reuse dsse signature wrappers instead of having a copy (sigstore#912)

Signed-off-by: Bob Callaway <bcallaway@google.com>

Author: bobcallaway

pkg/types/intoto/v0.0.1/entry.go

@@ -43,7 +43,7 @@ import (
 	"github.com/sigstore/rekor/pkg/types"
 	"github.com/sigstore/rekor/pkg/types/intoto"
 	"github.com/sigstore/sigstore/pkg/signature"
-	"github.com/sigstore/sigstore/pkg/signature/options"
+	dsse_verifier "github.com/sigstore/sigstore/pkg/signature/dsse"
 )
 
 const (
@@ -232,26 +232,12 @@ func (v *V001Entry) validate() error {
 	if err != nil {
 		return err
 	}
-	dsseVerifier, err := dsse.NewEnvelopeSigner(&verifier{
-		v:   vfr,
-		pub: pk,
-	})
-	if err != nil {
-		return err
-	}
-
-	if v.IntotoObj.Content.Envelope == "" {
-		return nil
-	}
+	dsseVerifier := dsse_verifier.WrapVerifier(vfr)
 
-	if err := json.Unmarshal([]byte(v.IntotoObj.Content.Envelope), &v.env); err != nil {
+	if err := dsseVerifier.VerifySignature(strings.NewReader(v.IntotoObj.Content.Envelope), nil); err != nil {
 		return err
 	}
-
-	if _, err := dsseVerifier.Verify(&v.env); err != nil {
-		return err
-	}
-	return nil
+	return json.Unmarshal([]byte(v.IntotoObj.Content.Envelope), &v.env)
 }
 
 // AttestationKey returns the digest of the attestation that was uploaded, to be used to lookup the attestation from storage
@@ -275,38 +261,6 @@ func (v *V001Entry) AttestationKeyValue() (string, []byte) {
 	return attKey, attBytes
 }
 
-type verifier struct {
-	s   signature.Signer
-	v   signature.Verifier
-	pub crypto.PublicKey
-}
-
-func (v *verifier) KeyID() (string, error) {
-	return "", nil
-}
-
-func (v *verifier) Public() crypto.PublicKey {
-	return v.pub
-}
-
-func (v *verifier) Sign(data []byte) (sig []byte, err error) {
-	if v.s == nil {
-		return nil, errors.New("nil signer")
-	}
-	sig, err = v.s.SignMessage(bytes.NewReader(data), options.WithCryptoSignerOpts(crypto.SHA256))
-	if err != nil {
-		return nil, err
-	}
-	return sig, nil
-}
-
-func (v *verifier) Verify(data, sig []byte) error {
-	if v.v == nil {
-		return errors.New("nil verifier")
-	}
-	return v.v.VerifySignature(bytes.NewReader(sig), bytes.NewReader(data))
-}
-
 func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.ArtifactProperties) (models.ProposedEntry, error) {
 	returnVal := models.Intoto{}
 

pkg/types/intoto/v0.0.1/entry_test.go

@@ -46,6 +46,7 @@ import (
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/rekor/pkg/types"
 	"github.com/sigstore/sigstore/pkg/signature"
+	dsse_signer "github.com/sigstore/sigstore/pkg/signature/dsse"
 	"go.uber.org/goleak"
 )
 
@@ -71,23 +72,13 @@ func envelope(t *testing.T, k *ecdsa.PrivateKey, payload, payloadType string) st
 	if err != nil {
 		t.Fatal(err)
 	}
-	signer, err := in_toto.NewDSSESigner(&verifier{
-		s:   s,
-		pub: k.Public(),
-	})
-	if err != nil {
-		t.Fatal(err)
-	}
-	dsseEnv, err := signer.SignPayload([]byte(payload))
-	if err != nil {
-		t.Fatal(err)
-	}
-	b, err := json.Marshal(dsseEnv)
+	wrappedSigner := dsse_signer.WrapSigner(s, string(payloadType))
+	dsseEnv, err := wrappedSigner.SignMessage(strings.NewReader(payload))
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	return string(b)
+	return string(dsseEnv)
 }
 
 func TestV001Entry_Unmarshal(t *testing.T) {