Skip to content

Commit

Permalink
Pass in private key as STDIN to TemurinSignSBOM (#4094)
Browse files Browse the repository at this point in the history
  • Loading branch information
Haroon-Khel authored Jan 2, 2025
1 parent a53df22 commit f09b521
Showing 1 changed file with 19 additions and 3 deletions.
22 changes: 19 additions & 3 deletions cyclonedx-lib/sign_src/TemurinSignSBOM.java
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,9 @@
import org.webpki.json.JSONParser;
import org.webpki.util.PEMDecoder;

import java.util.stream.Collectors;
import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.StringReader;
import java.io.IOException;
import java.io.FileReader;
Expand Down Expand Up @@ -65,12 +68,18 @@ public static void main(final String[] args) {
String publicKeyFile = null;
String fileName = null;
boolean success = false; // add a new boolean success, default to false
boolean privateStdIn = false; // TRUE if private key contents are passed in STDIN with --privateKeyFileSTDIN

for (int i = 0; i < args.length; i++) {
if (args[i].equals("--jsonFile")) {
fileName = args[++i];
} else if (args[i].equals("--privateKeyFile")) {
privateKeyFile = args[++i];
} else if (args[i].equals("--privateKeyFileSTDIN")) {
BufferedReader reader = new BufferedReader(new InputStreamReader(System.in));
String privateKeyInput = reader.lines().collect(Collectors.joining("\n"));
privateKeyFile = privateKeyInput;
privateStdIn = true;
} else if (args[i].equals("--publicKeyFile")) {
publicKeyFile = args[++i];
} else if (args[i].equals("--signSBOM")) {
Expand All @@ -83,7 +92,7 @@ public static void main(final String[] args) {
}

if (cmd.equals("signSBOM")) {
Bom bom = signSBOM(fileName, privateKeyFile);
Bom bom = signSBOM(fileName, privateKeyFile, privateStdIn);
if (bom != null) {
if (!writeJSONfile(bom, fileName)) {
success = false;
Expand All @@ -108,7 +117,7 @@ public static void main(final String[] args) {
}
}

static Bom signSBOM(final String jsonFile, final String pemFile) {
static Bom signSBOM(final String jsonFile, final String pemFile, final boolean privateStdIn) {
try {
// Read the JSON file to be signed
Bom bom = readJSONfile(jsonFile);
Expand All @@ -124,7 +133,14 @@ static Bom signSBOM(final String jsonFile, final String pemFile) {
}

// Read the private key
KeyPair signingKey = PEMDecoder.getKeyPair(Files.readAllBytes(Paths.get(pemFile)));
KeyPair signingKey = null;
if (privateStdIn) {
// If private key is passed in STDIN
signingKey = PEMDecoder.getKeyPair(pemFile.getBytes());
} else {
// If private key is a file
signingKey = PEMDecoder.getKeyPair(Files.readAllBytes(Paths.get(pemFile)));
}

// Sign the JSON data
String signedData = new JSONObjectWriter(JSONParser.parse(sbomDataToSign))
Expand Down

0 comments on commit f09b521

Please sign in to comment.