Skip to content

Leverage Rekor's Verifiers API to extract keys/certs from entries #66

New issue
New issue
Open
Open
Leverage Rekor's Verifiers API to extract keys/certs from entries#66
Labels
blockedenhancementNew feature or request
@haydentherapper

Description

@haydentherapper
haydentherapper
opened on Jan 3, 2024

Description

We've created a Verifiers API in the Entries interface to abstract extracting "verifiers" - eg certificates, public keys, pgp keys, etc - from a given entry. This would simplify the logic in PublicKey() and add support for additional types (though there may be more places where types are hardcoded).

Interface: https://github.com/sigstore/rekor/blob/main/pkg/types/entries.go#L40

Code:

sigstore-go/pkg/tlog/entry.go

Lines 197 to 222 in f7518a6

func (entry *Entry) PublicKey() any {
var pemString []byte
switch e := entry.rekorEntry.(type) {
case *dsse_v001.V001Entry:
pemString = []byte(*e.DSSEObj.Signatures[0].Verifier)
case *hashedrekord_v001.V001Entry:
pemString = []byte(e.HashedRekordObj.Signature.PublicKey.Content)
case *intoto_v002.V002Entry:
pemString = []byte(*e.IntotoObj.Content.Envelope.Signatures[0].PublicKey)
}
certBlock, _ := pem.Decode(pemString)
var pk any
var err error
pk, err = x509.ParseCertificate(certBlock.Bytes)
if err != nil {
pk, err = x509.ParsePKIXPublicKey(certBlock.Bytes)
if err != nil {
return nil
}
}
return pk

Metadata

Assignees

No one assigned

    Labels

    blockedenhancementNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions