canaad-cli 1.0.0

CLI tool for AAD canonicalization per RFC 8785
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107

//! Command handler functions for canonicalize, validate, and hash subcommands.

use std::fs;
use std::io::{self, Write};
use std::path::PathBuf;

use anyhow::{Context, Result};
use base64::prelude::*;
use clap::Parser;
use sha2::{Digest, Sha256};

use canaad_core::{canonicalize_default, validate_default, AadError};

use crate::args::{Cli, Commands, HashOutputFormat, OutputFormat};
use crate::io::read_input;

pub(crate) fn is_validation_error(err: &anyhow::Error) -> bool {
    err.downcast_ref::<AadError>().is_some()
        || err.chain().any(|e| e.downcast_ref::<AadError>().is_some())
}

/// Parse CLI args and dispatch to the matched subcommand handler.
///
/// # Errors
///
/// Propagates any error returned by the subcommand handler.
pub(crate) fn run() -> Result<()> {
    let cli = Cli::parse();

    match cli.command {
        Commands::Canonicalize { input, file, output_format, to_file } => {
            cmd_canonicalize(input, file, output_format, to_file)
        }
        Commands::Validate { input, file, quiet } => cmd_validate(input, file, quiet),
        Commands::Hash { input, file, output_format } => cmd_hash(input, file, output_format),
    }
}

fn cmd_canonicalize(
    input: Option<String>,
    file: Option<PathBuf>,
    output_format: OutputFormat,
    to_file: Option<PathBuf>,
) -> Result<()> {
    let json = read_input(input, file)?;
    let canonical = canonicalize_default(&json).context("failed to canonicalize")?;

    let output: Vec<u8> = match output_format {
        OutputFormat::Utf8 => {
            let mut s =
                String::from_utf8(canonical).context("canonical output is not valid UTF-8")?;
            s.push('\n');
            s.into_bytes()
        }
        OutputFormat::Hex => {
            let mut s = hex::encode(&canonical);
            s.push('\n');
            s.into_bytes()
        }
        OutputFormat::Base64 => {
            let mut s = BASE64_STANDARD.encode(&canonical);
            s.push('\n');
            s.into_bytes()
        }
        OutputFormat::Raw => canonical,
    };

    if let Some(path) = to_file {
        fs::write(&path, &output)
            .with_context(|| format!("failed to write to {}", path.display()))?;
    } else {
        io::stdout().write_all(&output).context("failed to write to stdout")?;
    }

    Ok(())
}

fn cmd_validate(input: Option<String>, file: Option<PathBuf>, quiet: bool) -> Result<()> {
    let json = read_input(input, file)?;
    validate_default(&json).context("validation failed")?;

    if !quiet {
        println!("valid");
    }

    Ok(())
}

fn cmd_hash(
    input: Option<String>,
    file: Option<PathBuf>,
    output_format: HashOutputFormat,
) -> Result<()> {
    let json = read_input(input, file)?;
    let canonical = canonicalize_default(&json).context("failed to canonicalize")?;

    let hash = Sha256::digest(&canonical);

    let output = match output_format {
        HashOutputFormat::Hex => hex::encode(hash),
        HashOutputFormat::Base64 => BASE64_STANDARD.encode(hash),
    };

    println!("{output}");

    Ok(())
}