tuf to TUF initialism

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
ramonpetgrave64 · May 21, 2024 · 56b68af · 56b68af
1 parent d1e6dc4
commit 56b68af
Show file tree

Hide file tree

Showing 11 changed files with 54 additions and 54 deletions.
diff --git a/docs/API-Library.md b/docs/API-Library.md
@@ -8,8 +8,8 @@ We have exported functions for using slsa-verifier within your own golang packag
 
 ### Npmjs
 
-With `VerifyNpmPackageWithSigstoreTufClient`, you can pass in your own Tuf client with custom options.
-For example, use the embedded Tuf root with `sigstoreTuf.DefaultOptions().WithForceCache()`.
+With `VerifyNpmPackageWithSigstoreTUFClient`, you can pass in your own TUF client with custom options.
+For example, use the embedded TUF root with `sigstoreTUF.DefaultOptions().WithForceCache()`.
 
 Example:
 
@@ -22,7 +22,7 @@ import (
 	"log"
 	"os"
 
-	sigstoreTuf "github.com/sigstore/sigstore-go/pkg/tuf"
+	sigstoreTUF "github.com/sigstore/sigstore-go/pkg/tuf"
 	options "github.com/slsa-framework/slsa-verifier/v2/options"
 	apiVerify "github.com/slsa-framework/slsa-verifier/v2/verifiers"
 	apiUtils "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils"
@@ -55,15 +55,15 @@ func doVerify() (*apiUtils.TrustedBuilderID, error) {
 		ExpectedID: &builderID,
 	}
 	// example: force using the embedded root, without going online for a refresh
-	// opts := sigstoreTuf.DefaultOptions().WithForceCache()
+	// opts := sigstoreTUF.DefaultOptions().WithForceCache()
 	// example: supply your own root
-	// opts := sigstoreTuf.DefaultOptions().WithRoot([]byte(`{"signed":{"_type":"root","spec_version":"1.0","version":9,"expires":"2024-09-12T06:53:10Z","keys":{"1e1d65ce98b10 ...`)).WithForceCache()
-	opts := sigstoreTuf.DefaultOptions()
-	client, err := sigstoreTuf.New(opts)
+	// opts := sigstoreTUF.DefaultOptions().WithRoot([]byte(`{"signed":{"_type":"root","spec_version":"1.0","version":9,"expires":"2024-09-12T06:53:10Z","keys":{"1e1d65ce98b10 ...`)).WithForceCache()
+	opts := sigstoreTUF.DefaultOptions()
+	client, err := sigstoreTUF.New(opts)
 	if err != nil {
-		return nil, fmt.Errorf("creating SigstoreTuf client: %w", err)
+		return nil, fmt.Errorf("creating SigstoreTUF client: %w", err)
 	}
-	_, outBuilderID, err := apiVerify.VerifyNpmPackageWithSigstoreTufClient(context.Background(), attestations, tarballHash, provenanceOpts, builderOpts, client)
+	_, outBuilderID, err := apiVerify.VerifyNpmPackageWithSigstoreTUFClient(context.Background(), attestations, tarballHash, provenanceOpts, builderOpts, client)
 	if err != nil {
 		return nil, fmt.Errorf("Verifying npm package: FAILED: %w", err)
 	}

diff --git a/register/register.go b/register/register.go
@@ -35,10 +35,10 @@ type SLSAVerifier interface {
 		builderOpts *options.BuilderOpts,
 	) ([]byte, *utils.TrustedBuilderID, error)
 
-	VerifyNpmPackageWithSigstoreTufClient(ctx context.Context,
+	VerifyNpmPackageWithSigstoreTUFClient(ctx context.Context,
 		attestations []byte, tarballHash string,
 		provenanceOpts *options.ProvenanceOpts,
-		builderOpts *options.BuilderOpts, sigstoreTufClient utils.SigstoreTufClient,
+		builderOpts *options.BuilderOpts, sigstoreTUFClient utils.SigstoreTUFClient,
 	) ([]byte, *utils.TrustedBuilderID, error)
 }
 

diff --git a/verifiers/internal/gcb/verifier.go b/verifiers/internal/gcb/verifier.go
@@ -48,12 +48,12 @@ func (v *GCBVerifier) VerifyNpmPackage(ctx context.Context,
 	return nil, nil, serrors.ErrorNotSupported
 }
 
-// VerifyNpmPackageWithSigstoreTufClient verifies an npm package tarball.
-func (v *GCBVerifier) VerifyNpmPackageWithSigstoreTufClient(ctx context.Context,
+// VerifyNpmPackageWithSigstoreTUFClient verifies an npm package tarball.
+func (v *GCBVerifier) VerifyNpmPackageWithSigstoreTUFClient(ctx context.Context,
 	attestations []byte, tarballHash string,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
-	sigstoreTufClient utils.SigstoreTufClient,
+	sigstoreTUFClient utils.SigstoreTUFClient,
 ) ([]byte, *utils.TrustedBuilderID, error) {
 	return nil, nil, serrors.ErrorNotSupported
 }

diff --git a/verifiers/internal/gha/npm.go b/verifiers/internal/gha/npm.go
@@ -111,12 +111,12 @@ func extractAttestations(attestations []attestation) (*attestation, *attestation
 }
 
 // getAttestationKey retrieves the attestation key and holds it in memory.
-func getAttestationKey(sigstoreTufClient utils.SigstoreTufClient, npmRegistryPublicKeyID string) (string, error) {
+func getAttestationKey(sigstoreTUFClient utils.SigstoreTUFClient, npmRegistryPublicKeyID string) (string, error) {
 	value := attestationKeyAtomicValue.Load()
 	if value != nil {
 		return value.(string), nil
 	}
-	npmRegistryPublicKey, err := getKeyDataFromSigstoreTuf(sigstoreTufClient, npmRegistryPublicKeyID, attestationKeyUsage)
+	npmRegistryPublicKey, err := getKeyDataFromSigstoreTUF(sigstoreTUFClient, npmRegistryPublicKeyID, attestationKeyUsage)
 	if err != nil {
 		return "", err
 	}
@@ -134,7 +134,7 @@ func (n *Npm) verifyProvenanceAttestationSignature() error {
 	return nil
 }
 
-func (n *Npm) verifyPublishAttestationSignature(sigstoreTufClient utils.SigstoreTufClient) error {
+func (n *Npm) verifyPublishAttestationSignature(sigstoreTUFClient utils.SigstoreTUFClient) error {
 	// First verify the bundle and its rekor entry.
 	signedPublish, err := verifyBundleAndEntryFromBytes(n.ctx, n.publishAttestation.BundleBytes, n.root, false)
 	if err != nil {
@@ -147,7 +147,7 @@ func (n *Npm) verifyPublishAttestationSignature(sigstoreTufClient utils.Sigstore
 
 	// Retrieve the key material.
 	// We found the associated public key in the TUF root, so now we can trust this KeyID.
-	npmRegistryPublicKey, err := getAttestationKey(sigstoreTufClient, npmRegistryPublicKeyID)
+	npmRegistryPublicKey, err := getAttestationKey(sigstoreTUFClient, npmRegistryPublicKeyID)
 	if err != nil {
 		return err
 	}

diff --git a/verifiers/internal/gha/npm_sigstore_tuf.go b/verifiers/internal/gha/npm_sigstore_tuf.go
@@ -41,7 +41,7 @@ type validFor struct {
 // getNpmjsKeysTarget will fetch and parse the keys.json file in Sigstore's root for npmjs
 // The inner TUF client will verify this "blob" is signed with correct delegate TUF roles
 // https://github.com/sigstore/root-signing/blob/5fd11f7ec0a993b0f20c335b33e53cfffb986b2e/repository/repository/targets/registry.npmjs.org/7a8ec9678ad824cdccaa7a6dc0961caf8f8df61bc7274189122c123446248426.keys.json#L4
-func getNpmjsKeysTarget(client utils.SigstoreTufClient, targetPath string) (*npmjsKeysTarget, error) {
+func getNpmjsKeysTarget(client utils.SigstoreTUFClient, targetPath string) (*npmjsKeysTarget, error) {
 	blob, err := client.GetTarget(targetPath)
 	if err != nil {
 		return nil, fmt.Errorf("%w: %w", serrors.ErrorCouldNotFindTarget, err)
@@ -65,15 +65,15 @@ func getKeyDataWithNpmjsKeysTarget(keys *npmjsKeysTarget, keyID, keyUsage string
 	return "", fmt.Errorf("%w: 'keyId': %q, 'keyUsage':%q", errorMissingNpmjsKeyIDKeyUsage, keyID, keyUsage)
 }
 
-// getKeyDataFromSigstoreTuf retrieves the keyfile from sigstore's TUF root, parses the file and returns the target key's material.
+// getKeyDataFromSigstoreTUF retrieves the keyfile from sigstore's TUF root, parses the file and returns the target key's material.
 // See documentation for getNpmjsKeysTarget
 //
 // example params:
 //
-//	 client: sigstoreTufClient
+//	 client: sigstoreTUFClient
 //		keyID: "SHA256:jl3bwswu80PjjokCgh0o2w5c2U4LhQAE57gj9cz1kzA"
 //		keyUsage: "npm:attestations"
-func getKeyDataFromSigstoreTuf(client utils.SigstoreTufClient, keyID, keyUsage string) (string, error) {
+func getKeyDataFromSigstoreTUF(client utils.SigstoreTUFClient, keyID, keyUsage string) (string, error) {
 	keys, err := getNpmjsKeysTarget(client, targetPath)
 	if err != nil {
 		return "", err

diff --git a/verifiers/internal/gha/npm_sigstore_tuf_test.go b/verifiers/internal/gha/npm_sigstore_tuf_test.go
@@ -85,19 +85,19 @@ var (
 	testTargetKeyData  = testTargetKey.PublicKey.RawBytes
 )
 
-// mockSigstoreTufClient a mock implementation of sigstoreTufClient.
-type mockSigstoreTufClient struct {
+// mockSigstoreTUFClient a mock implementation of sigstoreTUFClient.
+type mockSigstoreTUFClient struct {
 	fileContentMap map[string]string
 }
 
-// newMockSigstoreTufClient returns an instance of the mock client,
+// newMockSigstoreTUFClient returns an instance of the mock client,
 // with fileContentMap as input and outputs of the GetTarget() method.
-func newMockSigstoreTufClient() *mockSigstoreTufClient {
-	return &mockSigstoreTufClient{fileContentMap: mockFileContentMap}
+func newMockSigstoreTUFClient() *mockSigstoreTUFClient {
+	return &mockSigstoreTUFClient{fileContentMap: mockFileContentMap}
 }
 
-// GetTarget mock implementation of GetTarget for the mockSigstoreTufClient.
-func (c mockSigstoreTufClient) GetTarget(targetPath string) ([]byte, error) {
+// GetTarget mock implementation of GetTarget for the mockSigstoreTUFClient.
+func (c mockSigstoreTUFClient) GetTarget(targetPath string) ([]byte, error) {
 	content, exists := c.fileContentMap[targetPath]
 	if !exists {
 		return nil, fmt.Errorf("content not definied in this mock, key: %s", targetPath)
@@ -131,7 +131,7 @@ func TestGetNpmjsKeysTarget(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			mockClient := newMockSigstoreTufClient()
+			mockClient := newMockSigstoreTUFClient()
 			actualKeys, err := getNpmjsKeysTarget(mockClient, tt.targetPath)
 			if keyDataDiff := cmp.Diff(tt.expectedKeys, actualKeys, cmpopts.EquateComparable()); keyDataDiff != "" {
 				t.Errorf("expected equal values (-want +got):\n%s", keyDataDiff)
@@ -171,7 +171,7 @@ func TestGetKeyDataWithNpmjsKeysTarget(t *testing.T) {
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
-			mockClient := newMockSigstoreTufClient()
+			mockClient := newMockSigstoreTUFClient()
 			keys, err := getNpmjsKeysTarget(mockClient, tt.targetPath)
 			if err != nil {
 				t.Fatalf("getNpmjsKeysTarget: %v", err)

diff --git a/verifiers/internal/gha/npm_test.go b/verifiers/internal/gha/npm_test.go
@@ -1233,7 +1233,7 @@ func Test_verifyPublishAttestationSignature(t *testing.T) {
 			if err != nil {
 				t.Fatalf("unexpected error: \n%s", err)
 			}
-			err = npm.verifyPublishAttestationSignature(newMockSigstoreTufClient())
+			err = npm.verifyPublishAttestationSignature(newMockSigstoreTUFClient())
 			if diff := cmp.Diff(tt.err, err, cmpopts.EquateErrors()); diff != "" {
 				t.Fatalf("unexpected error (-want +got): \n%s", diff)
 			}

diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go
@@ -332,19 +332,19 @@ func (v *GHAVerifier) VerifyNpmPackage(ctx context.Context,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
 ) ([]byte, *utils.TrustedBuilderID, error) {
-	sigstoreTufClient, err := utils.NewSigstoreTufClient()
+	sigstoreTUFClient, err := utils.NewSigstoreTUFClient()
 	if err != nil {
 		return nil, nil, err
 	}
-	return v.VerifyNpmPackageWithSigstoreTufClient(ctx, attestations, tarballHash, provenanceOpts, builderOpts, sigstoreTufClient)
+	return v.VerifyNpmPackageWithSigstoreTUFClient(ctx, attestations, tarballHash, provenanceOpts, builderOpts, sigstoreTUFClient)
 }
 
-// VerifyNpmPackageWithSigstoreTufClient verifies an npm package tarball.
-func (v *GHAVerifier) VerifyNpmPackageWithSigstoreTufClient(ctx context.Context,
+// VerifyNpmPackageWithSigstoreTUFClient verifies an npm package tarball.
+func (v *GHAVerifier) VerifyNpmPackageWithSigstoreTUFClient(ctx context.Context,
 	attestations []byte, tarballHash string,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
-	sigstoreTufClient utils.SigstoreTufClient,
+	sigstoreTUFClient utils.SigstoreTUFClient,
 ) ([]byte, *utils.TrustedBuilderID, error) {
 	trustedRoot, err := TrustedRootSingleton(ctx)
 	if err != nil {
@@ -370,7 +370,7 @@ func (v *GHAVerifier) VerifyNpmPackageWithSigstoreTufClient(ctx context.Context,
 	}
 
 	// Verify publish attesttation signature.
-	if err := npm.verifyPublishAttestationSignature(sigstoreTufClient); err != nil {
+	if err := npm.verifyPublishAttestationSignature(sigstoreTUFClient); err != nil {
 		return nil, nil, err
 	}
 

diff --git a/verifiers/utils/sigstore_tuf.go b/verifiers/utils/sigstore_tuf.go
@@ -3,19 +3,19 @@ package utils
 import (
 	"fmt"
 
-	sigstoreTuf "github.com/sigstore/sigstore-go/pkg/tuf"
+	sigstoreTUF "github.com/sigstore/sigstore-go/pkg/tuf"
 )
 
-type SigstoreTufClient interface {
+type SigstoreTUFClient interface {
 	GetTarget(target string) ([]byte, error)
 }
 
-// NewSigstoreTufClient gets a Sigstore TUF client, which itself is a wrapper around the official TUF client.
-func NewSigstoreTufClient() (*sigstoreTuf.Client, error) {
-	opts := sigstoreTuf.DefaultOptions()
-	client, err := sigstoreTuf.New(opts)
+// NewSigstoreTUFClient gets a Sigstore TUF client, which itself is a wrapper around the official TUF client.
+func NewSigstoreTUFClient() (*sigstoreTUF.Client, error) {
+	opts := sigstoreTUF.DefaultOptions()
+	client, err := sigstoreTUF.New(opts)
 	if err != nil {
-		return nil, fmt.Errorf("creating SigstoreTuf client: %w", err)
+		return nil, fmt.Errorf("creating SigstoreTUF client: %w", err)
 	}
 	return client, nil
 }
diff --git a/verifiers/verifier.go b/verifiers/verifier.go
@@ -75,17 +75,17 @@ func VerifyNpmPackage(ctx context.Context,
 		provenanceOpts, builderOpts)
 }
 
-func VerifyNpmPackageWithSigstoreTufClient(ctx context.Context,
+func VerifyNpmPackageWithSigstoreTUFClient(ctx context.Context,
 	attestations []byte, tarballHash string,
 	provenanceOpts *options.ProvenanceOpts,
 	builderOpts *options.BuilderOpts,
-	sigstoreTufClient utils.SigstoreTufClient,
+	sigstoreTUFClient utils.SigstoreTUFClient,
 ) ([]byte, *utils.TrustedBuilderID, error) {
 	verifier, err := getVerifier(builderOpts)
 	if err != nil {
 		return nil, nil, err
 	}
 
-	return verifier.VerifyNpmPackageWithSigstoreTufClient(ctx, attestations, tarballHash,
-		provenanceOpts, builderOpts, sigstoreTufClient)
+	return verifier.VerifyNpmPackageWithSigstoreTUFClient(ctx, attestations, tarballHash,
+		provenanceOpts, builderOpts, sigstoreTUFClient)
 }
diff --git a/verifiers/verifier_regression_test.go b/verifiers/verifier_regression_test.go
@@ -14,7 +14,7 @@ import (
 	"path/filepath"
 	"testing"
 
-	sigstoreTuf "github.com/sigstore/sigstore-go/pkg/tuf"
+	sigstoreTUF "github.com/sigstore/sigstore-go/pkg/tuf"
 	serrors "github.com/slsa-framework/slsa-verifier/v2/errors"
 	"github.com/slsa-framework/slsa-verifier/v2/options"
 )
@@ -88,7 +88,7 @@ func Test_VerifyNpmPackage(t *testing.T) {
 			VerifyNpmPackage(context.Background(), attestations, artifactHash, provenanceOpts, builderOpts)
 		})
 
-		t.Run(tt.name+" - with sigstoreTufClient", func(t *testing.T) {
+		t.Run(tt.name+" - with sigstoreTUFClient", func(t *testing.T) {
 			artifactPath := filepath.Clean(filepath.Join(testDir, "npm", "gha", tt.artifact))
 			attestationsPath := fmt.Sprintf("%s.json", artifactPath)
 			artifactHash, err := computeFileHash(artifactPath, sha256.New())
@@ -108,12 +108,12 @@ func Test_VerifyNpmPackage(t *testing.T) {
 			builderOpts := &options.BuilderOpts{
 				ExpectedID: &tt.builderID,
 			}
-			opts := sigstoreTuf.DefaultOptions().WithForceCache() // offline tests
-			sigastoreTufClient, err := sigstoreTuf.New(opts)
+			opts := sigstoreTUF.DefaultOptions().WithForceCache() // offline tests
+			sigastoreTUFClient, err := sigstoreTUF.New(opts)
 			if err != nil {
 				t.Fatal(err)
 			}
-			VerifyNpmPackageWithSigstoreTufClient(context.Background(), attestaions, artifactHash, provenanceOpts, builderOpts, sigastoreTufClient)
+			VerifyNpmPackageWithSigstoreTUFClient(context.Background(), attestaions, artifactHash, provenanceOpts, builderOpts, sigastoreTUFClient)
 		})
 	}
 }