Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adds hashed rekord type #501

Merged
merged 3 commits into from
Nov 19, 2021
Merged

Adds hashed rekord type #501

merged 3 commits into from
Nov 19, 2021

Conversation

asraa
Copy link
Contributor

@asraa asraa commented Nov 17, 2021

Summary

  • takeover from WIP: new hashed type #497
  • Adds hashed rekord type that can be used to upload signatures along with the hashed content signed

Ticket Link

Fixes #481

Release Note


Signed-off-by: Dan Lorenc <[email protected]>
@asraa asraa force-pushed the newtype branch 2 times, most recently from d1ca7de to e2d92a4 Compare November 17, 2021 22:01
@asraa
Copy link
Contributor Author

asraa commented Nov 17, 2021

This is ready for review! Docs and tests added

@naveensrinivasan @dlorenc @bobcallaway

@dlorenc
Copy link
Member

dlorenc commented Nov 17, 2021

Nice! Thanks for taking this over and finishing it up! I'll let @bobcallaway take a look too since I wrote part of this.

@naveensrinivasan
Copy link
Contributor

This is ready for review! Docs and tests added

@naveensrinivasan @dlorenc @bobcallaway

Thanks!

pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
pkg/types/hashedrekord/v0.0.1/entry.go Outdated Show resolved Hide resolved
Comment on lines 116 to 126
signature, err := artifactFactory.NewSignature(bytes.NewReader(v.HashedRekordObj.Signature.Content))
if err != nil {
return nil, err
}
v.sigObj = signature

key, err := artifactFactory.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
if err != nil {
return nil, err
}
v.keyObj = key
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there a reason to reparse and overwriting v.sigObj and v.keyObj here? I think you should ensure they're not nil but otherwise they've already been parsed and loaded by the time Canonicalize has been called - so i don't think this is needed.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, fixed -- In most other types they're set by FetchExternalEntities, but here they're set during validate() during signature verification. Given that i had to make validate() modify the entry

Signed-off-by: Asra Ali <[email protected]>
@dlorenc
Copy link
Member

dlorenc commented Nov 19, 2021

codeql appears stuck

@dlorenc dlorenc merged commit 57b3fef into sigstore:main Nov 19, 2021
}
v.sigObj, err = artifactFactory.NewSignature(bytes.NewReader(sig.Content))
if err != nil {
return errors.Wrap(err, "creating new signature object")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this also needs to be a types.ValidationError because if the signature is malformed it will fail here

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

agh! i misinterpreted the "all but x should be types.ValidationError" comment and reverted this one for parity with the one below. submitting a fix

}
v.keyObj, err = artifactFactory.NewPublicKey(bytes.NewReader(key.Content))
if err != nil {
return errors.Wrap(err, "creating new public key object")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this also needs to be a types.ValidationError because if the key is malformed it will fail here

mikhailswift pushed a commit to testifysec/rekor that referenced this pull request Dec 1, 2021
* WIP: new hashed type

Signed-off-by: Dan Lorenc <[email protected]>

* wip add signature verification

Signed-off-by: Asra Ali <[email protected]>

* address bobs comments

Signed-off-by: Asra Ali <[email protected]>

Co-authored-by: Dan Lorenc <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

504 Gateway timeout on large file
4 participants