From c39c0beb340273f0d729f1b853b49691b6445eae Mon Sep 17 00:00:00 2001
From: Bob Callaway <bobcallaway@users.noreply.github.com>
Date: Tue, 18 Jan 2022 10:33:01 -0500
Subject: [PATCH] helpful error message for hashedrekord types (#605)

* helpful error message for hashedrekord types

Signed-off-by: Bob Callaway <bob.callaway@gmail.com>
---
 cmd/rekor-cli/app/upload.go            | 2 +-
 cmd/rekor-cli/app/verify.go            | 2 +-
 pkg/types/hashedrekord/v0.0.1/entry.go | 4 ++++
 tests/e2e_test.go                      | 6 +++---
 4 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/cmd/rekor-cli/app/upload.go b/cmd/rekor-cli/app/upload.go
index dd51a89..bbededf 100644
--- a/cmd/rekor-cli/app/upload.go
+++ b/cmd/rekor-cli/app/upload.go
@@ -113,7 +113,7 @@ var uploadCmd = &cobra.Command{
 
 			entry, err = types.NewProposedEntry(context.Background(), typeStr, versionStr, *props)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("error: %w", err)
 			}
 		}
 		params.SetProposedEntry(entry)
diff --git a/cmd/rekor-cli/app/verify.go b/cmd/rekor-cli/app/verify.go
index 099721a..76fbb94 100644
--- a/cmd/rekor-cli/app/verify.go
+++ b/cmd/rekor-cli/app/verify.go
@@ -117,7 +117,7 @@ var verifyCmd = &cobra.Command{
 
 			entry, err := types.NewProposedEntry(context.Background(), typeStr, versionStr, *props)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("error: %w", err)
 			}
 
 			entries := []models.ProposedEntry{entry}
diff --git a/pkg/types/hashedrekord/v0.0.1/entry.go b/pkg/types/hashedrekord/v0.0.1/entry.go
index 70db16f..234431e 100644
--- a/pkg/types/hashedrekord/v0.0.1/entry.go
+++ b/pkg/types/hashedrekord/v0.0.1/entry.go
@@ -196,6 +196,10 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types
 
 	var err error
 
+	if props.PKIFormat != string(pki.X509) {
+		return nil, errors.New("hashedrekord entries can only be created for artifacts signed with x509-based PKI")
+	}
+
 	re.HashedRekordObj.Signature = &models.HashedrekordV001SchemaSignature{}
 	sigBytes := props.SignatureBytes
 	if sigBytes == nil {
diff --git a/tests/e2e_test.go b/tests/e2e_test.go
index d6d4167..94f2a87 100644
--- a/tests/e2e_test.go
+++ b/tests/e2e_test.go
@@ -155,14 +155,14 @@ func TestUploadVerifyHashedRekord(t *testing.T) {
 	}
 
 	// Verify should fail initially
-	runCliErr(t, "verify", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	runCliErr(t, "verify", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
 
 	// It should upload successfully.
-	out := runCli(t, "upload", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	out := runCli(t, "upload", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
 	outputContains(t, out, "Created entry at")
 
 	// Now we should be able to verify it.
-	out = runCli(t, "verify", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	out = runCli(t, "verify", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
 	outputContains(t, out, "Inclusion Proof:")
 }
 
-- 
GitLab