Skip to content

Commit

Permalink
rollback pkg/cosign/keys.go changes, not needed
Browse files Browse the repository at this point in the history
Signed-off-by: Dmitry S <[email protected]>
  • Loading branch information
dmitris committed Jul 10, 2024
1 parent b79fa48 commit 6ff23a6
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 42 deletions.
12 changes: 2 additions & 10 deletions pkg/cosign/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ import (
"fmt"
"os"
"path/filepath"
"strings"

"github.com/secure-systems-lab/go-securesystemslib/encrypted"
"github.com/sigstore/cosign/v2/pkg/oci/static"
Expand Down Expand Up @@ -75,6 +74,7 @@ func GeneratePrivateKey() (*ecdsa.PrivateKey, error) {
return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
}

// TODO(jason): Move this to the only place it's used in cmd/cosign/cli/importkeypair, and unexport it.
func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
kb, err := os.ReadFile(filepath.Clean(keyPath))
if err != nil {
Expand Down Expand Up @@ -222,15 +222,7 @@ func LoadPrivateKey(key []byte, pass []byte) (signature.SignerVerifier, error) {

pk, err := x509.ParsePKCS8PrivateKey(x509Encoded)
if err != nil {
if strings.Contains(err.Error(), "x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") {
pk2, err2 := x509.ParseECPrivateKey(x509Encoded)
if err2 != nil {
return nil, fmt.Errorf("parsing EC private key: %w, x509.ParsePKCS8PrivateKey: %w", err2, err)
}
pk = pk2
} else {
return nil, fmt.Errorf("parsing private key: %w", err)
}
return nil, fmt.Errorf("parsing private key: %w", err)
}
switch pk := pk.(type) {
case *rsa.PrivateKey:
Expand Down
63 changes: 32 additions & 31 deletions test/e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -1062,39 +1062,40 @@ func TestVerifyWithCARoots(t *testing.T) {
},
}
for _, tt := range tests {
err := verifyKeylessTSAWithCARoots(imgName,
tt.rootRef,
tt.subRef,
tt.leafRef,
tsaChainRef.Name(),
true,
true)
hasErr := (err != nil)
if hasErr != tt.wantError {
if tt.wantError {
t.Errorf("%s - no expected error", tt.name)
} else {
t.Errorf("%s - unexpected error: %v", tt.name, err)
t.Run(tt.name, func(t *testing.T) {
err := verifyKeylessTSAWithCARoots(imgName,
tt.rootRef,
tt.subRef,
tt.leafRef,
tsaChainRef.Name(),
true,
true)
hasErr := (err != nil)
if hasErr != tt.wantError {
if tt.wantError {
t.Errorf("%s - no expected error", tt.name)
} else {
t.Errorf("%s - unexpected error: %v", tt.name, err)
}
}
}
if tt.skipBlob {
continue
}
err = verifyBlobKeylessWithCARoots(blobRef,
string(blobSig),
tt.rootRef,
tt.subRef,
tt.leafRef,
true,
true)
hasErr = (err != nil)
if hasErr != tt.wantError {
if tt.wantError {
t.Errorf("%s - no expected error", tt.name)
} else {
t.Errorf("%s - unexpected error: %v", tt.name, err)
if !tt.skipBlob {
err = verifyBlobKeylessWithCARoots(blobRef,
string(blobSig),
tt.rootRef,
tt.subRef,
tt.leafRef,
true,
true)
hasErr = (err != nil)
if hasErr != tt.wantError {
if tt.wantError {
t.Errorf("%s - no expected error", tt.name)
} else {
t.Errorf("%s - unexpected error: %v", tt.name, err)
}
}
}
}
})
}
}

Expand Down
2 changes: 1 addition & 1 deletion test/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -288,7 +288,7 @@ func keypair(t *testing.T, td string) (*cosign.KeysBytes, string, string) {
// and write to the given file path. Returns the path to the imported key (<td>/<fname>)
func importECDSAPrivateKey(t *testing.T, privKey *ecdsa.PrivateKey, td, fname string) string {
t.Helper()
x509Encoded, _ := x509.MarshalECPrivateKey(privKey)
x509Encoded, _ := x509.MarshalPKCS8PrivateKey(privKey)
encBytes, _ := encrypted.Encrypt(x509Encoded, keyPass)
keyPEM := pem.EncodeToMemory(&pem.Block{
Type: cosign.CosignPrivateKeyPemType,
Expand Down

0 comments on commit 6ff23a6

Please sign in to comment.