attest/signerverifier/aws.go

package signerverifier

import (
	"context"
	"fmt"

	"github.com/aws/aws-sdk-go-v2/config"
	"github.com/secure-systems-lab/go-securesystemslib/dsse"
	awssigner "github.com/sigstore/sigstore/pkg/signature/kms/aws"
)

// using AWS KMS.
func GetAWSSigner(ctx context.Context, keyARN string, region string) (dsse.SignerVerifier, error) {
	keyPath := fmt.Sprintf("awskms:///%s", keyARN)
	sv, err := awssigner.LoadSignerVerifier(ctx, keyPath, config.WithRegion(region))
	if err != nil {
		return nil, fmt.Errorf("error loading aws signer verifier: %w", err)
	}
	cs, _, err := sv.CryptoSigner(context.Background(), func(_ error) {})
	if err != nil {
		return nil, fmt.Errorf("error getting aws crypto signer: %w", err)
	}
	return NewECDSASignerVerifier(cs)
}
feat: add tlog and signerverifier 2024-04-19 09:08:31 -05:00			`package signerverifier`

			`import (`
			`"context"`
			`"fmt"`

			`"github.com/aws/aws-sdk-go-v2/config"`
			`"github.com/secure-systems-lab/go-securesystemslib/dsse"`
			`awssigner "github.com/sigstore/sigstore/pkg/signature/kms/aws"`
			`)`

fix: standardize casing of initialisms (#112) * fix: standardize casing of initialisms * fix: rename intoto -> inToto and Intoto to InToto * fix: fix all linting errors 2024-08-01 15:35:15 +01:00			`// using AWS KMS.`
			`func GetAWSSigner(ctx context.Context, keyARN string, region string) (dsse.SignerVerifier, error) {`
			`keyPath := fmt.Sprintf("awskms:///%s", keyARN)`
			`sv, err := awssigner.LoadSignerVerifier(ctx, keyPath, config.WithRegion(region))`
feat: add tlog and signerverifier 2024-04-19 09:08:31 -05:00			`if err != nil {`
			`return nil, fmt.Errorf("error loading aws signer verifier: %w", err)`
			`}`
fix: standardize casing of initialisms (#112) * fix: standardize casing of initialisms * fix: rename intoto -> inToto and Intoto to InToto * fix: fix all linting errors 2024-08-01 15:35:15 +01:00			`cs, _, err := sv.CryptoSigner(context.Background(), func(_ error) {})`
feat: add tlog and signerverifier 2024-04-19 09:08:31 -05:00			`if err != nil {`
			`return nil, fmt.Errorf("error getting aws crypto signer: %w", err)`
			`}`
Use a Factory to create signature verifiers at policy evaluation time (#165) * Make verifiers composable * fix: remove unused code and improve signature verification logic * fix: simplify abstractions and renamed some things * fix: improve tl interface. * fix: sort out signer/verifier 2024-09-18 13:34:10 +01:00			`return NewECDSASignerVerifier(cs)`
feat: add tlog and signerverifier 2024-04-19 09:08:31 -05:00			`}`