notaryproject · JeyJeyGao · Jan 2, 2025 · Jan 3, 2025 · Jan 6, 2025 · Jan 6, 2025
@@ -0,0 +1,34 @@
+// Copyright The Notary Project Authors.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+// Package blob provides blob sign, verify, inspect, and policy commands.
+package blob
+
+import (
+	"github.com/spf13/cobra"
+)
+
+// Cmd returns the command for blob
+func Cmd() *cobra.Command {
+	command := &cobra.Command{
+		Use:   "blob [commnad]",
+		Short: "Sign, verify and inspect signatures associated with blobs",
+		Long:  "Sign, inspect, and verify signatures and configure trust policies.",
+	}
+
+	command.AddCommand(
+		inspectCommand(),
+	)
+
+	return command
+}
@@ -0,0 +1,101 @@
+// Copyright The Notary Project Authors.
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package blob
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/notaryproject/notation/internal/cmd"
+	"github.com/notaryproject/notation/internal/envelope"
+	"github.com/notaryproject/notation/internal/ioutil"
+	"github.com/spf13/cobra"
+)
+
+type inspectOpts struct {
+	sigPath      string
+	outputFormat string
+}
+
+func inspectCommand() *cobra.Command {
+	opts := &inspectOpts{}
+	command := &cobra.Command{
+		Use:   "inspect [flags] <signature_path>",
+		Short: "Inspect a signature associated with a blob",
+		Long: `Inspect a signature associated with a blob.
+
+Example - Inspect a signature:
+  notation inspect blob.cose.sig
-  notation inspect blob.cose.sig
+  notation blob inspect blob.cose.sig
-  notation inspect blob.cose.sig
+  notation blob inspect blob.cose.sig
+`,
+		Args: func(cmd *cobra.Command, args []string) error {
+			if len(args) == 0 {
+				return errors.New("missing signature path: use `notation blob inspect --help` to see what parameters are required")
+			}
+			opts.sigPath = args[0]
+			return nil
+		},
+		RunE: func(cmd *cobra.Command, args []string) error {
+			return runInspect(opts)
+		},
+	}
+
+	cmd.SetPflagOutput(command.Flags(), &opts.outputFormat, cmd.PflagOutputUsage)
+	return command
+}
+
+func runInspect(opts *inspectOpts) error {
+	if opts.outputFormat != cmd.OutputJSON && opts.outputFormat != cmd.OutputPlaintext {
+		return fmt.Errorf("unrecognized output format %s", opts.outputFormat)
+	}
+
+	envelopeMediaType, err := parseEnvelopeMediaType(filepath.Base(opts.sigPath))
+	if err != nil {
+		return err
+	}
+
+	envelopeBytes, err := os.ReadFile(opts.sigPath)
+	if err != nil {
+		return fmt.Errorf("failed to read signature file: %w", err)
+	}
+
+	sig, err := envelope.Parse(envelopeMediaType, envelopeBytes)
+	if err != nil {
+		return fmt.Errorf("failed to parse signature: %w", err)
+	}
+
+	// clearing annotations from the SignedArtifact field since they're already
+	// displayed as UserDefinedAttributes
+	sig.SignedArtifact.Annotations = nil
+
+	if opts.outputFormat == cmd.OutputJSON {
+		// print in JSON format
+		return ioutil.PrintObjectAsJSON(sig)
+	}
+
+	// print in plaintext format
+	sig.ToNode(opts.sigPath).Print()
+	return nil
+}
+
+// parseEnvelopeMediaType returns the envelope media type based on the filename.
+func parseEnvelopeMediaType(filename string) (string, error) {
+	parts := strings.Split(filename, ".")
+	if len(parts) < 3 || parts[len(parts)-1] != "sig" {
+		return "", fmt.Errorf("invalid signature filename: %s", filename)
+	}
+	return envelope.GetEnvelopeMediaType(strings.ToLower(parts[len(parts)-2]))
+}