added updated based on linked PRs

Signed-off-by: pxp928 <parth.psu@gmail.com>
sigstore · Aug 26, 2022 · 47d33ac · 47d33ac
1 parent 4c10b1a
commit 47d33ac
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 0 deletions.
diff --git a/pkg/types/intoto/intoto.go b/pkg/types/intoto/intoto.go
@@ -72,3 +72,10 @@ func (it *BaseIntotoType) CreateProposedEntry(ctx context.Context, version strin
 func (it BaseIntotoType) DefaultVersion() string {
 	return "0.0.2"
 }
+
+// SupportedVersions returns the supported versions for this type;
+// it deliberately omits 0.0.1 from the list of supported versions as that
+// version did not persist signatures inside the log entry
+func (it BaseIntotoType) SupportedVersions() []string {
+	return []string{"0.0.2"}
+}
diff --git a/pkg/types/intoto/intoto_schema.json b/pkg/types/intoto/intoto_schema.json
@@ -5,6 +5,9 @@
     "description": "Intoto for Rekord objects",
     "type": "object",
     "oneOf": [
+        {
+            "$ref": "v0.0.1/intoto_v0_0_1_schema.json"
+        },
         {
             "$ref": "v0.0.2/intoto_v0_0_2_schema.json"
         }

diff --git a/pkg/types/intoto/v0.0.2/entry_test.go b/pkg/types/intoto/v0.0.2/entry_test.go
@@ -16,6 +16,8 @@
 package intoto
 
 import (
+	"bytes"
+	"context"
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/elliptic"
@@ -33,13 +35,16 @@ import (
 	"strings"
 	"testing"
 
+	"github.com/go-openapi/runtime"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 	"github.com/google/go-cmp/cmp"
+	"github.com/google/go-cmp/cmp/cmpopts"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"
+	"github.com/sigstore/rekor/pkg/types"
 	"github.com/sigstore/sigstore/pkg/signature"
 	"go.uber.org/goleak"
 )
@@ -297,6 +302,35 @@ func TestV002Entry_Unmarshal(t *testing.T) {
 				if !reflect.DeepEqual(got, want) {
 					t.Errorf("V002Entry.IndexKeys() = %v, want %v", got, want)
 				}
+				payloadBytes, _ := v.env.DecodeB64Payload()
+				payloadSha := sha256.Sum256(payloadBytes)
+				payloadHash := hex.EncodeToString(payloadSha[:])
+
+				canonicalBytes, err := v.Canonicalize(context.Background())
+				if err != nil {
+					t.Errorf("error canonicalizing entry: %v", err)
+				}
+
+				pe, err := models.UnmarshalProposedEntry(bytes.NewReader(canonicalBytes), runtime.JSONConsumer())
+				if err != nil {
+					t.Errorf("unexpected err from Unmarshalling canonicalized entry for '%v': %v", tt.name, err)
+				}
+				canonicalEntry, err := types.UnmarshalEntry(pe)
+				if err != nil {
+					t.Errorf("unexpected err from type-specific unmarshalling for '%v': %v", tt.name, err)
+				}
+				canonicalV002 := canonicalEntry.(*V002Entry)
+				fmt.Printf("%v", canonicalV002.IntotoObj.Content)
+				if *canonicalV002.IntotoObj.Content.Hash.Value != *tt.it.Content.Hash.Value {
+					t.Errorf("envelope hashes do not match post canonicalization: %v %v", *canonicalV002.IntotoObj.Content.Hash.Value, *tt.it.Content.Hash.Value)
+				}
+				if canonicalV002.AttestationKey() != "" && *canonicalV002.IntotoObj.Content.PayloadHash.Value != payloadHash {
+					t.Errorf("payload hashes do not match post canonicalization: %v %v", canonicalV002.IntotoObj.Content.PayloadHash.Value, payloadHash)
+				}
+				canonicalIndexKeys, _ := canonicalV002.IndexKeys()
+				if !cmp.Equal(got, canonicalIndexKeys, cmpopts.SortSlices(func(x, y string) bool { return x < y })) {
+					t.Errorf("index keys from hydrated object do not match those generated from canonicalized (and re-hydrated) object: %v %v", got, canonicalIndexKeys)
+				}
 
 				return nil
 			}