From 6ff23a6367e6266ac8ee2d6a113ea56c9f3d7d8d Mon Sep 17 00:00:00 2001 From: Dmitry S Date: Wed, 10 Jul 2024 15:34:25 +0200 Subject: [PATCH] rollback pkg/cosign/keys.go changes, not needed Signed-off-by: Dmitry S --- pkg/cosign/keys.go | 12 ++------- test/e2e_test.go | 63 +++++++++++++++++++++++----------------------- test/helpers.go | 2 +- 3 files changed, 35 insertions(+), 42 deletions(-) diff --git a/pkg/cosign/keys.go b/pkg/cosign/keys.go index 830373f69fd..9adc22525f8 100644 --- a/pkg/cosign/keys.go +++ b/pkg/cosign/keys.go @@ -29,7 +29,6 @@ import ( "fmt" "os" "path/filepath" - "strings" "github.com/secure-systems-lab/go-securesystemslib/encrypted" "github.com/sigstore/cosign/v2/pkg/oci/static" @@ -75,6 +74,7 @@ func GeneratePrivateKey() (*ecdsa.PrivateKey, error) { return ecdsa.GenerateKey(elliptic.P256(), rand.Reader) } +// TODO(jason): Move this to the only place it's used in cmd/cosign/cli/importkeypair, and unexport it. func ImportKeyPair(keyPath string, pf PassFunc) (*KeysBytes, error) { kb, err := os.ReadFile(filepath.Clean(keyPath)) if err != nil { @@ -222,15 +222,7 @@ func LoadPrivateKey(key []byte, pass []byte) (signature.SignerVerifier, error) { pk, err := x509.ParsePKCS8PrivateKey(x509Encoded) if err != nil { - if strings.Contains(err.Error(), "x509: failed to parse private key (use ParseECPrivateKey instead for this key format)") { - pk2, err2 := x509.ParseECPrivateKey(x509Encoded) - if err2 != nil { - return nil, fmt.Errorf("parsing EC private key: %w, x509.ParsePKCS8PrivateKey: %w", err2, err) - } - pk = pk2 - } else { - return nil, fmt.Errorf("parsing private key: %w", err) - } + return nil, fmt.Errorf("parsing private key: %w", err) } switch pk := pk.(type) { case *rsa.PrivateKey: diff --git a/test/e2e_test.go b/test/e2e_test.go index 60a9b0a05b7..68f11acd84a 100644 --- a/test/e2e_test.go +++ b/test/e2e_test.go @@ -1062,39 +1062,40 @@ func TestVerifyWithCARoots(t *testing.T) { }, } for _, tt := range tests { - err := verifyKeylessTSAWithCARoots(imgName, - tt.rootRef, - tt.subRef, - tt.leafRef, - tsaChainRef.Name(), - true, - true) - hasErr := (err != nil) - if hasErr != tt.wantError { - if tt.wantError { - t.Errorf("%s - no expected error", tt.name) - } else { - t.Errorf("%s - unexpected error: %v", tt.name, err) + t.Run(tt.name, func(t *testing.T) { + err := verifyKeylessTSAWithCARoots(imgName, + tt.rootRef, + tt.subRef, + tt.leafRef, + tsaChainRef.Name(), + true, + true) + hasErr := (err != nil) + if hasErr != tt.wantError { + if tt.wantError { + t.Errorf("%s - no expected error", tt.name) + } else { + t.Errorf("%s - unexpected error: %v", tt.name, err) + } } - } - if tt.skipBlob { - continue - } - err = verifyBlobKeylessWithCARoots(blobRef, - string(blobSig), - tt.rootRef, - tt.subRef, - tt.leafRef, - true, - true) - hasErr = (err != nil) - if hasErr != tt.wantError { - if tt.wantError { - t.Errorf("%s - no expected error", tt.name) - } else { - t.Errorf("%s - unexpected error: %v", tt.name, err) + if !tt.skipBlob { + err = verifyBlobKeylessWithCARoots(blobRef, + string(blobSig), + tt.rootRef, + tt.subRef, + tt.leafRef, + true, + true) + hasErr = (err != nil) + if hasErr != tt.wantError { + if tt.wantError { + t.Errorf("%s - no expected error", tt.name) + } else { + t.Errorf("%s - unexpected error: %v", tt.name, err) + } + } } - } + }) } } diff --git a/test/helpers.go b/test/helpers.go index 983b07efd52..2db7092674f 100644 --- a/test/helpers.go +++ b/test/helpers.go @@ -288,7 +288,7 @@ func keypair(t *testing.T, td string) (*cosign.KeysBytes, string, string) { // and write to the given file path. Returns the path to the imported key (/) func importECDSAPrivateKey(t *testing.T, privKey *ecdsa.PrivateKey, td, fname string) string { t.Helper() - x509Encoded, _ := x509.MarshalECPrivateKey(privKey) + x509Encoded, _ := x509.MarshalPKCS8PrivateKey(privKey) encBytes, _ := encrypted.Encrypt(x509Encoded, keyPass) keyPEM := pem.EncodeToMemory(&pem.Block{ Type: cosign.CosignPrivateKeyPemType,