted - function to generate encrypted Hyper protect data and SHA256 from plain text -func HpcrTextEncrypted(plainText, encryptionCertificate string) (string, string, error) { +func HpcrTextEncrypted(plainText, encryptionCertificate string) (string, string, string, error) { if gen.CheckIfEmpty(plainText) { - return "", "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) } - return Encrypter(plainText, encryptionCertificate) + hpcrTextEncryptedStr, err := Encrypter(plainText, encryptionCertificate) + if err != nil { + return "", "", "", fmt.Errorf("failed to generate encrypted string - %v", err) + } + + return hpcrTextEncryptedStr, gen.GenerateSha256(plainText), gen.GenerateSha256(hpcrTextEncryptedStr), nil } // HpcrJsonEncrypted - function to generate encrypted hyper protect data and SHA256 from plain JSON data -func HpcrJsonEncrypted(plainJson, encryptionCertificate string) (string, string, error) { +func HpcrJsonEncrypted(plainJson, encryptionCertificate string) (string, string, string, error) { if !gen.IsJSON(plainJson) { - return "", "", fmt.Errorf("contract is not a JSON data") + return "", "", "", fmt.Errorf("contract is not a JSON data") + } + + hpcrJsonEncrypted, err := Encrypter(plainJson, encryptionCertificate) + if err != nil { + return "", "", "", fmt.Errorf("failed to generate encrypted JSON - %v", err) } - return Encrypter(plainJson, encryptionCertificate) + + return hpcrJsonEncrypted, gen.GenerateSha256(plainJson), gen.GenerateSha256(hpcrJsonEncrypted), nil } // HpcrTgz - function to generate base64 of tar.tgz which was prepared from docker compose/podman files -func HpcrTgz(folderPath string) (string, error) { +func HpcrTgz(folderPath string) (string, string, string, error) { if gen.CheckIfEmpty(folderPath) { - return "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) } if !gen.CheckFileFolderExists(folderPath) { - return "", fmt.Errorf("folder doesn't exists - %s", folderPath) + return "", "", "", fmt.Errorf("folder doesn't exists - %s", folderPath) } filesFoldersList, err := gen.ListFoldersAndFiles(folderPath) if err != nil { - return "", fmt.Errorf("failed to get files and folder under path - %v", err) + return "", "", "", fmt.Errorf("failed to get files and folder under path - %v", err) } tgzBase64, err := gen.GenerateTgzBase64(filesFoldersList) if err != nil { - return "", fmt.Errorf("failed to get base64 tgz - %v", err) + return "", "", "", fmt.Errorf("failed to get base64 tgz - %v", err) } - return tgzBase64, nil + return tgzBase64, gen.GenerateSha256(folderPath), gen.GenerateSha256(tgzBase64), nil } // HpcrTgzEncrypted - function to generate encrypted tgz -func HpcrTgzEncrypted(folderPath, encryptionCertificate string) (string, string, error) { +func HpcrTgzEncrypted(folderPath, encryptionCertificate string) (string, string, string, error) { if gen.CheckIfEmpty(folderPath) { - return "", "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) + } + + tgzBase64, _, _, err := HpcrTgz(folderPath) + if err != nil { + return "", "", "", err } - tgzBase64, err := HpcrTgz(folderPath) + hpcrTgzEncryptedStr, err := Encrypter(tgzBase64, encryptionCertificate) if err != nil { - return "", "", err + return "", "", "", fmt.Errorf("failed to generate encrypted tgz - %v", err) } - return Encrypter(tgzBase64, encryptionCertificate) + return hpcrTgzEncryptedStr, gen.GenerateSha256(folderPath), gen.GenerateSha256(hpcrTgzEncryptedStr), nil } // HpcrContractSignedEncrypted - function to generate Signed and Encrypted contract -func HpcrContractSignedEncrypted(contract, encryptionCertificate, privateKey string) (string, error) { +func HpcrContractSignedEncrypted(contract, encryptionCertificate, privateKey string) (string, string, string, error) { err := gen.VerifyContractWithSchema(contract) if err != nil { - return "", fmt.Errorf("schema verification failed - %v", err) + return "", "", "", fmt.Errorf("schema verification failed - %v", err) } if gen.CheckIfEmpty(contract, privateKey) { - return "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) } encryptCertificate := gen.FetchEncryptionCertificate(encryptionCertificate) publicKey, err := enc.GeneratePublicKey(privateKey) if err != nil { - return "", fmt.Errorf("failed to generate public key - %v", err) + return "", "", "", fmt.Errorf("failed to generate public key - %v", err) } signedEncryptContract, err := EncryptWrapper(contract, encryptCertificate, privateKey, publicKey) if err != nil { - return "", fmt.Errorf("failed to sign and encrypt contract - %v", err) + return "", "", "", fmt.Errorf("failed to sign and encrypt contract - %v", err) } - return signedEncryptContract, nil + return signedEncryptContract, gen.GenerateSha256(contract), gen.GenerateSha256(signedEncryptContract), nil } // HpcrContractSignedEncryptedContractExpiry - function to generate sign with contract expiry enabled and encrypt contract (with CSR parameters and CSR file) -func HpcrContractSignedEncryptedContractExpiry(contract, encryptionCertificate, privateKey, cacert, caKey, csrDataStr, csrPemData string, expiryDays int) (string, error) { +func HpcrContractSignedEncryptedContractExpiry(contract, encryptionCertificate, privateKey, cacert, caKey, csrDataStr, csrPemData string, expiryDays int) (string, string, string, error) { err := gen.VerifyContractWithSchema(contract) if err != nil { - return "", fmt.Errorf("schema verification failed - %v", err) + return "", "", "", fmt.Errorf("schema verification failed - %v", err) } if gen.CheckIfEmpty(contract, privateKey, cacert, caKey) { - return "", fmt.Errorf(emptyParameterErrStatement) + return "", "", "", fmt.Errorf(emptyParameterErrStatement) } if csrPemData == "" && csrDataStr == "" || len(csrPemData) > 0 && len(csrDataStr) > 0 { - return "", fmt.Errorf("the CSR parameters and CSR PEM file are parsed together or both are nil") + return "", "", "", fmt.Errorf("the CSR parameters and CSR PEM file are parsed together or both are nil") } signingCert, err := enc.CreateSigningCert(privateKey, cacert, caKey, csrDataStr, csrPemData, expiryDays) if err != nil { - return "", fmt.Errorf("failed to generate signing certificate - %v", err) + return "", "", "", fmt.Errorf("failed to generate signing certificate - %v", err) } finalContract, err := EncryptWrapper(contract, encryptionCertificate, privateKey, signingCert) if err != nil { - return "", fmt.Errorf("failed to generate signed and encrypted contract - %v", err) + return "", "", "", fmt.Errorf("failed to generate signed and encrypted contract - %v", err) } - return finalContract, nil + return finalContract, gen.GenerateSha256(contract), gen.GenerateSha256(finalContract), nil } // EncryptWrapper - wrapper function to sign (with and without contract expiry) and encrypt contract @@ -158,7 +179,7 @@ func EncryptWrapper(contract, encryptionCertificate, privateKey, publicKey strin return "", fmt.Errorf("failed to convert MAP to YAML - %v", err) } - encryptedWorkload, _, err := Encrypter(workloadData, encryptCertificate) + encryptedWorkload, err := Encrypter(workloadData, encryptCertificate) if err != nil { return "", fmt.Errorf("failed to encrypt workload - %v", err) } @@ -168,7 +189,7 @@ func EncryptWrapper(contract, encryptionCertificate, privateKey, publicKey strin return "", fmt.Errorf("failed to inject signingKey to env - %v", err) } - encryptedEnv, _, err := Encrypter(updatedEnv, encryptCertificate) + encryptedEnv, err := Encrypter(updatedEnv, encryptCertificate) if err != nil { return "", fmt.Errorf("failed to encrypt env - %v", err) } @@ -187,27 +208,27 @@ func EncryptWrapper(contract, encryptionCertificate, privateKey, publicKey strin } // Encrypter - function to generate encrypted hyper protect data from plain string -func Encrypter(stringText, encryptionCertificate string) (string, string, error) { +func Encrypter(stringText, encryptionCertificate string) (string, error) { if gen.CheckIfEmpty(stringText) { - return "", "", fmt.Errorf(emptyParameterErrStatement) + return "", fmt.Errorf(emptyParameterErrStatement) } encCert := gen.FetchEncryptionCertificate(encryptionCertificate) password, err := enc.RandomPasswordGenerator() if err != nil { - return "", "", fmt.Errorf("failed to generate random password - %v", err) + return "", fmt.Errorf("failed to generate random password - %v", err) } encodedEncryptedPassword, err := enc.EncryptPassword(password, encCert) if err != nil { - return "", "", fmt.Errorf("failed to encrypt password - %v", err) + return "", fmt.Errorf("failed to encrypt password - %v", err) } encryptedString, err := enc.EncryptString(password, stringText) if err != nil { - return "", "", fmt.Errorf("failed to encrypt key - %v", err) + return "", fmt.Errorf("failed to encrypt key - %v", err) } - return enc.EncryptFinalStr(encodedEncryptedPassword, encryptedString), gen.GenerateSha256(stringText), nil + return enc.EncryptFinalStr(encodedEncryptedPassword, encryptedString), nil } diff --git a/contract/contract_test.go b/contract/contract_test.go index aefa38e..803a65e 100644 --- a/contract/contract_test.go +++ b/contract/contract_test.go @@ -10,20 +10,28 @@ import ( ) const ( - sampleStringData = "sashwatk" - sampleBase64Data = "c2FzaHdhdGs=" - sampleDataChecksum = "05fb716cba07a0cdda231f1aa19621ce9e183a4fb6e650b459bc3c5db7593e42" + hpcrEncryptPrefix = "hyper-protect-basic." + + sampleStringData = "sashwatk" + sampleBase64Data = "c2FzaHdhdGs=" + sampleInputChecksum = "05fb716cba07a0cdda231f1aa19621ce9e183a4fb6e650b459bc3c5db7593e42" + sampleOutputChecksum = "5fc9d046c6bb76741f2bd3029225955903727460c1da088bf9f0d93d17eaec69" sampleStringJson = ` { "type": "env" } ` - sampleBase64Json = "Cgl7CgkJInR5cGUiOiAiZW52IgoJfQoJ" - sampleChecksumJson = "f932f8ad556280f232f4b42d55b24ce7d2e909d3195ef60d49e92d49b735de2b" + sampleBase64Json = "Cgl7CgkJInR5cGUiOiAiZW52IgoJfQoJ" + sampleInputChecksumJson = "f932f8ad556280f232f4b42d55b24ce7d2e909d3195ef60d49e92d49b735de2b" + sampleOutputChecksumJson = "0e282874a193587be1d2aca98083e9ebbddc840edc964a130a215bd674f8487e" + + sampleComposeFolderPath = "../samples/tgz" + sampleComposeFolderChecksum = "3e4a006b9422a3fbf8c58d4f1dbac4494b34f800ddbb6e048c31709bb0cde599" + sampleFolderTgzChecksum = "4fde7c46fdc83340ea93d7a0746e53e21711bf2ee3a99669b55f5e469a89b1c1" - sampleComposeFolderPath = "../samples/tgz" - simpleContractPath = "../samples/simple_contract.yaml" + simpleContractPath = "../samples/simple_contract.yaml" + simpleContractInputChecksum = "072cd6d89d9d253a0426eadea7217aedfe86197bfb8a5b4873386fcaa72ddfda" samplePrivateKeyPath = "../samples/encrypt/private.pem" samplePublicKeyPath = "../samples/encrypt/public.pem" @@ -91,65 +99,70 @@ func common(testType string) (string, string, string, string, string, error) { // Testcase to check if TestHpcrText() is able to encode text and generate SHA256 func TestHpcrText(t *testing.T) { - base64, sha256, err := HpcrText(sampleStringData) + base64, inputSha256, outputSha256, err := HpcrText(sampleStringData) if err != nil { t.Errorf("failed to generate HPCR text - %v", err) } assert.Equal(t, base64, sampleBase64Data) - assert.Equal(t, sha256, sampleDataChecksum) + assert.Equal(t, inputSha256, sampleInputChecksum) + assert.Equal(t, outputSha256, sampleOutputChecksum) } // Testcase to check if HpcrJson() is able to encode JSON and generate SHA256 func TestHpcrJson(t *testing.T) { - base64, sha256, err := HpcrJson(sampleStringJson) + base64, inputSha256, outputSha256, err := HpcrJson(sampleStringJson) if err != nil { t.Errorf("failed to generate HPCR JSON - %v", err) } assert.Equal(t, base64, sampleBase64Json) - assert.Equal(t, sha256, sampleChecksumJson) + assert.Equal(t, inputSha256, sampleInputChecksumJson) + assert.Equal(t, outputSha256, sampleOutputChecksumJson) } // Testcase to check if TestHpcrTextEncrypted() is able to encrypt text and generate SHA256 func TestHpcrTextEncrypted(t *testing.T) { - result, sha256, err := HpcrTextEncrypted(sampleStringData, "") + result, inputSha256, _, err := HpcrTextEncrypted(sampleStringData, "") if err != nil { t.Errorf("failed to generate HPCR encrypted text - %v", err) } - assert.Contains(t, result, "hyper-protect-basic.") - assert.Equal(t, sha256, sampleDataChecksum) + assert.Contains(t, result, hpcrEncryptPrefix) + assert.Equal(t, inputSha256, sampleInputChecksum) } // Testcase to check if TestHpcrJsonEncrypted() is able to encrypt JSON and generate SHA256 func TestHpcrJsonEncrypted(t *testing.T) { - result, sha256, err := HpcrJsonEncrypted(sampleStringJson, "") + result, inputSha256, _, err := HpcrJsonEncrypted(sampleStringJson, "") if err != nil { t.Errorf("failed to generate HPCR encrypted JSON - %v", err) } - assert.Contains(t, result, "hyper-protect-basic.") - assert.Equal(t, sha256, sampleChecksumJson) + assert.Contains(t, result, hpcrEncryptPrefix) + assert.Equal(t, inputSha256, sampleInputChecksumJson) } // Testcase to check if HpcrTgz() is able to generate base64 of tar.tgz func TestHpcrTgz(t *testing.T) { - result, err := HpcrTgz(sampleComposeFolderPath) + result, inputSha256, outputSha256, err := HpcrTgz(sampleComposeFolderPath) if err != nil { t.Errorf("failed to generate HPCR TGZ - %v", err) } assert.NotEmpty(t, result) + assert.Equal(t, inputSha256, sampleComposeFolderChecksum) + assert.Equal(t, outputSha256, sampleFolderTgzChecksum) } func TestHpcrTgzEncrypted(t *testing.T) { - result, _, err := HpcrTgzEncrypted(sampleComposeFolderPath, "") + result, inputSha256, _, err := HpcrTgzEncrypted(sampleComposeFolderPath, "") if err != nil { t.Errorf("failed to generated HPCR encrypted TGZ - %v", err) } - assert.Contains(t, result, "hyper-protect-basic.") + assert.Contains(t, result, hpcrEncryptPrefix) + assert.Equal(t, inputSha256, sampleComposeFolderChecksum) } // Testcase to check if HpcrContractSignedEncrypted() is able to generate @@ -160,12 +173,13 @@ func TestHpcrContractSignedEncrypted(t *testing.T) { t.Errorf("failed to get contract and private key - %v", err) } - result, err := HpcrContractSignedEncrypted(contract, "", privateKey) + result, inputSha256, _, err := HpcrContractSignedEncrypted(contract, "", privateKey) if err != nil { t.Errorf("failed to generate signed and encrypted contract - %v", err) } assert.NotEmpty(t, result) + assert.Equal(t, inputSha256, simpleContractInputChecksum) } // Testcase to check if HpcrContractSignedEncryptedContractExpiry() is able to create signed and encrypted contract with contract expiry enabled with CSR parameters @@ -180,12 +194,13 @@ func TestHpcrContractSignedEncryptedContractExpiryCsrParams(t *testing.T) { t.Errorf("failed to unmarshal CSR parameters - %v", err) } - result, err := HpcrContractSignedEncryptedContractExpiry(contract, "", privateKey, caCert, caKey, string(csrParams), "", sampleContractExpiryDays) + result, inputSha256, _, err := HpcrContractSignedEncryptedContractExpiry(contract, "", privateKey, caCert, caKey, string(csrParams), "", sampleContractExpiryDays) if err != nil { t.Errorf("failed to generate signed and encrypted contract with contract expiry - %v", err) } assert.NotEmpty(t, result) + assert.Equal(t, inputSha256, simpleContractInputChecksum) } // Testcase to check if HpcrContractSignedEncryptedContractExpiry() is able to create signed and encrypted contract with contract expiry enabled with CSR PEM data @@ -200,12 +215,13 @@ func TestHpcrContractSignedEncryptedContractExpiryCsrPem(t *testing.T) { t.Errorf("failed to read CSR file - %v", err) } - result, err := HpcrContractSignedEncryptedContractExpiry(contract, "", privateKey, caCert, caKey, "", csr, sampleContractExpiryDays) + result, inputSha256, _, err := HpcrContractSignedEncryptedContractExpiry(contract, "", privateKey, caCert, caKey, "", csr, sampleContractExpiryDays) if err != nil { t.Errorf("failed to generate signed and encrypted contract with contract expiry - %v", err) } assert.NotEmpty(t, result) + assert.Equal(t, inputSha256, simpleContractInputChecksum) } // Testcase to check if EncryptWrapper() is able to sign and encrypt a contract @@ -225,11 +241,10 @@ func TestEncryptWrapper(t *testing.T) { // Testcase to check if Encrypter() is able to encrypt and generate SHA256 from string func TestEncrypter(t *testing.T) { - result, sha256, err := Encrypter(sampleStringJson, "") + result, err := Encrypter(sampleStringJson, "") if err != nil { t.Errorf("failed to encrypt contract - %v", err) } - assert.Contains(t, result, "hyper-protect-basic.") - assert.Equal(t, sha256, sampleChecksumJson) + assert.Contains(t, result, hpcrEncryptPrefix) } diff --git a/go.sum b/go.sum index 71dc877..0907f27 100644 --- a/go.sum +++ b/go.sum @@ -16,6 +16,8 @@ github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsT github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f h1:J9EGpcZtP0E/raorCMxlFGSTBrsSlaDGf3jU/qvAE2c= github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= +github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=