From 0b728a413e6bd5a70beffa9513196d8cd622d903 Mon Sep 17 00:00:00 2001 From: rbehjati Date: Thu, 11 May 2023 15:52:06 +0100 Subject: [PATCH] Improve package names (#230) * Merge package types into package model * Rename package amber to claims * Remove all occurrences of amber --- cmd/verifier/main.go | 3 +- internal/endorser/endorser.go | 21 ++++++------ internal/endorser/endorser_test.go | 10 +++--- internal/fuzzbinder/fuzzclaim.go | 26 +++++++-------- internal/fuzzbinder/fuzzclaim_test.go | 20 ++++++------ internal/fuzzbinder/fuzzgenerator.go | 14 ++++---- internal/fuzzbinder/fuzzscraper.go | 10 +++--- internal/fuzzbinder/util.go | 8 ++--- internal/model/provenance.go | 13 ++++---- internal/model/provenance_test.go | 5 ++- .../types.go => internal/model/validation.go | 4 +-- .../model/validation_test.go | 2 +- pkg/{amber => claims}/claim.go | 24 +++++++------- pkg/{amber => claims}/endorsement.go | 32 +++++++++---------- pkg/{amber => claims}/endorsement_test.go | 12 +++---- 15 files changed, 99 insertions(+), 105 deletions(-) rename pkg/types/types.go => internal/model/validation.go (96%) rename pkg/types/types_test.go => internal/model/validation_test.go (99%) rename pkg/{amber => claims}/claim.go (85%) rename pkg/{amber => claims}/endorsement.go (83%) rename pkg/{amber => claims}/endorsement_test.go (92%) diff --git a/cmd/verifier/main.go b/cmd/verifier/main.go index d6429c1b..5afb42fc 100644 --- a/cmd/verifier/main.go +++ b/cmd/verifier/main.go @@ -22,7 +22,6 @@ import ( "github.com/project-oak/transparent-release/internal/model" "github.com/project-oak/transparent-release/internal/verification" - "github.com/project-oak/transparent-release/pkg/types" ) func main() { @@ -35,7 +34,7 @@ func main() { log.Fatalf("couldn't load the provenance bytes from %s: %v", *provenancePath, err) } // Parse into a validated provenance to get the predicate/build type of the provenance. - validatedProvenance, err := types.ParseStatementData(provenanceBytes) + validatedProvenance, err := model.ParseStatementData(provenanceBytes) if err != nil { log.Fatalf("couldn't parse bytes from %s into a validated provenance: %v", *provenancePath, err) } diff --git a/internal/endorser/endorser.go b/internal/endorser/endorser.go index 0274ce5e..1fd77034 100644 --- a/internal/endorser/endorser.go +++ b/internal/endorser/endorser.go @@ -30,9 +30,8 @@ import ( "github.com/project-oak/transparent-release/internal/model" "github.com/project-oak/transparent-release/internal/verification" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" "github.com/project-oak/transparent-release/pkg/intoto" - "github.com/project-oak/transparent-release/pkg/types" ) // ParsedProvenance contains a provenance in the internal ProvenanceIR format, @@ -41,34 +40,34 @@ import ( // the DSSE document, while `Provenance` contains the provenance itself. type ParsedProvenance struct { Provenance model.ProvenanceIR - SourceMetadata amber.ProvenanceData + SourceMetadata claims.ProvenanceData } // GenerateEndorsement generates an endorsement statement for the given validity duration, using // the given provenances as evidence and reference values to verify them. At least one provenance // must be provided. The endorsement statement is generated only if the provenance statements are // valid. -func GenerateEndorsement(referenceValues *verification.ReferenceValues, validityDuration amber.ClaimValidity, provenances []ParsedProvenance) (*intoto.Statement, error) { +func GenerateEndorsement(referenceValues *verification.ReferenceValues, validityDuration claims.ClaimValidity, provenances []ParsedProvenance) (*intoto.Statement, error) { verifiedProvenances, err := verifyAndSummarizeProvenances(referenceValues, provenances) if err != nil { return nil, fmt.Errorf("could not verify and summarize provenances: %v", err) } - return amber.GenerateEndorsementStatement(validityDuration, *verifiedProvenances), nil + return claims.GenerateEndorsementStatement(validityDuration, *verifiedProvenances), nil } -// Returns an instance of amber.VerifiedProvenanceSet, containing metadata about a set of verified +// Returns an instance of claims.VerifiedProvenanceSet, containing metadata about a set of verified // provenances, or an error. An error is returned if any of the following conditions is met: // (1) The list of provenances is empty, // (2) Any of the provenances is invalid (see verifyProvenances for details on validity), // (3) Provenances do not match (e.g., have different binary names). -func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues, provenances []ParsedProvenance) (*amber.VerifiedProvenanceSet, error) { +func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues, provenances []ParsedProvenance) (*claims.VerifiedProvenanceSet, error) { if len(provenances) == 0 { return nil, fmt.Errorf("at least one provenance file must be provided") } provenanceIRs := make([]model.ProvenanceIR, 0, len(provenances)) - provenancesData := make([]amber.ProvenanceData, 0, len(provenances)) + provenancesData := make([]claims.ProvenanceData, 0, len(provenances)) for _, p := range provenances { provenanceIRs = append(provenanceIRs, p.Provenance) provenancesData = append(provenancesData, p.SourceMetadata) @@ -79,7 +78,7 @@ func verifyAndSummarizeProvenances(referenceValues *verification.ReferenceValues return nil, fmt.Errorf("failed while verifying of provenances: %v", errs) } - verifiedProvenances := amber.VerifiedProvenanceSet{ + verifiedProvenances := claims.VerifiedProvenanceSet{ BinaryDigest: provenanceIRs[0].BinarySHA256Digest(), BinaryName: provenanceIRs[0].BinaryName(), Provenances: provenancesData, @@ -155,7 +154,7 @@ func LoadProvenance(provenanceURI string) (*ParsedProvenance, error) { return nil, fmt.Errorf("couldn't load the provenance bytes from %s: %v", provenanceURI, err) } // Parse into a validated provenance to get the predicate/build type of the provenance. - validatedProvenance, err := types.ParseStatementData(provenanceBytes) + validatedProvenance, err := model.ParseStatementData(provenanceBytes) if err != nil { return nil, fmt.Errorf("couldn't parse bytes from %s into a validated provenance: %v", provenanceURI, err) } @@ -167,7 +166,7 @@ func LoadProvenance(provenanceURI string) (*ParsedProvenance, error) { sum256 := sha256.Sum256(provenanceBytes) return &ParsedProvenance{ Provenance: *provenanceIR, - SourceMetadata: amber.ProvenanceData{ + SourceMetadata: claims.ProvenanceData{ URI: provenanceURI, SHA256Digest: hex.EncodeToString(sum256[:]), }, diff --git a/internal/endorser/endorser_test.go b/internal/endorser/endorser_test.go index 2d26e42c..a098d59c 100644 --- a/internal/endorser/endorser_test.go +++ b/internal/endorser/endorser_test.go @@ -23,7 +23,7 @@ import ( "github.com/project-oak/transparent-release/internal/testutil" "github.com/project-oak/transparent-release/internal/verification" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" ) const ( @@ -35,7 +35,7 @@ const ( func TestGenerateEndorsement_SingleValidEndorsement(t *testing.T) { tomorrow := time.Now().AddDate(0, 0, 1) nextWeek := time.Now().AddDate(0, 0, 7) - validity := amber.ClaimValidity{ + validity := claims.ClaimValidity{ NotBefore: &tomorrow, NotAfter: &nextWeek, } @@ -63,7 +63,7 @@ func TestGenerateEndorsement_SingleValidEndorsement(t *testing.T) { testutil.AssertEq(t, "binary hash", statement.Subject[0].Digest["sha256"], binaryHash) testutil.AssertEq(t, "binary name", statement.Subject[0].Name, binaryName) - predicate := statement.Predicate.(amber.ClaimPredicate) + predicate := statement.Predicate.(claims.ClaimPredicate) testutil.AssertEq(t, "notBefore date", predicate.Validity.NotBefore, &tomorrow) testutil.AssertEq(t, "notAfter date", predicate.Validity.NotAfter, &nextWeek) @@ -97,7 +97,7 @@ func TestLoadAndVerifyProvenances_MultipleValidEndorsement(t *testing.T) { } func TestLoadProvenances_FailingSingleRemoteProvenanceEndorsement(t *testing.T) { - _, err := LoadProvenances([]string{"https://github.com/project-oak/transparent-release/blob/main/testdata/amber_provenance.json"}) + _, err := LoadProvenances([]string{"https://github.com/project-oak/transparent-release/blob/main/testdata/missing_provenance.json"}) want := "couldn't load the provenance" if err == nil || !strings.Contains(err.Error(), want) { t.Fatalf("got %q, want error message containing %q,", err, want) @@ -222,7 +222,7 @@ func copyToTemp(path string) (string, error) { return "", err } - tmpfile, err := os.CreateTemp("", "amber_provenance.json") + tmpfile, err := os.CreateTemp("", "provenance.json") if err != nil { return "", fmt.Errorf("couldn't create tempfile: %v", err) } diff --git a/internal/fuzzbinder/fuzzclaim.go b/internal/fuzzbinder/fuzzclaim.go index 4a435582..ca6ed42a 100644 --- a/internal/fuzzbinder/fuzzclaim.go +++ b/internal/fuzzbinder/fuzzclaim.go @@ -17,7 +17,7 @@ package fuzzbinder // This file provides a custom `ClaimSpec` type, FuzzClaimSpec, to be used -// for fuzzing claims within the ClaimPredicate (defined in amber package). +// for fuzzing claims within the ClaimPredicate (defined in claims package). // FuzzClaimSpec is intended to be used for providing the user with the // needed elements to characterize the security of a revision of the source // code based on fuzzing. @@ -27,12 +27,12 @@ import ( "fmt" "os" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" "github.com/project-oak/transparent-release/pkg/intoto" ) -// FuzzClaimV1 is the URI that should be used as the ClaimType in V1 Amber -// Claim representing a V1 Fuzz Claim. +// FuzzClaimV1 is the URI that should be used as the ClaimType in ClaimV1 +// representing a V1 Fuzz Claim. const FuzzClaimV1 = "https://github.com/project-oak/transparent-release/fuzz_claim/v1" // FuzzClaimSpec gives the `ClaimSpec` definition. It will be included in a @@ -71,12 +71,12 @@ type FuzzStats struct { NumberFuzzTests int `json:"numberFuzzTests,omitempty"` } -// ValidateFuzzClaim validates that an Amber Claim is a Fuzz Claim with a valid ClaimType. +// ValidateFuzzClaim validates that a Claim is a Fuzz Claim with a valid ClaimType. // If valid, the ClaimPredicate object is returned. Otherwise an error is returned. -func ValidateFuzzClaim(statement intoto.Statement) (*amber.ClaimPredicate, error) { - predicate, err := amber.ValidateAmberClaim(statement) +func ValidateFuzzClaim(statement intoto.Statement) (*claims.ClaimPredicate, error) { + predicate, err := claims.ValidateClaim(statement) if err != nil { - return nil, fmt.Errorf("could not validate the fuzzing AmberClaim: %v", err) + return nil, fmt.Errorf("could not validate the fuzzing Claim: %v", err) } if predicate.ClaimType != FuzzClaimV1 { return nil, fmt.Errorf( @@ -97,7 +97,7 @@ func ValidateFuzzClaim(statement intoto.Statement) (*amber.ClaimPredicate, error } // validateFuzzClaimSpec validates details about the FuzzClaimSpec. -func validateFuzzClaimSpec(predicate amber.ClaimPredicate) (*amber.ClaimPredicate, error) { +func validateFuzzClaimSpec(predicate claims.ClaimPredicate) (*claims.ClaimPredicate, error) { // validate that perProject.fuzzTimeSeconds is the sum of fuzzTimeSeconds for all fuzz-targets // and perProject.numberFuzzTests is the sum of numberFuzzTests for all fuzz-targets. sumTargetsTimeSeconds := 0.0 @@ -132,8 +132,8 @@ func validateFuzzClaimSpec(predicate amber.ClaimPredicate) (*amber.ClaimPredicat } // ParseFuzzClaimFile reads a JSON file from a path, and parses it into an -// instance of intoto.Statement, with AmberClaimV1 as the PredicateType -// and FuzzClaimV1 as the ClaimType. +// instance of intoto.Statement, with ClaimV1 as the PredicateType and +// FuzzClaimV1 as the ClaimType. func ParseFuzzClaimFile(path string) (*intoto.Statement, error) { statementBytes, err := os.ReadFile(path) if err != nil { @@ -143,7 +143,7 @@ func ParseFuzzClaimFile(path string) (*intoto.Statement, error) { } // ParseFuzzClaimBytes parses a statementBytes into an instance of intoto.Statement, -// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType. +// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType. func parseFuzzClaimBytes(statementBytes []byte) (*intoto.Statement, error) { var statement intoto.Statement if err := json.Unmarshal(statementBytes, &statement); err != nil { @@ -155,7 +155,7 @@ func parseFuzzClaimBytes(statementBytes []byte) (*intoto.Statement, error) { return nil, fmt.Errorf("could not marshal Predicate map into JSON bytes: %v", err) } - var predicate amber.ClaimPredicate + var predicate claims.ClaimPredicate if err = json.Unmarshal(predicateBytes, &predicate); err != nil { return nil, fmt.Errorf("could not unmarshal JSON bytes into a ClaimPredicate: %v", err) } diff --git a/internal/fuzzbinder/fuzzclaim_test.go b/internal/fuzzbinder/fuzzclaim_test.go index e5d7a16c..5a4289e5 100644 --- a/internal/fuzzbinder/fuzzclaim_test.go +++ b/internal/fuzzbinder/fuzzclaim_test.go @@ -18,7 +18,7 @@ import ( "testing" "github.com/project-oak/transparent-release/internal/testutil" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" ) const ( @@ -39,13 +39,13 @@ func TestParseFuzzClaimFile(t *testing.T) { // Verify that the fuzzclaim JSON file parses correctly testutil.AssertEq(t, "subject[0].name", statement.Subject[0].Name, "https://github.com/project-oak/oak") testutil.AssertEq(t, "commitHash length", len(statement.Subject[0].Digest["sha1"]), wantSHA1HexDigitLength) - testutil.AssertNonEmpty(t, "perProject.branchCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.BranchCoverage) - testutil.AssertNonEmpty(t, "perProject.lineCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.LineCoverage) - testutil.AssertNonEmpty(t, "perTarget[0].name", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Name) - testutil.AssertNonEmpty(t, "perTarget[0].path", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Path) - testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.branchCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.BranchCoverage) - testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.lineCoverage", statement.Predicate.(*amber.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.LineCoverage) - testutil.AssertNonEmpty(t, "evidence[0].role", statement.Predicate.(*amber.ClaimPredicate).Evidence[0].Role) - testutil.AssertNonEmpty(t, "evidence[0].uri", statement.Predicate.(*amber.ClaimPredicate).Evidence[0].URI) - testutil.AssertEq(t, "evidence[0].digest length", len(statement.Predicate.(*amber.ClaimPredicate).Evidence[0].Digest["sha256"]), wantSHA256HexDigitLength) + testutil.AssertNonEmpty(t, "perProject.branchCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.BranchCoverage) + testutil.AssertNonEmpty(t, "perProject.lineCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerProject.LineCoverage) + testutil.AssertNonEmpty(t, "perTarget[0].name", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Name) + testutil.AssertNonEmpty(t, "perTarget[0].path", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].Path) + testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.branchCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.BranchCoverage) + testutil.AssertNonEmpty(t, "perTarget[0].fuzzStats.lineCoverage", statement.Predicate.(*claims.ClaimPredicate).ClaimSpec.(FuzzClaimSpec).PerTarget[0].FuzzStats.LineCoverage) + testutil.AssertNonEmpty(t, "evidence[0].role", statement.Predicate.(*claims.ClaimPredicate).Evidence[0].Role) + testutil.AssertNonEmpty(t, "evidence[0].uri", statement.Predicate.(*claims.ClaimPredicate).Evidence[0].URI) + testutil.AssertEq(t, "evidence[0].digest length", len(statement.Predicate.(*claims.ClaimPredicate).Evidence[0].Digest["sha256"]), wantSHA256HexDigitLength) } diff --git a/internal/fuzzbinder/fuzzgenerator.go b/internal/fuzzbinder/fuzzgenerator.go index 877d1259..ebba05d8 100644 --- a/internal/fuzzbinder/fuzzgenerator.go +++ b/internal/fuzzbinder/fuzzgenerator.go @@ -16,14 +16,14 @@ package fuzzbinder // This file provides the generator module that helps to generate // fuzzing claims using the extracted data from the fuzzing reports. // The generated fuzzing claims are an instance of intoto.Statement -// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType. +// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType. import ( "fmt" "time" "github.com/project-oak/transparent-release/internal/gcsutil" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" "github.com/project-oak/transparent-release/pkg/intoto" ) @@ -104,10 +104,10 @@ func generateFuzzClaimSpec(client *gcsutil.Client, revisionDigest intoto.DigestS } // GenerateFuzzClaim generates a fuzzing claim (an instance of intoto.Statement, -// with AmberClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType) using the +// with ClaimV1 as the PredicateType and FuzzClaimV1 as the ClaimType) using the // fuzzing reports of OSS-Fuzz and ClusterFuzz. -func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, validity amber.ClaimValidity) (*intoto.Statement, error) { +func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, validity claims.ClaimValidity) (*intoto.Statement, error) { revisionDigest, err := GetCoverageRevision(client, fuzzParameters) if err != nil { @@ -131,8 +131,8 @@ func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, v } // Current time in UTC time zone since it is used by OSS-Fuzz. currentTime := time.Now().UTC() - // Generate Amber predicate - predicate := amber.ClaimPredicate{ + // Generate claim predicate + predicate := claims.ClaimPredicate{ ClaimType: FuzzClaimV1, ClaimSpec: *fuzzClaimSpec, IssuedOn: ¤tTime, @@ -146,7 +146,7 @@ func GenerateFuzzClaim(client *gcsutil.Client, fuzzParameters *FuzzParameters, v } statementHeader := intoto.StatementHeader{ Type: intoto.StatementInTotoV01, - PredicateType: amber.AmberClaimV1, + PredicateType: claims.ClaimV1, Subject: []intoto.Subject{subject}, } statement := intoto.Statement{ diff --git a/internal/fuzzbinder/fuzzscraper.go b/internal/fuzzbinder/fuzzscraper.go index 16f56e7e..430a9702 100644 --- a/internal/fuzzbinder/fuzzscraper.go +++ b/internal/fuzzbinder/fuzzscraper.go @@ -56,7 +56,7 @@ import ( "strings" "github.com/project-oak/transparent-release/internal/gcsutil" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" "github.com/project-oak/transparent-release/pkg/intoto" ) @@ -396,13 +396,13 @@ func GetFuzzTargets(client *gcsutil.Client, fuzzParameters *FuzzParameters) ([]s } // addClaimEvidence adds an evidence to the list of the evidence files used by the fuzzscraper. -func addClaimEvidence(client *gcsutil.Client, evidences []amber.ClaimEvidence, blobName string, role string) ([]amber.ClaimEvidence, error) { +func addClaimEvidence(client *gcsutil.Client, evidences []claims.ClaimEvidence, blobName string, role string) ([]claims.ClaimEvidence, error) { fileBytes, err := client.GetBlobData(CoverageBucket, blobName) if err != nil { return nil, fmt.Errorf("could not get data in evidence file: %v", err) } digest := getGCSFileDigest(fileBytes) - evidence := amber.ClaimEvidence{ + evidence := claims.ClaimEvidence{ Role: role, URI: fmt.Sprintf("gs://%s/%s", CoverageBucket, blobName), Digest: *digest, @@ -412,8 +412,8 @@ func addClaimEvidence(client *gcsutil.Client, evidences []amber.ClaimEvidence, b } // GetEvidences gets the list of the evidence files used by the fuzzscraper. -func GetEvidences(client *gcsutil.Client, fuzzParameters *FuzzParameters, fuzzTargets []string) ([]amber.ClaimEvidence, error) { - evidences := make([]amber.ClaimEvidence, 0, len(fuzzTargets)+2) +func GetEvidences(client *gcsutil.Client, fuzzParameters *FuzzParameters, fuzzTargets []string) ([]claims.ClaimEvidence, error) { + evidences := make([]claims.ClaimEvidence, 0, len(fuzzTargets)+2) // TODO(#174): Replace GCS path by Ent path in evidences URI. // The GCS absolute path of the file containing the revision hash of the source code used // in the coverage build on a given day. diff --git a/internal/fuzzbinder/util.go b/internal/fuzzbinder/util.go index 740a9348..79b29464 100644 --- a/internal/fuzzbinder/util.go +++ b/internal/fuzzbinder/util.go @@ -19,7 +19,7 @@ import ( "fmt" "time" - "github.com/project-oak/transparent-release/pkg/amber" + "github.com/project-oak/transparent-release/pkg/claims" ) const ( @@ -70,7 +70,7 @@ func ValidateFuzzingDate(date string, referenceTime time.Time) error { // GetValidFuzzClaimValidity gets the fuzzing claim validity using // the values entered for notBeforeStr and notAfterStr. -func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, notAfterStr *string) (*amber.ClaimValidity, error) { +func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, notAfterStr *string) (*claims.ClaimValidity, error) { notAfter, err := parseDate(*notAfterStr) if err != nil { return nil, fmt.Errorf( @@ -81,7 +81,7 @@ func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, no return nil, fmt.Errorf( "could not parse notBefore to *time.Time: %v", err) } - validity := amber.ClaimValidity{ + validity := claims.ClaimValidity{ NotBefore: notBefore, NotAfter: notAfter, } @@ -95,7 +95,7 @@ func GetValidFuzzClaimValidity(referenceTime time.Time, notBeforeStr *string, no // validateFuzzClaimValidity validates the fuzzing claim validity to make // sure that NotBefore is after referenceTime and NotAfter is after NotBefore. -func validateFuzzClaimValidity(validity amber.ClaimValidity, referenceTime time.Time) error { +func validateFuzzClaimValidity(validity claims.ClaimValidity, referenceTime time.Time) error { if validity.NotBefore.Before(referenceTime) { return fmt.Errorf( "notBefore (%v) is not after referenceTime (%v)", validity.NotBefore, referenceTime) diff --git a/internal/model/provenance.go b/internal/model/provenance.go index 5c787ad0..107f3592 100644 --- a/internal/model/provenance.go +++ b/internal/model/provenance.go @@ -27,7 +27,6 @@ import ( slsav1 "github.com/project-oak/transparent-release/pkg/intoto/slsa_provenance/v1" "github.com/project-oak/transparent-release/pkg/intoto" - "github.com/project-oak/transparent-release/pkg/types" ) // ProvenanceIR is an internal intermediate representation of data from provenances. @@ -155,7 +154,7 @@ func (p *ProvenanceIR) HasTrustedBuilder() bool { // predicate and build type. // // To add a new mapping from a provenance P write `fromP`, which sets every required field `X` from `ProvenanceIR` using `WithX`. -func FromValidatedProvenance(prov *types.ValidatedProvenance) (*ProvenanceIR, error) { +func FromValidatedProvenance(prov *ValidatedProvenance) (*ProvenanceIR, error) { predType := prov.PredicateType() switch predType { case intoto.SLSAV02PredicateType: @@ -180,8 +179,8 @@ func FromValidatedProvenance(prov *types.ValidatedProvenance) (*ProvenanceIR, er // Invariant: for every data `X` in a validated SLSA v0.2 provenance that can // be mapped to a field in `ProvenanceIR`, `fromSLSAv02` sets a non-nil value // `v` for `X` by using `WithX(v)`. -func fromSLSAv02(provenance *types.ValidatedProvenance) (*ProvenanceIR, error) { - // A types.ValidatedProvenance contains a SHA256 hash of a single subject. +func fromSLSAv02(provenance *ValidatedProvenance) (*ProvenanceIR, error) { + // A ValidatedProvenance contains a SHA256 hash of a single subject. binarySHA256Digest := provenance.GetBinarySHA256Digest() buildType := slsav02.GenericSLSABuildType @@ -194,7 +193,7 @@ func fromSLSAv02(provenance *types.ValidatedProvenance) (*ProvenanceIR, error) { // that they point to the same reference repo uri. repoURIs := slsav02.GetMaterialsGitURI(*predicate) - // A types.ValidatedProvenance has a binary name. + // A ValidatedProvenance has a binary name. binaryName := provenance.GetBinaryName() builder := predicate.Builder.ID @@ -210,8 +209,8 @@ func fromSLSAv02(provenance *types.ValidatedProvenance) (*ProvenanceIR, error) { // Invariant: for every data `X` in a validated SLSA v1 provenance that can be // mapped to a field in `ProvenanceIR`, `fromSLSAv1` sets a non-nil value `v` // for `X` by using `WithX(v)`. -func fromSLSAv1(provenance *types.ValidatedProvenance) (*ProvenanceIR, error) { - // A types.ValidatedProvenance contains a SHA256 hash of a single subject. +func fromSLSAv1(provenance *ValidatedProvenance) (*ProvenanceIR, error) { + // A ValidatedProvenance contains a SHA256 hash of a single subject. binarySHA256Digest := provenance.GetBinarySHA256Digest() buildType := slsav1.DockerBasedBuildType binaryName := provenance.GetBinaryName() diff --git a/internal/model/provenance_test.go b/internal/model/provenance_test.go index 0cc7b541..bf088179 100644 --- a/internal/model/provenance_test.go +++ b/internal/model/provenance_test.go @@ -22,7 +22,6 @@ import ( "github.com/google/go-cmp/cmp" slsav02 "github.com/project-oak/transparent-release/pkg/intoto/slsa_provenance/v0.2" slsav1 "github.com/project-oak/transparent-release/pkg/intoto/slsa_provenance/v1" - "github.com/project-oak/transparent-release/pkg/types" ) const ( @@ -49,7 +48,7 @@ func TestFromProvenance_Slsav02(t *testing.T) { if err != nil { t.Fatalf("could not read the provenance file: %v", err) } - provenance, err := types.ParseStatementData(statementBytes) + provenance, err := ParseStatementData(statementBytes) if err != nil { t.Fatalf("couldn't parse the provenance file: %v", err) } @@ -76,7 +75,7 @@ func TestFromProvenance_Slsav1(t *testing.T) { if err != nil { t.Fatalf("could not read the provenance file: %v", err) } - provenance, err := types.ParseStatementData(statementBytes) + provenance, err := ParseStatementData(statementBytes) if err != nil { t.Fatalf("couldn't parse the provenance file: %v", err) } diff --git a/pkg/types/types.go b/internal/model/validation.go similarity index 96% rename from pkg/types/types.go rename to internal/model/validation.go index 18b0434d..326e56ed 100644 --- a/pkg/types/types.go +++ b/internal/model/validation.go @@ -12,9 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -// Package types provides functionality for parsing and validating generic SLSA -// provenance files. -package types +package model import ( "encoding/json" diff --git a/pkg/types/types_test.go b/internal/model/validation_test.go similarity index 99% rename from pkg/types/types_test.go rename to internal/model/validation_test.go index b31ea8df..264e97d2 100644 --- a/pkg/types/types_test.go +++ b/internal/model/validation_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package types +package model import ( "os" diff --git a/pkg/amber/claim.go b/pkg/claims/claim.go similarity index 85% rename from pkg/amber/claim.go rename to pkg/claims/claim.go index 4683c84d..183e2292 100644 --- a/pkg/amber/claim.go +++ b/pkg/claims/claim.go @@ -12,7 +12,9 @@ // See the License for the specific language governing permissions and // limitations under the License. -package amber +// Package claims contains structs for specifying a claim about a software +// artifact. +package claims // This file provides a custom predicate type, ClaimPredicate, to be used // within an in-toto statement. ClaimPredicate is intended to be used for @@ -20,8 +22,7 @@ package amber // is meant to be generic and allow specifying many different types of claims. // This is achieved via the `ClaimType` and the `ClaimSpec` fields. The latter // is an arbitrary object and allows any struct to be used for claim -// specification. In particular, this format can be used for specifying -// endorsements, which were previously specified by amber-endorsement/v1 schema. +// specification. import ( "fmt" @@ -31,9 +32,9 @@ import ( "github.com/project-oak/transparent-release/pkg/intoto" ) -// AmberClaimV1 is the URI that should be used as the PredicateType in in-toto -// statements representing a V1 Amber Claim. -const AmberClaimV1 = "https://github.com/project-oak/transparent-release/claim/v1" +// ClaimV1 is the URI that should be used as the PredicateType in in-toto +// statements representing a V1 Claim. +const ClaimV1 = "https://github.com/project-oak/transparent-release/claim/v1" // ClaimPredicate gives the claim predicate definition. type ClaimPredicate struct { @@ -72,14 +73,15 @@ type ClaimEvidence struct { Digest intoto.DigestSet `json:"digest"` } -// ValidateAmberClaim validates that an in-toto statement is an Amber Claim with a valid ClaimPredicate. -// If valid, the ClaimPredicate object is returned. Otherwise an error is returned. -func ValidateAmberClaim(statement intoto.Statement) (*ClaimPredicate, error) { - if statement.PredicateType != AmberClaimV1 { +// ValidateClaim validates that an in-toto statement is a Claim with a valid +// ClaimPredicate. If valid, the ClaimPredicate object is returned. Otherwise +// an error is returned. +func ValidateClaim(statement intoto.Statement) (*ClaimPredicate, error) { + if statement.PredicateType != ClaimV1 { return nil, fmt.Errorf( "the statement does not have the expected predicate type; got: %s, want: %s", statement.PredicateType, - AmberClaimV1) + ClaimV1) } // Verify the type of the Predicate, and return it if it is of type ClaimPredicate. diff --git a/pkg/amber/endorsement.go b/pkg/claims/endorsement.go similarity index 83% rename from pkg/amber/endorsement.go rename to pkg/claims/endorsement.go index 83d40497..ffc24f2c 100644 --- a/pkg/amber/endorsement.go +++ b/pkg/claims/endorsement.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package amber +package claims import ( "encoding/json" @@ -23,11 +23,9 @@ import ( "github.com/project-oak/transparent-release/pkg/intoto" ) -// AmberEndorsementV2 is the ClaimType for Amber Endorsements V2. This is -// expected to be used together with the AmberClaimV1 as the predicate type in -// an in-toto statement. This version of Amber Endorsement replaces the earlier -// version in `schema/amber-endorsement/v1`. -const AmberEndorsementV2 = "https://github.com/project-oak/transparent-release/endorsement/v2" +// EndorsementV2 is the ClaimType for Endorsements. This is expected to be used +// together with `ClaimV1` as the predicate type in an in-toto statement. +const EndorsementV2 = "https://github.com/project-oak/transparent-release/endorsement/v2" // VerifiedProvenanceSet encapsulates metadata about a non-empty list of verified provenances. type VerifiedProvenanceSet struct { @@ -51,8 +49,8 @@ type ProvenanceData struct { SHA256Digest string } -// ParseEndorsementV2File reads a JSON file from the given path, and parses it into an -// instance of intoto.Statement, with the Amber Claim as the predicate type. +// ParseEndorsementV2File reads a JSON file from the given path, and parses it +// into an instance of intoto.Statement, with the Claim as the predicate type. func ParseEndorsementV2File(path string) (*intoto.Statement, error) { statementBytes, err := os.ReadFile(path) if err != nil { @@ -62,8 +60,8 @@ func ParseEndorsementV2File(path string) (*intoto.Statement, error) { return ParseEndorsementV2Bytes(statementBytes) } -// ParseEndorsementV2Bytes parses a JSON string it into an instance of intoto.Statement, -// with the Amber Claim as the predicate type. +// ParseEndorsementV2Bytes parses a JSON string it into an instance of +// intoto.Statement, with the Claim as the predicate type. func ParseEndorsementV2Bytes(statementBytes []byte) (*intoto.Statement, error) { var statement intoto.Statement if err := json.Unmarshal(statementBytes, &statement); err != nil { @@ -84,24 +82,24 @@ func ParseEndorsementV2Bytes(statementBytes []byte) (*intoto.Statement, error) { // Replace the Predicate map with ClaimPredicate statement.Predicate = predicate - if err = validateAmberClaim(statement); err != nil { + if err = validateClaim(statement); err != nil { return nil, fmt.Errorf("the predicate in the endorsement file is invalid: %v", err) } return &statement, nil } -func validateAmberClaim(statement intoto.Statement) error { - predicate, err := ValidateAmberClaim(statement) +func validateClaim(statement intoto.Statement) error { + predicate, err := ValidateClaim(statement) if err != nil { return err } - if predicate.ClaimType != AmberEndorsementV2 { + if predicate.ClaimType != EndorsementV2 { return fmt.Errorf( "the predicate does not have the expected claim type; got: %s, want: %s", predicate.ClaimType, - AmberEndorsementV2) + EndorsementV2) } return nil @@ -121,7 +119,7 @@ func GenerateEndorsementStatement(validity ClaimValidity, provenances VerifiedPr currentTime := time.Now() predicate := ClaimPredicate{ - ClaimType: AmberEndorsementV2, + ClaimType: EndorsementV2, IssuedOn: ¤tTime, Validity: &validity, Evidence: evidence, @@ -134,7 +132,7 @@ func GenerateEndorsementStatement(validity ClaimValidity, provenances VerifiedPr statementHeader := intoto.StatementHeader{ Type: intoto.StatementInTotoV01, - PredicateType: AmberClaimV1, + PredicateType: ClaimV1, Subject: []intoto.Subject{subject}, } diff --git a/pkg/amber/endorsement_test.go b/pkg/claims/endorsement_test.go similarity index 92% rename from pkg/amber/endorsement_test.go rename to pkg/claims/endorsement_test.go index d1982e46..ce9fcc76 100644 --- a/pkg/amber/endorsement_test.go +++ b/pkg/claims/endorsement_test.go @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package amber +package claims import ( "encoding/json" @@ -21,7 +21,7 @@ import ( "time" ) -func TestExampleAmberEndorsement(t *testing.T) { +func TestExampleEndorsement(t *testing.T) { examplePath := "../../schema/claim/v1/example.json" endorsement, err := ParseEndorsementV2File(examplePath) @@ -29,13 +29,13 @@ func TestExampleAmberEndorsement(t *testing.T) { t.Fatalf("Failed to parse the example endorsement file: %v", err) } - if endorsement.PredicateType != AmberClaimV1 { - t.Errorf("Unexpected PredicateType: got %s, want %s", endorsement.PredicateType, AmberClaimV1) + if endorsement.PredicateType != ClaimV1 { + t.Errorf("Unexpected PredicateType: got %s, want %s", endorsement.PredicateType, ClaimV1) } claimPredicate := endorsement.Predicate.(ClaimPredicate) - if claimPredicate.ClaimType != AmberEndorsementV2 { - t.Errorf("Unexpected ClaimType: got %s, want %s", claimPredicate.ClaimType, AmberEndorsementV2) + if claimPredicate.ClaimType != EndorsementV2 { + t.Errorf("Unexpected ClaimType: got %s, want %s", claimPredicate.ClaimType, EndorsementV2) } want := time.Date(2022, 7, 8, 10, 20, 50, 32, time.UTC)