Skip to content

Commit 4a37dd3

Browse files
hackeramitkumarhackeramitkumar
committed
added getRekorPubKey options
1 parent 0007484 commit 4a37dd3

File tree

4 files changed

+94
-56
lines changed

4 files changed

+94
-56
lines changed

cosign

1.23 MB
Binary file not shown.

cosign.go

+84-50
Original file line numberDiff line numberDiff line change
@@ -5,23 +5,17 @@ import (
55
"crypto"
66
"encoding/json"
77
"fmt"
8+
"io/ioutil"
89

910
"github.com/google/go-containerregistry/pkg/name"
1011
"github.com/google/go-containerregistry/pkg/v1/remote"
1112
"github.com/sigstore/cosign/v2/pkg/cosign"
1213
"github.com/sigstore/cosign/v2/pkg/oci"
1314
"github.com/sigstore/sigstore/pkg/cryptoutils"
1415
"github.com/sigstore/sigstore/pkg/signature"
15-
"github.com/sigstore/sigstore/pkg/signature/payload"
16-
)
17-
18-
var (
19-
pub_key = `-----BEGIN PUBLIC KEY-----
20-
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjUlDDji3rnrJpceDaw/fRo5ZGhbJ
21-
ehPAoLSiNJSNRU7AZV+srW6k+1ITu0NVMmwUqL/83Ug0etoSaCiW71b9Hg==
22-
-----END PUBLIC KEY-----`
2316
)
2417

18+
/*
2519
// Will be used for fetching extra information
2620
func extractPayload(verified []oci.Signature) ([]payload.SimpleContainerImage, error) {
2721
var sigPayloads []payload.SimpleContainerImage
@@ -34,6 +28,7 @@ func extractPayload(verified []oci.Signature) ([]payload.SimpleContainerImage, e
3428
}
3529
return sigPayloads, nil
3630
}
31+
*/
3732

3833
func decodePEM(raw []byte, signatureAlgorithm crypto.Hash) (signature.Verifier, error) {
3934
// PEM encoded file.
@@ -45,64 +40,107 @@ func decodePEM(raw []byte, signatureAlgorithm crypto.Hash) (signature.Verifier,
4540
}
4641

4742
func verifyImageSignatures_util(ctx context.Context, ref name.Reference) ([]oci.Signature, error) {
43+
filePath := "cosign.pub"
44+
data, err := ioutil.ReadFile(filePath)
45+
if err != nil {
46+
fmt.Println("Error reading file:", err)
47+
panic(err)
48+
}
4849

49-
verifier, err := decodePEM([]byte(pub_key), crypto.SHA256)
50+
// Convert the data to a byte slice ([]byte)
51+
byteData := []byte(data)
52+
verifier, err := decodePEM(byteData, crypto.SHA256)
5053
if err != nil {
5154
fmt.Println("Error occured during the fetching of verifier;")
5255
panic(err)
5356
}
5457

58+
trustedTransparencyLogPubKeys, err := cosign.GetRekorPubs(ctx)
59+
if err != nil {
60+
fmt.Println("Error occured during the getting rekor pubs keys...")
61+
}
62+
fmt.Println("Rekor keys are : ", trustedTransparencyLogPubKeys.Keys)
63+
// rekor_client := cosign.Get(ctx)
5564
cosignVeriOptions := cosign.CheckOpts{
5665
SigVerifier: verifier,
66+
// RekorClient: rekor_client,
67+
RekorPubKeys: trustedTransparencyLogPubKeys,
5768
}
5869

59-
fmt.Println("Public Key", verifier.PublicKey)
60-
fmt.Println("Verify signature : ", verifier.VerifySignature)
61-
fmt.Println("Sig.Verifier", verifier)
70+
/*
71+
fmt.Println("Public Key", verifier.PublicKey)
72+
fmt.Println("Verify signature : ", verifier.VerifySignature)
73+
fmt.Println("Sig.Verifier", verifier)
74+
*/
6275

6376
verified_signatures, isVerified, err := cosign.VerifyImageSignatures(ctx, ref, &cosignVeriOptions)
64-
fmt.Println("-------------------------Signature verification in Progress ---------------------------")
77+
fmt.Println("-----------------------------Signature verification in Progress -------------------------------")
6578
if err != nil {
6679
fmt.Println("No signature matched : ")
67-
panic(err)
6880
}
6981

7082
if !isVerified {
71-
panic("-------------Verification failed --------------------")
83+
fmt.Println("---------------------------------Verification failed ----------------------------------------")
7284
}
85+
fmt.Println("")
7386

74-
fmt.Println("------------------------- Signature verification completed ---------------------------")
87+
fmt.Println("---------------------------- Signature verification completed ----------------------------------")
7588
return verified_signatures, err
7689

7790
}
7891

7992
func fetchArtifacts(ref name.Reference) error {
8093
desc, err := remote.Get(ref)
8194
if err != nil {
82-
fmt.Errorf("Got some error", err)
83-
return err
95+
panic(err)
8496
}
8597

8698
byteStream, err := json.Marshal(desc.Descriptor)
99+
if err != nil {
100+
fmt.Println("error during the marshaling of descriptor")
101+
panic(err)
102+
}
87103
jsonString := string(byteStream)
88104
fmt.Println(jsonString)
105+
106+
img, err := remote.Image(ref)
107+
if err != nil {
108+
panic(err)
109+
}
110+
manifest, err := img.Manifest()
111+
if err != nil {
112+
panic(err)
113+
}
114+
byteStream3, err := json.Marshal(manifest)
115+
if err != nil {
116+
panic(err)
117+
}
118+
jsonString3 := string(byteStream3)
119+
fmt.Println("manifest :", jsonString3)
120+
89121
return nil
90122
}
91123

92124
func cosign2() {
93-
image := "ghcr.io/hackeramitkumar/kubeji2:latest"
125+
image := "ghcr.io/hackeramitkumar/tetsing_cosign/kubeji:latest"
94126
ref, err := name.ParseReference(image)
95127
if err != nil {
96128
panic(err)
97129
}
98130

99-
fmt.Println("--------------------------------Image refrence information : ----------------------------------")
131+
fmt.Println("-------------------------------- Image refrence information : ------------------------------")
100132
fmt.Println("Registry : ", ref.Context().RegistryStr())
101133
fmt.Println("Repository : ", ref.Context().RepositoryStr())
102134
fmt.Println("Identifier : ", ref.Identifier())
103135

104-
fmt.Printf("------------------------Fetching the signedPayload for : ", image)
105-
fmt.Println("---------------------------------------------")
136+
fmt.Println("\n")
137+
fmt.Println("------------------------------------------Artifacts--------------------------------------------")
138+
fetchArtifacts(ref)
139+
fmt.Println()
140+
141+
fmt.Print("----------------- Fetching the signedPayload for : ", image)
142+
fmt.Println("-------------------")
143+
fmt.Println("\n")
106144

107145
ctx := context.Background()
108146
signedPayloads, err := cosign.FetchSignaturesForReference(ctx, ref)
@@ -111,12 +149,13 @@ func cosign2() {
111149
panic(err)
112150
}
113151

114-
fmt.Println("------------------------------------- Fetched all the signedPayloads --------------------------------------")
152+
fmt.Println("------------------------------------ Fetched all the signedPayloads ----------------------------")
115153
fmt.Println()
116154

117155
for _, Payload := range signedPayloads {
118-
fmt.Println("------------------------------------- Signed Payload ------------------------------------------")
119-
fmt.Println("\n \n----------------------------------- Signed Payload Bundle ---------------------------------")
156+
fmt.Println("------------------------------------- Signed Payload Content --------------------------------")
157+
fmt.Println("")
158+
fmt.Println("--------------------------------------Signed Payload Bundle ----------------------------------")
120159

121160
byteStream, err := json.Marshal(Payload.Bundle)
122161
if err != nil {
@@ -125,46 +164,41 @@ func cosign2() {
125164
}
126165
jsonString := string(byteStream)
127166
fmt.Println(jsonString)
128-
fmt.Printf("--------------------------------- Signature for Payload : --------------------------------------:\n ")
167+
fmt.Println("")
168+
169+
fmt.Println("--------------------------------------Signature for Payload -----------------------------------")
129170
fmt.Println(Payload.Base64Signature)
130-
fmt.Printf("--------------------------------- Certificate for the Payload : -----------------------------------------: \n")
171+
fmt.Println("")
172+
173+
fmt.Println("-----------------------------------Certificate for the Payload---------------------------------")
131174
byteStream2, err := json.Marshal(Payload.Cert)
132-
// sigVer, err := cosign.ValidateAndUnpackCert(Payload.Cert)
133175

134176
if err != nil {
135177
fmt.Println("Error marshaling JSON:", err)
136178
return
137179
}
138180
jsonString2 := string(byteStream2)
139181
fmt.Println(jsonString2)
140-
141-
// verification by using the certificate
142-
143182
}
144183

145-
fmt.Println("----------------------Artifacts----------------------------------")
146-
fetchArtifacts(ref)
147-
148-
img, err := remote.Image(ref)
149-
manifest, err := img.Manifest()
150-
byteStream3, err := json.Marshal(manifest)
151-
jsonString3 := string(byteStream3)
152-
fmt.Println("manifest :", jsonString3)
153-
154-
fmt.Println("------------------------------------Signature verification --------------------------------------------")
155-
156-
buffer_key := []byte(pub_key)
157-
fmt.Println()
158-
159-
stringstr4 := string(buffer_key)
160-
fmt.Println("The public key is : ", stringstr4)
184+
fmt.Println("\n")
185+
fmt.Println("-------------------------------------Signature verification --------------------------------------")
186+
fmt.Println("")
161187

162188
verified_signatures, err := verifyImageSignatures_util(ctx, ref)
163-
fmt.Println("List of the verified signatures ----------------::::::")
189+
if err != nil {
190+
panic(err)
191+
}
192+
fmt.Println("")
193+
fmt.Println("--------------------------------List of the verified signatures ----------------------------------")
164194
for _, sig := range verified_signatures {
165-
fmt.Println(sig.Base64Signature)
195+
// temp, err := json.Marshal()
196+
// if err != nil {
197+
// fmt.Println("Error occured during the conversion : ", err)
198+
// }
199+
// tempstr := string(temp)
200+
fmt.Println(sig.Base64Signature())
166201
}
167-
168202
}
169203

170204
func main() {

cosign.pub

+4
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEjUlDDji3rnrJpceDaw/fRo5ZGhbJ
3+
ehPAoLSiNJSNRU7AZV+srW6k+1ITu0NVMmwUqL/83Ug0etoSaCiW71b9Hg==
4+
-----END PUBLIC KEY-----

cosign_test.go

+6-6
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
package main
22

3-
// import (
4-
// "testing"
5-
// )
3+
import (
4+
"testing"
5+
)
66

7-
// func Test_Cosign2(t *testing.T) {
8-
// cosign2()
9-
// }
7+
func Test_Cosign2(t *testing.T) {
8+
cosign2()
9+
}

0 commit comments

Comments
 (0)