Improve measurements verification with Rekor (#206)

Fetched measurements are now verified using Rekor in addition to a signature check. Signed-off-by: Fabian Kammel <fk@edgeless.systems>
2025-08-01 11:36:10 -04:00 · 2022-10-11 13:57:52 +02:00 · 2022-10-11 13:57:52 +02:00 · 57b8efd1ec
commit 57b8efd1ec
parent 1c29638421
18 changed files with 1320 additions and 322 deletions
--- a/cli/internal/cmd/verifier_test.go
+++ b/cli/internal/cmd/verifier_test.go
@ -0,0 +1,36 @@
+/*
+Copyright (c) Edgeless Systems GmbH
+
+SPDX-License-Identifier: AGPL-3.0-only
+*/
+
+package cmd
+
+import "context"
+
+// singleUUIDVerifier constructs a RekorVerifier that returns a single UUID and no errors,
+// and should work for most tests on the happy path.
+func singleUUIDVerifier() *stubRekorVerifier {
+	return &stubRekorVerifier{
+		SearchByHashUUIDs: []string{"11111111111111111111111111111111111111111111111111111111111111111111111111111111"},
+		SearchByHashError: nil,
+		VerifyEntryError:  nil,
+	}
+}
+
+// SubRekorVerifier is a stub for RekorVerifier.
+type stubRekorVerifier struct {
+	SearchByHashUUIDs []string
+	SearchByHashError error
+	VerifyEntryError  error
+}
+
+// SearchByHash returns the exported fields SearchByHashUUIDs, SearchByHashError.
+func (v *stubRekorVerifier) SearchByHash(context.Context, string) ([]string, error) {
+	return v.SearchByHashUUIDs, v.SearchByHashError
+}
+
+// VerifyEntry returns the exported field VerifyEntryError.
+func (v *stubRekorVerifier) VerifyEntry(context.Context, string, string) error {
+	return v.VerifyEntryError
+}