update cose branch (#80)

* Bump github.com/golang-jwt/jwt/v4 from 4.4.1 to 4.4.2 (#14) Bumps [github.com/golang-jwt/jwt/v4](https://github.com/golang-jwt/jwt) from 4.4.1 to 4.4.2. - [Release notes](https://github.com/golang-jwt/jwt/releases) - [Changelog](https://github.com/golang-jwt/jwt/blob/main/VERSION_HISTORY.md) - [Commits](golang-jwt/jwt@v4.4.1...v4.4.2) --- updated-dependencies: - dependency-name: github.com/golang-jwt/jwt/v4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * refactor: refactor envelope and signer to support cose (#53) Signed-off-by: Binbin Li <[email protected]> * Revert "refactor: refactor envelope and signer to support cose (#53)" (#67) This reverts commit cbea2cf. Signed-off-by: Shiwei Zhang <[email protected]> * update to go 1.18 (#66) Signed-off-by: Junjie Gao <[email protected]> * refactor: rename signer to signature submodule (#71) Signed-off-by: Binbin Li <[email protected]> * refactor: refactor envelope and signer to support cose (#73) Signed-off-by: Binbin Li <[email protected]> * feat: added COSE envelope implementation Signed-off-by: Patrick Zheng <[email protected]> * update per code review Signed-off-by: Patrick Zheng <[email protected]> * update per code review Signed-off-by: Patrick Zheng <[email protected]> * update per code review Signed-off-by: Patrick Zheng <[email protected]> * resolve conflicts Signed-off-by: Patrick Zheng <[email protected]> * updated conformance test Signed-off-by: Patrick Zheng <[email protected]> * refactor: JWS for signature package (#76) Signed-off-by: Junjie Gao <[email protected]> * refactor: rename signer to signature submodule (#71) Signed-off-by: Binbin Li <[email protected]> * refactor: refactor envelope and signer to support cose (#73) Signed-off-by: Binbin Li <[email protected]> * refactor: JWS for signature package (#76) Signed-off-by: Junjie Gao <[email protected]> * Allows signing with self-signed certificate (#77) Signed-off-by: Pritesh Bandi <[email protected]> * updated conformance_test Signed-off-by: Patrick Zheng <[email protected]> * refactor: refactor comments (#78) Signed-off-by: Binbin Li <[email protected]> * updated per code review Signed-off-by: Patrick Zheng <[email protected]> * updated per code review Signed-off-by: Patrick Zheng <[email protected]> * removed CLI related maps, they should be in notation CLI Signed-off-by: Patrick Zheng <[email protected]> * resolved conflicts Signed-off-by: Patrick Zheng <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Signed-off-by: Binbin Li <[email protected]> Signed-off-by: Shiwei Zhang <[email protected]> Signed-off-by: Junjie Gao <[email protected]> Signed-off-by: Patrick Zheng <[email protected]> Signed-off-by: Pritesh Bandi <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Binbin Li <[email protected]> Co-authored-by: Shiwei Zhang <[email protected]> Co-authored-by: Junjie Gao <[email protected]> Co-authored-by: Binbin Li <[email protected]> Co-authored-by: Junjie Gao <[email protected]> Co-authored-by: Pritesh Bandi <[email protected]>
notaryproject · Sep 23, 2022 · 70115d5 · 70115d5
1 parent afc4874
commit 70115d5
Show file tree

Hide file tree

Showing 31 changed files with 410 additions and 2,603 deletions.
diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go-version: [1.17, 1.18]
+        go-version: [1.18, 1.19]
       fail-fast: true
     steps:
       - name: Checkout

diff --git a/.github/workflows/reusable-codeql.yml b/.github/workflows/reusable-codeql.yml
@@ -13,7 +13,7 @@ jobs:
       security-events: write
     strategy:
       matrix:
-        go-version: [1.17, 1.18]
+        go-version: [1.18, 1.19]
       fail-fast: false
     steps:
       - name: Checkout repository

diff --git a/go.mod b/go.mod
@@ -2,10 +2,12 @@ module github.com/notaryproject/notation-core-go
 
 go 1.18
 
-require github.com/golang-jwt/jwt/v4 v4.4.2
+require (
+	github.com/golang-jwt/jwt/v4 v4.4.2
+	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
+)
 
 require (
 	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
-	github.com/veraison/go-cose v1.0.0-rc.1.0.20220824135457-9d2fab636b83
 	github.com/x448/float16 v0.8.4 // indirect
 )
diff --git a/signature/cose/conformance_test.go b/signature/cose/conformance_test.go
@@ -70,7 +70,7 @@ func testSign(t *testing.T, sign1 *sign1) {
 
 	// Verify using the same envelope struct
 	// (Verify with UnmarshalCBOR is covered in the testVerify() part)
-	_, _, err = env.Verify()
+	_, err = env.Verify()
 	if err != nil {
 		t.Fatalf("Verify() failed. Error = %s", err)
 	}
@@ -96,11 +96,6 @@ func testVerify(t *testing.T, sign1 *sign1) {
 		t.Fatalf("msg.UnmarshalCBOR() failed. Error = %s", err)
 	}
 
-	// Not doing conformance check on CertChain and signature fields,
-	// becase every time we run this test, a new certChain and signer would be
-	// generated, and hence, a new signature would be generated after Sign().
-	// Instead, CertChain is verified in verifySignerInfo(), and signature is
-	// verified by go-cose's Verify() later on.
 	certs := []*x509.Certificate{testhelper.GetRSALeafCertificate().Cert, testhelper.GetRSARootCertificate().Cert}
 	certChain := make([]interface{}, len(certs))
 	for i, c := range certs {
@@ -110,12 +105,12 @@ func testVerify(t *testing.T, sign1 *sign1) {
 	msg.Signature = env.base.Signature
 
 	newEnv := createNewEnv(&msg)
-	payload, signerInfo, err := newEnv.Verify()
+	content, err := newEnv.Verify()
 	if err != nil {
 		t.Fatalf("Verify() failed. Error = %s", err)
 	}
-	verifyPayload(payload, signRequest, t)
-	verifySignerInfo(signerInfo, signRequest, t)
+	verifyPayload(&content.Payload, signRequest, t)
+	verifySignerInfo(&content.SignerInfo, signRequest, t)
 }
 
 func getSignReq(sign1 *sign1) (*signature.SignRequest, error) {
@@ -126,12 +121,12 @@ func getSignReq(sign1 *sign1) (*signature.SignRequest, error) {
 	}
 	signRequest := &signature.SignRequest{
 		Payload: signature.Payload{
-			ContentType: signature.MediaTypePayloadV1,
+			ContentType: "application/vnd.cncf.notary.payload.v1+json",
 			Content:     []byte("hello COSE"),
 		},
 		Signer:      signer,
-		SigningTime: time.Unix(sign1.SigningTime, 0).Truncate(time.Second),
-		Expiry:      time.Unix(sign1.Expiry, 0).Truncate(time.Second),
+		SigningTime: time.Unix(sign1.SigningTime, 0),
+		Expiry:      time.Unix(sign1.Expiry, 0),
 		ExtendedSignedAttributes: []signature.Attribute{
 			{Key: "signedCritKey1", Value: "signedCritValue1", Critical: true},
 			{Key: "signedKey1", Value: "signedValue1", Critical: false},
@@ -200,16 +195,10 @@ func areAttrEqual(u []signature.Attribute, v []signature.Attribute) bool {
 }
 
 func generateSign1(msg *cose.Sign1Message) *cose.Sign1Message {
-	// Not doing conformance check on CertChain and signature fields,
-	// becase every time we run this test, a new certChain and signer would be
-	// generated, and hence, a new signature would be generated after Sign().
-	// Instead, CertChain is verified in verifySignerInfo, and signature is
-	// verified by go-cose's Verify().
 	newMsg := cose.NewSign1Message()
 	newMsg.Headers.Protected = msg.Headers.Protected
 	newMsg.Headers.Unprotected["io.cncf.notary.signingAgent"] = msg.Headers.Unprotected["io.cncf.notary.signingAgent"]
 	newMsg.Payload = msg.Payload
-	// An arbitrary signature
 	newMsg.Signature = hexToBytes("31b6cb0cd9c974b39d603465811c2aa3d96a5dff89f80b33cb4e321dc6e68a29b4ba65c00f0f9f22ee4376abfaec2cba6fd21c6881ecaab25775e3fb9226a88cf41660b2d6fd14184540d07ded3744e19ff9dbdd081e15c8f77bb6ca3072ef57141594fad4ea57d206c6b8dd3a6e0a0a7ed764ff08dbcc439bd722e1b3d282921a579a3d860cceea37d633184f9316cb6b4fa4ea550da5ad9e5bf3c2d768a787da76e594290cb10b5b1ead8b7e75967de28e9ff429fe9db814380608a15674f9741563902a620f312213d9dce5c264017cbcb3bb4f8cebee0d5ef32b364f68c11cba5630fac8e3165d06fdebaca095267223c552fe605b4529f25b65f8fa47b010b9096cec275307e82b1062f660a73e07d0b85b978b4a59b5cde51fc9a031b488a3deb38fc312a64ef2ec1250238ae16cfefc00d9aa1ceb938fe6de51f265eebe975c29f4cff8ab0afb40c45e8c985d17347bf20f455851c1a46ab655f51a159cf8910a424c5a8bbdd239e49e43a73c7b5174de29e835063e5e64b459558de5")
 	return newMsg
 }