Add verify goal #88

dbradicich · 2022-04-01T14:24:26Z

Summary

Add verify goal for verifying signatures

WIP

Initial flow in place, down to the actual sig validation, working through that portion now, ultimately aiming to add similar functionality to the pgp verifier plugin where it can validate the dependencies
And tests and all that jazz ;)

…cation code in place

dbradicich · 2022-04-01T14:25:42Z

very much looking forward to the java api for sigstore ;)

dbradicich · 2022-04-01T15:36:57Z

src/main/java/dev/sigstore/plugin/verify/SigstoreVerifier.java

+
+      Signature signature = Signature.getInstance("SHA384withECDSA", new BouncyCastleProvider());
+      signature.initVerify(certificate.getPublicKey());
+      signature.verify(rekord.decodedSignature.getBytes(UTF_8));


pretty much last spot that needs functional work, simply haven't deal with the signing/verification process before,

…of json response data

put verify goal in place, just at point to get proper cert/sig verifi…

70fcb6c

…cation code in place

pull sig from file, and utilize in verification

9be369f

dbradicich commented Apr 1, 2022

View reviewed changes

hboutemy and others added 5 commits April 11, 2022 16:24

add verify IT (#1)

195cd79

Make output bit nicer, along with IT to validate the current process

90d4c29

added missing attestation field, added pretty printing for debug log …

591bb94

…of json response data

add missing binary for IT

53732d8

refactor to make rekor log entry kind visible (#2)

54f9a9f

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add verify goal #88

Add verify goal #88

dbradicich commented Apr 1, 2022

dbradicich commented Apr 1, 2022

dbradicich Apr 1, 2022

Add verify goal #88

Are you sure you want to change the base?

Add verify goal #88

Conversation

dbradicich commented Apr 1, 2022

Summary

WIP

dbradicich commented Apr 1, 2022

dbradicich Apr 1, 2022

Choose a reason for hiding this comment