From 8c4373c533dfa2d9ec74ec042a12811a75c205de Mon Sep 17 00:00:00 2001
From: asraa <asraa@google.com>
Date: Fri, 22 Jul 2022 10:33:48 -0500
Subject: [PATCH] fix: remove signing certificate output (#160)

* remove signing certificate output

Signed-off-by: Asra Ali <asraa@google.com>
---
 README.md    |  9 +--------
 main.go      | 10 +++-------
 pkg/rekor.go |  3 +++
 3 files changed, 7 insertions(+), 15 deletions(-)

diff --git a/README.md b/README.md
index 6cb848861..833973d9a 100644
--- a/README.md
+++ b/README.md
@@ -78,14 +78,7 @@ $ go run . --help
 ```bash
 $ go run . -artifact-path ~/Downloads/slsa-verifier-linux-amd64 -provenance ~/Downloads/slsa-verifier-linux-amd64.intoto.jsonl -source github.com/slsa-framework/slsa-verifier -tag v1.1.1
 Verified signature against tlog entry index 2727751 at URL: https://rekor.sigstore.dev/api/v1/log/entries/8f3d898ef17d9c4c028fe3da09fb786c900bf786361e75432f325b4848fdba24
-Signing certificate information:
- {
-	"caller": "slsa-framework/slsa-verifier",
-	"commit": "5875b0a74f4c04e1f123a3ad81d6c7c5a86860ce",
-	"job_workflow_ref": "/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.1.1",
-	"trigger": "push",
-	"issuer": "https://token.actions.githubusercontent.com"
-}
+Verified build using builder https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@refs/tags/v1.1.0 at commit 76a59d8413f27259b97298da91bbb6511fc775d1
 PASSED: Verified SLSA provenance
 ```
 
diff --git a/main.go b/main.go
index 0457b3670..db85ec7ca 100644
--- a/main.go
+++ b/main.go
@@ -5,7 +5,6 @@ import (
 	"crypto/sha256"
 	"encoding/base64"
 	"encoding/hex"
-	"encoding/json"
 	"flag"
 	"fmt"
 	"io"
@@ -48,12 +47,6 @@ func verify(ctx context.Context,
 		return nil, err
 	}
 
-	b, err := json.MarshalIndent(workflowInfo, "", "\t")
-	if err != nil {
-		return nil, err
-	}
-	fmt.Fprintf(os.Stderr, "Signing certificate information:\n %s\n", b)
-
 	// Verify the workflow identity.
 	if err := pkg.VerifyWorkflowIdentity(workflowInfo, source); err != nil {
 		return nil, err
@@ -65,6 +58,9 @@ func verify(ctx context.Context,
 		return nil, err
 	}
 
+	fmt.Fprintf(os.Stderr, "Verified build using builder https://github.com%s at commit %s\n",
+		workflowInfo.JobWobWorkflowRef,
+		workflowInfo.CallerHash)
 	// Return verified provenance.
 	return base64.StdEncoding.DecodeString(env.Payload)
 }
diff --git a/pkg/rekor.go b/pkg/rekor.go
index ccb508622..fce42dc95 100644
--- a/pkg/rekor.go
+++ b/pkg/rekor.go
@@ -244,6 +244,9 @@ func extractCert(e *models.LogEntryAnon) (*x509.Certificate, error) {
 }
 
 func intotoEntry(certPem []byte, provenance []byte) (*intotod.V001Entry, error) {
+	if len(certPem) == 0 {
+		return nil, fmt.Errorf("no signing certificate found in intoto envelope")
+	}
 	cert := strfmt.Base64(certPem)
 	return &intotod.V001Entry{
 		IntotoObj: models.IntotoV001Schema{