Git-Mirrors/constellation
1
0
Fork 0
mirror of https://github.com/edgelesssys/constellation.git synced 2025-09-27 20:10:51 -04:00
Code Issues Projects Releases Packages Wiki Activity

api: add functions to transparently handle signatures upon API interaction (#2142)

Browse source
This commit is contained in:
Otto Bittner 2023-08-01 16:48:13 +02:00 committed by GitHub
parent 002c3a9a32
commit dac690656e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 707 additions and 472 deletions
Download patch file Download diff file Expand all files Collapse all files

8
internal/sigstore/rekor.go
View file

@ -17,7 +17,6 @@ import (
"errors"
"fmt"
"github.com/edgelesssys/constellation/v2/internal/api/versionsapi"
"github.com/sigstore/rekor/pkg/client"
genclient "github.com/sigstore/rekor/pkg/generated/client"
"github.com/sigstore/rekor/pkg/generated/client/entries"
@ -29,12 +28,7 @@ import (
)
// VerifyWithRekor checks if the hash of a signature is present in Rekor.
func VerifyWithRekor(ctx context.Context, version versionsapi.Version, verifier rekorVerifier, hash string) error {
publicKey, err := CosignPublicKeyForVersion(version)
if err != nil {
return fmt.Errorf("getting public key: %w", err)
}
func VerifyWithRekor(ctx context.Context, publicKey []byte, verifier rekorVerifier, hash string) error {
uuids, err := verifier.SearchByHash(ctx, hash)
if err != nil {
return fmt.Errorf("searching Rekor for hash: %w", err)