Skip to content

Commit

Permalink
feat(sigstore): add FetchTrustRoot
Browse files Browse the repository at this point in the history
  • Loading branch information
@natesales
natesales committed Nov 14, 2024
1 parent bb5bbb0 commit d810583
Showing 1 changed file with 22 additions and 0 deletions.
22 changes: 22 additions & 0 deletions pkg/sigstore/sigstore.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@ package sigstore
import (
"encoding/hex"
"fmt"
"os"

protobundle "github.com/sigstore/protobuf-specs/gen/pb-go/bundle/v1"
"github.com/sigstore/sigstore-go/pkg/bundle"
"github.com/sigstore/sigstore-go/pkg/root"
"github.com/sigstore/sigstore-go/pkg/tuf"
"github.com/sigstore/sigstore-go/pkg/verify"

"github.com/tinfoilanalytics/verifier/pkg/models"
Expand Down Expand Up @@ -70,3 +72,23 @@ func VerifyAttestedMeasurements(trustedRootJSON, bundleJSON []byte, hexDigest st
PCR2: predicate["PCR2"].GetStringValue(),
}, nil
}

// FetchTrustRoot downloads the Sigstore trust root configuration and saves it as a JSON file
func FetchTrustRoot() error {
opts := tuf.DefaultOptions()
client, err := tuf.New(opts)
if err != nil {
return err
}

rootJSON, err := client.GetTarget("trusted_root.json")
if err != nil {
return err
}

if err := os.WriteFile("trusted_root.json", rootJSON, 0644); err != nil {
return err
}

return nil
}

0 comments on commit d810583

Please sign in to comment.