Skip to content

Commit 7ab9079

Browse files
loosebazookaloosebazooka
committed
Add arifactDigest as input option for conformance
Signed-off-by: Appu Goundan <[email protected]>
1 parent 763c500 commit 7ab9079

File tree

1 file changed

+18
-4
lines changed

1 file changed

+18
-4
lines changed

sigstore-cli/src/main/java/dev/sigstore/cli/Verify.java

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,7 @@
3838
import java.security.cert.CertPath;
3939
import java.util.Base64;
4040
import java.util.concurrent.Callable;
41+
import org.apache.commons.codec.binary.Hex;
4142
import picocli.CommandLine.ArgGroup;
4243
import picocli.CommandLine.Command;
4344
import picocli.CommandLine.Option;
@@ -48,8 +49,14 @@
4849
aliases = {"verify-bundle"},
4950
description = "verify an artifact")
5051
public class Verify implements Callable<Integer> {
51-
@Parameters(arity = "1", paramLabel = "<artifact>", description = "artifact to verify")
52-
Path artifact;
52+
53+
private static final String SHA256_PREFIX = "sha256:";
54+
55+
@Parameters(
56+
arity = "1",
57+
paramLabel = "<artifact>",
58+
description = "an artifact path or artifact hash (sha256:abc...) to verify")
59+
String artifact;
5360

5461
@ArgGroup(multiplicity = "1", exclusive = true)
5562
SignatureFiles signatureFiles;
@@ -107,7 +114,10 @@ static class Policy {
107114

108115
@Override
109116
public Integer call() throws Exception {
110-
byte[] digest = asByteSource(artifact.toFile()).hash(Hashing.sha256()).asBytes();
117+
byte[] digest =
118+
artifact.startsWith(SHA256_PREFIX)
119+
? Hex.decodeHex(artifact.substring(SHA256_PREFIX.length()))
120+
: asByteSource(Path.of(artifact).toFile()).hash(Hashing.sha256()).asBytes();
111121

112122
Bundle bundle;
113123
if (signatureFiles.sigAndCert != null) {
@@ -178,7 +188,11 @@ public Integer call() throws Exception {
178188
} else {
179189
throw new IllegalStateException("Unable to initialize verifier");
180190
}
181-
verifier.verify(artifact, bundle, verificationOptions);
191+
if (artifact.startsWith(SHA256_PREFIX)) {
192+
verifier.verify(digest, bundle, verificationOptions);
193+
} else {
194+
verifier.verify(Path.of(artifact), bundle, verificationOptions);
195+
}
182196
return 0;
183197
}
184198
}

0 commit comments

Comments
 (0)