Open haydentherapper opened 9 months ago
Can you please also mention the additional types we have to add support here. As we will also have to add validation checks for those types like we do for the currently supported types https://github.com/sigstore/sigstore-go/blob/3a6a109900dfe00c55d51d18556c37859fbae3b8/pkg/tlog/entry.go#L148-L170
That's a good point, I would say that this issue is blocked until Rekor adds a method on the Entries interface for both Validate()
and Signature()
(also needed here).
I'll leave this issue open for now, but consider it blocked.
Description
We've created a Verifiers API in the Entries interface to abstract extracting "verifiers" - eg certificates, public keys, pgp keys, etc - from a given entry. This would simplify the logic in
PublicKey()
and add support for additional types (though there may be more places where types are hardcoded).Interface: https://github.com/sigstore/rekor/blob/main/pkg/types/entries.go#L40
Code: https://github.com/sigstore/sigstore-go/blob/f7518a68b37b7887b69e1607b9ddb668ddec117d/pkg/tlog/entry.go#L197-L222