From 970c5307bdf728c9fb3d338be99d419139f4ecec Mon Sep 17 00:00:00 2001 From: Yoav Amit Date: Tue, 20 Aug 2024 18:37:02 -0400 Subject: plumbing: signature, support the same x509 signature formats as git Commits and tags signed with x509 certificates may be encoded with the `SIGNED MESSAGE` PEM label. This behavior is consistent in [git](https://github.com/git/git/blob/master/gpg-interface.c\#L63) and [gpgsm](https://github.com/gpg/gnupg/blob/master/sm/sign.c\#L650) which is commonly used to produce these types of signatures. --- plumbing/object/signature.go | 1 + plumbing/object/signature_test.go | 15 ++++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/plumbing/object/signature.go b/plumbing/object/signature.go index 91cf371..f9c3d30 100644 --- a/plumbing/object/signature.go +++ b/plumbing/object/signature.go @@ -19,6 +19,7 @@ var ( // a PKCS#7 (S/MIME) signature. x509SignatureFormat = signatureFormat{ []byte("-----BEGIN CERTIFICATE-----"), + []byte("-----BEGIN SIGNED MESSAGE-----"), } // sshSignatureFormat is the format of an SSH signature. diff --git a/plumbing/object/signature_test.go b/plumbing/object/signature_test.go index 3b20cde..732aa09 100644 --- a/plumbing/object/signature_test.go +++ b/plumbing/object/signature_test.go @@ -33,7 +33,7 @@ MKEQruIQWJb+8HVXwssA4= want: signatureTypeSSH, }, { - name: "known signature format (X509)", + name: "known signature format (X509) CERTIFICATE", b: []byte(`-----BEGIN CERTIFICATE----- MIIDZjCCAk6gAwIBAgIJALZ9Z3Z9Z3Z9MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD VQQGEwJTRTEOMAwGA1UECAwFVGV4YXMxDjAMBgNVBAcMBVRleGFzMQ4wDAYDVQQK @@ -45,6 +45,19 @@ ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZ9Z3Z9Z3Z9Z3Z9Z3Z9Z3 -----END CERTIFICATE-----`), want: signatureTypeX509, }, + { + name: "known signature format (x509) SIGNED MESSAGE", + b: []byte(`-----BEGIN SIGNED MESSAGE----- +MIIDZjCCAk6gAwIBAgIJALZ9Z3Z9Z3Z9MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD +VQQGEwJTRTEOMAwGA1UECAwFVGV4YXMxDjAMBgNVBAcMBVRleGFzMQ4wDAYDVQQK +DAVUZXhhczEOMAwGA1UECwwFVGV4YXMxGDAWBgNVBAMMD1RleGFzIENlcnRpZmlj +YXRlMB4XDTE3MDUyNjE3MjY0MloXDTI3MDUyNDE3MjY0MlowgYgxCzAJBgNVBAYT +AlNFMQ4wDAYDVQQIDAVUZXhhczEOMAwGA1UEBwwFVGV4YXMxDjAMBgNVBAoMBVRl +eGFzMQ4wDAYDVQQLDAVUZXhhczEYMBYGA1UEAwwPVGV4YXMgQ2VydGlmaWNhdGUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZ9Z3Z9Z3Z9Z3Z9Z3Z9Z3 +-----END SIGNED MESSAGE-----`), + want: signatureTypeX509, + }, { name: "unknown signature format", b: []byte(`-----BEGIN ARBITRARY SIGNATURE----- -- cgit