Add String() to print cosign signature details

google · Oct 13, 2023 · a956ebc · a956ebc
1 parent 56211cd
commit a956ebc
Show file tree

Hide file tree

Showing 3 changed files with 54 additions and 2 deletions.
diff --git a/launcher/internal/oci/cosign/signature.go b/launcher/internal/oci/cosign/signature.go
@@ -21,6 +21,8 @@ type Sig struct {
 	// Blob represents the opaque data uploaded to OCI registry associated with the layer.
 	// This contains the Simple Signing Payload as described in https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery.
 	Blob []byte
+	// SourceRepo represents the location that stores this signature.
+	SourceRepo string
 }
 
 // CosignSigKey is the key of the cosign-generated signature embedded in OCI image manifest.
@@ -68,3 +70,12 @@ func (s Sig) PublicKey() ([]byte, error) {
 func (s Sig) SigningAlgorithm() (oci.SigningAlgorithm, error) {
 	return "", fmt.Errorf("not implemented")
 }
+
+// String returns signature details
+func (s Sig) String() string {
+	sig, err := s.Base64Encoded()
+	if err != nil {
+		return fmt.Sprintf("[signature error: %s]", err.Error())
+	}
+	return fmt.Sprintf("[signature: %q, sourceRepo: %q]", sig, s.SourceRepo)
+}
diff --git a/launcher/internal/oci/cosign/signature_test.go b/launcher/internal/oci/cosign/signature_test.go
@@ -3,6 +3,7 @@ package cosign
 import (
 	"bytes"
 	"crypto/rand"
+	"strings"
 	"testing"
 
 	"github.com/opencontainers/go-digest"
@@ -130,6 +131,45 @@ func TestWorkflow(t *testing.T) {
 	}
 }
 
+func TestString(t *testing.T) {
+	testCases := []struct {
+		name       string
+		sourceRepo string
+		b64Sig     string
+		wantString string
+	}{
+		{
+			name:       "successful signature details",
+			sourceRepo: "gcr.io/hello_world",
+			b64Sig:     "aGVsbG8gd29ybGQ=", // base64 encoded "hello world"
+			wantString: `signature: "aGVsbG8gd29ybGQ=", sourceRepo: "gcr.io/hello_world"`,
+		},
+		{
+			name:       "erronous signature details",
+			sourceRepo: "gcr.io/hello_world",
+			b64Sig:     "invalid",
+			wantString: `signature error: invalid base64 encoded signature`,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			sig := &Sig{
+				Layer: v1.Descriptor{
+					Annotations: map[string]string{
+						CosignSigKey: tc.b64Sig,
+					},
+				},
+				SourceRepo: tc.sourceRepo,
+			}
+			gotString := sig.String()
+			if !strings.Contains(gotString, tc.wantString) {
+				t.Errorf("String() failed, got %s, but want %s", gotString, tc.wantString)
+			}
+		})
+	}
+}
+
 func randomBase64EncodedString(n int) string {
 	b := make([]byte, n)
 	_, err := rand.Read(b)

diff --git a/launcher/internal/signaturediscovery/client.go b/launcher/internal/signaturediscovery/client.go
@@ -62,8 +62,9 @@ func (c *Client) FetchImageSignatures(ctx context.Context, targetRepository stri
 			return nil, err
 		}
 		sig := &cosign.Sig{
-			Layer: layer,
-			Blob:  blob,
+			Layer:      layer,
+			Blob:       blob,
+			SourceRepo: targetRepository,
 		}
 		signatures = append(signatures, sig)
 	}