sigstore
diff --git a/‎pkg/types/alpine/alpine_test.go
+1-1 b/‎pkg/types/alpine/alpine_test.go
+1-1
diff --git a/‎pkg/types/alpine/v0.0.1/entry.go
+6-2 b/‎pkg/types/alpine/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/alpine/v0.0.1/entry_test.go
+3-3 b/‎pkg/types/alpine/v0.0.1/entry_test.go
+3-3
diff --git a/‎pkg/types/cose/cose_test.go
+1-1 b/‎pkg/types/cose/cose_test.go
+1-1
diff --git a/‎pkg/types/cose/v0.0.1/entry.go
+6-2 b/‎pkg/types/cose/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/cose/v0.0.1/entry_test.go
+4-4 b/‎pkg/types/cose/v0.0.1/entry_test.go
+4-4
diff --git a/‎pkg/types/dsse/dsse_test.go
+1-1 b/‎pkg/types/dsse/dsse_test.go
+1-1
diff --git a/‎pkg/types/dsse/v0.0.1/entry.go
+10-3 b/‎pkg/types/dsse/v0.0.1/entry.go
+10-3
diff --git a/‎pkg/types/entries.go
+1-1 b/‎pkg/types/entries.go
+1-1
diff --git a/‎pkg/types/hashedrekord/hashedrekord_test.go
+1-1 b/‎pkg/types/hashedrekord/hashedrekord_test.go
+1-1
diff --git a/‎pkg/types/hashedrekord/v0.0.1/entry.go
+6-2 b/‎pkg/types/hashedrekord/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/hashedrekord/v0.0.1/entry_test.go
+3-3 b/‎pkg/types/hashedrekord/v0.0.1/entry_test.go
+3-3
diff --git a/‎pkg/types/helm/helm_test.go
+1-1 b/‎pkg/types/helm/helm_test.go
+1-1
diff --git a/‎pkg/types/helm/v0.0.1/entry.go
+6-2 b/‎pkg/types/helm/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/helm/v0.0.1/entry_test.go
+3-3 b/‎pkg/types/helm/v0.0.1/entry_test.go
+3-3
diff --git a/‎pkg/types/intoto/intoto_test.go
+1-1 b/‎pkg/types/intoto/intoto_test.go
+1-1
diff --git a/‎pkg/types/intoto/v0.0.1/entry.go
+6-2 b/‎pkg/types/intoto/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/intoto/v0.0.1/entry_test.go
+3-3 b/‎pkg/types/intoto/v0.0.1/entry_test.go
+3-3
diff --git a/‎pkg/types/intoto/v0.0.2/entry.go
+10-2 b/‎pkg/types/intoto/v0.0.2/entry.go
+10-2
diff --git a/‎pkg/types/intoto/v0.0.2/entry_test.go
+3-3 b/‎pkg/types/intoto/v0.0.2/entry_test.go
+3-3
diff --git a/‎pkg/types/jar/jar_test.go
+1-1 b/‎pkg/types/jar/jar_test.go
+1-1
diff --git a/‎pkg/types/jar/v0.0.1/entry.go
+6-2 b/‎pkg/types/jar/v0.0.1/entry.go
+6-2
diff --git a/‎pkg/types/jar/v0.0.1/entry_test.go
+3-3 b/‎pkg/types/jar/v0.0.1/entry_test.go
+3-3
@@ -43,7 +43,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -351,11 +351,15 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.AlpineModel.PublicKey == nil || v.AlpineModel.PublicKey.Content == nil {
 		return nil, errors.New("alpine v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(*v.AlpineModel.PublicKey.Content))
+	key, err := x509.NewPublicKey(bytes.NewReader(*v.AlpineModel.PublicKey.Content))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -179,19 +179,19 @@ func TestCrossFieldValidation(t *testing.T) {
 			}
 		}
 
-		verifier, err := v.Verifier()
+		verifiers, err := v.Verifiers()
 		if tc.expectedVerifierSuccess {
 			if err != nil {
 				t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)
 			} else {
-				pub, _ := verifier.CanonicalValue()
+				pub, _ := verifiers[0].CanonicalValue()
 				if !reflect.DeepEqual(pub, keyBytes) {
 					t.Errorf("%v: verifier and public keys do not match: %v, %v", tc.caseDesc, string(pub), string(keyBytes))
 				}
 			}
 		} else {
 			if err == nil {
-				s, _ := verifier.CanonicalValue()
+				s, _ := verifiers[0].CanonicalValue()
 				t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)
 			}
 		}
 
@@ -44,7 +44,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -348,11 +348,15 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.CoseObj.PublicKey == nil {
 		return nil, errors.New("cose v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))
+	key, err := x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -278,10 +278,10 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 				}
 			}
 
-			verifier, err := v.Verifier()
+			verifiers, err := v.Verifiers()
 			if !tt.wantVerifierErr {
 				if err != nil {
-					s, _ := verifier.CanonicalValue()
+					s, _ := verifiers[0].CanonicalValue()
 					t.Errorf("%v: unexpected error for %v, got %v", tt.name, string(s), err)
 				}
 
@@ -305,12 +305,12 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 					}
 				}
 
-				pubV, _ := verifier.CanonicalValue()
+				pubV, _ := verifiers[0].CanonicalValue()
 				if !reflect.DeepEqual(pubV, pub) && !reflect.DeepEqual(pubV, pemBytes) {
 					t.Errorf("verifier and public keys do not match: %v, %v", string(pubV), string(pub))
 				}
 			} else if err == nil {
-				s, _ := verifier.CanonicalValue()
+				s, _ := verifiers[0].CanonicalValue()
 				t.Errorf("%v: expected error for %v, got %v", tt.name, string(s), err)
 			}
 		})
 
@@ -44,7 +44,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -403,13 +403,20 @@ func verifyEnvelope(allPubKeyBytes [][]byte, env *dsse.Envelope) (map[string]*x5
 	return verifierBySig, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if len(v.DSSEObj.Signatures) == 0 {
 		return nil, errors.New("dsse v0.0.1 entry not initialized")
 	}
 
-	//TODO: return multiple pki.PublicKeys; sigstore/rekor issue #1278
-	return x509.NewPublicKey(bytes.NewReader(*v.DSSEObj.Signatures[0].Verifier))
+	var keys []pki.PublicKey
+	for _, s := range v.DSSEObj.Signatures {
+		key, err := x509.NewPublicKey(bytes.NewReader(*s.Verifier))
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, key)
+	}
+	return keys, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -37,7 +37,7 @@ type EntryImpl interface {
 	Canonicalize(ctx context.Context) ([]byte, error) // marshal the canonical entry to be put into the tlog
 	Unmarshal(e models.ProposedEntry) error           // unmarshal the abstract entry into the specific struct for this versioned type
 	CreateFromArtifactProperties(context.Context, ArtifactProperties) (models.ProposedEntry, error)
-	Verifier() (pki.PublicKey, error)
+	Verifiers() ([]pki.PublicKey, error)
 	Insertable() (bool, error) // denotes whether the entry that was unmarshalled has the writeOnly fields required to validate and insert into the log
 }
 
 
@@ -43,7 +43,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -246,11 +246,15 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.HashedRekordObj.Signature == nil || v.HashedRekordObj.Signature.PublicKey == nil || v.HashedRekordObj.Signature.PublicKey.Content == nil {
 		return nil, errors.New("hashedrekord v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
+	key, err := x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -315,20 +315,20 @@ func TestCrossFieldValidation(t *testing.T) {
 			}
 		}
 
-		verifier, err := v.Verifier()
+		verifiers, err := v.Verifiers()
 		if tc.expectedVerifierSuccess {
 			if err != nil {
 				t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)
 			} else {
-				pub, _ := verifier.CanonicalValue()
+				pub, _ := verifiers[0].CanonicalValue()
 				// invalidKeyBytes is a valid ed25519 key
 				if !reflect.DeepEqual(pub, keyBytes) && !reflect.DeepEqual(pub, invalidKeyBytes) {
 					t.Errorf("verifier and public keys do not match: %v, %v", string(pub), string(keyBytes))
 				}
 			}
 		} else {
 			if err == nil {
-				s, _ := verifier.CanonicalValue()
+				s, _ := verifiers[0].CanonicalValue()
 				t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)
 			}
 		}
 
@@ -43,7 +43,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -349,11 +349,15 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.HelmObj.PublicKey == nil || v.HelmObj.PublicKey.Content == nil {
 		return nil, errors.New("helm v0.0.1 entry not initialized")
 	}
-	return pgp.NewPublicKey(bytes.NewReader(*v.HelmObj.PublicKey.Content))
+	key, err := pgp.NewPublicKey(bytes.NewReader(*v.HelmObj.PublicKey.Content))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -211,20 +211,20 @@ func TestCrossFieldValidation(t *testing.T) {
 				}
 			}
 
-			verifier, err := v.Verifier()
+			verifiers, err := v.Verifiers()
 			if tc.expectedVerifierSuccess {
 				if err != nil {
 					t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)
 				} else {
 					// TODO: Improve this test once CanonicalValue returns same result as input for PGP keys
-					_, err := verifier.CanonicalValue()
+					_, err := verifiers[0].CanonicalValue()
 					if err != nil {
 						t.Errorf("%v: unexpected error getting canonical value, got %v", tc.caseDesc, err)
 					}
 				}
 			} else {
 				if err == nil {
-					s, _ := verifier.CanonicalValue()
+					s, _ := verifiers[0].CanonicalValue()
 					t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)
 				}
 			}
 
@@ -43,7 +43,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -353,11 +353,15 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.IntotoObj.PublicKey == nil {
 		return nil, errors.New("intoto v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.PublicKey))
+	key, err := x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.PublicKey))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -336,19 +336,19 @@ func TestV001Entry_Unmarshal(t *testing.T) {
 					t.Errorf("index keys from hydrated object do not match those generated from canonicalized (and re-hydrated) object: %v %v", got, canonicalIndexKeys)
 				}
 
-				verifier, err := v.Verifier()
+				verifiers, err := v.Verifiers()
 				if !tt.wantVerifierErr {
 					if err != nil {
 						t.Errorf("%v: unexpected error, got %v", tt.name, err)
 					} else {
-						pubV, _ := verifier.CanonicalValue()
+						pubV, _ := verifiers[0].CanonicalValue()
 						if !reflect.DeepEqual(pubV, pub) && !reflect.DeepEqual(pubV, pemBytes) {
 							t.Errorf("verifier and public keys do not match: %v, %v", string(pubV), string(pub))
 						}
 					}
 				} else {
 					if err == nil {
-						s, _ := verifier.CanonicalValue()
+						s, _ := verifiers[0].CanonicalValue()
 						t.Errorf("%v: expected error for %v, got %v", tt.name, string(s), err)
 					}
 				}
 
@@ -457,7 +457,7 @@ func verifyEnvelope(allPubKeyBytes [][]byte, env *dsse.Envelope) (map[string]*x5
 	return verifierBySig, nil
 }
 
-func (v V002Entry) Verifier() (pki.PublicKey, error) {
+func (v V002Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.IntotoObj.Content == nil || v.IntotoObj.Content.Envelope == nil {
 		return nil, errors.New("intoto v0.0.2 entry not initialized")
 	}
@@ -467,7 +467,15 @@ func (v V002Entry) Verifier() (pki.PublicKey, error) {
 		return nil, errors.New("no signatures found on intoto entry")
 	}
 
-	return x509.NewPublicKey(bytes.NewReader(*v.IntotoObj.Content.Envelope.Signatures[0].PublicKey))
+	var keys []pki.PublicKey
+	for _, s := range v.IntotoObj.Content.Envelope.Signatures {
+		key, err := x509.NewPublicKey(bytes.NewReader(*s.PublicKey))
+		if err != nil {
+			return nil, err
+		}
+		keys = append(keys, key)
+	}
+	return keys, nil
 }
 
 func (v V002Entry) Insertable() (bool, error) {
 
@@ -377,19 +377,19 @@ func TestV002Entry_Unmarshal(t *testing.T) {
 					t.Errorf("index keys from hydrated object do not match those generated from canonicalized (and re-hydrated) object: %v %v", got, canonicalIndexKeys)
 				}
 
-				verifier, err := v.Verifier()
+				verifiers, err := v.Verifiers()
 				if !tt.wantVerifierErr {
 					if err != nil {
 						t.Errorf("%v: unexpected error, got %v", tt.name, err)
 					} else {
-						pubV, _ := verifier.CanonicalValue()
+						pubV, _ := verifiers[0].CanonicalValue()
 						if !reflect.DeepEqual(pubV, pub) && !reflect.DeepEqual(pubV, pemBytes) {
 							t.Errorf("verifier and public keys do not match: %v, %v", string(pubV), string(pub))
 						}
 					}
 				} else {
 					if err == nil {
-						s, _ := verifier.CanonicalValue()
+						s, _ := verifiers[0].CanonicalValue()
 						t.Errorf("%v: expected error for %v, got %v", tt.name, string(s), err)
 					}
 				}
 
@@ -42,7 +42,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {
 	return errors.New("error")
 }
 
-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {
+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {
 	return nil, nil
 }
 
 
@@ -338,11 +338,15 @@ func (v *V001Entry) CreateFromArtifactProperties(ctx context.Context, props type
 	return &returnVal, nil
 }
 
-func (v V001Entry) Verifier() (pki.PublicKey, error) {
+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {
 	if v.JARModel.Signature == nil || v.JARModel.Signature.PublicKey == nil || v.JARModel.Signature.PublicKey.Content == nil {
 		return nil, errors.New("jar v0.0.1 entry not initialized")
 	}
-	return x509.NewPublicKey(bytes.NewReader(*v.JARModel.Signature.PublicKey.Content))
+	key, err := x509.NewPublicKey(bytes.NewReader(*v.JARModel.Signature.PublicKey.Content))
+	if err != nil {
+		return nil, err
+	}
+	return []pki.PublicKey{key}, nil
 }
 
 func (v V001Entry) Insertable() (bool, error) {
 
@@ -142,19 +142,19 @@ Hr/+CxFvaJWmpYqNkLDGRU+9orzh5hI2RrcuaQ==
 			}
 		}
 
-		verifier, err := v.Verifier()
+		verifiers, err := v.Verifiers()
 		if tc.expectedVerifierSuccess {
 			if err != nil {
 				t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)
 			} else {
-				pub, _ := verifier.CanonicalValue()
+				pub, _ := verifiers[0].CanonicalValue()
 				if !reflect.DeepEqual(pub, []byte(certificate)) {
 					t.Errorf("verifier and public keys do not match: %v, %v", string(pub), certificate)
 				}
 			}
 		} else {
 			if err == nil {
-				s, _ := verifier.CanonicalValue()
+				s, _ := verifiers[0].CanonicalValue()
 				t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)
 			}
 		}
Original file line number	Diff line number	Diff line change
`@@ -43,7 +43,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {`
`43`	`43`	`return errors.New("error")`
`44`	`44`	`}`
`45`	`45`
`46`		`-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {`
	`46`	`+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {`
`47`	`47`	`return nil, nil`
`48`	`48`	`}`
`49`	`49`
Original file line number	Diff line number	Diff line change
`@@ -351,11 +351,15 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types`
`351`	`351`	`return &returnVal, nil`
`352`	`352`	`}`
`353`	`353`
`354`		`-func (v V001Entry) Verifier() (pki.PublicKey, error) {`
	`354`	`+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {`
`355`	`355`	`if v.AlpineModel.PublicKey == nil \|\| v.AlpineModel.PublicKey.Content == nil {`
`356`	`356`	`return nil, errors.New("alpine v0.0.1 entry not initialized")`
`357`	`357`	`}`
`358`		`- return x509.NewPublicKey(bytes.NewReader(*v.AlpineModel.PublicKey.Content))`
	`358`	`+ key, err := x509.NewPublicKey(bytes.NewReader(*v.AlpineModel.PublicKey.Content))`
	`359`	`+ if err != nil {`
	`360`	`+ return nil, err`
	`361`	`+ }`
	`362`	`+ return []pki.PublicKey{key}, nil`
`359`	`363`	`}`
`360`	`364`
`361`	`365`	`func (v V001Entry) Insertable() (bool, error) {`
Original file line number	Diff line number	Diff line change
`@@ -179,19 +179,19 @@ func TestCrossFieldValidation(t *testing.T) {`
`179`	`179`	`}`
`180`	`180`	`}`
`181`	`181`
`182`		`- verifier, err := v.Verifier()`
	`182`	`+ verifiers, err := v.Verifiers()`
`183`	`183`	`if tc.expectedVerifierSuccess {`
`184`	`184`	`if err != nil {`
`185`	`185`	`t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)`
`186`	`186`	`} else {`
`187`		`- pub, _ := verifier.CanonicalValue()`
	`187`	`+ pub, _ := verifiers[0].CanonicalValue()`
`188`	`188`	`if !reflect.DeepEqual(pub, keyBytes) {`
`189`	`189`	`t.Errorf("%v: verifier and public keys do not match: %v, %v", tc.caseDesc, string(pub), string(keyBytes))`
`190`	`190`	`}`
`191`	`191`	`}`
`192`	`192`	`} else {`
`193`	`193`	`if err == nil {`
`194`		`- s, _ := verifier.CanonicalValue()`
	`194`	`+ s, _ := verifiers[0].CanonicalValue()`
`195`	`195`	`t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)`
`196`	`196`	`}`
`197`	`197`	`}`
Original file line number	Diff line number	Diff line change
`@@ -44,7 +44,7 @@ func (u UnmarshalFailsTester) Unmarshal(_ models.ProposedEntry) error {`
`44`	`44`	`return errors.New("error")`
`45`	`45`	`}`
`46`	`46`
`47`		`-func (u UnmarshalFailsTester) Verifier() (pki.PublicKey, error) {`
	`47`	`+func (u UnmarshalFailsTester) Verifiers() ([]pki.PublicKey, error) {`
`48`	`48`	`return nil, nil`
`49`	`49`	`}`
`50`	`50`
Original file line number	Diff line number	Diff line change
`@@ -348,11 +348,15 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A`
`348`	`348`	`return &returnVal, nil`
`349`	`349`	`}`
`350`	`350`
`351`		`-func (v V001Entry) Verifier() (pki.PublicKey, error) {`
	`351`	`+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {`
`352`	`352`	`if v.CoseObj.PublicKey == nil {`
`353`	`353`	`return nil, errors.New("cose v0.0.1 entry not initialized")`
`354`	`354`	`}`
`355`		`- return x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))`
	`355`	`+ key, err := x509.NewPublicKey(bytes.NewReader(*v.CoseObj.PublicKey))`
	`356`	`+ if err != nil {`
	`357`	`+ return nil, err`
	`358`	`+ }`
	`359`	`+ return []pki.PublicKey{key}, nil`
`356`	`360`	`}`
`357`	`361`
`358`	`362`	`func (v V001Entry) Insertable() (bool, error) {`
Original file line number	Diff line number	Diff line change
`@@ -278,10 +278,10 @@ func TestV001Entry_Unmarshal(t *testing.T) {`
`278`	`278`	`}`
`279`	`279`	`}`
`280`	`280`
`281`		`- verifier, err := v.Verifier()`
	`281`	`+ verifiers, err := v.Verifiers()`
`282`	`282`	`if !tt.wantVerifierErr {`
`283`	`283`	`if err != nil {`
`284`		`- s, _ := verifier.CanonicalValue()`
	`284`	`+ s, _ := verifiers[0].CanonicalValue()`
`285`	`285`	`t.Errorf("%v: unexpected error for %v, got %v", tt.name, string(s), err)`
`286`	`286`	`}`
`287`	`287`
`@@ -305,12 +305,12 @@ func TestV001Entry_Unmarshal(t *testing.T) {`
`305`	`305`	`}`
`306`	`306`	`}`
`307`	`307`
`308`		`- pubV, _ := verifier.CanonicalValue()`
	`308`	`+ pubV, _ := verifiers[0].CanonicalValue()`
`309`	`309`	`if !reflect.DeepEqual(pubV, pub) && !reflect.DeepEqual(pubV, pemBytes) {`
`310`	`310`	`t.Errorf("verifier and public keys do not match: %v, %v", string(pubV), string(pub))`
`311`	`311`	`}`
`312`	`312`	`} else if err == nil {`
`313`		`- s, _ := verifier.CanonicalValue()`
	`313`	`+ s, _ := verifiers[0].CanonicalValue()`
`314`	`314`	`t.Errorf("%v: expected error for %v, got %v", tt.name, string(s), err)`
`315`	`315`	`}`
`316`	`316`	`})`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ type EntryImpl interface {`
`37`	`37`	`Canonicalize(ctx context.Context) ([]byte, error) // marshal the canonical entry to be put into the tlog`
`38`	`38`	`Unmarshal(e models.ProposedEntry) error // unmarshal the abstract entry into the specific struct for this versioned type`
`39`	`39`	`CreateFromArtifactProperties(context.Context, ArtifactProperties) (models.ProposedEntry, error)`
`40`		`- Verifier() (pki.PublicKey, error)`
	`40`	`+ Verifiers() ([]pki.PublicKey, error)`
`41`	`41`	`Insertable() (bool, error) // denotes whether the entry that was unmarshalled has the writeOnly fields required to validate and insert into the log`
`42`	`42`	`}`
`43`	`43`
Original file line number	Diff line number	Diff line change
`@@ -246,11 +246,15 @@ func (v V001Entry) CreateFromArtifactProperties(_ context.Context, props types.A`
`246`	`246`	`return &returnVal, nil`
`247`	`247`	`}`
`248`	`248`
`249`		`-func (v V001Entry) Verifier() (pki.PublicKey, error) {`
	`249`	`+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {`
`250`	`250`	`if v.HashedRekordObj.Signature == nil \|\| v.HashedRekordObj.Signature.PublicKey == nil \|\| v.HashedRekordObj.Signature.PublicKey.Content == nil {`
`251`	`251`	`return nil, errors.New("hashedrekord v0.0.1 entry not initialized")`
`252`	`252`	`}`
`253`		`- return x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))`
	`253`	`+ key, err := x509.NewPublicKey(bytes.NewReader(v.HashedRekordObj.Signature.PublicKey.Content))`
	`254`	`+ if err != nil {`
	`255`	`+ return nil, err`
	`256`	`+ }`
	`257`	`+ return []pki.PublicKey{key}, nil`
`254`	`258`	`}`
`255`	`259`
`256`	`260`	`func (v V001Entry) Insertable() (bool, error) {`
Original file line number	Diff line number	Diff line change
`@@ -315,20 +315,20 @@ func TestCrossFieldValidation(t *testing.T) {`
`315`	`315`	`}`
`316`	`316`	`}`
`317`	`317`
`318`		`- verifier, err := v.Verifier()`
	`318`	`+ verifiers, err := v.Verifiers()`
`319`	`319`	`if tc.expectedVerifierSuccess {`
`320`	`320`	`if err != nil {`
`321`	`321`	`t.Errorf("%v: unexpected error, got %v", tc.caseDesc, err)`
`322`	`322`	`} else {`
`323`		`- pub, _ := verifier.CanonicalValue()`
	`323`	`+ pub, _ := verifiers[0].CanonicalValue()`
`324`	`324`	`// invalidKeyBytes is a valid ed25519 key`
`325`	`325`	`if !reflect.DeepEqual(pub, keyBytes) && !reflect.DeepEqual(pub, invalidKeyBytes) {`
`326`	`326`	`t.Errorf("verifier and public keys do not match: %v, %v", string(pub), string(keyBytes))`
`327`	`327`	`}`
`328`	`328`	`}`
`329`	`329`	`} else {`
`330`	`330`	`if err == nil {`
`331`		`- s, _ := verifier.CanonicalValue()`
	`331`	`+ s, _ := verifiers[0].CanonicalValue()`
`332`	`332`	`t.Errorf("%v: expected error for %v, got %v", tc.caseDesc, string(s), err)`
`333`	`333`	`}`
`334`	`334`	`}`
Original file line number	Diff line number	Diff line change
`@@ -349,11 +349,15 @@ func (v V001Entry) CreateFromArtifactProperties(ctx context.Context, props types`
`349`	`349`	`return &returnVal, nil`
`350`	`350`	`}`
`351`	`351`
`352`		`-func (v V001Entry) Verifier() (pki.PublicKey, error) {`
	`352`	`+func (v V001Entry) Verifiers() ([]pki.PublicKey, error) {`
`353`	`353`	`if v.HelmObj.PublicKey == nil \|\| v.HelmObj.PublicKey.Content == nil {`
`354`	`354`	`return nil, errors.New("helm v0.0.1 entry not initialized")`
`355`	`355`	`}`
`356`		`- return pgp.NewPublicKey(bytes.NewReader(*v.HelmObj.PublicKey.Content))`
	`356`	`+ key, err := pgp.NewPublicKey(bytes.NewReader(*v.HelmObj.PublicKey.Content))`
	`357`	`+ if err != nil {`
	`358`	`+ return nil, err`
	`359`	`+ }`
	`360`	`+ return []pki.PublicKey{key}, nil`
`357`	`361`	`}`
`358`	`362`
`359`	`363`	`func (v V001Entry) Insertable() (bool, error) {`