From ee8e912ae1b82cee6e24955c71c2cf49fe219e0f Mon Sep 17 00:00:00 2001 From: chaosinthecrd Date: Mon, 29 Jan 2024 16:35:21 +0000 Subject: [PATCH] updated to put crypto hashes in digestvalue slice after updates to https://github.com/in-toto/go-witness/pull/139 Signed-off-by: chaosinthecrd --- cmd/run.go | 5 ++--- cmd/verify.go | 5 +---- cmd/verify_test.go | 10 ++++------ 3 files changed, 7 insertions(+), 13 deletions(-) diff --git a/cmd/run.go b/cmd/run.go index 81742dfe..92cae421 100644 --- a/cmd/run.go +++ b/cmd/run.go @@ -16,7 +16,6 @@ package cmd import ( "context" - "crypto" "encoding/json" "fmt" @@ -116,13 +115,13 @@ func runRun(ctx context.Context, ro options.RunOptions, args []string, signers . } } - var roHashes []crypto.Hash + var roHashes []cryptoutil.DigestValue for _, hashStr := range ro.Hashes { hash, err := cryptoutil.HashFromString(hashStr) if err != nil { return fmt.Errorf("failed to parse hash: %w", err) } - roHashes = append(roHashes, hash) + roHashes = append(roHashes, cryptoutil.DigestValue{Hash: hash}) } defer out.Close() diff --git a/cmd/verify.go b/cmd/verify.go index e44af9d3..332be22b 100644 --- a/cmd/verify.go +++ b/cmd/verify.go @@ -89,7 +89,7 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error { subjects := []cryptoutil.DigestSet{} if len(vo.ArtifactFilePath) > 0 { - artifactDigestSet, err := cryptoutil.CalculateDigestSetFromFile(vo.ArtifactFilePath, []crypto.Hash{crypto.SHA256}) + artifactDigestSet, err := cryptoutil.CalculateDigestSetFromFile(vo.ArtifactFilePath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}}) if err != nil { return fmt.Errorf("failed to calculate artifact digest: %w", err) } @@ -125,10 +125,8 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error { witness.VerifyWithSubjectDigests(subjects), witness.VerifyWithCollectionSource(collectionSource), ) - if err != nil { return fmt.Errorf("failed to verify policy: %w", err) - } log.Info("Verification succeeded") @@ -142,5 +140,4 @@ func runVerify(ctx context.Context, vo options.VerifyOptions) error { } return nil - } diff --git a/cmd/verify_test.go b/cmd/verify_test.go index a5316f49..d10f3a19 100644 --- a/cmd/verify_test.go +++ b/cmd/verify_test.go @@ -92,7 +92,7 @@ func TestRunVerifyCA(t *testing.T) { require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...)) subjects := []string{} - artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256}) + artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}}) require.NoError(t, err) for _, digest := range artifactDigest { @@ -128,7 +128,7 @@ func TestRunVerifyCA(t *testing.T) { require.NoError(t, runVerify(context.Background(), vo)) // test that verify works without artifactfilepath but the subject of the modified articact also provided - artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256}) + artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}}) require.NoError(t, err) for _, digest := range artifactDigest { subjects = append(subjects, digest) @@ -190,7 +190,7 @@ func TestRunVerifyKeyPair(t *testing.T) { require.NoError(t, runRun(context.Background(), s1RunOptions, step1Args, signers...)) subjects := []string{} - artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256}) + artifactDigest, err := cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}}) require.NoError(t, err) for _, digest := range artifactDigest { @@ -226,7 +226,7 @@ func TestRunVerifyKeyPair(t *testing.T) { require.NoError(t, runVerify(context.Background(), vo)) // test that verify works without artifactfilepath but the subject of the modified articact also provided - artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []crypto.Hash{crypto.SHA256}) + artifactDigest, err = cryptoutil.CalculateDigestSetFromFile(artifactPath, []cryptoutil.DigestValue{{Hash: crypto.SHA256}}) require.NoError(t, err) for _, digest := range artifactDigest { subjects = append(subjects, digest) @@ -328,9 +328,7 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P p.Steps[step02.Name] = step02 if publicKey.KeyID != "" { - p.PublicKeys[publicKey.KeyID] = publicKey - } pb, err := json.MarshalIndent(p, "", " ")