Skip to content

Commit

Permalink
saving progrsss
Browse files Browse the repository at this point in the history
Signed-off-by: chaosinthecrd <[email protected]>
ChaosInTheCRD committed Jan 12, 2024

Verified

This commit was signed with the committer’s verified signature.
caixw caixw
1 parent ca228cb commit 12deda2
Showing 2 changed files with 16 additions and 7 deletions.
8 changes: 5 additions & 3 deletions signer/kms/aws/client.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
//
// Copyright 2021 The Sigstore Authors.
// Copyright 2023 The Witness Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
@@ -296,6 +295,7 @@ func (a *awsClient) verify(ctx context.Context, sig, message io.Reader) error {
if err != nil {
return err
}

verifier, err := cmk.Verifier()
if err != nil {
return err
@@ -314,6 +314,7 @@ func (a *awsClient) verifyRemotely(ctx context.Context, sig, digest []byte) erro
if err != nil {
return err
}

alg := cmk.KeyMetadata.SigningAlgorithms[0]
messageType := types.MessageTypeDigest
if _, err := a.client.Verify(ctx, &akms.VerifyInput{
@@ -325,6 +326,7 @@ func (a *awsClient) verifyRemotely(ctx context.Context, sig, digest []byte) erro
}); err != nil {
return fmt.Errorf("unable to verify signature: %w", err)
}

return nil
}

15 changes: 11 additions & 4 deletions signer/kms/aws/signer.go
Original file line number Diff line number Diff line change
@@ -1,11 +1,10 @@
//
// Copyright 2021 The Sigstore Authors.
// Copyright 2023 The Witness Contributors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,6 +22,7 @@ import (

"github.com/aws/aws-sdk-go-v2/service/kms/types"
"github.com/in-toto/go-witness/cryptoutil"
"github.com/in-toto/go-witness/log"
kms "github.com/in-toto/go-witness/signer/kms"
)

@@ -170,7 +170,14 @@ func (a *SignerVerifier) Verify(message io.Reader, sig []byte) (err error) {
return err
}

return a.client.verifyRemotely(ctx, sig, digest)
err = a.client.verifyRemotely(ctx, sig, digest)
if err != nil {
log.Info(err.Error())
} else {
log.Info("Verification Succeeded")
}

return err
}

// CreateKey attempts to create a new key in Vault with the specified algorithm.

0 comments on commit 12deda2

Please sign in to comment.