Module: Sigstore::Rekor::Checkpoint

Defined in:
lib/sigstore/rekor/checkpoint.rb

Defined Under Namespace

Classes: LogCheckpoint, Signature, SignedCheckpoint, SignedNote

Class Method Summary collapse

Class Method Details

.verify_checkpoint(rekor_keyring, entry) ⇒ Object

Raises:



98
99
100
101
102
103
104
105
106
107
108
109
110
111
 
# File 'lib/sigstore/rekor/checkpoint.rb', line 98

def self.verify_checkpoint(rekor_keyring, entry)
  raise Error::InvalidRekorEntry, "Rekor entry has no inclusion proof" unless entry.inclusion_proof

  signed_checkpoint = SignedCheckpoint.from_text(entry.inclusion_proof.checkpoint.envelope)
  signed_checkpoint.signed_note.verify(rekor_keyring, entry.log_id.key_id)

  checkpoint_hash = signed_checkpoint.checkpoint.log_hash
  root_hash = entry.inclusion_proof.root_hash

  return if checkpoint_hash == root_hash

  raise Error::InvalidRekorEntry, "Inclusion proof contains invalid root hash: " \
                                  "expected #{checkpoint_hash.inspect}, calculated #{root_hash.inspect}"
end