From 0acf40489b441db757a04810a62fb14e9f7bd3a2 Mon Sep 17 00:00:00 2001 From: asraa Date: Mon, 11 Jul 2022 18:32:24 -0500 Subject: [PATCH] fix: properly handle sharded uuids returned from rekor (#141) Signed-off-by: Asra Ali Co-authored-by: laurentsimon <64505099+laurentsimon@users.noreply.github.com> --- pkg/provenance.go | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/pkg/provenance.go b/pkg/provenance.go index f17cb4f..61eaba2 100644 --- a/pkg/provenance.go +++ b/pkg/provenance.go @@ -36,6 +36,7 @@ import ( "github.com/sigstore/rekor/pkg/generated/client/index" "github.com/sigstore/rekor/pkg/generated/client/tlog" "github.com/sigstore/rekor/pkg/generated/models" + "github.com/sigstore/rekor/pkg/sharding" "github.com/sigstore/rekor/pkg/types" intotod "github.com/sigstore/rekor/pkg/types/intoto/v0.0.1" "github.com/sigstore/rekor/pkg/util" @@ -254,9 +255,9 @@ func verifyRootHash(ctx context.Context, rekorClient *client.Rekor, proof *model return nil } -func verifyTlogEntryByUUID(ctx context.Context, rekorClient *client.Rekor, uuid string) (*models.LogEntryAnon, error) { +func verifyTlogEntryByUUID(ctx context.Context, rekorClient *client.Rekor, entryUUID string) (*models.LogEntryAnon, error) { params := entries.NewGetLogEntryByUUIDParamsWithContext(ctx) - params.EntryUUID = uuid + params.EntryUUID = entryUUID lep, err := rekorClient.Entries.GetLogEntryByUUID(params) if err != nil { @@ -266,7 +267,20 @@ func verifyTlogEntryByUUID(ctx context.Context, rekorClient *client.Rekor, uuid if len(lep.Payload) != 1 { return nil, errors.New("UUID value can not be extracted") } - e := lep.Payload[params.EntryUUID] + + uuid, err := sharding.GetUUIDFromIDString(params.EntryUUID) + if err != nil { + return nil, err + } + + var e models.LogEntryAnon + for k, entry := range lep.Payload { + if k != uuid { + return nil, errors.New("expected matching UUID") + } + e = entry + } + return verifyTlogEntry(ctx, rekorClient, params.EntryUUID, e) }