fix: Add contract version to plugin sign request and plugin verify re…

…quest (notaryproject#390) Add contract version to plugin sign request and plugin verify request. As per [specification](https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md) `contractVersion` is a mandatory field. Signed-off-by: Pritesh Bandi <[email protected]>
JeyJeyGao · Mar 21, 2024 · b8136e2 · b8136e2
1 parent e686d8b
commit b8136e2
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 10 deletions.
diff --git a/signer/plugin.go b/signer/plugin.go
@@ -180,6 +180,7 @@ func (s *PluginSigner) generateSignatureEnvelope(ctx context.Context, desc ocisp
 	}
 	// Execute plugin sign command.
 	req := &plugin.GenerateEnvelopeRequest{
+		ContractVersion:         plugin.ContractVersion,
 		KeyID:                   s.keyID,
 		Payload:                 payloadBytes,
 		SignatureEnvelopeType:   opts.SignatureMediaType,
@@ -247,8 +248,9 @@ func (s *PluginSigner) mergeConfig(config map[string]string) map[string]string {
 
 func (s *PluginSigner) describeKey(ctx context.Context, config map[string]string) (*plugin.DescribeKeyResponse, error) {
 	req := &plugin.DescribeKeyRequest{
-		KeyID:        s.keyID,
-		PluginConfig: config,
+		ContractVersion: plugin.ContractVersion,
+		KeyID:           s.keyID,
+		PluginConfig:    config,
 	}
 	resp, err := s.plugin.DescribeKey(ctx, req)
 	if err != nil {
@@ -344,11 +346,12 @@ func (s *pluginPrimitiveSigner) Sign(payload []byte) ([]byte, []*x509.Certificat
 	}
 
 	req := &plugin.GenerateSignatureRequest{
-		KeyID:        s.keyID,
-		KeySpec:      keySpec,
-		Hash:         keySpecHash,
-		Payload:      payload,
-		PluginConfig: s.pluginConfig,
+		ContractVersion: plugin.ContractVersion,
+		KeyID:           s.keyID,
+		KeySpec:         keySpec,
+		Hash:            keySpecHash,
+		Payload:         payload,
+		PluginConfig:    s.pluginConfig,
 	}
 
 	resp, err := s.plugin.GenerateSignature(s.ctx, req)

diff --git a/verifier/verifier.go b/verifier/verifier.go
@@ -681,9 +681,10 @@ func executePlugin(ctx context.Context, installedPlugin pluginframework.VerifyPl
 	}
 
 	req := &pluginframework.VerifySignatureRequest{
-		Signature:    signature,
-		TrustPolicy:  policy,
-		PluginConfig: pluginConfig,
+		ContractVersion: pluginframework.ContractVersion,
+		Signature:       signature,
+		TrustPolicy:     policy,
+		PluginConfig:    pluginConfig,
 	}
 	return installedPlugin.VerifySignature(ctx, req)
 }