Skip to content

Commit

Permalink
feat: add support for downloading signature from remote (#629)
Browse files Browse the repository at this point in the history
Signed-off-by: Batuhan Apaydın <[email protected]>
Co-authored-by: Erkan Zileli <[email protected]>
Co-authored-by: Furkan Turkal <[email protected]>

Co-authored-by: Erkan Zileli <[email protected]>
Co-authored-by: Furkan Turkal <[email protected]>
  • Loading branch information
3 people authored Sep 7, 2021
1 parent cb0c46a commit 8d550b3
Show file tree
Hide file tree
Showing 3 changed files with 31 additions and 47 deletions.
27 changes: 0 additions & 27 deletions cmd/cosign/cli/init.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,6 @@ import (
"context"
_ "embed" // To enable the `go:embed` directive.
"flag"
"io/ioutil"
"net/http"
"path/filepath"
"strings"

"github.com/peterbourgon/ff/v3/ffcli"
ctuf "github.com/sigstore/cosign/pkg/cosign/tuf"
Expand All @@ -31,29 +27,6 @@ import (
//go:embed 1.root.json
var initialRoot string

func loadFileOrURL(fileRef string) ([]byte, error) {
var raw []byte
var err error
if strings.HasPrefix(fileRef, "http://") || strings.HasPrefix(fileRef, "https://") {
// #nosec G107
resp, err := http.Get(fileRef)
if err != nil {
return nil, err
}
defer resp.Body.Close()
raw, err = ioutil.ReadAll(resp.Body)
if err != nil {
return nil, err
}
} else {
raw, err = ioutil.ReadFile(filepath.Clean(fileRef))
if err != nil {
return nil, err
}
}
return raw, nil
}

func Init() *ffcli.Command {
var (
flagset = flag.NewFlagSet("cosign init", flag.ExitOnError)
Expand Down
39 changes: 25 additions & 14 deletions cmd/cosign/cli/util.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ package cli
import (
"context"
"crypto"
"io/ioutil"
"io"
"net/http"
"os"
"path/filepath"
Expand Down Expand Up @@ -53,28 +53,39 @@ func TargetRepositoryForImage(img name.Reference) (name.Repository, error) {
return name.NewRepository(wantRepo)
}

func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verifier, err error) {
// The key could be plaintext, in a file, at a URL, or in KMS.
if kmsKey, err := kms.Get(ctx, keyRef, crypto.SHA256); err == nil {
// KMS specified
return kmsKey, nil
}

func loadFileOrURL(fileRef string) ([]byte, error) {
var raw []byte

if strings.HasPrefix(keyRef, "http://") || strings.HasPrefix(keyRef, "https://") {
// key-url specified
var err error
if strings.HasPrefix(fileRef, "http://") || strings.HasPrefix(fileRef, "https://") {
// #nosec G107
resp, err := http.Get(keyRef)
resp, err := http.Get(fileRef)
if err != nil {
return nil, err
}
defer resp.Body.Close()
raw, err = ioutil.ReadAll(resp.Body)
raw, err = io.ReadAll(resp.Body)
if err != nil {
return nil, err
}
} else {
raw, err = os.ReadFile(filepath.Clean(fileRef))
if err != nil {
return nil, err
}
} else if raw, err = ioutil.ReadFile(filepath.Clean(keyRef)); err != nil {
}
return raw, nil
}

func LoadPublicKey(ctx context.Context, keyRef string) (verifier signature.Verifier, err error) {
// The key could be plaintext, in a file, at a URL, or in KMS.
if kmsKey, err := kms.Get(ctx, keyRef, crypto.SHA256); err == nil {
// KMS specified
return kmsKey, nil
}

raw, err := loadFileOrURL(keyRef)

if err != nil {
return nil, err
}

Expand Down
12 changes: 6 additions & 6 deletions cmd/cosign/cli/verify_blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -166,17 +166,17 @@ func VerifyBlobCmd(ctx context.Context, ko KeyOpts, certRef, sigRef, blobRef str
return err
}
} else {
b, err := ioutil.ReadFile(filepath.Clean(sigRef))
targetSig, err := loadFileOrURL(sigRef)
if err != nil {
return err
}
// If in a file, it could be raw or base64-encoded.
// We want them to be encoded eventually, but not double encoded!
if isb64(b) {
b64sig = string(b)

if isb64(targetSig) {
b64sig = string(targetSig)
} else {
b64sig = base64.StdEncoding.EncodeToString(b)
b64sig = base64.StdEncoding.EncodeToString(targetSig)
}

}

var blobBytes []byte
Expand Down

0 comments on commit 8d550b3

Please sign in to comment.