rollback pkg/cosign/keys.go changes, not needed

Signed-off-by: Dmitry S <[email protected]>
sigstore · Jul 10, 2024 · 6ff23a6 · 6ff23a6
1 parent b79fa48
commit 6ff23a6
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 42 deletions.
diff --git a/pkg/cosign/keys.go b/pkg/cosign/keys.go
@@ -29,7 +29,6 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
-	"strings"
 
 	"github.com/secure-systems-lab/go-securesystemslib/encrypted"
 	"github.com/sigstore/cosign/v2/pkg/oci/static"
@@ -75,6 +74,7 @@ func GeneratePrivateKey() (*ecdsa.PrivateKey, error) {
 	return ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
 }
 
+// TODO(jason): Move this to the only place it's used in cmd/cosign/cli/importkeypair, and unexport it.
 func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) {
 	kb, err := os.ReadFile(filepath.Clean(keyPath))
 	if err != nil {
@@ -222,15 +222,7 @@ func LoadPrivateKey(key []byte, pass []byte) (signature.SignerVerifier, error) {
 
 	pk, err := x509.ParsePKCS8PrivateKey(x509Encoded)
 	if err != nil {
-		if strings.Contains(err.Error(), "x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") {
-			pk2, err2 := x509.ParseECPrivateKey(x509Encoded)
-			if err2 != nil {
-				return nil, fmt.Errorf("parsing EC private key: %w, x509.ParsePKCS8PrivateKey: %w", err2, err)
-			}
-			pk = pk2
-		} else {
-			return nil, fmt.Errorf("parsing private key: %w", err)
-		}
+		return nil, fmt.Errorf("parsing private key: %w", err)
 	}
 	switch pk := pk.(type) {
 	case *rsa.PrivateKey:

diff --git a/test/e2e_test.go b/test/e2e_test.go
@@ -1062,39 +1062,40 @@ func TestVerifyWithCARoots(t *testing.T) {
 		},
 	}
 	for _, tt := range tests {
-		err := verifyKeylessTSAWithCARoots(imgName,
-			tt.rootRef,
-			tt.subRef,
-			tt.leafRef,
-			tsaChainRef.Name(),
-			true,
-			true)
-		hasErr := (err != nil)
-		if hasErr != tt.wantError {
-			if tt.wantError {
-				t.Errorf("%s - no expected error", tt.name)
-			} else {
-				t.Errorf("%s - unexpected error: %v", tt.name, err)
+		t.Run(tt.name, func(t *testing.T) {
+			err := verifyKeylessTSAWithCARoots(imgName,
+				tt.rootRef,
+				tt.subRef,
+				tt.leafRef,
+				tsaChainRef.Name(),
+				true,
+				true)
+			hasErr := (err != nil)
+			if hasErr != tt.wantError {
+				if tt.wantError {
+					t.Errorf("%s - no expected error", tt.name)
+				} else {
+					t.Errorf("%s - unexpected error: %v", tt.name, err)
+				}
 			}
-		}
-		if tt.skipBlob {
-			continue
-		}
-		err = verifyBlobKeylessWithCARoots(blobRef,
-			string(blobSig),
-			tt.rootRef,
-			tt.subRef,
-			tt.leafRef,
-			true,
-			true)
-		hasErr = (err != nil)
-		if hasErr != tt.wantError {
-			if tt.wantError {
-				t.Errorf("%s - no expected error", tt.name)
-			} else {
-				t.Errorf("%s - unexpected error: %v", tt.name, err)
+			if !tt.skipBlob {
+				err = verifyBlobKeylessWithCARoots(blobRef,
+					string(blobSig),
+					tt.rootRef,
+					tt.subRef,
+					tt.leafRef,
+					true,
+					true)
+				hasErr = (err != nil)
+				if hasErr != tt.wantError {
+					if tt.wantError {
+						t.Errorf("%s - no expected error", tt.name)
+					} else {
+						t.Errorf("%s - unexpected error: %v", tt.name, err)
+					}
+				}
 			}
-		}
+		})
 	}
 }
 

diff --git a/test/helpers.go b/test/helpers.go
@@ -288,7 +288,7 @@ func keypair(t *testing.T, td string) (*cosign.KeysBytes, string, string) {
 // and write to the given file path. Returns the path to the imported key (<td>/<fname>)
 func importECDSAPrivateKey(t *testing.T, privKey *ecdsa.PrivateKey, td, fname string) string {
 	t.Helper()
-	x509Encoded, _ := x509.MarshalECPrivateKey(privKey)
+	x509Encoded, _ := x509.MarshalPKCS8PrivateKey(privKey)
 	encBytes, _ := encrypted.Encrypt(x509Encoded, keyPass)
 	keyPEM := pem.EncodeToMemory(&pem.Block{
 		Type:  cosign.CosignPrivateKeyPemType,