-
Notifications
You must be signed in to change notification settings - Fork 382
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Reinhard Tartler <siretart@gmail.com>
- Loading branch information
Showing
9 changed files
with
62 additions
and
4 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
//go:build !containers_image_fulcio_stub | ||
// +build !containers_image_fulcio_stub | ||
|
||
package signature | ||
|
||
import ( | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
//go:build containers_image_fulcio_stub | ||
// +build containers_image_fulcio_stub | ||
|
||
package signature | ||
|
||
import ( | ||
"crypto" | ||
"crypto/ecdsa" | ||
"crypto/x509" | ||
"errors" | ||
) | ||
|
||
type fulcioTrustRoot struct { | ||
caCertificates *x509.CertPool | ||
oidcIssuer string | ||
subjectEmail string | ||
} | ||
|
||
func (f *fulcioTrustRoot) validate() error { | ||
return errors.New("fulcio disabled at compile-time") | ||
} | ||
|
||
func verifyRekorFulcio(rekorPublicKey *ecdsa.PublicKey, fulcioTrustRoot *fulcioTrustRoot, untrustedRekorSET []byte, | ||
untrustedCertificateBytes []byte, untrustedIntermediateChainBytes []byte, untrustedBase64Signature string, | ||
untrustedPayloadBytes []byte) (crypto.PublicKey, error) { | ||
return nil, errors.New("fulcio diabled at compile-time") | ||
|
||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
//go:build !containers_image_fulcio_stub | ||
// +build !containers_image_fulcio_stub | ||
|
||
package signature | ||
|
||
import ( | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
//go:build !containers_image_rekor_stub | ||
// +build !containers_image_rekor_stub | ||
|
||
package internal | ||
|
||
import ( | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
//go:build containers_image_rekor_stub | ||
// +build containers_image_rekor_stub | ||
|
||
package internal | ||
|
||
import ( | ||
"crypto/ecdsa" | ||
"time" | ||
) | ||
|
||
// VerifyRekorSET verifies that unverifiedRekorSET is correctly signed by publicKey and matches the rest of the data. | ||
// Returns bundle upload time on success. | ||
func VerifyRekorSET(publicKey *ecdsa.PublicKey, unverifiedRekorSET []byte, unverifiedKeyOrCertBytes []byte, unverifiedBase64Signature string, unverifiedPayloadBytes []byte) (time.Time, error) { | ||
return time.Time{}, NewInvalidSignatureError("rekor disabled at compile-time") | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,6 @@ | ||
//go:build !containers_image_rekor_stub | ||
// +build !containers_image_rekor_stub | ||
|
||
package internal | ||
|
||
import ( | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters