From a956ebc0535dafd5756ddf4e12315e050ae1dcf0 Mon Sep 17 00:00:00 2001 From: yawangwang Date: Fri, 13 Oct 2023 19:37:03 +0000 Subject: [PATCH] Add String() to print cosign signature details --- launcher/internal/oci/cosign/signature.go | 11 +++++ .../internal/oci/cosign/signature_test.go | 40 +++++++++++++++++++ .../internal/signaturediscovery/client.go | 5 ++- 3 files changed, 54 insertions(+), 2 deletions(-) diff --git a/launcher/internal/oci/cosign/signature.go b/launcher/internal/oci/cosign/signature.go index 140167093..91f59dd7b 100644 --- a/launcher/internal/oci/cosign/signature.go +++ b/launcher/internal/oci/cosign/signature.go @@ -21,6 +21,8 @@ type Sig struct { // Blob represents the opaque data uploaded to OCI registry associated with the layer. // This contains the Simple Signing Payload as described in https://github.com/sigstore/cosign/blob/main/specs/SIGNATURE_SPEC.md#tag-based-discovery. Blob []byte + // SourceRepo represents the location that stores this signature. + SourceRepo string } // CosignSigKey is the key of the cosign-generated signature embedded in OCI image manifest. @@ -68,3 +70,12 @@ func (s Sig) PublicKey() ([]byte, error) { func (s Sig) SigningAlgorithm() (oci.SigningAlgorithm, error) { return "", fmt.Errorf("not implemented") } + +// String returns signature details +func (s Sig) String() string { + sig, err := s.Base64Encoded() + if err != nil { + return fmt.Sprintf("[signature error: %s]", err.Error()) + } + return fmt.Sprintf("[signature: %q, sourceRepo: %q]", sig, s.SourceRepo) +} diff --git a/launcher/internal/oci/cosign/signature_test.go b/launcher/internal/oci/cosign/signature_test.go index 8e59cf1dd..399d503fa 100644 --- a/launcher/internal/oci/cosign/signature_test.go +++ b/launcher/internal/oci/cosign/signature_test.go @@ -3,6 +3,7 @@ package cosign import ( "bytes" "crypto/rand" + "strings" "testing" "github.com/opencontainers/go-digest" @@ -130,6 +131,45 @@ func TestWorkflow(t *testing.T) { } } +func TestString(t *testing.T) { + testCases := []struct { + name string + sourceRepo string + b64Sig string + wantString string + }{ + { + name: "successful signature details", + sourceRepo: "gcr.io/hello_world", + b64Sig: "aGVsbG8gd29ybGQ=", // base64 encoded "hello world" + wantString: `signature: "aGVsbG8gd29ybGQ=", sourceRepo: "gcr.io/hello_world"`, + }, + { + name: "erronous signature details", + sourceRepo: "gcr.io/hello_world", + b64Sig: "invalid", + wantString: `signature error: invalid base64 encoded signature`, + }, + } + + for _, tc := range testCases { + t.Run(tc.name, func(t *testing.T) { + sig := &Sig{ + Layer: v1.Descriptor{ + Annotations: map[string]string{ + CosignSigKey: tc.b64Sig, + }, + }, + SourceRepo: tc.sourceRepo, + } + gotString := sig.String() + if !strings.Contains(gotString, tc.wantString) { + t.Errorf("String() failed, got %s, but want %s", gotString, tc.wantString) + } + }) + } +} + func randomBase64EncodedString(n int) string { b := make([]byte, n) _, err := rand.Read(b) diff --git a/launcher/internal/signaturediscovery/client.go b/launcher/internal/signaturediscovery/client.go index 550d62879..0e9cdb8ea 100644 --- a/launcher/internal/signaturediscovery/client.go +++ b/launcher/internal/signaturediscovery/client.go @@ -62,8 +62,9 @@ func (c *Client) FetchImageSignatures(ctx context.Context, targetRepository stri return nil, err } sig := &cosign.Sig{ - Layer: layer, - Blob: blob, + Layer: layer, + Blob: blob, + SourceRepo: targetRepository, } signatures = append(signatures, sig) }