Class: Sigstore::Internal::Key

Inherits:

Object

• Object
• Sigstore::Internal::Key

Includes:

Loggable

Defined in:

lib/sigstore/internal/key.rb

Direct Known Subclasses

ED25519, EDCSA, RSA

Defined Under Namespace

Classes: ED25519, EDCSA, RSA

Instance Attribute Summary

• #key_id ⇒ Object readonly

  Returns the value of attribute key_id.

• #key_type ⇒ Object readonly

  Returns the value of attribute key_type.

• #schema ⇒ Object readonly

  Returns the value of attribute schema.

Class Method Summary

• .from_key_details(key_details, key_bytes) ⇒ Object
• .read(key_type, schema, key_bytes, key_id: nil) ⇒ Object

Instance Method Summary

• #initialize(key_type, schema, key, key_id: nil) ⇒ Key constructor

  A new instance of Key.

• #public_to_der ⇒ Object
• #to_der ⇒ Object
• #to_pem ⇒ Object
• #verify(algo, signature, data) ⇒ Object

Methods included from Loggable

included, #logger

Constructor Details

#initialize(key_type, schema, key, key_id: nil) ⇒ Key

Returns a new instance of Key.

# File 'lib/sigstore/internal/key.rb', line 63

def initialize(key_type, schema, key, key_id: nil)
  @key_type = key_type
  @key = key
  @schema = schema
  @key_id = key_id
end

Instance Attribute Details

#key_id ⇒ Object (readonly)

Returns the value of attribute key_id.

# File 'lib/sigstore/internal/key.rb', line 61

def key_id
  @key_id
end

#key_type ⇒ Object (readonly)

Returns the value of attribute key_type.

# File 'lib/sigstore/internal/key.rb', line 61

def key_type
  @key_type
end

#schema ⇒ Object (readonly)

Returns the value of attribute schema.

# File 'lib/sigstore/internal/key.rb', line 61

def schema
  @schema
end

Class Method Details

.from_key_details(key_details, key_bytes) ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 24

def self.from_key_details(key_details, key_bytes)
  case key_details
  when Common::V1::PublicKeyDetails::PKIX_ECDSA_P256_SHA_256
    key_type = "ecdsa"
    key_schema = "ecdsa-sha2-nistp256"
  when Common::V1::PublicKeyDetails::PKCS1_RSA_PKCS1V5
    key_type = "rsa"
    key_schema = "rsa-pkcs1v15-sha256"
  else
    raise Error::UnsupportedKeyType, "Unsupported key type #{key_details}"
  end

  read(key_type, key_schema, key_bytes, key_id: OpenSSL::Digest::SHA256.hexdigest(key_bytes))
end

.read(key_type, schema, key_bytes, key_id: nil) ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 39

def self.read(key_type, schema, key_bytes, key_id: nil)
  case key_type
  when "ecdsa", "ecdsa-sha2-nistp256"
    pkey = OpenSSL::PKey::EC.new(key_bytes)
    EDCSA.new(key_type, schema, pkey, key_id:)
  when "ed25519"
    pkey = ED25519.pkey_from_der([key_bytes].pack("H*"))
    ED25519.new(key_type, schema, pkey, key_id:)
  when "rsa"
    pkey = OpenSSL::PKey::RSA.new(key_bytes)
    RSA.new(key_type, schema, pkey, key_id:)
  else
    raise ArgumentError, "Unsupported key type #{key_type}"
  end.tap do |key|
    if RUBY_ENGINE == "jruby" && key.to_pem != key_bytes && key.to_der != key_bytes
      raise Error::UnsupportedPlatform, "Key mismatch: #{key.to_pem.inspect} != #{key_bytes.inspect}"
    end
  end
rescue OpenSSL::PKey::PKeyError => e
  raise OpenSSL::PKey::PKeyError, "Invalid key: #{e} for #{key_type} #{schema} #{key_id}"
end

Instance Method Details

#public_to_der ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 85

def public_to_der
  @key.public_to_der
end

#to_der ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 74

def to_der
  @key.to_der
end

#to_pem ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 70

def to_pem
  @key.to_pem
end

#verify(algo, signature, data) ⇒ Object

# File 'lib/sigstore/internal/key.rb', line 78

def verify(algo, signature, data)
  @key.verify(algo, signature, data)
rescue OpenSSL::PKey::PKeyError => e
  logger.debug { "Verification failed: #{e}" }
  false
end