From 77f2aec13c7ee403ea1ce8ab6f3a7f68db80ab2a Mon Sep 17 00:00:00 2001
From: Ethan Lowman <ethan.lowman@datadoghq.com>
Date: Fri, 8 Apr 2022 19:30:57 -0400
Subject: [PATCH 1/2] Export a method to decode Envelope payload using flexible
 base64 decoder

---
 dsse/sign.go      | 10 ++++++++++
 dsse/sign_test.go | 22 +++++++++++++++++-----
 dsse/verify.go    |  2 +-
 3 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/dsse/sign.go b/dsse/sign.go
index 4c6ef61..26b6f1e 100644
--- a/dsse/sign.go
+++ b/dsse/sign.go
@@ -31,6 +31,16 @@ type Envelope struct {
 	Signatures  []Signature `json:"signatures"`
 }
 
+/*
+DecodePayload returns the serialized body, decoded
+from the envelope's payload field. A flexible
+decoder is used, first trying standard base64, then
+URL-encoded base64.
+*/
+func (e *Envelope) DecodePayload() ([]byte, error) {
+	return b64Decode(e.Payload)
+}
+
 /*
 Signature represents a generic in-toto signature that contains the identifier
 of the key which was used to create the signature.
diff --git a/dsse/sign_test.go b/dsse/sign_test.go
index 186b08e..991deb1 100644
--- a/dsse/sign_test.go
+++ b/dsse/sign_test.go
@@ -331,7 +331,7 @@ func TestEcdsaSign(t *testing.T) {
 	assert.Equal(t, acceptedKeys[0].KeyID, keyID, "unexpected keyid")
 }
 
-func TestB64Decode(t *testing.T) {
+func TestDecodePayload(t *testing.T) {
 	var want = make([]byte, 256)
 	for i := range want {
 		want[i] = byte(i)
@@ -342,23 +342,35 @@ func TestB64Decode(t *testing.T) {
 	var b64StdErr = "AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0-P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn-AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq-wsbKztLW2t7i5uru8vb6_wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t_g4eLj5OXm5-jp6uvs7e7v8PHy8_T19vf4-fr7_P3-_w"
 
 	t.Run("Standard encoding", func(t *testing.T) {
-		got, err := b64Decode(b64Std)
+		env := &Envelope{
+			Payload: b64Std,
+		}
+		got, err := env.DecodePayload()
 		assert.Nil(t, err, "unexpected error")
 		assert.Equal(t, want, got, "wrong data")
 	})
 	t.Run("URL encoding", func(t *testing.T) {
-		got, err := b64Decode(b64Url)
+		env := &Envelope{
+			Payload: b64Url,
+		}
+		got, err := env.DecodePayload()
 		assert.Nil(t, err, "unexpected error")
 		assert.Equal(t, want, got, "wrong data")
 	})
 
 	t.Run("Standard encoding - error", func(t *testing.T) {
-		got, err := b64Decode(b64StdErr)
+		env := &Envelope{
+			Payload: b64StdErr,
+		}
+		got, err := env.DecodePayload()
 		assert.NotNil(t, err, "expected error")
 		assert.Nil(t, got, "wrong data")
 	})
 	t.Run("URL encoding - error", func(t *testing.T) {
-		got, err := b64Decode(b64UrlErr)
+		env := &Envelope{
+			Payload: b64UrlErr,
+		}
+		got, err := env.DecodePayload()
 		assert.NotNil(t, err, "expected error")
 		assert.Nil(t, got, "wrong data")
 	})
diff --git a/dsse/verify.go b/dsse/verify.go
index 423d991..a249c35 100644
--- a/dsse/verify.go
+++ b/dsse/verify.go
@@ -41,7 +41,7 @@ func (ev *EnvelopeVerifier) Verify(e *Envelope) ([]AcceptedKey, error) {
 	}
 
 	// Decode payload (i.e serialized body)
-	body, err := b64Decode(e.Payload)
+	body, err := e.DecodePayload()
 	if err != nil {
 		return nil, err
 	}

From f258f0cdb1d12c40ed0b825fae9ad1308a25d8d2 Mon Sep 17 00:00:00 2001
From: Ethan Lowman <ethan.lowman@datadoghq.com>
Date: Tue, 12 Apr 2022 13:23:01 -0400
Subject: [PATCH 2/2] Rename DecodePayload to DecodeB64Payload

---
 dsse/sign.go      |  4 ++--
 dsse/sign_test.go | 10 +++++-----
 dsse/verify.go    |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/dsse/sign.go b/dsse/sign.go
index 26b6f1e..3dc05a4 100644
--- a/dsse/sign.go
+++ b/dsse/sign.go
@@ -32,12 +32,12 @@ type Envelope struct {
 }
 
 /*
-DecodePayload returns the serialized body, decoded
+DecodeB64Payload returns the serialized body, decoded
 from the envelope's payload field. A flexible
 decoder is used, first trying standard base64, then
 URL-encoded base64.
 */
-func (e *Envelope) DecodePayload() ([]byte, error) {
+func (e *Envelope) DecodeB64Payload() ([]byte, error) {
 	return b64Decode(e.Payload)
 }
 
diff --git a/dsse/sign_test.go b/dsse/sign_test.go
index 991deb1..ca88cb6 100644
--- a/dsse/sign_test.go
+++ b/dsse/sign_test.go
@@ -331,7 +331,7 @@ func TestEcdsaSign(t *testing.T) {
 	assert.Equal(t, acceptedKeys[0].KeyID, keyID, "unexpected keyid")
 }
 
-func TestDecodePayload(t *testing.T) {
+func TestDecodeB64Payload(t *testing.T) {
 	var want = make([]byte, 256)
 	for i := range want {
 		want[i] = byte(i)
@@ -345,7 +345,7 @@ func TestDecodePayload(t *testing.T) {
 		env := &Envelope{
 			Payload: b64Std,
 		}
-		got, err := env.DecodePayload()
+		got, err := env.DecodeB64Payload()
 		assert.Nil(t, err, "unexpected error")
 		assert.Equal(t, want, got, "wrong data")
 	})
@@ -353,7 +353,7 @@ func TestDecodePayload(t *testing.T) {
 		env := &Envelope{
 			Payload: b64Url,
 		}
-		got, err := env.DecodePayload()
+		got, err := env.DecodeB64Payload()
 		assert.Nil(t, err, "unexpected error")
 		assert.Equal(t, want, got, "wrong data")
 	})
@@ -362,7 +362,7 @@ func TestDecodePayload(t *testing.T) {
 		env := &Envelope{
 			Payload: b64StdErr,
 		}
-		got, err := env.DecodePayload()
+		got, err := env.DecodeB64Payload()
 		assert.NotNil(t, err, "expected error")
 		assert.Nil(t, got, "wrong data")
 	})
@@ -370,7 +370,7 @@ func TestDecodePayload(t *testing.T) {
 		env := &Envelope{
 			Payload: b64UrlErr,
 		}
-		got, err := env.DecodePayload()
+		got, err := env.DecodeB64Payload()
 		assert.NotNil(t, err, "expected error")
 		assert.Nil(t, got, "wrong data")
 	})
diff --git a/dsse/verify.go b/dsse/verify.go
index a249c35..ead1c32 100644
--- a/dsse/verify.go
+++ b/dsse/verify.go
@@ -41,7 +41,7 @@ func (ev *EnvelopeVerifier) Verify(e *Envelope) ([]AcceptedKey, error) {
 	}
 
 	// Decode payload (i.e serialized body)
-	body, err := e.DecodePayload()
+	body, err := e.DecodeB64Payload()
 	if err != nil {
 		return nil, err
 	}