Skip to content

Commit 7dd9eab

Browse files
shibumishibumi
authored
Merge pull request #91 from Yaxhveer/dsse-verify-bug
Corrected bug in dsse verify
2 parents 6a58ace + f1f79cf commit 7dd9eab

File tree

2 files changed

+43
-1
lines changed

2 files changed

+43
-1
lines changed

dsse/verify.go

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,8 @@ func (ev *EnvelopeVerifier) Verify(ctx context.Context, e *Envelope) ([]Accepted
4343
// If *any* signature is found to be incorrect, it is skipped
4444
var acceptedKeys []AcceptedKey
4545
usedKeyids := make(map[string]string)
46-
unverified_providers := ev.providers
46+
unverified_providers := make([]Verifier, len(ev.providers))
47+
copy(unverified_providers, ev.providers)
4748
for _, s := range e.Signatures {
4849
sig, err := b64Decode(s.Sig)
4950
if err != nil {

dsse/verify_test.go

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -380,3 +380,44 @@ func TestVerifyPublicKeyID(t *testing.T) {
380380
assert.Len(t, acceptedKeys, 1, "unexpected keys")
381381
assert.Equal(t, acceptedKeys[0].KeyID, keyID, "unexpected keyid")
382382
}
383+
384+
func TestVerifyMultipleProviderAndEnvelopes(t *testing.T) {
385+
const payloadType = "http://example.com/HelloWorld"
386+
const payload = "hello world"
387+
388+
var ns nilSignerVerifier
389+
var null nullSignerVerifier
390+
391+
signerNil, err := NewEnvelopeSigner(ns)
392+
assert.Nil(t, err, "unexpected error")
393+
394+
signerNull, err := NewEnvelopeSigner(null)
395+
assert.Nil(t, err, "unexpected error")
396+
397+
envNil1, err := signerNil.SignPayload(context.TODO(), payloadType, []byte(payload))
398+
assert.Nil(t, err, "sign failed")
399+
400+
envNil2, err := signerNil.SignPayload(context.TODO(), payloadType, []byte(payload))
401+
assert.Nil(t, err, "sign failed")
402+
403+
envNull, err := signerNull.SignPayload(context.TODO(), payloadType, []byte(payload))
404+
assert.Nil(t, err, "sign failed")
405+
406+
verifier, err := NewEnvelopeVerifier(ns, null)
407+
assert.Nil(t, err, "unexpected error")
408+
409+
acceptedKeysNil1, err := verifier.Verify(context.TODO(), envNil1)
410+
assert.Nil(t, err, "unexpected error")
411+
assert.Len(t, acceptedKeysNil1, 1, "unexpected keys")
412+
assert.Equal(t, "nil", acceptedKeysNil1[0].KeyID, "unexpected keyid")
413+
414+
acceptedKeysNil2, err := verifier.Verify(context.TODO(), envNil2)
415+
assert.Nil(t, err, "unexpected error")
416+
assert.Len(t, acceptedKeysNil2, 1, "unexpected keys")
417+
assert.Equal(t, "nil", acceptedKeysNil2[0].KeyID, "unexpected keyid")
418+
419+
acceptedKeysNull, err := verifier.Verify(context.TODO(), envNull)
420+
assert.Nil(t, err, "unexpected error")
421+
assert.Len(t, acceptedKeysNull, 1, "unexpected keys")
422+
assert.Equal(t, "null", acceptedKeysNull[0].KeyID, "unexpected keyid")
423+
}

0 commit comments

Comments
 (0)