cleanup

laurentsimon · laurentsimon · commit 54d0fe07f7d9 · 2024-01-17T20:27:14.000Z
Signed-off-by: laurentsimon &lt;laurentsimon@google.com&gt;
diff --git a/sigstore/_cli.py b/sigstore/_cli.py
@@ -686,7 +686,7 @@ def _sign(args: argparse.Namespace) -> None:
     with signing_ctx.signer(identity) as signer:
         for file, outputs in output_map.items():
             logger.debug(f"signing for {file.name}")
-            with file.open(mode="rb", buffering=0) as io:
+            with file.open(mode="rb", buffering=0) as fio:
                 try:
                     result = signer.sign(input_=io)
                 except ExpiredIdentity as exp_identity:
diff --git a/sigstore/_utils.py b/sigstore/_utils.py
@@ -23,8 +23,7 @@
 import sys
 from typing import IO, NewType, Union
 
-import rekor_types
-from cryptography.hazmat.primitives import serialization, hashes
+from cryptography.hazmat.primitives import hashes, serialization
 from cryptography.hazmat.primitives.asymmetric import ec, rsa
 from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
 from cryptography.x509 import (
@@ -162,7 +161,7 @@ def key_id(key: PublicKey) -> KeyID:
 def get_digest(
         input_: IO[bytes],
         algorithm_: Prehashed = None,
-    ) -> (bytes, Prehashed): 
+    ) -> (bytes, Prehashed):
     if algorithm_ is None:
         return sha256_streaming(input_), Prehashed(hashes.SHA256())
 
@@ -171,7 +170,7 @@ def get_digest(
         if algorithm_.digest_size != 32:
             return ValueError(f"invalid digest size ({algorithm_.digest_size()}), expected 32")
         return input_.getvalue(), algorithm_
-    
+
     raise ValueError("invalid arguments")
 
 def sha256_streaming(io: IO[bytes]) -> bytes:
diff --git a/sigstore/sign.py b/sigstore/sign.py
@@ -57,7 +57,6 @@
     VerificationMaterial,
 )
 from sigstore_protobuf_specs.dev.sigstore.common.v1 import (
-    HashAlgorithm,
     HashOutput,
     LogId,
     MessageSignature,
@@ -82,11 +81,7 @@
 from sigstore._internal.rekor.client import RekorClient
 from sigstore._internal.sct import verify_sct
 from sigstore._internal.trustroot import TrustedRoot
-<<<<<<< HEAD
-from sigstore._utils import PEMCert, sha256_streaming
-=======
-from sigstore._utils import B64Str, HexStr, PEMCert, get_digest
->>>>>>> 442469b (backup)
+from sigstore._utils import PEMCert, get_digest, sha256_streaming
 from sigstore.oidc import ExpiredIdentity, IdentityToken
 from sigstore.transparency import LogEntry
 
@@ -178,10 +173,6 @@ def _signing_cert(
 
             return certificate_response
 
-    # https://github.com/sigstore/rekor/issues/1299
-    # https://github.com/pyca/cryptography/blob/00f8304a3dfe7a2aab6f3150a3c620e87d848044/src/cryptography/hazmat/primitives/hashes.py
-    # https://github.com/pyca/cryptography/blob/00f8304a3dfe7a2aab6f3150a3c620e87d848044/src/cryptography/hazmat/primitives/asymmetric/utils.py#L14
-    # https://github.com/pyca/cryptography/blob/main/src/cryptography/hazmat/primitives/asymmetric/rsa.py#L42
     def sign(
         self,
         input_: IO[bytes] | Statement,
diff --git a/sigstore/verify/models.py b/sigstore/verify/models.py
@@ -26,8 +26,8 @@
 from typing import IO
 
 import rekor_types
-from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
+from cryptography.hazmat.primitives.serialization import Encoding
 from cryptography.x509 import (
     Certificate,
     load_der_x509_certificate,
@@ -184,7 +184,7 @@ class VerificationMaterials:
     """
     The digest algorithm to use for the hash.
     """
-    
+
     input_digest: bytes
     """
     The 'digest_algorithm' hash of the verification input, as raw bytes.
@@ -424,7 +424,6 @@ def rekor_entry(self, client: RekorClient) -> LogEntry:
                 ),
                 data=rekor_types.hashedrekord.Data(
                     hash=rekor_types.hashedrekord.Hash(
-                        #algorithm=sigstore_rekor_types.Algorithm.SHA256,
                         algorithm=self.digest_algorithm._algorithm.name,
                         value=self.input_digest.hex(),
                     ),
diff --git a/sigstore/verify/verifier.py b/sigstore/verify/verifier.py
@@ -24,9 +24,7 @@
 from typing import List, cast
 
 from cryptography.exceptions import InvalidSignature
-from cryptography.hazmat.primitives import hashes
 from cryptography.hazmat.primitives.asymmetric import ec
-from cryptography.hazmat.primitives.asymmetric.utils import Prehashed
 from cryptography.x509 import Certificate, ExtendedKeyUsage, KeyUsage
 from cryptography.x509.oid import ExtendedKeyUsageOID
 from OpenSSL.crypto import (
@@ -227,7 +225,6 @@ def verify(
                 materials.signature,
                 materials.input_digest,
                 ec.ECDSA(materials.digest_algorithm),
-                #ec.ECDSA(Prehashed(hashes.SHA256())),
             )
         except InvalidSignature:
             return VerificationFailure(reason="Signature is invalid for input")
