diff --git a/aagent/watchers/pluginswatcher/plugins.go b/aagent/watchers/pluginswatcher/plugins.go index 5cdcce9cc..db9eb96a0 100644 --- a/aagent/watchers/pluginswatcher/plugins.go +++ b/aagent/watchers/pluginswatcher/plugins.go @@ -7,6 +7,7 @@ package pluginswatcher import ( "bytes" "context" + "encoding/base64" "encoding/hex" "encoding/json" "fmt" @@ -447,7 +448,12 @@ func (w *Watcher) loadAndValidateData() ([]byte, error) { } } - return spec.Plugins, nil + pb, err := base64.StdEncoding.DecodeString(spec.Plugins) + if err != nil { + return nil, err + } + + return pb, nil } func (w *Watcher) desiredState() ([]*ManagedPlugin, error) { diff --git a/aagent/watchers/pluginswatcher/plugins_test.go b/aagent/watchers/pluginswatcher/plugins_test.go index d74c9c366..11bfd0e14 100644 --- a/aagent/watchers/pluginswatcher/plugins_test.go +++ b/aagent/watchers/pluginswatcher/plugins_test.go @@ -7,6 +7,7 @@ package pluginswatcher import ( "crypto/ed25519" "crypto/rand" + "encoding/base64" "encoding/hex" "os" "path/filepath" @@ -64,7 +65,7 @@ var _ = Describe("AAgent/Watchers/PluginsWatcher", func() { data, err := os.ReadFile("testdata/plugins.json") Expect(err).ToNot(HaveOccurred()) - spec := &Specification{Plugins: data} + spec := &Specification{Plugins: string(data)} _, err = spec.Encode(hex.EncodeToString(priv)) Expect(err).ToNot(HaveOccurred()) @@ -124,15 +125,15 @@ var _ = Describe("AAgent/Watchers/PluginsWatcher", func() { data *Specification pri ed25519.PrivateKey pub ed25519.PublicKey - spec []byte + spec string ) BeforeEach(func() { pub, pri, err = ed25519.GenerateKey(rand.Reader) Expect(err).ToNot(HaveOccurred()) - spec = []byte("[]") - data = &Specification{Plugins: spec} - data.Signature = hex.EncodeToString(ed25519.Sign(pri, spec)) + spec = base64.StdEncoding.EncodeToString([]byte("[]")) + data = &Specification{Plugins: string(spec)} + data.Signature = hex.EncodeToString(ed25519.Sign(pri, []byte(spec))) machine.EXPECT().DataGet(gomock.Eq("spec")).Return(data, true).AnyTimes() }) diff --git a/aagent/watchers/pluginswatcher/specification.go b/aagent/watchers/pluginswatcher/specification.go index fd71bb5a3..09b42799e 100644 --- a/aagent/watchers/pluginswatcher/specification.go +++ b/aagent/watchers/pluginswatcher/specification.go @@ -15,7 +15,7 @@ import ( // Specification holds []ManagedPlugin marshaled to JSON with an optional ed25519 signature type Specification struct { - Plugins []byte `json:"plugins"` + Plugins string `json:"plugins"` Signature string `json:"signature,omitempty"` } @@ -34,7 +34,7 @@ func (s *Specification) Encode(key string) ([]byte, error) { return nil, err } - sig, err := iu.Ed25519Sign(pk, s.Plugins) + sig, err := iu.Ed25519Sign(pk, []byte(s.Plugins)) if err != nil { return nil, err } @@ -52,5 +52,5 @@ func (s *Specification) VerifySignature(key ed25519.PublicKey) (bool, error) { return false, fmt.Errorf("invalid signature data: %w", err) } - return iu.Ed25519Verify(key, s.Plugins, sig) + return iu.Ed25519Verify(key, []byte(s.Plugins), sig) } diff --git a/cmd/machine_plugins_pack.go b/cmd/machine_plugins_pack.go index 528d4d345..bdb01b763 100644 --- a/cmd/machine_plugins_pack.go +++ b/cmd/machine_plugins_pack.go @@ -5,6 +5,7 @@ package cmd import ( + "encoding/base64" "encoding/json" "fmt" "os" @@ -76,7 +77,7 @@ func (r *mPluginsPackCommand) Run(wg *sync.WaitGroup) (err error) { logrus.Warn("No ed25519 private key given, encoding without signing") } - spec := &watcher.Specification{Plugins: data} + spec := &watcher.Specification{Plugins: base64.StdEncoding.EncodeToString(data)} j, err := spec.Encode(r.key) if err != nil { return err