Partially populate the output of cosign verify when working with new bundles (#4416)

* Implement container image context in verify command
* Use conformance on main for now (waiting for new release)

---------

Signed-off-by: Zach Steindler <[email protected]>

Author: steiza

.github/workflows/conformance.yml

@@ -44,6 +44,6 @@ jobs:
 
       - run: make cosign conformance
 
-      - uses: sigstore/sigstore-conformance@1d8b0cdd88fa7fb5a8510e51faf6ccad8c96f10a # v0.0.20
+      - uses: sigstore/sigstore-conformance@main
         with:
           entrypoint: ${{ github.workspace }}/conformance

cmd/cosign/cli/verify/verify.go

@@ -29,6 +29,7 @@ import (
 	"path/filepath"
 
 	"github.com/google/go-containerregistry/pkg/name"
+	"github.com/in-toto/in-toto-golang/in_toto"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/fulcio"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/v2/cmd/cosign/cli/rekor"
@@ -41,7 +42,9 @@ import (
 	"github.com/sigstore/cosign/v2/pkg/cosign/pivkey"
 	"github.com/sigstore/cosign/v2/pkg/cosign/pkcs11key"
 	"github.com/sigstore/cosign/v2/pkg/oci"
+	"github.com/sigstore/cosign/v2/pkg/oci/static"
 	sigs "github.com/sigstore/cosign/v2/pkg/signature"
+	"github.com/sigstore/protobuf-specs/gen/pb-go/dsse"
 	"github.com/sigstore/sigstore-go/pkg/root"
 	"github.com/sigstore/sigstore/pkg/cryptoutils"
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -344,6 +347,11 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 				if err != nil {
 					return err
 				}
+
+				verifiedOutput, err := transformOutput(verified, ref.Name())
+				if err == nil {
+					verified = verifiedOutput
+				}
 			} else {
 				ref, err = sign.GetAttachedImageRef(ref, c.Attachment, ociremoteOpts...)
 				if err != nil {
@@ -633,3 +641,56 @@ func loadCertsKeylessVerification(certChainFile string,
 
 	return nil
 }
+
+func transformOutput(verified []oci.Signature, name string) (verifiedOutput []oci.Signature, err error) {
+	for _, v := range verified {
+		dssePayload, err := v.Payload()
+		if err != nil {
+			return nil, err
+		}
+		var dsseEnvelope dsse.Envelope
+		err = json.Unmarshal(dssePayload, &dsseEnvelope)
+		if err != nil {
+			return nil, err
+		}
+		if dsseEnvelope.PayloadType != in_toto.PayloadType {
+			return nil, fmt.Errorf("unable to understand payload type %s", dsseEnvelope.PayloadType)
+		}
+		var intotoStatement in_toto.StatementHeader
+		err = json.Unmarshal(dsseEnvelope.Payload, &intotoStatement)
+		if err != nil {
+			return nil, err
+		}
+		if len(intotoStatement.Subject) < 1 || len(intotoStatement.Subject[0].Digest) < 1 {
+			return nil, fmt.Errorf("no intoto subject or digest found")
+		}
+
+		var digest string
+		for k, v := range intotoStatement.Subject[0].Digest {
+			digest = k + ":" + v
+		}
+
+		sci := payload.SimpleContainerImage{
+			Critical: payload.Critical{
+				Identity: payload.Identity{
+					DockerReference: name,
+				},
+				Image: payload.Image{
+					DockerManifestDigest: digest,
+				},
+				Type: intotoStatement.PredicateType,
+			},
+		}
+		p, err := json.Marshal(sci)
+		if err != nil {
+			return nil, err
+		}
+		att, err := static.NewAttestation(p)
+		if err != nil {
+			return nil, err
+		}
+		verifiedOutput = append(verifiedOutput, att)
+	}
+
+	return verifiedOutput, nil
+}

cmd/cosign/cli/verify/verify_test.go

@@ -346,3 +346,52 @@ func TestLoadCertsKeylessVerification(t *testing.T) {
 		})
 	}
 }
+func TestTransformOutputSuccess(t *testing.T) {
+	// Build minimal in-toto statement
+	stmt := `{
+	  "_type": "https://in-toto.io/Statement/v0.1",
+	  "subject": [
+		{ "name": "artifact", "digest": { "sha256": "deadbeef" } }
+	  ],
+	  "predicateType": "https://slsa.dev/provenance/v0.2"
+	}`
+	// DSSE payloadType for in-toto
+	payloadType := "application/vnd.in-toto+json"
+	encodedStmt := base64.StdEncoding.EncodeToString([]byte(stmt))
+	dsseEnv := fmt.Sprintf(`{
+	  "payloadType": "%s",
+	  "payload": "%s",
+	  "signatures": [
+		{ "keyid": "test", "sig": "MAo=" }
+	  ]
+	}`, payloadType, encodedStmt)
+
+	sig, err := static.NewSignature([]byte(dsseEnv), "")
+	if err != nil {
+		t.Fatalf("creating static signature: %v", err)
+	}
+	fmt.Println(dsseEnv)
+
+	name := "example.com/my/image"
+	out, err := transformOutput([]oci.Signature{sig}, name)
+	if err != nil {
+		t.Fatalf("transformOutput returned error: %v", err)
+	}
+	if len(out) != 1 {
+		t.Fatalf("expected 1 transformed signature, got %d", len(out))
+	}
+
+	payloadBytes, err := out[0].Payload()
+	if err != nil {
+		t.Fatalf("reading transformed payload: %v", err)
+	}
+
+	var sci payload.SimpleContainerImage
+	if err := json.Unmarshal(payloadBytes, &sci); err != nil {
+		t.Fatalf("unmarshal transformed payload: %v", err)
+	}
+
+	assert.Equal(t, name, sci.Critical.Identity.DockerReference, "docker reference mismatch")
+	assert.Equal(t, "sha256:deadbeef", sci.Critical.Image.DockerManifestDigest, "digest mismatch")
+	assert.Equal(t, "https://slsa.dev/provenance/v0.2", sci.Critical.Type, "type mismatch")
+}