From b2b50240bbbc92c2fc71169f630ed166b34c9b11 Mon Sep 17 00:00:00 2001 From: Adam Hughes Date: Mon, 9 Aug 2021 18:18:17 +0000 Subject: [PATCH] feat: return verified Descriptors in result callback --- pkg/integrity/metadata.go | 10 ++++------ pkg/integrity/result.go | 26 +++++++++++++------------- pkg/integrity/verify.go | 6 +++--- pkg/integrity/verify_test.go | 27 +++++++++++++++++++++------ 4 files changed, 41 insertions(+), 28 deletions(-) diff --git a/pkg/integrity/metadata.go b/pkg/integrity/metadata.go index cd438f82..c6c2d00f 100644 --- a/pkg/integrity/metadata.go +++ b/pkg/integrity/metadata.go @@ -242,8 +242,8 @@ func (im imageMetadata) metadataForObject(id uint32) (objectMetadata, error) { // If the SIF global header does not match, ErrHeaderIntegrity is returned. If the data object // descriptor does not match, a DescriptorIntegrityError is returned. If the data object does not // match, a ObjectIntegrityError is returned. -func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint32, error) { - verified := make([]uint32, 0, len(ods)) +func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]sif.Descriptor, error) { + verified := make([]sif.Descriptor, 0, len(ods)) // Verify header metadata. if err := im.Header.matches(f.GetHeaderIntegrityReader()); err != nil { @@ -252,9 +252,7 @@ func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint3 // Verify data object metadata. for _, od := range ods { - id := od.ID() - - om, err := im.metadataForObject(id) + om, err := im.metadataForObject(od.ID()) if err != nil { return verified, err } @@ -263,7 +261,7 @@ func (im imageMetadata) matches(f *sif.FileImage, ods []sif.Descriptor) ([]uint3 return verified, err } - verified = append(verified, id) + verified = append(verified, od) } return verified, nil diff --git a/pkg/integrity/result.go b/pkg/integrity/result.go index b8916d5d..1e9dab2f 100644 --- a/pkg/integrity/result.go +++ b/pkg/integrity/result.go @@ -11,11 +11,11 @@ import ( ) type result struct { - signature sif.Descriptor // Signature object. - im imageMetadata // Metadata from signature. - verified []uint32 // IDs of verified objects. - e *openpgp.Entity // Signing entity. - err error // Verify error (nil if successful). + signature sif.Descriptor // Signature object. + im imageMetadata // Metadata from signature. + verified []sif.Descriptor // Verified objects. + e *openpgp.Entity // Signing entity. + err error // Verify error (nil if successful). } // Signature returns the signature object associated with the result. @@ -32,8 +32,8 @@ func (r result) Signed() []uint32 { return ids } -// Verified returns the IDs of data objects that were verified. -func (r result) Verified() []uint32 { +// Verified returns the data objects that were verified. +func (r result) Verified() []sif.Descriptor { return r.verified } @@ -50,7 +50,7 @@ func (r result) Error() error { type legacyResult struct { signature sif.Descriptor // Signature object. - ods []sif.Descriptor // Descriptors of signed objects. + ods []sif.Descriptor // Signed objects. e *openpgp.Entity // Signing entity. err error // Verify error (nil if successful). } @@ -63,18 +63,18 @@ func (r legacyResult) Signature() sif.Descriptor { // Signed returns the IDs of data objects that were signed. func (r legacyResult) Signed() []uint32 { ids := make([]uint32, 0, len(r.ods)) - for _, om := range r.ods { - ids = append(ids, om.ID()) + for _, od := range r.ods { + ids = append(ids, od.ID()) } return ids } -// Verified returns the IDs of data objects that were verified. -func (r legacyResult) Verified() []uint32 { +// Verified returns the data objects that were verified. +func (r legacyResult) Verified() []sif.Descriptor { if r.err != nil { return nil } - return r.Signed() + return r.ods } // Entity returns the signing entity, or nil if the signing entity could not be determined. diff --git a/pkg/integrity/verify.go b/pkg/integrity/verify.go index 7e0a0edd..07cc65d8 100644 --- a/pkg/integrity/verify.go +++ b/pkg/integrity/verify.go @@ -66,8 +66,8 @@ type VerifyResult interface { // Signed returns the IDs of data objects that were signed. Signed() []uint32 - // Verified returns the IDs of data objects that were verified. - Verified() []uint32 + // Verified returns the data objects that were verified. + Verified() []sif.Descriptor // Entity returns the signing entity, or nil if the signing entity could not be determined. Entity() *openpgp.Entity @@ -127,7 +127,7 @@ func (v *groupVerifier) fingerprints() ([][20]byte, error) { // If verification of the SIF global header fails, ErrHeaderIntegrity is returned. If verification // of a data object descriptor fails, a DescriptorIntegrityError is returned. If verification of a // data object fails, a ObjectIntegrityError is returned. -func (v *groupVerifier) verifySignature(sig sif.Descriptor, kr openpgp.KeyRing) (imageMetadata, []uint32, *openpgp.Entity, error) { // nolint:lll +func (v *groupVerifier) verifySignature(sig sif.Descriptor, kr openpgp.KeyRing) (imageMetadata, []sif.Descriptor, *openpgp.Entity, error) { // nolint:lll b, err := sig.GetData() if err != nil { return imageMetadata{}, nil, nil, err diff --git a/pkg/integrity/verify_test.go b/pkg/integrity/verify_test.go index b944f580..deed854f 100644 --- a/pkg/integrity/verify_test.go +++ b/pkg/integrity/verify_test.go @@ -223,8 +223,13 @@ func TestGroupVerifier_verifyWithKeyRing(t *testing.T) { t.Errorf("got signed %v, want %v", got, want) } - if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) { - t.Errorf("got verified %v, want %v", got, want) + if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want { + t.Fatalf("got %v verified objects, want %v", got, want) + } + for i, od := range r.Verified() { + if got, want := od.ID(), tt.wantCBVerified[i]; got != want { + t.Errorf("got verified ID %v, want %v", got, want) + } } if got, want := r.Entity(), tt.wantCBEntity; got != want { @@ -431,8 +436,13 @@ func TestLegacyGroupVerifier_verifyWithKeyRing(t *testing.T) { t.Errorf("got signed %v, want %v", got, want) } - if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) { - t.Errorf("got verified %v, want %v", got, want) + if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want { + t.Fatalf("got %v verified objects, want %v", got, want) + } + for i, od := range r.Verified() { + if got, want := od.ID(), tt.wantCBVerified[i]; got != want { + t.Errorf("got verified ID %v, want %v", got, want) + } } if got, want := r.Entity(), tt.wantCBEntity; got != want { @@ -648,8 +658,13 @@ func TestLegacyObjectVerifier_verifyWithKeyRing(t *testing.T) { t.Errorf("got signed %v, want %v", got, want) } - if got, want := r.Verified(), tt.wantCBVerified; !reflect.DeepEqual(got, want) { - t.Errorf("got verified %v, want %v", got, want) + if got, want := len(r.Verified()), len(tt.wantCBVerified); got != want { + t.Fatalf("got %v verified objects, want %v", got, want) + } + for i, od := range r.Verified() { + if got, want := od.ID(), tt.wantCBVerified[i]; got != want { + t.Errorf("got verified ID %v, want %v", got, want) + } } if got, want := r.Entity(), tt.wantCBEntity; got != want {