Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-07-22 06:50:43 -04:00
Code Issues Projects Releases Packages Wiki Activity

config: sign Azure versions on upload & verify on fetch (#1836)

Browse source 
* add SignContent() + integrate into configAPI

* use static client for upload versions tool; fix staticupload calleeReference bug

* use version to get proper cosign pub key.

* mock fetcher in CLI tests

* only provide config.New constructor with fetcher

Co-authored-by: Otto Bittner <cobittner@posteo.net>
Co-authored-by: Daniel Weiße <66256922+daniel-weisse@users.noreply.github.com>
This commit is contained in:
Adrian Stobbe 2023-06-01 13:55:46 +02:00 committed by GitHub
parent e0285c122e
commit b51cc52945
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
55 changed files with 752 additions and 308 deletions
Download patch file Download diff file Expand all files Collapse all files

39
internal/attestation/measurements/measurements.go
View file

@ -487,27 +487,6 @@ func DefaultsFor(provider cloudprovider.Provider, attestationVariant variant.Var
}
}
func getFromURL(ctx context.Context, client *http.Client, sourceURL *url.URL) ([]byte, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, sourceURL.String(), http.NoBody)
if err != nil {
return []byte{}, err
}
resp, err := client.Do(req)
if err != nil {
return []byte{}, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return []byte{}, fmt.Errorf("http status code: %d", resp.StatusCode)
}
content, err := io.ReadAll(resp.Body)
if err != nil {
return []byte{}, err
}
return content, nil
}
func checkLength(m map[uint32]Measurement) error {
var length int
for idx, measurement := range m {
@ -552,6 +531,24 @@ func (c mYamlContent) Swap(i, j int) {
c[2*i+1], c[2*j+1] = c[2*j+1], c[2*i+1]
}
// getFromURL fetches the content from the given URL and returns the content as a byte slice.
func getFromURL(ctx context.Context, client *http.Client, sourceURL *url.URL) ([]byte, error) {
req, err := http.NewRequestWithContext(ctx, http.MethodGet, sourceURL.String(), http.NoBody)
if err != nil {
return nil, err
}
resp, err := client.Do(req)
if err != nil {
return nil, err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return nil, fmt.Errorf("http status code: %d", resp.StatusCode)
}
return io.ReadAll(resp.Body)
}
type cosignVerifier interface {
VerifySignature(content, signature, publicKey []byte) error
}