143 lines
2.9 KiB
Bash
143 lines
2.9 KiB
Bash
#!/bin/bash
|
|
|
|
usage() {
|
|
echo
|
|
echo "Usage: $0 <action>"
|
|
echo
|
|
echo "Actions:"
|
|
echo
|
|
echo " initialize"
|
|
echo " sign-contract <file>"
|
|
echo " sign <endpoint>"
|
|
echo " verify <endpoint> <signature>"
|
|
echo
|
|
exit 1
|
|
}
|
|
|
|
if [ -z "$1" ]; then
|
|
usage
|
|
fi
|
|
|
|
action=$1
|
|
|
|
case $action in
|
|
|
|
initialize)
|
|
|
|
if [ -f id_ed25519 ] || [ -f id_ed25519.pub ]; then
|
|
echo
|
|
echo "Error: The environment has already been initialized."
|
|
echo
|
|
exit 1
|
|
fi
|
|
|
|
openssl genpkey -out id_ed25519 -algorithm ED25519
|
|
openssl pkey -in id_ed25519 -pubout -out id_ed25519.pub
|
|
|
|
id_ed25519_pub="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"
|
|
|
|
echo
|
|
echo "Public Key: $id_ed25519_pub"
|
|
echo
|
|
;;
|
|
|
|
sign)
|
|
|
|
if [ -z "$2" ]; then
|
|
usage
|
|
fi
|
|
|
|
temporary_file_1=$(mktemp)
|
|
trap 'rm -f $temporary_file_1' EXIT
|
|
|
|
temporary_file_2=$(mktemp)
|
|
trap 'rm -f $temporary_file_2' EXIT
|
|
|
|
echo -n "$2" >"$temporary_file_1"
|
|
|
|
openssl pkeyutl -sign -inkey id_ed25519 -rawin -in "$temporary_file_1" -out "$temporary_file_2"
|
|
|
|
id_ed25519_pub_hex="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"
|
|
signature=$(base64 -w 0 <"$temporary_file_2")
|
|
|
|
echo
|
|
echo " Signature: ${signature:0:64}"
|
|
echo " ${signature:64}"
|
|
echo
|
|
echo " Provider: $id_ed25519_pub_hex"
|
|
echo " Endpoint: $2"
|
|
echo
|
|
;;
|
|
|
|
verify)
|
|
|
|
if [ -z "$2" ] || [ -z "$3" ]; then
|
|
usage
|
|
fi
|
|
|
|
temporary_file_1=$(mktemp)
|
|
trap 'rm -f $temporary_file_1' EXIT
|
|
|
|
temporary_file_2=$(mktemp)
|
|
trap 'rm -f $temporary_file_2' EXIT
|
|
|
|
echo -n "$2" >"$temporary_file_1"
|
|
echo -n "$3" | base64 --decode >"$temporary_file_2"
|
|
|
|
echo
|
|
openssl pkeyutl -verify -inkey id_ed25519 -rawin -in "$temporary_file_1" -sigfile "$temporary_file_2"
|
|
echo
|
|
;;
|
|
|
|
sign-contract)
|
|
|
|
if [ -z "$2" ]; then
|
|
usage
|
|
fi
|
|
|
|
temporary_file_1=$(mktemp)
|
|
trap 'rm -f $temporary_file_1' EXIT
|
|
|
|
temporary_file_2=$(mktemp)
|
|
trap 'rm -f $temporary_file_2' EXIT
|
|
|
|
file_path="$2"
|
|
|
|
# Check if the file exists
|
|
if [ ! -f "$file_path" ]; then
|
|
echo "File not found: $file_path"
|
|
exit 1
|
|
fi
|
|
|
|
# Compute the SHA-512 hash
|
|
sha512_hash=$(sha512sum "$file_path" | awk '{print $1}')
|
|
|
|
# Store in temp file:
|
|
echo -n "$sha512_hash" >"$temporary_file_1"
|
|
|
|
# sign it:
|
|
openssl pkeyutl -sign -inkey id_ed25519 -rawin -in "$temporary_file_1" -out "$temporary_file_2"
|
|
|
|
id_ed25519_pub_hex="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"
|
|
signature=$(base64 -w 0 <"$temporary_file_2")
|
|
|
|
echo
|
|
echo
|
|
echo "SHA-512 hash of the Contract $file_path:"
|
|
echo "$sha512_hash"
|
|
echo
|
|
echo "Operator's Public Key:"
|
|
echo "$id_ed25519_pub_hex"
|
|
echo
|
|
echo "Signature of Contract:"
|
|
echo "${signature}"
|
|
echo
|
|
;;
|
|
|
|
|
|
*)
|
|
|
|
usage
|
|
;;
|
|
|
|
esac
|