fix: Add contract version to plugin sign request and plugin verify request (notaryproject#390)

priteshbandi · priteshbandi · commit 0a3dee4d5321 · 2024-04-02T09:50:47.000-07:00
Add contract version to plugin sign request and plugin verify request. As per [specification](https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md) `contractVersion` is a mandatory field. Signed-off-by: Pritesh Bandi <priteshbandi@gmail.com>
diff --git a/signer/plugin.go b/signer/plugin.go
@@ -180,6 +180,7 @@ func (s *PluginSigner) generateSignatureEnvelope(ctx context.Context, desc ocisp
 	}
 	// Execute plugin sign command.
 	req := &plugin.GenerateEnvelopeRequest{
+		ContractVersion:         plugin.ContractVersion,
 		KeyID:                   s.keyID,
 		Payload:                 payloadBytes,
 		SignatureEnvelopeType:   opts.SignatureMediaType,
@@ -247,8 +248,9 @@ func (s *PluginSigner) mergeConfig(config map[string]string) map[string]string {
 
 func (s *PluginSigner) describeKey(ctx context.Context, config map[string]string) (*plugin.DescribeKeyResponse, error) {
 	req := &plugin.DescribeKeyRequest{
-		KeyID:        s.keyID,
-		PluginConfig: config,
+		ContractVersion: plugin.ContractVersion,
+		KeyID:           s.keyID,
+		PluginConfig:    config,
 	}
 	resp, err := s.plugin.DescribeKey(ctx, req)
 	if err != nil {
@@ -344,11 +346,12 @@ func (s *pluginPrimitiveSigner) Sign(payload []byte) ([]byte, []*x509.Certificat
 	}
 
 	req := &plugin.GenerateSignatureRequest{
-		KeyID:        s.keyID,
-		KeySpec:      keySpec,
-		Hash:         keySpecHash,
-		Payload:      payload,
-		PluginConfig: s.pluginConfig,
+		ContractVersion: plugin.ContractVersion,
+		KeyID:           s.keyID,
+		KeySpec:         keySpec,
+		Hash:            keySpecHash,
+		Payload:         payload,
+		PluginConfig:    s.pluginConfig,
 	}
 
 	resp, err := s.plugin.GenerateSignature(s.ctx, req)
diff --git a/verifier/verifier.go b/verifier/verifier.go
@@ -681,9 +681,10 @@ func executePlugin(ctx context.Context, installedPlugin pluginframework.VerifyPl
 	}
 
 	req := &pluginframework.VerifySignatureRequest{
-		Signature:    signature,
-		TrustPolicy:  policy,
-		PluginConfig: pluginConfig,
+		ContractVersion: pluginframework.ContractVersion,
+		Signature:       signature,
+		TrustPolicy:     policy,
+		PluginConfig:    pluginConfig,
 	}
 	return installedPlugin.VerifySignature(ctx, req)
 }

Original file line number	Diff line number	Diff line change
`@@ -681,9 +681,10 @@ func executePlugin(ctx context.Context, installedPlugin pluginframework.VerifyPl`
`681`	`681`	`}`
`682`	`682`
`683`	`683`	`req := &pluginframework.VerifySignatureRequest{`
`684`		`- Signature: signature,`
`685`		`- TrustPolicy: policy,`
`686`		`- PluginConfig: pluginConfig,`
	`684`	`+ ContractVersion: pluginframework.ContractVersion,`
	`685`	`+ Signature: signature,`
	`686`	`+ TrustPolicy: policy,`
	`687`	`+ PluginConfig: pluginConfig,`
`687`	`688`	`}`
`688`	`689`	`return installedPlugin.VerifySignature(ctx, req)`
`689`	`690`	`}`