Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migrating to the use of in-toto/go-witness module #331

Merged
merged 9 commits into from
Dec 15, 2023
2 changes: 1 addition & 1 deletion cmd/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,11 +20,11 @@ import (
"os"
"strings"

"github.com/in-toto/go-witness/log"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
"github.com/spf13/pflag"
"github.com/spf13/viper"
"github.com/testifysec/go-witness/log"
)

func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error {
Expand Down
6 changes: 3 additions & 3 deletions cmd/keyloader.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,11 +19,11 @@ import (
"fmt"
"strings"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/signer"
"github.com/in-toto/witness/options"
"github.com/spf13/pflag"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/log"
"github.com/testifysec/go-witness/signer"
)

// signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use
Expand Down
2 changes: 1 addition & 1 deletion cmd/root.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,9 +18,9 @@ import (
"fmt"
"os"

"github.com/in-toto/go-witness/log"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
"github.com/testifysec/go-witness/log"
)

var ro = &options.RootOptions{}
Expand Down
6 changes: 3 additions & 3 deletions cmd/root_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,12 +26,12 @@ import (
"testing"
"time"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/signer"
"github.com/in-toto/go-witness/signer/file"
"github.com/in-toto/witness/options"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/signer"
"github.com/testifysec/go-witness/signer/file"
)

const (
Expand Down
22 changes: 11 additions & 11 deletions cmd/run.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,19 +20,19 @@ import (
"encoding/json"
"fmt"

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/archivista"
"github.com/in-toto/go-witness/attestation"
"github.com/in-toto/go-witness/attestation/commandrun"
"github.com/in-toto/go-witness/attestation/material"
"github.com/in-toto/go-witness/attestation/product"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/registry"
"github.com/in-toto/go-witness/timestamp"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
witness "github.com/testifysec/go-witness"
"github.com/testifysec/go-witness/archivista"
"github.com/testifysec/go-witness/attestation"
"github.com/testifysec/go-witness/attestation/commandrun"
"github.com/testifysec/go-witness/attestation/material"
"github.com/testifysec/go-witness/attestation/product"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/dsse"
"github.com/testifysec/go-witness/log"
"github.com/testifysec/go-witness/registry"
"github.com/testifysec/go-witness/timestamp"
)

func RunCmd() *cobra.Command {
Expand Down
8 changes: 4 additions & 4 deletions cmd/run_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,13 +24,13 @@ import (
"path/filepath"
"testing"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/signer"
"github.com/in-toto/go-witness/signer/file"
"github.com/in-toto/witness/options"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/dsse"
"github.com/testifysec/go-witness/signer"
"github.com/testifysec/go-witness/signer/file"
)

func TestRunRSAKeyPair(t *testing.T) {
Expand Down
8 changes: 4 additions & 4 deletions cmd/sign.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,12 +19,12 @@ import (
"fmt"
"os"

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/timestamp"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
witness "github.com/testifysec/go-witness"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/dsse"
"github.com/testifysec/go-witness/timestamp"
)

func SignCmd() *cobra.Command {
Expand Down
2 changes: 1 addition & 1 deletion cmd/sign_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,10 +22,10 @@ import (
"os"
"testing"

"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/witness/options"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/testifysec/go-witness/cryptoutil"
)

func Test_runSignPolicyRSA(t *testing.T) {
Expand Down
12 changes: 6 additions & 6 deletions cmd/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,14 +22,14 @@ import (
"fmt"
"os"

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/archivista"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/log"
"github.com/in-toto/go-witness/source"
"github.com/in-toto/witness/options"
"github.com/spf13/cobra"
witness "github.com/testifysec/go-witness"
"github.com/testifysec/go-witness/archivista"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/dsse"
"github.com/testifysec/go-witness/log"
"github.com/testifysec/go-witness/source"
)

func VerifyCmd() *cobra.Command {
Expand Down
23 changes: 9 additions & 14 deletions cmd/verify_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,15 +28,16 @@ import (
"testing"
"time"

witness "github.com/in-toto/go-witness"
"github.com/in-toto/go-witness/attestation/commandrun"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/dsse"
"github.com/in-toto/go-witness/policy"
"github.com/in-toto/go-witness/signer"
"github.com/in-toto/go-witness/signer/file"
"github.com/in-toto/witness/options"
"github.com/stretchr/testify/require"
witness "github.com/testifysec/go-witness"
"github.com/testifysec/go-witness/attestation/commandrun"
"github.com/testifysec/go-witness/cryptoutil"
"github.com/testifysec/go-witness/dsse"
"github.com/testifysec/go-witness/policy"
"github.com/testifysec/go-witness/signer"
"github.com/testifysec/go-witness/signer/file"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)

func TestRunVerifyCA(t *testing.T) {
Expand Down Expand Up @@ -313,7 +314,7 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P
}

p := policy.Policy{
Expires: time.Now().Add(1 * time.Hour),
Expires: metav1.Time{Time: time.Now().Add(1 * time.Hour)},
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We change this now that witness follows the new go-witness module

PublicKeys: map[string]policy.PublicKey{},
Steps: map[string]policy.Step{},
}
Expand Down Expand Up @@ -351,14 +352,8 @@ func createTestRSAKey() (cryptoutil.Signer, cryptoutil.Verifier, []byte, []byte,
}

pemBytes := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: keyBytes})
if err != nil {
return nil, nil, nil, nil, err
}

privKeyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privKey)})
if err != nil {
return nil, nil, nil, nil, err
}

return signer, verifier, pemBytes, privKeyBytes, nil
}
3 changes: 2 additions & 1 deletion docs/witness_run.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ witness run [cmd] [flags]
-k, --signer-file-key-path string Path to the file containing the private key
--signer-fulcio-oidc-client-id string OIDC client ID to use for authentication
--signer-fulcio-oidc-issuer string OIDC issuer to use for authentication
--signer-fulcio-token string Raw token to use for authentication
--signer-fulcio-token string Raw token string to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token-path)
--signer-fulcio-token-path string Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)
--signer-fulcio-url string Fulcio address to sign with
--signer-spiffe-socket-path string Path to the SPIFFE Workload API Socket
--signer-vault-altnames strings Alt names to use for the generated certificate. All alt names must be allowed by the vault role policy
Expand Down
3 changes: 2 additions & 1 deletion docs/witness_sign.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,8 @@ witness sign [file] [flags]
-k, --signer-file-key-path string Path to the file containing the private key
--signer-fulcio-oidc-client-id string OIDC client ID to use for authentication
--signer-fulcio-oidc-issuer string OIDC issuer to use for authentication
--signer-fulcio-token string Raw token to use for authentication
--signer-fulcio-token string Raw token string to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token-path)
--signer-fulcio-token-path string Path to the file containing a raw token to use for authentication to fulcio (cannot be used in conjunction with --fulcio-token)
--signer-fulcio-url string Fulcio address to sign with
--signer-spiffe-socket-path string Path to the SPIFFE Workload API Socket
--signer-vault-altnames strings Alt names to use for the generated certificate. All alt names must be allowed by the vault role policy
Expand Down
26 changes: 19 additions & 7 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,13 @@ module github.com/in-toto/witness
go 1.19

require (
github.com/in-toto/go-witness v0.2.0
github.com/sirupsen/logrus v1.9.3
github.com/spf13/cobra v1.6.1
github.com/spf13/cobra v1.8.0
github.com/spf13/pflag v1.0.5
github.com/spf13/viper v1.15.0
github.com/stretchr/testify v1.8.4
github.com/testifysec/go-witness v0.1.17
k8s.io/apimachinery v0.26.11
)

require (
Expand All @@ -32,7 +33,7 @@ require (
github.com/agnivade/levenshtein v1.1.1 // indirect
github.com/aws/aws-sdk-go v1.44.334 // indirect
github.com/cloudflare/circl v1.3.3 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.2 // indirect
github.com/cpuguy83/go-md2man/v2 v2.0.3 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/digitorus/pkcs7 v0.0.0-20230220124406-51331ccfc40f // indirect
github.com/digitorus/timestamp v0.0.0-20230220124323-d542479a2425 // indirect
Expand All @@ -44,19 +45,26 @@ require (
github.com/go-git/go-billy/v5 v5.4.1 // indirect
github.com/go-git/go-git/v5 v5.5.2 // indirect
github.com/go-jose/go-jose/v3 v3.0.1 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/gobwas/glob v0.2.3 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/go-containerregistry v0.13.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-gateway/v2 v2.15.0 // indirect
github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/inconshreveable/mousetrap v1.0.1 // indirect
github.com/in-toto/archivista v0.2.0 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/kevinburke/ssh_config v1.2.0 // indirect
github.com/letsencrypt/boulder v0.0.0-20221109233200-85aa52084eaf // indirect
github.com/magiconair/properties v1.8.7 // indirect
github.com/mattn/go-isatty v0.0.20 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/open-policy-agent/opa v0.49.2 // indirect
github.com/owenrumney/go-sarif v1.1.1 // indirect
github.com/pelletier/go-toml/v2 v2.0.6 // indirect
Expand All @@ -73,7 +81,6 @@ require (
github.com/spf13/jwalterweatherman v1.1.0 // indirect
github.com/subosito/gotenv v1.4.2 // indirect
github.com/tchap/go-patricia/v2 v2.3.1 // indirect
github.com/testifysec/archivista-api v0.0.0-20230220215059-632b84b82b76 // indirect
github.com/theupdateframework/go-tuf v0.5.2-0.20220930112810-3890c1e7ace4 // indirect
github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
github.com/xanzy/ssh-agent v0.3.3 // indirect
Expand All @@ -82,20 +89,25 @@ require (
github.com/yashtewari/glob-intersection v0.1.0 // indirect
github.com/zeebo/errs v1.3.0 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/mod v0.8.0 // indirect
golang.org/x/mod v0.10.0 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/tools v0.6.0 // indirect
golang.org/x/tools v0.9.3 // indirect
google.golang.org/genproto v0.0.0-20230410155749-daa745c078e1 // indirect
google.golang.org/grpc v1.56.3 // indirect
google.golang.org/protobuf v1.31.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/warnings.v0 v0.1.2 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.90.0 // indirect
k8s.io/utils v0.0.0-20230115233650-391b47cb4029 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
)

replace github.com/sigstore/rekor => github.com/testifysec/rekor v0.4.0-dsse-intermediates-2
Expand Down
Loading