From d52685fc31785c10c8352b45d0f57e3e70fa935e Mon Sep 17 00:00:00 2001
From: dlorenc <dlorenc@google.com>
Date: Thu, 22 Apr 2021 12:39:47 -0500
Subject: [PATCH] Add a flag to specify an artifact by hash. (#285)

This is required when uploading jars by URL.

Signed-off-by: Dan Lorenc <dlorenc@google.com>
---
 cmd/rekor-cli/app/pflags.go | 5 +++++
 tests/e2e_test.go           | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/cmd/rekor-cli/app/pflags.go b/cmd/rekor-cli/app/pflags.go
index 66ec0b0..2b4fcec 100644
--- a/cmd/rekor-cli/app/pflags.go
+++ b/cmd/rekor-cli/app/pflags.go
@@ -79,6 +79,7 @@ func addArtifactPFlags(cmd *cobra.Command) error {
 	cmd.Flags().Var(&fileOrURLFlag{}, "public-key", "path or URL to public key file")
 
 	cmd.Flags().Var(&fileOrURLFlag{}, "artifact", "path or URL to artifact file")
+	cmd.Flags().Var(&uuidFlag{}, "artifact-hash", "hex encoded SHA256 hash of artifact (when using URL)")
 
 	cmd.Flags().Var(&fileOrURLFlag{}, "entry", "path or URL to pre-formatted entry file")
 
@@ -182,6 +183,10 @@ func CreateJarFromPFlags() (models.ProposedEntry, error) {
 		dataURL, err := url.Parse(artifact)
 		if err == nil && dataURL.IsAbs() {
 			re.JARModel.Archive.URL = strfmt.URI(artifact)
+			re.JARModel.Archive.Hash = &models.JarV001SchemaArchiveHash{
+				Algorithm: swag.String(models.JarV001SchemaArchiveHashAlgorithmSha256),
+				Value:     swag.String(viper.GetString("artifact-hash")),
+			}
 		} else {
 			artifactBytes, err := ioutil.ReadFile(filepath.Clean(artifact))
 			if err != nil {
diff --git a/tests/e2e_test.go b/tests/e2e_test.go
index 60b5a71..7709fbd 100644
--- a/tests/e2e_test.go
+++ b/tests/e2e_test.go
@@ -254,7 +254,11 @@ func TestJAR(t *testing.T) {
 	outputContains(t, out, "Created entry at")
 	out = runCli(t, "upload", "--artifact", artifactPath, "--type", "jar")
 	outputContains(t, out, "Entry already exists")
+}
 
+func TestJARURL(t *testing.T) {
+	out := runCli(t, "upload", "--artifact", "https://get.jenkins.io/war-stable/2.277.3/jenkins.war", "--type", "jar", "--artifact-hash=3e22c7e8cd7c8ee1e92cbaa8d0d303a7b53e07bc2a152ddc66f8ce55caea91ab")
+	outputContains(t, out, "Created entry at")
 }
 
 func TestX509(t *testing.T) {
-- 
GitLab