feat: return verified Descriptors in result callback

sylabs · Aug 9, 2021 · b2b5024 · b2b5024
1 parent 7f25735
commit b2b5024
Show file tree

Hide file tree

Showing 4 changed files with 41 additions and 28 deletions.
diff --git a/pkg/integrity/metadata.go b/pkg/integrity/metadata.go
@@ -242,8 +242,8 @@ func (im imageMetadata) metadataForObject(id uint32) (objectMetadata, error) {
 // If the SIF global header does not match, ErrHeaderIntegrity is returned. If the data object
 // descriptor does not match, a DescriptorIntegrityError is returned. If the data object does not
 // match, a ObjectIntegrityError is returned.
-func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint32, error) {
-	verified := make([]uint32, 0, len(ods))
+func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]sif.Descriptor, error) {
+	verified := make([]sif.Descriptor, 0, len(ods))
 
 	// Verify header metadata.
 	if err := im.Header.matches(f.GetHeaderIntegrityReader()); err != nil {
@@ -252,9 +252,7 @@ func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint3
 
 	// Verify data object metadata.
 	for _, od := range ods {
-		id := od.ID()
-
-		om, err := im.metadataForObject(id)
+		om, err := im.metadataForObject(od.ID())
 		if err != nil {
 			return verified, err
 		}
@@ -263,7 +261,7 @@ func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint3
 			return verified, err
 		}
 
-		verified = append(verified, id)
+		verified = append(verified, od)
 	}
 
 	return verified, nil

diff --git a/pkg/integrity/result.go b/pkg/integrity/result.go
@@ -11,11 +11,11 @@ import (
 )
 
 type result struct {
-	signature sif.Descriptor  // Signature object.
-	im        imageMetadata   // Metadata from signature.
-	verified  []uint32        // IDs of verified objects.
-	e         *openpgp.Entity // Signing entity.
-	err       error           // Verify error (nil if successful).
+	signature sif.Descriptor   // Signature object.
+	im        imageMetadata    // Metadata from signature.
+	verified  []sif.Descriptor // Verified objects.
+	e         *openpgp.Entity  // Signing entity.
+	err       error            // Verify error (nil if successful).
 }
 
 // Signature returns the signature object associated with the result.
@@ -32,8 +32,8 @@ func (r result) Signed() []uint32 {
 	return ids
 }
 
-// Verified returns the IDs of data objects that were verified.
-func (r result) Verified() []uint32 {
+// Verified returns the data objects that were verified.
+func (r result) Verified() []sif.Descriptor {
 	return r.verified
 }
 
@@ -50,7 +50,7 @@ func (r result) Error() error {
 
 type legacyResult struct {
 	signature sif.Descriptor   // Signature object.
-	ods       []sif.Descriptor // Descriptors of signed objects.
+	ods       []sif.Descriptor // Signed objects.
 	e         *openpgp.Entity  // Signing entity.
 	err       error            // Verify error (nil if successful).
 }
@@ -63,18 +63,18 @@ func (r legacyResult) Signature() sif.Descriptor {
 // Signed returns the IDs of data objects that were signed.
 func (r legacyResult) Signed() []uint32 {
 	ids := make([]uint32, 0, len(r.ods))
-	for _, om := range r.ods {
-		ids = append(ids, om.ID())
+	for _, od := range r.ods {
+		ids = append(ids, od.ID())
 	}
 	return ids
 }
 
-// Verified returns the IDs of data objects that were verified.
-func (r legacyResult) Verified() []uint32 {
+// Verified returns the data objects that were verified.
+func (r legacyResult) Verified() []sif.Descriptor {
 	if r.err != nil {
 		return nil
 	}
-	return r.Signed()
+	return r.ods
 }
 
 // Entity returns the signing entity, or nil if the signing entity could not be determined.

diff --git a/pkg/integrity/verify.go b/pkg/integrity/verify.go
@@ -66,8 +66,8 @@ type VerifyResult interface {
 	// Signed returns the IDs of data objects that were signed.
 	Signed() []uint32
 
-	// Verified returns the IDs of data objects that were verified.
-	Verified() []uint32
+	// Verified returns the data objects that were verified.
+	Verified() []sif.Descriptor
 
 	// Entity returns the signing entity, or nil if the signing entity could not be determined.
 	Entity() *openpgp.Entity
@@ -127,7 +127,7 @@ func (v *groupVerifier) fingerprints() ([][20]byte, error) {
 // If verification of the SIF global header fails, ErrHeaderIntegrity is returned. If verification
 // of a data object descriptor fails, a DescriptorIntegrityError is returned. If verification of a
 // data object fails, a ObjectIntegrityError is returned.
-func (v *groupVerifier) verifySignature(sig sif.Descriptor, kr openpgp.KeyRing) (imageMetadata, []uint32, *openpgp.Entity, error) { // nolint:lll
+func (v *groupVerifier) verifySignature(sig sif.Descriptor, kr openpgp.KeyRing) (imageMetadata, []sif.Descriptor, *openpgp.Entity, error) { // nolint:lll
 	b, err := sig.GetData()
 	if err != nil {
 		return imageMetadata{}, nil, nil, err

diff --git a/pkg/integrity/verify_test.go b/pkg/integrity/verify_test.go
@@ -223,8 +223,13 @@ func TestGroupVerifier_verifyWithKeyRing(t *testing.T) {
 						t.Errorf("got signed %v, want %v", got, want)
 					}
 
-					if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) {
-						t.Errorf("got verified %v, want %v", got, want)
+					if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want {
+						t.Fatalf("got %v verified objects, want %v", got, want)
+					}
+					for i, od := range r.Verified() {
+						if got, want := od.ID(), tt.wantCBVerified[i]; got != want {
+							t.Errorf("got verified ID %v, want %v", got, want)
+						}
 					}
 
 					if got, want := r.Entity(), tt.wantCBEntity; got != want {
@@ -431,8 +436,13 @@ func TestLegacyGroupVerifier_verifyWithKeyRing(t *testing.T) {
 						t.Errorf("got signed %v, want %v", got, want)
 					}
 
-					if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) {
-						t.Errorf("got verified %v, want %v", got, want)
+					if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want {
+						t.Fatalf("got %v verified objects, want %v", got, want)
+					}
+					for i, od := range r.Verified() {
+						if got, want := od.ID(), tt.wantCBVerified[i]; got != want {
+							t.Errorf("got verified ID %v, want %v", got, want)
+						}
 					}
 
 					if got, want := r.Entity(), tt.wantCBEntity; got != want {
@@ -648,8 +658,13 @@ func TestLegacyObjectVerifier_verifyWithKeyRing(t *testing.T) {
 						t.Errorf("got signed %v, want %v", got, want)
 					}
 
-					if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) {
-						t.Errorf("got verified %v, want %v", got, want)
+					if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want {
+						t.Fatalf("got %v verified objects, want %v", got, want)
+					}
+					for i, od := range r.Verified() {
+						if got, want := od.ID(), tt.wantCBVerified[i]; got != want {
+							t.Errorf("got verified ID %v, want %v", got, want)
+						}
 					}
 
 					if got, want := r.Entity(), tt.wantCBEntity; got != want {