fix issues

Signed-off-by: Carlos Panato <ctadeu@gmail.com>
sigstore · Jul 18, 2021 · b1e7b77 · b1e7b77
1 parent 56c7b05
commit b1e7b77
Show file tree

Hide file tree

Showing 2 changed files with 24 additions and 5 deletions.
diff --git a/pkg/signature/kms/azure/client.go b/pkg/signature/kms/azure/client.go
@@ -81,8 +81,8 @@ func newAzureKMS(ctx context.Context, keyResourceID string) (*azureVaultClient,
 		return nil, err
 	}
 
-	azureTentatID := os.Getenv("AZURE_TENANT_ID")
-	if azureTentatID == "" {
+	azureTenantID := os.Getenv("AZURE_TENANT_ID")
+	if azureTenantID == "" {
 		return nil, errors.New("AZURE_TENANT_ID is not set")
 	}
 
@@ -174,7 +174,7 @@ func (a *azureVaultClient) fetchPublicKey(ctx context.Context) (crypto.PublicKey
 }
 
 func (a *azureVaultClient) getKey(ctx context.Context) (keyvault.KeyBundle, error) {
-	key, err := a.client.GetKey(ctx, a.vaultURL, a.vaultName, "")
+	key, err := a.client.GetKey(ctx, a.vaultURL, a.keyName, "")
 	if err != nil {
 		return keyvault.KeyBundle{}, errors.Wrap(err, "public key")
 	}
@@ -239,12 +239,13 @@ func (a *azureVaultClient) sign(ctx context.Context, rawPayload []byte) ([]byte,
 	return decResult, nil
 }
 
-func (a *azureVaultClient) verify(ctx context.Context, payload, signature []byte) error {
+func (a *azureVaultClient) verify(ctx context.Context, signature, payload []byte) error {
 	hash := sha256.Sum256(payload)
+	signed := hash[:]
 
 	params := keyvault.KeyVerifyParameters{
 		Algorithm: keyvault.ES256,
-		Digest:    to.StringPtr(base64.RawURLEncoding.EncodeToString(hash[:])),
+		Digest:    to.StringPtr(base64.RawURLEncoding.EncodeToString(signed)),
 		Signature: to.StringPtr(base64.RawURLEncoding.EncodeToString(signature)),
 	}
 

diff --git a/pkg/signature/kms/azure/signer.go b/pkg/signature/kms/azure/signer.go
@@ -22,6 +22,7 @@ import (
 	"io"
 
 	"github.com/pkg/errors"
+
 	"github.com/sigstore/sigstore/pkg/signature"
 	"github.com/sigstore/sigstore/pkg/signature/options"
 )
@@ -30,6 +31,15 @@ var azureSupportedHashFuncs = []crypto.Hash{
 	crypto.SHA256,
 }
 
+//nolint:golint
+const (
+	Algorithm_ES256 = "ES256"
+)
+
+var azureSupportedAlgorithms []string = []string{
+	Algorithm_ES256,
+}
+
 type SignerVerifier struct {
 	defaultCtx context.Context
 	hashFunc   crypto.Hash
@@ -179,3 +189,11 @@ func (a *SignerVerifier) CryptoSigner(ctx context.Context, errFunc func(error))
 
 	return csw, a.hashFunc, nil
 }
+
+func (*SignerVerifier) SupportedAlgorithms() []string {
+	return azureSupportedAlgorithms
+}
+
+func (*SignerVerifier) DefaultAlgorithm() string {
+	return Algorithm_ES256
+}