Skip to content

Commit

Permalink
updated to put crypto hashes in digestvalue slice after updates to in…
Browse files Browse the repository at this point in the history
…-toto/go-witness#139

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
  • Loading branch information
ChaosInTheCRD committed Jan 29, 2024
1 parent 58d5516 commit ee8e912
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 13 deletions.
5 changes: 2 additions & 3 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,6 @@ package cmd

import (
"context"
"crypto"
"encoding/json"
"fmt"

Expand Down Expand Up @@ -116,13 +115,13 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers .
}
}

var roHashes []crypto.Hash
var roHashes []cryptoutil.DigestValue
for _, hashStr := range ro.Hashes {
hash, err := cryptoutil.HashFromString(hashStr)
if err != nil {
return fmt.Errorf("failed to parse hash: %w", err)
}
roHashes = append(roHashes, hash)
roHashes = append(roHashes, cryptoutil.DigestValue{Hash: hash})
}

defer out.Close()
Expand Down
5 changes: 1 addition & 4 deletions cmd/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error {

subjects := []cryptoutil.DigestSet{}
if len(vo.ArtifactFilePath) > 0 {
artifactDigestSet, err := cryptoutil.CalculateDigestSetFromFile(vo.ArtifactFilePath, []crypto.Hash{crypto.SHA256})
artifactDigestSet, err := cryptoutil.CalculateDigestSetFromFile(vo.ArtifactFilePath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}})

Check failure on line 92 in cmd/verify.go

View workflow job for this annotation

GitHub Actions / unit-test / witness

cannot use []cryptoutil.DigestValue{…} (value of type []"github.com/in-toto/go-witness/cryptoutil".DigestValue) as []"crypto".Hash value in argument to cryptoutil.CalculateDigestSetFromFile

Check failure on line 92 in cmd/verify.go

View workflow job for this annotation

GitHub Actions / sast / witness

cannot use []cryptoutil.DigestValue{…} (value of type []"github.com/in-toto/go-witness/cryptoutil".DigestValue) as []"crypto".Hash value in argument to cryptoutil.CalculateDigestSetFromFile
if err != nil {
return fmt.Errorf("failed to calculate artifact digest: %w", err)
}
Expand Down Expand Up @@ -125,10 +125,8 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error {
witness.VerifyWithSubjectDigests(subjects),
witness.VerifyWithCollectionSource(collectionSource),
)

if err != nil {
return fmt.Errorf("failed to verify policy: %w", err)

}

log.Info("Verification succeeded")
Expand All @@ -142,5 +140,4 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error {
}

return nil

}
10 changes: 4 additions & 6 deletions cmd/verify_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ func TestRunVerifyCA(t *testing.T) {
require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...))

subjects := []string{}
artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}})
require.NoError(t, err)

for _, digest := range artifactDigest {
Expand Down Expand Up @@ -128,7 +128,7 @@ func TestRunVerifyCA(t *testing.T) {
require.NoError(t, runVerify(context.Background(), vo))

// test that verify works without artifactfilepath but the subject of the modified articact also provided
artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}})
require.NoError(t, err)
for _, digest := range artifactDigest {
subjects = append(subjects, digest)
Expand Down Expand Up @@ -190,7 +190,7 @@ func TestRunVerifyKeyPair(t *testing.T) {
require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...))

subjects := []string{}
artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}})
require.NoError(t, err)

for _, digest := range artifactDigest {
Expand Down Expand Up @@ -226,7 +226,7 @@ func TestRunVerifyKeyPair(t *testing.T) {
require.NoError(t, runVerify(context.Background(), vo))

// test that verify works without artifactfilepath but the subject of the modified articact also provided
artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256})
artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}})
require.NoError(t, err)
for _, digest := range artifactDigest {
subjects = append(subjects, digest)
Expand Down Expand Up @@ -328,9 +328,7 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P
p.Steps[step02.Name] = step02

if publicKey.KeyID != "" {

p.PublicKeys[publicKey.KeyID] = publicKey

}

pb, err := json.MarshalIndent(p, "", " ")
Expand Down

0 comments on commit ee8e912

Please sign in to comment.