Skip to content

Commit

Permalink
Add oci.Signature() method to expose raw signature (sigstore#2628)
Browse files Browse the repository at this point in the history
Closes sigstore#2517

Signed-off-by: mozillazg <mozillazg101@gmail.com>

Signed-off-by: mozillazg <mozillazg101@gmail.com>
  • Loading branch information
mozillazg authored Jan 15, 2023
1 parent 6df3ad9 commit 29360f6
Show file tree
Hide file tree
Showing 12 changed files with 54 additions and 44 deletions.
10 changes: 2 additions & 8 deletions internal/pkg/cosign/ephemeral/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"strings"
"testing"

Expand All @@ -43,14 +42,9 @@ func TestEphemeralSigner(t *testing.T) {
t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
}

b64Sig, err := ociSig.Base64Signature()
sig, err := ociSig.Signature()
if err != nil {
t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
}

sig, err := base64.StdEncoding.DecodeString(b64Sig)
if err != nil {
t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
t.Fatalf("ociSig.Signature() returned error: %v", err)
}

err = verifier.VerifySignature(bytes.NewReader(sig), strings.NewReader(testPayload))
Expand Down
9 changes: 2 additions & 7 deletions internal/pkg/cosign/fulcio/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"strings"
"testing"

Expand Down Expand Up @@ -112,13 +111,9 @@ func TestSigner(t *testing.T) {
if err != nil {
t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
}
b64Sig, err := ociSig.Base64Signature()
sig, err := ociSig.Signature()
if err != nil {
t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
}
sig, err := base64.StdEncoding.DecodeString(b64Sig)
if err != nil {
t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
t.Fatalf("ociSig.Signature() returned error: %v", err)
}
gotPayload, err := ociSig.Payload()
if err != nil {
Expand Down
10 changes: 2 additions & 8 deletions internal/pkg/cosign/payload/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"strings"
"testing"

Expand Down Expand Up @@ -54,14 +53,9 @@ func TestSigner(t *testing.T) {
t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
}

b64Sig, err := ociSig.Base64Signature()
sig, err := ociSig.Signature()
if err != nil {
t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
}

sig, err := base64.StdEncoding.DecodeString(b64Sig)
if err != nil {
t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
t.Fatalf("ociSig.Signature() returned error: %v", err)
}

gotPayload, err := ociSig.Payload()
Expand Down
9 changes: 2 additions & 7 deletions internal/pkg/cosign/rekor/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"strings"
"testing"

Expand Down Expand Up @@ -71,13 +70,9 @@ func TestSigner(t *testing.T) {
if err != nil {
t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
}
b64Sig, err := ociSig.Base64Signature()
sig, err := ociSig.Signature()
if err != nil {
t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
}
sig, err := base64.StdEncoding.DecodeString(b64Sig)
if err != nil {
t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
t.Fatalf("ociSig.Signature() returned error: %v", err)
}
gotPayload, err := ociSig.Payload()
if err != nil {
Expand Down
8 changes: 1 addition & 7 deletions internal/pkg/cosign/tsa/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"fmt"
"io"
"os"
Expand Down Expand Up @@ -81,13 +80,8 @@ func (rs *signerWrapper) Sign(ctx context.Context, payload io.Reader) (oci.Signa
return nil, nil, err
}

b64Sig, err := sig.Base64Signature()
if err != nil {
return nil, nil, err
}

// create timestamp over raw bytes of signature
rawSig, err := base64.StdEncoding.DecodeString(b64Sig)
rawSig, err := sig.Signature()
if err != nil {
return nil, nil, err
}
Expand Down
9 changes: 2 additions & 7 deletions internal/pkg/cosign/tsa/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,6 @@ import (
"bytes"
"context"
"crypto"
"encoding/base64"
"strings"
"testing"
"time"
Expand Down Expand Up @@ -65,13 +64,9 @@ func TestSigner(t *testing.T) {
if err != nil {
t.Fatalf("signature.LoadVerifier(pub) returned error: %v", err)
}
b64Sig, err := ociSig.Base64Signature()
sig, err := ociSig.Signature()
if err != nil {
t.Fatalf("ociSig.Base64Signature() returned error: %v", err)
}
sig, err := base64.StdEncoding.DecodeString(b64Sig)
if err != nil {
t.Fatalf("base64.StdEncoding.DecodeString(b64Sig) returned error: %v", err)
t.Fatalf("ociSig.Signature() returned error: %v", err)
}
gotPayload, err := ociSig.Payload()
if err != nil {
Expand Down
10 changes: 10 additions & 0 deletions pkg/oci/internal/signature/layer.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package signature

import (
"crypto/x509"
"encoding/base64"
"encoding/json"
"fmt"
"io"
Expand Down Expand Up @@ -69,6 +70,15 @@ func (s *sigLayer) Payload() ([]byte, error) {
return payload, nil
}

// Signature implements oci.Signature
func (s *sigLayer) Signature() ([]byte, error) {
b64sig, err := s.Base64Signature()
if err != nil {
return nil, err
}
return base64.StdEncoding.DecodeString(b64sig)
}

// Base64Signature implements oci.Signature
func (s *sigLayer) Base64Signature() (string, error) {
b64sig, ok := s.desc.Annotations[sigkey]
Expand Down
5 changes: 5 additions & 0 deletions pkg/oci/mutate/signature.go
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ func (sw *sigWrapper) Payload() ([]byte, error) {
return sw.wrapped.Payload()
}

// Signature implements oci.Signature
func (sw *sigWrapper) Signature() ([]byte, error) {
return sw.wrapped.Signature()
}

// Base64Signature implements oci.Signature.
func (sw *sigWrapper) Base64Signature() (string, error) {
return sw.wrapped.Base64Signature()
Expand Down
10 changes: 10 additions & 0 deletions pkg/oci/signature/layer.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ package signature

import (
"crypto/x509"
"encoding/base64"
"encoding/json"
"fmt"
"io"
Expand Down Expand Up @@ -69,6 +70,15 @@ func (s *sigLayer) Payload() ([]byte, error) {
return payload, nil
}

// Signature implements oci.Signature
func (s *sigLayer) Signature() ([]byte, error) {
b64sig, err := s.Base64Signature()
if err != nil {
return nil, err
}
return base64.StdEncoding.DecodeString(b64sig)
}

// Base64Signature implements oci.Signature
func (s *sigLayer) Base64Signature() (string, error) {
b64sig, ok := s.desc.Annotations[sigkey]
Expand Down
5 changes: 5 additions & 0 deletions pkg/oci/signatures.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,11 @@ type Signature interface {
// This will always return data when there is no error.
Payload() ([]byte, error)

// Signature fetches the raw signature
// of the payload. This will always return data when
// there is no error.
Signature() ([]byte, error)

// Base64Signature fetches the base64 encoded signature
// of the payload. This will always return data when
// there is no error.
Expand Down
10 changes: 10 additions & 0 deletions pkg/oci/static/signature.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package static
import (
"bytes"
"crypto/x509"
"encoding/base64"
"io"

v1 "github.com/google/go-containerregistry/pkg/v1"
Expand Down Expand Up @@ -138,6 +139,15 @@ func (l *staticLayer) Payload() ([]byte, error) {
return l.b, nil
}

// Signature implements oci.Signature
func (l *staticLayer) Signature() ([]byte, error) {
b64sig, err := l.Base64Signature()
if err != nil {
return nil, err
}
return base64.StdEncoding.DecodeString(b64sig)
}

// Base64Signature implements oci.Signature
func (l *staticLayer) Base64Signature() (string, error) {
return l.b64sig, nil
Expand Down
3 changes: 3 additions & 0 deletions pkg/policy/attestation_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ func (fa *failingAttestation) Payload() ([]byte, error) {
func (fa *failingAttestation) Annotations() (map[string]string, error) {
return nil, fmt.Errorf("unimplemented")
}
func (fa *failingAttestation) Signature() ([]byte, error) {
return nil, fmt.Errorf("unimplemented")
}
func (fa *failingAttestation) Base64Signature() (string, error) {
return "", fmt.Errorf("unimplemented")
}
Expand Down

0 comments on commit 29360f6

Please sign in to comment.