Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Introduce signature.Cosign as a format
Currently, this just allows serializing and deserializing it as a blob. NOTE: This makes an implementation decision about the blob format: we use OpenPGP signatures with no marker, any new formats will start with a zero byte and an ASCII line identifying the format of the rest Signed-off-by: Miloslav Trmač <mitr@redhat.com>
- Loading branch information
Showing
3 changed files
with
90 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package signature | ||
|
||
import "encoding/json" | ||
|
||
const CosignSignatureMIMEType = "application/vnd.dev.cosign.simplesigning.v1+json" | ||
|
||
// Cosign is a github.com/Cosign/cosign signature. | ||
// For the persistent-storage format used for blobChunk(), we want | ||
// a degree of forward compatibility against unexpected field changes | ||
// (as has happened before), which is why this data type | ||
// contains just a payload + annotations (including annotations | ||
// that we don’t recognize or support), instead of individual fields | ||
// for the known annotations. | ||
type Cosign struct { | ||
UntrustedMIMEType string `json:"mimeType"` | ||
UntrustedPayload []byte `json:"payload"` | ||
UntrustedAnnotations map[string]string `json:"annotations"` | ||
} | ||
|
||
// cosignFromBlobChunk converts a Cosign signature, as returned by Cosign.blobChunk, into a Cosign object. | ||
func cosignFromBlobChunk(blobChunk []byte) (Cosign, error) { | ||
var res Cosign | ||
if err := json.Unmarshal(blobChunk, &res); err != nil { | ||
return Cosign{}, err | ||
} | ||
return res, nil | ||
} | ||
|
||
// FIXME FIXME: MIME type? Int? String? | ||
func (s Cosign) FormatID() FormatID { | ||
return CosignFormat | ||
} | ||
|
||
// blobChunk returns a representation of signature as a []byte, suitable for long-term storage. | ||
// Almost everyone should use signature.Blob() instead. | ||
func (s Cosign) blobChunk() ([]byte, error) { | ||
return json.Marshal(s) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters