review comment

yahoo · Jun 9, 2020 · 64685ae · 64685ae
1 parent e6e6d3d
commit 64685ae
Showing 2 changed files with 26 additions and 28 deletions.
diff --git a/.../main/java/com/yahoo/elide/contrib/dynamicconfighelpers/verify/DynamicConfigVerifier.java b/.../main/java/com/yahoo/elide/contrib/dynamicconfighelpers/verify/DynamicConfigVerifier.java
@@ -35,6 +35,9 @@
 import java.security.cert.Certificate;
 import java.util.Base64;
 
+/**
+ * Util class to Verify model tar.gz file's RSA signature with available public key in key store.
+ */
 @Slf4j
 public class DynamicConfigVerifier {
 
@@ -48,10 +51,10 @@ public class DynamicConfigVerifier {
      * @throws SignatureException
      * @throws NoSuchAlgorithmException
      * @throws InvalidKeyException
-     *
+     * @throws MissingOptionException
      */
     public static void main(String[] args) throws ParseException, InvalidKeyException, NoSuchAlgorithmException,
-    SignatureException, FileNotFoundException, KeyStoreException, IOException {
+            SignatureException, FileNotFoundException, KeyStoreException, IOException {
 
         Options options = prepareOptions();
         CommandLine cli = new DefaultParser().parse(options, args);
@@ -68,10 +71,8 @@ public static void main(String[] args) throws ParseException, InvalidKeyExceptio
         String modelTarFile = cli.getOptionValue("tarFile");
         String signatureFile = cli.getOptionValue("signatureFile");
         String publicKeyName = cli.getOptionValue("publicKeyName");
-        long tarFileSize = getFileSize(modelTarFile);
 
-        if (verify(readTarContents(modelTarFile), tarFileSize,
-                signatureFile, getPublicKey(publicKeyName))) {
+        if (verify(readTarContents(modelTarFile), signatureFile, getPublicKey(publicKeyName))) {
             log.info("Successfully Validated " + modelTarFile);
         }
         else {
@@ -81,34 +82,42 @@ signatureFile, getPublicKey(publicKeyName))) {
 
     /**
      * Verify signature of tar.gz.
-     * @param fileList : list of files
-     * @param sizeOfFile : size of tar file
+     * @param fileContent : content Of all config files
      * @param signature : file containing signature
      * @param publicKey : public key name
      * @return whether the file can be verified by given key and signature
      * @throws NoSuchAlgorithmException
      * @throws InvalidKeyException
      * @throws SignatureException
      */
-    public static boolean verify(String fileList, long sizeOfFile, String signature, PublicKey publicKey)
+    public static boolean verify(String fileContent, String signature, PublicKey publicKey)
             throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
 
         Signature publicSignature;
 
         publicSignature = Signature.getInstance("SHA256withRSA");
         publicSignature.initVerify(publicKey);
-        publicSignature.update((fileList + sizeOfFile).getBytes(StandardCharsets.UTF_8));
+        publicSignature.update(fileContent.getBytes(StandardCharsets.UTF_8));
         byte[] signatureBytes = Base64.getDecoder().decode(signature);
         return publicSignature.verify(signatureBytes);
     }
 
     /**
-     * Get tar file size.
-     * @param modelTarFile
-     * @return size of tar file
+     * Read Content of all files.
+     * @param archiveFile : tar.gz file path
+     * @return appended content of all files in tar
+     * @throws FileNotFoundException
+     * @throws IOException
      */
-    private static long getFileSize(String modelTarFile) {
-        return FileUtils.sizeOf(new File(modelTarFile));
+    public static String readTarContents(String archiveFile) throws FileNotFoundException, IOException {
+        StringBuffer sb = new StringBuffer();
+        TarArchiveInputStream archive = new TarArchiveInputStream(
+                new GzipCompressorInputStream(new BufferedInputStream(new FileInputStream(archiveFile))));
+        TarArchiveEntry entry;
+        while ((entry = archive.getNextTarEntry()) != null) {
+            sb.append(FileUtils.readFileToString(new File(entry.getName()), StandardCharsets.UTF_8));
+        }
+        return sb.toString();
     }
 
     /**
@@ -124,17 +133,6 @@ private static PublicKey getPublicKey(String keyName) throws KeyStoreException {
         return publicKey;
     }
 
-    private static String readTarContents(String archiveFile) throws FileNotFoundException, IOException {
-        StringBuffer sb = new StringBuffer();
-        TarArchiveInputStream archive = new TarArchiveInputStream(
-                new GzipCompressorInputStream(new BufferedInputStream(new FileInputStream(archiveFile))));
-        TarArchiveEntry entry;
-        while ((entry = archive.getNextTarEntry()) != null) {
-            sb.append(entry.getName());
-        }
-        return sb.toString();
-    }
-
     /**
      * Define Arguments.
      */

diff --git a/...t/java/com/yahoo/elide/contrib/dynamicconfighelpers/verify/DynamicConfigVerifiesTest.java b/...t/java/com/yahoo/elide/contrib/dynamicconfighelpers/verify/DynamicConfigVerifiesTest.java
@@ -31,17 +31,17 @@ public class DynamicConfigVerifiesTest {
     @BeforeAll
     public static void setUp() throws Exception {
         kp = generateKeyPair();
-        signature = sign("testing-signature5", kp.getPrivate());
+        signature = sign("testing-signature", kp.getPrivate());
     }
 
     @Test
     public void testValidSignature() throws Exception {
-        assertTrue(DynamicConfigVerifier.verify("testing-signature", 5, signature, kp.getPublic()));
+        assertTrue(DynamicConfigVerifier.verify("testing-signature", signature, kp.getPublic()));
     }
 
     @Test
     public void testInvalidSignature() throws Exception {
-        assertFalse(DynamicConfigVerifier.verify("invalid-signature", 5, signature, kp.getPublic()));
+        assertFalse(DynamicConfigVerifier.verify("invalid-signature", signature, kp.getPublic()));
     }
 
     @Test