diff --git a/cmd/notation/verify.go b/cmd/notation/verify.go index d523aac92..387e045dc 100644 --- a/cmd/notation/verify.go +++ b/cmd/notation/verify.go @@ -8,7 +8,6 @@ import ( "reflect" "github.com/notaryproject/notation-go" - "github.com/notaryproject/notation-go/log" notationregistry "github.com/notaryproject/notation-go/registry" "github.com/notaryproject/notation-go/verifier" "github.com/notaryproject/notation-go/verifier/trustpolicy" @@ -63,7 +62,6 @@ Example - Verify a signature on an OCI artifact identified by a tag (Notation w func runVerify(command *cobra.Command, opts *verifyOpts) error { // set log level ctx := opts.LoggingFlagOpts.SetLoggerLevel(command.Context()) - logger := log.GetLogger(ctx) // initialize reference := opts.reference @@ -101,13 +99,16 @@ func runVerify(command *cobra.Command, opts *verifyOpts) error { MaxSignatureAttempts: math.MaxInt64, } - // core process + // core verify process _, outcomes, err := notation.Verify(ctx, verifier, sigRepo, verifyOpts) - if err != nil { - logger.Error(err) - } // write out on failure if err != nil || len(outcomes) == 0 { + if err != nil { + var errorVerificationFailed *notation.ErrorVerificationFailed + if !errors.As(err, &errorVerificationFailed) { + return fmt.Errorf("signature verification failed: %w", err) + } + } return fmt.Errorf("signature verification failed for all the signatures associated with %s", ref.String()) } diff --git a/internal/envelope/envelope.go b/internal/envelope/envelope.go index 8565bcf46..868e3363a 100644 --- a/internal/envelope/envelope.go +++ b/internal/envelope/envelope.go @@ -1,12 +1,10 @@ package envelope import ( - "errors" "fmt" "github.com/notaryproject/notation-core-go/signature/cose" "github.com/notaryproject/notation-core-go/signature/jws" - gcose "github.com/veraison/go-cose" ) // Supported envelope format. @@ -15,21 +13,6 @@ const ( JWS = "jws" ) -// SpeculateSignatureEnvelopeFormat speculates envelope format by looping all builtin envelope format. -// -// TODO: abandon this fature in RC1. -func SpeculateSignatureEnvelopeFormat(raw []byte) (string, error) { - var msg gcose.Sign1Message - if err := msg.UnmarshalCBOR(raw); err == nil { - return cose.MediaTypeEnvelope, nil - } - if len(raw) == 0 || raw[0] != '{' { - // very certain - return "", errors.New("unsupported signature format") - } - return jws.MediaTypeEnvelope, nil -} - // GetEnvelopeMediaType converts the envelope type to mediaType name. func GetEnvelopeMediaType(sigFormat string) (string, error) { switch sigFormat { diff --git a/internal/envelope/envelope_test.go b/internal/envelope/envelope_test.go index b3aea8346..d7f60fbb4 100644 --- a/internal/envelope/envelope_test.go +++ b/internal/envelope/envelope_test.go @@ -1,79 +1,9 @@ package envelope import ( - "encoding/json" - "errors" "testing" - - "github.com/notaryproject/notation-core-go/signature/cose" - "github.com/notaryproject/notation-core-go/signature/jws" - gcose "github.com/veraison/go-cose" -) - -var ( - validJwsSignatureEnvelope, _ = json.Marshal(struct{}{}) - validCoseSignatureEnvelope []byte - invalidSignatureEnvelope = []byte("invalid") ) -func init() { - msg := gcose.Sign1Message{ - Headers: gcose.NewSign1Message().Headers, - Payload: []byte("valid"), - Signature: []byte("valid"), - } - validCoseSignatureEnvelope, _ = msg.MarshalCBOR() -} - -func checkErrorEqual(expected, got error) bool { - if expected == nil && got == nil { - return true - } - if expected != nil && got != nil { - return expected.Error() == got.Error() - } - return false -} - -func TestSpeculateSignatureEnvelopeFormat(t *testing.T) { - tests := []struct { - name string - raw []byte - expectedType string - expectedErr error - }{ - { - name: "jws signature media type", - raw: validJwsSignatureEnvelope, - expectedType: jws.MediaTypeEnvelope, - expectedErr: nil, - }, - { - name: "cose signature media type", - raw: validCoseSignatureEnvelope, - expectedType: cose.MediaTypeEnvelope, - expectedErr: nil, - }, - { - name: "invalid signature media type", - raw: invalidSignatureEnvelope, - expectedType: "", - expectedErr: errors.New("unsupported signature format"), - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - eType, err := SpeculateSignatureEnvelopeFormat(tt.raw) - if !checkErrorEqual(tt.expectedErr, err) { - t.Fatalf("expected speculate signature envelope format err: %v, got: %v", tt.expectedErr, err) - } - if eType != tt.expectedType { - t.Fatalf("expected signatureFormat: %v, got: %v", tt.expectedType, eType) - } - }) - } -} - func TestGetEnvelopeMediaType(t *testing.T) { type args struct { sigFormat string