Skip to content
Merged
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Use default options to load key material
Signed-off-by: Hayden <8418760+haydentherapper@users.noreply.github.com>
  • Loading branch information
Hayden-IO committed Sep 2, 2025
commit 0c224364de62f5f0d303a96d9fda93102540a426
2 changes: 1 addition & 1 deletion cmd/cosign/cli/attest/attest_blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -169,7 +169,7 @@ func (c *AttestBlobCommand) Exec(ctx context.Context, artifactPath string) error
if err != nil {
return fmt.Errorf("getting signer: %w", err)
}
keypair, err = key.NewSignerVerifierKeypair(sv)
keypair, err = key.NewSignerVerifierKeypair(sv, c.DefaultLoadOptions)
if err != nil {
return fmt.Errorf("creating signerverifier keypair: %w", err)
}
Expand Down
2 changes: 1 addition & 1 deletion cmd/cosign/cli/sign/sign_blob.go
Original file line number Diff line number Diff line change
Expand Up @@ -91,7 +91,7 @@ func SignBlobCmd(ro *options.RootOptions, ko options.KeyOpts, payloadPath string
if err != nil {
return nil, fmt.Errorf("getting signer: %w", err)
}
keypair, err = key.NewSignerVerifierKeypair(sv)
keypair, err = key.NewSignerVerifierKeypair(sv, ko.DefaultLoadOptions)
if err != nil {
return nil, fmt.Errorf("creating signerverifier keypair: %w", err)
}
Expand Down
6 changes: 3 additions & 3 deletions internal/key/svkeypair.go
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ import (
"errors"
"fmt"

"github.com/sigstore/cosign/v2/pkg/cosign"
protocommon "github.com/sigstore/protobuf-specs/gen/pb-go/common/v1"
"github.com/sigstore/sigstore/pkg/cryptoutils"
"github.com/sigstore/sigstore/pkg/signature"
Expand All @@ -42,7 +43,7 @@ type SignerVerifierKeypair struct {
}

// NewSignerVerifierKeypair creates a new SignerVerifierKeypair from a SignerVerifier.
func NewSignerVerifierKeypair(sv signature.SignerVerifier) (*SignerVerifierKeypair, error) {
func NewSignerVerifierKeypair(sv signature.SignerVerifier, defaultLoadOptions *[]signature.LoadOption) (*SignerVerifierKeypair, error) {
pubKey, err := sv.PublicKey()
if err != nil {
return nil, fmt.Errorf("getting public key: %w", err)
Expand All @@ -66,8 +67,7 @@ func NewSignerVerifierKeypair(sv signature.SignerVerifier) (*SignerVerifierKeypa
return nil, errors.New("unsupported key type")
}

// TODO: Ideally SignerVerifier would return its configured hash.
algo, err := signature.GetDefaultAlgorithmDetails(pubKey)
algo, err := signature.GetDefaultAlgorithmDetails(pubKey, *cosign.GetDefaultLoadOptions(defaultLoadOptions)...)
if err != nil {
return nil, fmt.Errorf("getting default algorithm details: %w", err)
}
Expand Down
6 changes: 3 additions & 3 deletions internal/key/svkeypair_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ func TestNewKMSKeypair(t *testing.T) {

for _, tc := range testCases {
t.Run(tc.name, func(t *testing.T) {
kp, err := NewSignerVerifierKeypair(tc.sv)
kp, err := NewSignerVerifierKeypair(tc.sv, nil)
if tc.expectErr {
if err == nil {
t.Errorf("expected an error, but got none")
Expand All @@ -147,7 +147,7 @@ func TestKMSKeypair_Methods(t *testing.T) {
t.Fatalf("failed to generate ecdsa key: %v", err)
}
sv := &mockSignerVerifier{pubKey: &ecdsaPriv.PublicKey}
kp, err := NewSignerVerifierKeypair(sv)
kp, err := NewSignerVerifierKeypair(sv, nil)
if err != nil {
t.Fatalf("failed to create KMSKeypair: %v", err)
}
Expand Down Expand Up @@ -214,7 +214,7 @@ func TestKMSKeypair_Methods(t *testing.T) {
pubKey: &ecdsaPriv.PublicKey,
signErr: errors.New("signing failed"),
}
errKP, err := NewSignerVerifierKeypair(errSV)
errKP, err := NewSignerVerifierKeypair(errSV, nil)
if err != nil {
t.Fatalf("failed to create KMSKeypair: %v", err)
}
Expand Down
Loading