helpful error message for hashedrekord types (#605)

* helpful error message for hashedrekord types Signed-off-by: Bob Callaway <bob.callaway@gmail.com>

helpful error message for hashedrekord types (#605)
c39c0beb · Bob Callaway · GitHub · 3dc5e1fc · c39c0beb · c39c0beb
Unverified Commit c39c0beb authored 3 years ago by Bob Callaway Committed by GitHub 3 years ago
--- a/cmd/rekor-cli/app/upload.go
+++ b/cmd/rekor-cli/app/upload.go
@@ -113,7 +113,7 @@ var uploadCmd = &cobra.Command{

 			entry, err = types.NewProposedEntry(context.Background(), typeStr, versionStr, *props)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("error: %w", err)
 			}
 		}
 		params.SetProposedEntry(entry)

--- a/cmd/rekor-cli/app/verify.go
+++ b/cmd/rekor-cli/app/verify.go
@@ -117,7 +117,7 @@ var verifyCmd = &cobra.Command{

 			entry, err := types.NewProposedEntry(context.Background(), typeStr, versionStr, *props)
 			if err != nil {
-				return nil, err
+				return nil, fmt.Errorf("error: %w", err)
 			}

 			entries := []models.ProposedEntry{entry}

--- a/pkg/types/hashedrekord/v0.0.1/entry.go
+++ b/pkg/types/hashedrekord/v0.0.1/entry.go
@@ -196,6 +196,10 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types

 	var err error

+	if props.PKIFormat != string(pki.X509) {
+		return nil, errors.New("hashedrekord entries can only be created for artifacts signed with x509-based PKI")
+	}
+
 	re.HashedRekordObj.Signature = &models.HashedrekordV001SchemaSignature{}
 	sigBytes := props.SignatureBytes
 	if sigBytes == nil {

--- a/tests/e2e_test.go
+++ b/tests/e2e_test.go
@@ -155,14 +155,14 @@ func TestUploadVerifyHashedRekord(t *testing.T) {
 	}

 	// Verify should fail initially
-	runCliErr(t, "verify", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	runCliErr(t, "verify", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)

 	// It should upload successfully.
-	out := runCli(t, "upload", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	out := runCli(t, "upload", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
 	outputContains(t, out, "Created entry at")

 	// Now we should be able to verify it.
-	out = runCli(t, "verify", "--type=hashedrekord", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
+	out = runCli(t, "verify", "--type=hashedrekord", "--pki-format=x509", "--artifact-hash", dataSHA, "--signature", sigPath, "--public-key", pubPath)
 	outputContains(t, out, "Inclusion Proof:")
 }