From 3a6c5232dd884547d4fb7ddffc9815187bd85c45 Mon Sep 17 00:00:00 2001 From: Asra Ali Date: Tue, 30 Aug 2022 08:53:45 -0500 Subject: [PATCH] return sth Signed-off-by: Asra Ali --- pkg/verify/verify.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/pkg/verify/verify.go b/pkg/verify/verify.go index 171efbc1d..516aed339 100644 --- a/pkg/verify/verify.go +++ b/pkg/verify/verify.go @@ -77,32 +77,35 @@ func ProveConsistency(ctx context.Context, rClient *client.Rekor, // against a newly fetched Checkpoint. //nolint func VerifyCurrentCheckpoint(ctx context.Context, rClient *client.Rekor, verifier signature.Verifier, - oldSTH *util.SignedCheckpoint) error { + oldSTH *util.SignedCheckpoint) (*util.SignedCheckpoint, error) { // The oldSTH should already be verified, but check for robustness. if !oldSTH.Verify(verifier) { - return errors.New("signature on old tree head did not verify") + return nil, errors.New("signature on old tree head did not verify") } // Get and verify against the current STH. infoParams := tlog.NewGetLogInfoParamsWithContext(ctx) result, err := rClient.Tlog.GetLogInfo(infoParams) if err != nil { - return err + return nil, err } logInfo := result.GetPayload() sth := util.SignedCheckpoint{} if err := sth.UnmarshalText([]byte(*logInfo.SignedTreeHead)); err != nil { - return err + return nil, err } // Verify the signature on the SignedCheckpoint. if !sth.Verify(verifier) { - return errors.New("signature on tree head did not verify") + return nil, errors.New("signature on tree head did not verify") } // Now verify consistency up to the STH. - return ProveConsistency(ctx, rClient, oldSTH, &sth, *logInfo.TreeID) + if err := ProveConsistency(ctx, rClient, oldSTH, &sth, *logInfo.TreeID); err != nil { + return nil, err + } + return &sth, nil } // VerifyInclusion verifies an entry's inclusion proof. Clients MUST either verify