Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Print message when verifying with old TUF targets (#1468)
* Verify tlog entries using the Rekor public keys from TUF Typical verification used VerifyBundle, which called GetRekorKeys, which fetches keys from the TUF repo. If the bundle was not present or for a specific error when a duplicate log entry was present, then the tlog entry would be verified using a public key fetched from Rekor's API. This key was not verified using TUF metadata. This change simply removes the API call and uses Rekor public keys from the TUF repo. Tested locally by not including the Rekor bundle in the OCI signature, which will hit the code path to fetch the entry from the log. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com> * Print message when verifying with old TUF targets This adds console messages when the TUF metadata used for Rekor or the CTFE key is marked as expired. I haven't added a log message for Fulcio yet. The way that certificates are verified is different. Instead of multiple verifications where we can easily determine which key successfully verified an object, the x509 library uses a CertPool and returns a valid chain. I'll need to plumb through the TUF information. Signed-off-by: Hayden Blauzvern <hblauzvern@google.com>
- Loading branch information
1 parent
a05d3b6
commit 18d2ce0
Showing
4 changed files
with
44 additions
and
23 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters