Migrating to the use of in-toto/go-witness module (#331)

* added all imports

* fixing go sum

* changing go-witness back for now, makes more sense

* moved witness to using new in-toto/go-witness module

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

* adding change to test now following newer version of policy

* running docgen as changes found from use of new module

* pinning to v0.2.0 of archivista and go-witness

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>

---------

Signed-off-by: chaosinthecrd <tom@tmlabs.co.uk>
Signed-off-by: Tom Meadows <tom@tmlabs.co.uk>

Author: ChaosInTheCRD

cmd/config.go

@@ -20,11 +20,11 @@ import (
 	"os"
 	"strings"
 
+	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/cobra"
 	"github.com/spf13/pflag"
 	"github.com/spf13/viper"
-	"github.com/testifysec/go-witness/log"
 )
 
 func initConfig(rootCmd *cobra.Command, rootOptions *options.RootOptions) error {

cmd/keyloader.go

@@ -19,11 +19,11 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/log"
+	"github.com/in-toto/go-witness/signer"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/pflag"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/log"
-	"github.com/testifysec/go-witness/signer"
 )
 
 // signerProvidersFromFlags looks at all flags that were set by the user to determine which signer providers we should use

cmd/root.go

@@ -18,9 +18,9 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/in-toto/go-witness/log"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/cobra"
-	"github.com/testifysec/go-witness/log"
 )
 
 var ro = &options.RootOptions{}

cmd/root_test.go

@@ -26,12 +26,12 @@ import (
 	"testing"
 	"time"
 
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/signer"
+	"github.com/in-toto/go-witness/signer/file"
 	"github.com/in-toto/witness/options"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/signer"
-	"github.com/testifysec/go-witness/signer/file"
 )
 
 const (

cmd/run.go

@@ -20,19 +20,19 @@ import (
 	"encoding/json"
 	"fmt"
 
+	witness "github.com/in-toto/go-witness"
+	"github.com/in-toto/go-witness/archivista"
+	"github.com/in-toto/go-witness/attestation"
+	"github.com/in-toto/go-witness/attestation/commandrun"
+	"github.com/in-toto/go-witness/attestation/material"
+	"github.com/in-toto/go-witness/attestation/product"
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/log"
+	"github.com/in-toto/go-witness/registry"
+	"github.com/in-toto/go-witness/timestamp"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/cobra"
-	witness "github.com/testifysec/go-witness"
-	"github.com/testifysec/go-witness/archivista"
-	"github.com/testifysec/go-witness/attestation"
-	"github.com/testifysec/go-witness/attestation/commandrun"
-	"github.com/testifysec/go-witness/attestation/material"
-	"github.com/testifysec/go-witness/attestation/product"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/dsse"
-	"github.com/testifysec/go-witness/log"
-	"github.com/testifysec/go-witness/registry"
-	"github.com/testifysec/go-witness/timestamp"
 )
 
 func RunCmd() *cobra.Command {

cmd/run_test.go

@@ -24,13 +24,13 @@ import (
 	"path/filepath"
 	"testing"
 
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/signer"
+	"github.com/in-toto/go-witness/signer/file"
 	"github.com/in-toto/witness/options"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/dsse"
-	"github.com/testifysec/go-witness/signer"
-	"github.com/testifysec/go-witness/signer/file"
 )
 
 func TestRunRSAKeyPair(t *testing.T) {

cmd/sign.go

@@ -19,12 +19,12 @@ import (
 	"fmt"
 	"os"
 
+	witness "github.com/in-toto/go-witness"
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/timestamp"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/cobra"
-	witness "github.com/testifysec/go-witness"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/dsse"
-	"github.com/testifysec/go-witness/timestamp"
 )
 
 func SignCmd() *cobra.Command {

cmd/sign_test.go

@@ -22,10 +22,10 @@ import (
 	"os"
 	"testing"
 
+	"github.com/in-toto/go-witness/cryptoutil"
 	"github.com/in-toto/witness/options"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/testifysec/go-witness/cryptoutil"
 )
 
 func Test_runSignPolicyRSA(t *testing.T) {

cmd/verify.go

@@ -22,14 +22,14 @@ import (
 	"fmt"
 	"os"
 
+	witness "github.com/in-toto/go-witness"
+	"github.com/in-toto/go-witness/archivista"
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/log"
+	"github.com/in-toto/go-witness/source"
 	"github.com/in-toto/witness/options"
 	"github.com/spf13/cobra"
-	witness "github.com/testifysec/go-witness"
-	"github.com/testifysec/go-witness/archivista"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/dsse"
-	"github.com/testifysec/go-witness/log"
-	"github.com/testifysec/go-witness/source"
 )
 
 func VerifyCmd() *cobra.Command {

cmd/verify_test.go

@@ -28,15 +28,16 @@ import (
 	"testing"
 	"time"
 
+	witness "github.com/in-toto/go-witness"
+	"github.com/in-toto/go-witness/attestation/commandrun"
+	"github.com/in-toto/go-witness/cryptoutil"
+	"github.com/in-toto/go-witness/dsse"
+	"github.com/in-toto/go-witness/policy"
+	"github.com/in-toto/go-witness/signer"
+	"github.com/in-toto/go-witness/signer/file"
 	"github.com/in-toto/witness/options"
 	"github.com/stretchr/testify/require"
-	witness "github.com/testifysec/go-witness"
-	"github.com/testifysec/go-witness/attestation/commandrun"
-	"github.com/testifysec/go-witness/cryptoutil"
-	"github.com/testifysec/go-witness/dsse"
-	"github.com/testifysec/go-witness/policy"
-	"github.com/testifysec/go-witness/signer"
-	"github.com/testifysec/go-witness/signer/file"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 func TestRunVerifyCA(t *testing.T) {
@@ -313,7 +314,7 @@ func makepolicy(t *testing.T, functionary policy.Functionary, publicKey policy.P
 	}
 
 	p := policy.Policy{
-		Expires:    time.Now().Add(1 * time.Hour),
+		Expires:    metav1.Time{Time: time.Now().Add(1 * time.Hour)},
 		PublicKeys: map[string]policy.PublicKey{},
 		Steps:      map[string]policy.Step{},
 	}
@@ -351,14 +352,8 @@ func createTestRSAKey() (cryptoutil.Signer, cryptoutil.Verifier, []byte, []byte,
 	}
 
 	pemBytes := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: keyBytes})
-	if err != nil {
-		return nil, nil, nil, nil, err
-	}
 
 	privKeyBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privKey)})
-	if err != nil {
-		return nil, nil, nil, nil, err
-	}
 
 	return signer, verifier, pemBytes, privKeyBytes, nil
 }