mirrors/kyverno
mirrors/kyverno
1
0
Fork 0
mirror of https://github.com/kyverno/kyverno.git synced 2025-03-30 19:35:06 +00:00
Code Activity

support RSA, ECDSA and EDDSA public key verification (#3362)

Browse source 
Signed-off-by: Ivan Wallis <iwallis@gmail.com>
This commit is contained in:
Ivan Wallis 2022-03-08 21:58:14 -08:00 committed by GitHub
parent 2987647692
commit deda7a5336
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pkg/cosign/cosign.go
View file

@ -29,6 +29,7 @@ import (
"github.com/sigstore/cosign/pkg/cosign/attestation"
"github.com/sigstore/cosign/pkg/oci"
sigs "github.com/sigstore/cosign/pkg/signature"
"github.com/sigstore/sigstore/pkg/cryptoutils"
"github.com/sigstore/sigstore/pkg/signature"
"github.com/sigstore/sigstore/pkg/signature/payload"
)
@ -310,12 +311,12 @@ func stringToJSONMap(i interface{}) (map[string]interface{}, error) {
func decodePEM(raw []byte) (signature.Verifier, error) {
// PEM encoded file.
ed, err := cosign.PemToECDSAKey(raw)
pubKey, err := cryptoutils.UnmarshalPEMToPublicKey(raw)
if err != nil {
return nil, errors.Wrap(err, "pem to ecdsa")
return nil, errors.Wrap(err, "pem to public key")
}
return signature.LoadECDSAVerifier(ed, crypto.SHA256)
return signature.LoadVerifier(pubKey, crypto.SHA256)
}
func extractPayload(verified []oci.Signature) ([]payload.SimpleContainerImage, error) {