From bb016fa80583b2b4633e2159677fe412b8c69c0c Mon Sep 17 00:00:00 2001
From: Carlos A Becker <caarlos0@gmail.com>
Date: Wed, 22 Dec 2021 16:43:07 -0300
Subject: [PATCH] feat: resolve --cert from URL

Signed-off-by: Carlos A Becker <caarlos0@gmail.com>
---
 cmd/cosign/cli/verify/verify.go      | 7 ++++---
 cmd/cosign/cli/verify/verify_blob.go | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/cmd/cosign/cli/verify/verify.go b/cmd/cosign/cli/verify/verify.go
index 6e625ab6a52..daa30791a22 100644
--- a/cmd/cosign/cli/verify/verify.go
+++ b/cmd/cosign/cli/verify/verify.go
@@ -32,6 +32,7 @@ import (
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
 	"github.com/sigstore/cosign/cmd/cosign/cli/rekor"
 	"github.com/sigstore/cosign/cmd/cosign/cli/sign"
+	"github.com/sigstore/cosign/pkg/blob"
 	"github.com/sigstore/cosign/pkg/cosign"
 	"github.com/sigstore/cosign/pkg/cosign/pivkey"
 	"github.com/sigstore/cosign/pkg/cosign/pkcs11key"
@@ -131,7 +132,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 			return errors.Wrap(err, "initializing piv token verifier")
 		}
 	case certRef != "":
-		pubKey, err = loadCertFromFile(c.CertRef)
+		pubKey, err = loadCertFromFileOrURL(c.CertRef)
 		if err != nil {
 			return err
 		}
@@ -254,8 +255,8 @@ func PrintVerification(imgRef string, verified []oci.Signature, output string) {
 	}
 }
 
-func loadCertFromFile(path string) (*signature.ECDSAVerifier, error) {
-	pems, err := os.ReadFile(path)
+func loadCertFromFileOrURL(path string) (*signature.ECDSAVerifier, error) {
+	pems, err := blob.LoadFileOrURL(path)
 	if err != nil {
 		return nil, err
 	}
diff --git a/cmd/cosign/cli/verify/verify_blob.go b/cmd/cosign/cli/verify/verify_blob.go
index 6f64e74b9b9..efbb28e293c 100644
--- a/cmd/cosign/cli/verify/verify_blob.go
+++ b/cmd/cosign/cli/verify/verify_blob.go
@@ -113,7 +113,7 @@ func VerifyBlobCmd(ctx context.Context, ko sign.KeyOpts, certRef, sigRef, blobRe
 			return errors.Wrap(err, "loading public key from token")
 		}
 	case certRef != "":
-		pubKey, err = loadCertFromFile(certRef)
+		pubKey, err = loadCertFromFileOrURL(certRef)
 		if err != nil {
 			return err
 		}