signing

sigstore · Aug 5, 2024 · 827b813 · 827b813
1 parent 485b13f
commit 827b813
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 51 deletions.
diff --git a/model_signing/model.py b/model_signing/model.py
@@ -12,64 +12,35 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
+from typing import Callable
 import pathlib
 
-from google.protobuf import json_format
-from in_toto_attestation.v1 import statement
-from in_toto_attestation.v1 import statement_pb2 as statement_pb
-from sigstore_protobuf_specs.dev.sigstore.bundle import v1 as bundle_pb
-
-from model_signing.manifest import in_toto
-from model_signing.signature import signing
+from model_signing.manifest import manifest
+from model_signing.signing import signing
 from model_signing.signature import verifying
 from model_signing.serialization import serialization
 
+payload_generator_func = Callable[[manifest.Manifest], signing.SigningPayload]
+
 
 def sign(model_path: pathlib.Path,
          signer: signing.Signer,
+         payload_generator: payload_generator_func,
          serializer: serialization.Serializer,
-         ignore_paths: list[str] = [],
-         ) -> bundle_pb.Bundle:
-    """Signs a model and returns a sigstore bundle.
-
-    Args:
-        model_path (pathlib.Path): Path to the model
-        signer (signing.Signer): Signer to sign the statement
-        serializer (serialization.Serializer): Serializer used to serialize the model
-        ignore_paths (list[str], optional): Filenames that should be ignored during serialization. Defaults to [].
-
-    Returns:
-        bundle_pb.Bundle: Sigstore bundle containing a signed DSSE envelope
-    """
-    manifest = serializer.serialize(model_path, ignore_paths)
-    stmnt = in_toto.manifest_to_statement(manifest)
-    bundle = signer.sign(stmnt)
-    return bundle
+         ignore_paths: list[pathlib.Path] = [],
+         ) -> signing.Signature:
+    manifest = serializer.serialize(model_path, ignore_paths=ignore_paths)
+    payload = payload_generator(manifest)
+    sig = signer.sign(payload)
+    return sig
 
 
-def verify(bundle: bundle_pb.Bundle,
-           verifier: verifying.Verifier,
+def verify(sig: signing.Signature,
+           verifier: signing.Verifier,
            model_path: pathlib.Path,
            serializer: serialization.Serializer,
-           ignore_paths: list[str] = []):
-    """Verifies the bundle information in comparison with the local model.
-
-    Args:
-        bundle (bundle_pb.Bundle): Sigstore bundle describing the model
-        verifier (verifying.Verifier): Verifier to verify the signature
-        model_path (pathlib.Path): Path to the local model.
-        serializer (serialization.Serializer): Serializer to be used for the local model.
-        ignore_paths (list[str], optional): Filenames to ignore during serialization. Defaults to [].
-
-    Raises:
-        verifying.VerificationError: on verification failures.
-    """
-    verifier.verify(bundle)
+           ignore_paths: list[pathlib.Path] = []):
+    peer_manifest = verifier.verify(sig)
     local_manifest = serializer.serialize(model_path, ignore_paths)
-    payload = bundle.dsse_envelope.payload
-    peer_statment_pb = json_format.Parse(payload, statement_pb.Statement())
-    peer_statment = statement.Statement.copy_from_pb(peer_statment_pb)
-    peer_manifest = in_toto.statement_to_manifest(peer_statment)
-
     if peer_manifest != local_manifest:
         raise verifying.VerificationError('the manifest do not match')
diff --git a/model_signing/sign.py → sign.py b/model_signing/sign.py → sign.py
@@ -26,6 +26,7 @@
 from model_signing.signature import signing
 from model_signing.signature import sigstore
 from model_signing.signature import fake
+from model_signing.signing import in_toto
 
 log = logging.getLogger(__name__)
 
@@ -53,7 +54,8 @@ def __arguments() -> argparse.Namespace:
     pki = method_cmd.add_parser('pki')
     pki.add_argument(
         '--cert_chain',
-        help='paths to pem encoded certificate files or a single file containing a chain',
+        help=('paths to pem encoded certificate files or a single',
+              'file containing a chain'),
         required=False,
         type=list[str],
         default=[],
@@ -143,18 +145,20 @@ def hasher_factory(file_path: pathlib.Path) -> file.FileHasher:
             file=file_path,
             content_hasher=memory.SHA256())
 
-    serializer = serialize_by_file.FilesSerializer(
+    serializer = serialize_by_file.ManifestSerializer(
         file_hasher_factory=hasher_factory)
 
-    bundle = model.sign(
+    intoto_signer = in_toto.IntotoSigner(payload_signer)
+    sig = model.sign(
         model_path=args.model_path,
-        signer=payload_signer,
+        signer=intoto_signer,
+        payload_generator=in_toto.DigestsIntotoPayload.from_manifest,
         serializer=serializer,
-        ignore_paths=[args.sig_out.name]
+        ignore_paths=[args.sig_out]
     )
 
     log.info(f'Storing signature at "{args.sig_out}"')
-    args.sig_out.write_text(bundle.to_json())
+    sig.write(args.sig_out)
 
 
 if __name__ == '__main__':