Skip to content

Commit ca13948

Browse files
authored
Merge pull request #1196 from sigstore/HashAlgorithmInVerifiers
Pipe algorithm registry into verifiers
2 parents a96a2ee + 963c776 commit ca13948

3 files changed

Lines changed: 13 additions & 6 deletions

File tree

sigstore-java/src/main/java/dev/sigstore/encryption/signers/EcdsaVerifier.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,18 @@
1515
*/
1616
package dev.sigstore.encryption.signers;
1717

18+
import dev.sigstore.AlgorithmRegistry;
1819
import java.security.*;
1920

2021
/** ECDSA verifier, instantiated by {@link Verifiers#newVerifier(PublicKey)}. */
2122
public class EcdsaVerifier implements Verifier {
2223

2324
private final PublicKey publicKey;
25+
private final AlgorithmRegistry.HashAlgorithm hashAlgorithm;
2426

25-
EcdsaVerifier(PublicKey publicKey) {
27+
EcdsaVerifier(PublicKey publicKey, AlgorithmRegistry.HashAlgorithm hashAlgorithm) {
2628
this.publicKey = publicKey;
29+
this.hashAlgorithm = hashAlgorithm;
2730
}
2831

2932
@Override
@@ -34,7 +37,7 @@ public PublicKey getPublicKey() {
3437
@Override
3538
public boolean verify(byte[] artifact, byte[] signature)
3639
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
37-
var verifier = Signature.getInstance("SHA256withECDSA");
40+
var verifier = Signature.getInstance(hashAlgorithm + "withECDSA");
3841
verifier.initVerify(publicKey);
3942
verifier.update(artifact);
4043
return verifier.verify(signature);

sigstore-java/src/main/java/dev/sigstore/encryption/signers/RsaVerifier.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,18 @@
1515
*/
1616
package dev.sigstore.encryption.signers;
1717

18+
import dev.sigstore.AlgorithmRegistry;
1819
import java.security.*;
1920

2021
/** RSA verifier, instantiated by {@link Verifiers#newVerifier(PublicKey)}. */
2122
public class RsaVerifier implements Verifier {
2223

2324
private final PublicKey publicKey;
25+
private final AlgorithmRegistry.HashAlgorithm hashAlgorithm;
2426

25-
RsaVerifier(PublicKey publicKey) {
27+
RsaVerifier(PublicKey publicKey, AlgorithmRegistry.HashAlgorithm hashAlgorithm) {
2628
this.publicKey = publicKey;
29+
this.hashAlgorithm = hashAlgorithm;
2730
}
2831

2932
@Override
@@ -34,7 +37,7 @@ public PublicKey getPublicKey() {
3437
@Override
3538
public boolean verify(byte[] artifact, byte[] signature)
3639
throws NoSuchAlgorithmException, InvalidKeyException, SignatureException {
37-
var verifier = Signature.getInstance("SHA256withRSA");
40+
var verifier = Signature.getInstance(hashAlgorithm + "withRSA");
3841
verifier.initVerify(publicKey);
3942
verifier.update(artifact);
4043
return verifier.verify(signature);

sigstore-java/src/main/java/dev/sigstore/encryption/signers/Verifiers.java

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
*/
1616
package dev.sigstore.encryption.signers;
1717

18+
import dev.sigstore.AlgorithmRegistry;
1819
import java.security.NoSuchAlgorithmException;
1920
import java.security.PublicKey;
2021
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
@@ -25,10 +26,10 @@ public class Verifiers {
2526
/** Returns a new verifier for the provided public key to use during verification. */
2627
public static Verifier newVerifier(PublicKey publicKey) throws NoSuchAlgorithmException {
2728
if (publicKey.getAlgorithm().equals("RSA")) {
28-
return new RsaVerifier(publicKey);
29+
return new RsaVerifier(publicKey, AlgorithmRegistry.HashAlgorithm.SHA2_256);
2930
}
3031
if (publicKey.getAlgorithm().equals("EC") || publicKey.getAlgorithm().equals("ECDSA")) {
31-
return new EcdsaVerifier(publicKey);
32+
return new EcdsaVerifier(publicKey, AlgorithmRegistry.HashAlgorithm.SHA2_256);
3233
}
3334
if (publicKey.getAlgorithm().equals("Ed25519")) {
3435
return new Ed25519Verifier(publicKey);

0 commit comments

Comments
 (0)