update

transmute-industries · Aug 16, 2024 · 7b0e0eb · 7b0e0eb
1 parent ebf2404
commit 7b0e0eb
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 27 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -136,14 +136,16 @@ jobs:
           azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
           azure-kid: ${{ secrets.AZURE_KEY_ID }}
           transmute: |
-            scitt issue-statement ./tests/fixtures/message.json \
-              --azure-keyvault \
+            scitt issue-statement \
+              ./tests/fixtures/message.json \
               --alg ES256 \
               --iss https://software.vendor.example \
               --sub https://software.vendor.example/product/123 \
               --content-type application/spdx+json \
               --location https://software.vendor.example/storage/456 \
               --output ./tests/fixtures/message.json.akv.cbor \
+              --azure-keyvault
+
       - name: Export Public Key
         id: akv_export
         uses: ./
@@ -154,8 +156,9 @@ jobs:
           azure-kid: ${{ secrets.AZURE_KEY_ID }}
           transmute: |
             scitt export-remote-public-key \
-              --azure-keyvault \
-              --output ./tests/fixtures/public.akv.key.cbor
+              --output ./tests/fixtures/public.akv.key.cbor \
+              --azure-keyvault
+
       - name: Issue Receipt
         id: akv_receipt
         uses: ./
@@ -167,18 +170,14 @@ jobs:
           transmute: |
             scitt issue-receipt \
               ./tests/fixtures/message.json.akv.cbor \
-              --azure-keyvault \
               --log ./tests/fixtures/trans.json \
-              --output ./tests/fixtures/message.akv.receipt.cbor
+              --output ./tests/fixtures/message.akv.receipt.cbor \
+              --azure-keyvault
 
       - name: Verify Receipt
         id: akv_receipt_verify
         uses: ./
         with:
-          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
-          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
-          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
-          azure-kid: ${{ secrets.AZURE_KEY_ID }}
           transmute: |
             scitt verify-receipt-hash \
               ./tests/fixtures/public.akv.key.cbor \

diff --git a/scripts/graph.diagnostic.sh b/scripts/graph.diagnostic.sh
@@ -1,4 +1,8 @@
 
 # Graph
 
-npm run -s transmute -- graph assist ./tests/fixtures/issuer-claims.json --credential-type application/vc --output ./tests/fixtures/issuer-claims.graph.json --env ./.env --push
+npm run -s transmute -- graph assist ./tests/fixtures/issuer-claims.json \
+--credential-type application/vc \
+--output ./tests/fixtures/issuer-claims.graph.json \
+--env ./.env \
+--push
diff --git a/scripts/scitt.diagnostic.sh b/scripts/scitt.diagnostic.sh
@@ -1,13 +1,73 @@
 
 # notary keys
-npm run -s transmute -- cose keygen --alg ES256 --output ./tests/fixtures/private.notary.key.cbor > ./tests/fixtures/private.notary.key.diag
-npm run -s transmute -- cose keypub ./tests/fixtures/private.notary.key.cbor --output ./tests/fixtures/public.notary.key.cbor > ./tests/fixtures/public.notary.key.diag
+npm run -s transmute -- cose keygen \
+--alg ES256 \
+--output ./tests/fixtures/private.notary.key.cbor > ./tests/fixtures/private.notary.key.diag
 
+npm run -s transmute -- cose keypub \
+./tests/fixtures/private.notary.key.cbor \
+--output ./tests/fixtures/public.notary.key.cbor > ./tests/fixtures/public.notary.key.diag
 
-# sign hash envelope
-npm run -s transmute -- scitt issue-statement ./tests/fixtures/private.notary.key.cbor ./tests/fixtures/message.json --output ./tests/fixtures/message.hash-envelope.cbor > ./tests/fixtures/message.hash-envelope.diag
-npm run -s transmute -- scitt verify-statement-hash ./tests/fixtures/public.notary.key.cbor ./tests/fixtures/message.hash-envelope.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 --output ./tests/fixtures/message.hash-envelope.verified.data > ./tests/fixtures/message.hash-envelope.diag
+
+# sign statement
+npm run -s transmute -- scitt issue-statement \
+./tests/fixtures/private.notary.key.cbor \
+./tests/fixtures/message.json \
+--output ./tests/fixtures/message.hash-envelope.cbor > ./tests/fixtures/message.hash-envelope.diag
+
+# verify statement
+npm run -s transmute -- scitt verify-statement-hash \
+./tests/fixtures/public.notary.key.cbor \
+./tests/fixtures/message.hash-envelope.cbor \
+3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 \
+--output ./tests/fixtures/message.hash-envelope.verified.data > ./tests/fixtures/message.hash-envelope.diag
 
 # sign receipt
-npm run -s transmute -- scitt issue-receipt ./tests/fixtures/private.notary.key.cbor ./tests/fixtures/message.hash-envelope.cbor --log ./tests/fixtures/trans.json --output ./tests/fixtures/message.hash-envelope-with-receipt.cbor > ./tests/fixtures/message.hash-envelope-with-receipt.diag
-npm run -s transmute -- scitt verify-receipt-hash ./tests/fixtures/public.notary.key.cbor ./tests/fixtures/message.hash-envelope-with-receipt.cbor 3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 > ./tests/fixtures/message.hash-envelope-with-receipt.diag
+npm run -s transmute -- scitt issue-receipt \
+./tests/fixtures/private.notary.key.cbor \
+./tests/fixtures/message.hash-envelope.cbor \
+--log ./tests/fixtures/trans.json \
+--output ./tests/fixtures/message.hash-envelope-with-receipt.cbor > ./tests/fixtures/message.hash-envelope-with-receipt.diag
+
+# verify receipt
+npm run -s transmute -- scitt verify-receipt-hash \
+./tests/fixtures/public.notary.key.cbor \
+./tests/fixtures/message.hash-envelope-with-receipt.cbor \
+3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22 > ./tests/fixtures/message.hash-envelope-with-receipt.diag
+
+# azure key vault
+
+npm run -s transmute -- scitt issue-statement \
+./tests/fixtures/message.json \
+--env ./.env \
+--alg ES256 \
+--iss https://software.vendor.example \
+--sub https://software.vendor.example/product/123 \
+--content-type application/spdx+json \
+--location https://software.vendor.example/storage/456 \
+--output ./tests/fixtures/message.json.akv.cbor \
+--azure-keyvault
+
+npm run -s transmute -- scitt issue-receipt \
+./tests/fixtures/message.json.akv.cbor \
+--env ./.env \
+--log ./tests/fixtures/trans.json \
+--output ./tests/fixtures/message.akv.receipt.cbor \
+--azure-keyvault
+
+npm run -s transmute -- scitt export-remote-public-key \
+--env ./.env \
+--output ./tests/fixtures/public.akv.key.cbor \
+--azure-keyvault
+
+npm run -s transmute -- scitt verify-statement-hash \
+./tests/fixtures/public.akv.key.cbor \
+./tests/fixtures/message.json.akv.cbor \
+3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
+
+echo
+
+npm run -s transmute -- scitt verify-receipt-hash \
+./tests/fixtures/public.akv.key.cbor \
+./tests/fixtures/message.akv.receipt.cbor \
+3073d614f853aaec9a1146872c7bab75495ee678c8864ed3562f8787555c1e22
diff --git a/src/scitt/handler.ts b/src/scitt/handler.ts
@@ -205,8 +205,14 @@ export const handler = async function ({ positionals, values }: Arguments) {
         setOutput('cbor', Buffer.from(result).toString('hex'))
       } else {
         if (!output) {
-          const text = await cose.cbor.diagnose(Buffer.from(coseSign1))
-          console.log(text)
+          const statement = await cose.cbor.decodeFirst(coseSign1)
+          const statementHeader = cose.cbor.decode(statement.value[0])
+          const statementClaims = statementHeader.get(cose.Protected.CWTClaims)
+          console.log('✅ Statement Verified')
+          console.log(`File: ${Buffer.from(result).toString('hex')}`)
+          if (statementClaims.get(1)) {
+            console.log(`Producer: ${statementClaims.get(1)} `)
+          }
         }
       }
       break
@@ -220,7 +226,7 @@ export const handler = async function ({ positionals, values }: Arguments) {
         dotenv.config({ path: envFile })
       }
       if (!log) {
-        const message = `❌ --log is required (only JSON is supported)`
+        const message = `❌ --log is required(only JSON is supported)`
         console.error(message)
         throw new Error(message)
       }
@@ -351,7 +357,7 @@ export const handler = async function ({ positionals, values }: Arguments) {
       });
       const root = Buffer.from(verified.receipts[0]).toString('hex')
       if (Buffer.from(verified.payload).toString('hex') !== Buffer.from(hash, 'hex').toString('hex')) {
-        throw new Error(`Signature verification failed for hash: ${Buffer.from(verified.payload).toString('hex')}`)
+        throw new Error(`Signature verification failed for hash: ${Buffer.from(verified.payload).toString('hex')} `)
       }
       if (output) {
         fs.writeFileSync(output, Buffer.from(verified.payload))
@@ -361,8 +367,8 @@ export const handler = async function ({ positionals, values }: Arguments) {
       } else {
         if (!output) {
           console.log('✅ Receipt Verified')
-          console.log(`Log: ${root}`)
-          console.log(`File: ${hash}`)
+          console.log(`Log: ${root} `)
+          console.log(`File: ${hash} `)
           const statement = await cose.cbor.decodeFirst(transparentStatement)
           const statementHeader = cose.cbor.decode(statement.value[0])
           const [encodedReceipt] = statement.value[1].get(cose.Unprotected.Receipts)
@@ -371,13 +377,13 @@ export const handler = async function ({ positionals, values }: Arguments) {
           const receiptClaims = receiptHeader.get(cose.Protected.CWTClaims)
           const statementClaims = statementHeader.get(cose.Protected.CWTClaims)
           if (receiptClaims.get(1)) {
-            console.log(`Notary: ${receiptClaims.get(1)}`)
+            console.log(`Notary: ${receiptClaims.get(1)} `)
           }
           if (statementClaims.get(1)) {
-            console.log(`Producer: ${statementClaims.get(1)}`)
+            console.log(`Producer: ${statementClaims.get(1)} `)
           }
           if (receiptClaims.get(2)) {
-            console.log(`Product: ${receiptClaims.get(2)}`)
+            console.log(`Product: ${receiptClaims.get(2)} `)
           }
         }
       }