Skip to content

Commit

Permalink
correctly handle invalid or missing pki format (#1281) (#1287)
Browse files Browse the repository at this point in the history 
Signed-off-by: Bob Callaway <bcallaway@google.com>

Signed-off-by: Bob Callaway <bcallaway@google.com>
  • Loading branch information
@bobcallaway
bobcallaway authored Jan 17, 2023
1 parent 94409fd commit 55ef44e
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 2 deletions.
6 changes: 4 additions & 2 deletions pkg/types/rekord/v0.0.1/entry.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,7 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types

var err error
artifactBytes := props.ArtifactBytes
if artifactBytes == nil {
if len(artifactBytes) == 0 {
var artifactReader io.ReadCloser
if props.ArtifactPath == nil {
return nil, errors.New("path to artifact file must be specified")
Expand Down Expand Up @@ -373,9 +373,11 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types
re.RekordObj.Signature.Format = swag.String(models.RekordV001SchemaSignatureFormatX509)
case "ssh":
re.RekordObj.Signature.Format = swag.String(models.RekordV001SchemaSignatureFormatSSH)
default:
return nil, fmt.Errorf("unexpected format of public key: %s", props.PKIFormat)
}
sigBytes := props.SignatureBytes
if sigBytes == nil {
if len(sigBytes) == 0 {
if props.SignaturePath == nil {
return nil, errors.New("a detached signature must be provided")
}
Expand Down
19 changes: 19 additions & 0 deletions pkg/types/rekord/v0.0.1/entry_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ import (

"github.com/sigstore/rekor/pkg/generated/models"
"github.com/sigstore/rekor/pkg/types"
"github.com/sigstore/rekor/pkg/types/rekord"
)

func TestMain(m *testing.M) {
Expand Down Expand Up @@ -239,3 +240,21 @@ func TestCrossFieldValidation(t *testing.T) {
}
}
}

func TestUnspecifiedPKIFormat(t *testing.T) {
props := types.ArtifactProperties{
ArtifactBytes: []byte("something"),
SignatureBytes: []byte("signature"),
PublicKeyBytes: [][]byte{[]byte("public_key")},
// PKIFormat is deliberately unspecified
}
rek := rekord.New()
if _, err := rek.CreateProposedEntry(context.Background(), APIVERSION, props); err == nil {
t.Errorf("no signature, public key or format should not create a valid entry")
}

props.PKIFormat = "invalid_format"
if _, err := rek.CreateProposedEntry(context.Background(), APIVERSION, props); err == nil {
t.Errorf("invalid pki format should not create a valid entry")
}
}

0 comments on commit 55ef44e

Please sign in to comment.