Skip to content
This repository was archived by the owner on Jul 22, 2024. It is now read-only.

Add verify goal #88

Draft
wants to merge 7 commits into
base: main
Choose a base branch
from
Draft

Add verify goal #88

wants to merge 7 commits into from

Conversation

@dbradicich
Copy link

@dbradicich dbradicich commented Apr 1, 2022

Summary

Add verify goal for verifying signatures

WIP

Initial flow in place, down to the actual sig validation, working through that portion now, ultimately aiming to add similar functionality to the pgp verifier plugin where it can validate the dependencies
And tests and all that jazz ;)

@dbradicich
Copy link
Author

dbradicich commented Apr 1, 2022

very much looking forward to the java api for sigstore ;)

dbradicich
dbradicich commented Apr 1, 2022
View reviewed changes
src/main/java/dev/sigstore/plugin/verify/SigstoreVerifier.java Outdated

Signature signature = Signature.getInstance("SHA384withECDSA", new BouncyCastleProvider());
signature.initVerify(certificate.getPublicKey());
signature.verify(rekord.decodedSignature.getBytes(UTF_8));
Copy link
Author

@dbradicich dbradicich Apr 1, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pretty much last spot that needs functional work, simply haven't deal with the signing/verification process before,

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dbradicich @hboutemy