move verify-blob function to "pkg/cosign" to be consistent with verify

cmd/cosign/cli/options/verify.go

@@ -109,14 +109,15 @@ func (o *VerifyAttestationOptions) AddFlags(cmd *cobra.Command) {
 
 // VerifyBlobOptions is the top level wrapper for the `verify blob` command.
 type VerifyBlobOptions struct {
-	Key        string
-	Signature  string
-	BundlePath string
+	Key          string
+	SignatureRef string
+	BundlePath   string
 
-	SecurityKey SecurityKeyOptions
-	CertVerify  CertVerifyOptions
-	Rekor       RekorOptions
-	Registry    RegistryOptions
+	SecurityKey     SecurityKeyOptions
+	CertVerify      CertVerifyOptions
+	Rekor           RekorOptions
+	Registry        RegistryOptions
+	SignatureDigest SignatureDigestOptions
 }
 
 var _ Interface = (*VerifyBlobOptions)(nil)
@@ -127,11 +128,12 @@ func (o *VerifyBlobOptions) AddFlags(cmd *cobra.Command) {
 	o.Rekor.AddFlags(cmd)
 	o.CertVerify.AddFlags(cmd)
 	o.Registry.AddFlags(cmd)
+	o.SignatureDigest.AddFlags(cmd)
 
 	cmd.Flags().StringVar(&o.Key, "key", "",
 		"path to the public key file, KMS URI or Kubernetes Secret")
 
-	cmd.Flags().StringVar(&o.Signature, "signature", "",
+	cmd.Flags().StringVar(&o.SignatureRef, "signature", "",
 		"signature content or path or remote URL")
 
 	cmd.Flags().StringVar(&o.BundlePath, "bundle", "",

cmd/cosign/cli/verify.go

@@ -16,8 +16,6 @@
 package cli
 
 import (
-	"fmt"
-
 	"github.com/spf13/cobra"
 
 	"github.com/sigstore/cosign/cmd/cosign/cli/options"
@@ -259,21 +257,31 @@ The blob may be specified as a path to a file or - for stdin.`,
 
 		Args: cobra.ExactArgs(1),
 		RunE: func(cmd *cobra.Command, args []string) error {
-			ko := options.KeyOpts{
-				KeyRef:     o.Key,
-				Sk:         o.SecurityKey.Use,
-				Slot:       o.SecurityKey.Slot,
-				RekorURL:   o.Rekor.URL,
-				BundlePath: o.BundlePath,
+			hashAlgorithm, err := o.SignatureDigest.HashAlgorithm()
+			if err != nil {
+				return err
 			}
-			if err := verify.VerifyBlobCmd(cmd.Context(), ko, o.CertVerify.Cert,
-				o.CertVerify.CertEmail, o.CertVerify.CertOidcIssuer, o.CertVerify.CertChain,
-				o.Signature, args[0], o.CertVerify.CertGithubWorkflowTrigger, o.CertVerify.CertGithubWorkflowSha,
-				o.CertVerify.CertGithubWorkflowName, o.CertVerify.CertGithubWorkflowRepository, o.CertVerify.CertGithubWorkflowRef,
-				o.CertVerify.EnforceSCT); err != nil {
-				return fmt.Errorf("verifying blob %s: %w", args, err)
+			v := verify.VerifyBlobCommand{
+				KeyRef:                       o.Key,
+				CertRef:                      o.CertVerify.Cert,
+				CertEmail:                    o.CertVerify.CertEmail,
+				CertOidcIssuer:               o.CertVerify.CertOidcIssuer,
+				CertGithubWorkflowTrigger:    o.CertVerify.CertGithubWorkflowTrigger,
+				CertGithubWorkflowSha:        o.CertVerify.CertGithubWorkflowSha,
+				CertGithubWorkflowName:       o.CertVerify.CertGithubWorkflowName,
+				CertGithubWorkflowRepository: o.CertVerify.CertGithubWorkflowRepository,
+				CertGithubWorkflowRef:        o.CertVerify.CertGithubWorkflowRef,
+				CertChain:                    o.CertVerify.CertChain,
+				EnforceSCT:                   o.CertVerify.EnforceSCT,
+				Sk:                           o.SecurityKey.Use,
+				Slot:                         o.SecurityKey.Slot,
+				RekorURL:                     o.Rekor.URL,
+				HashAlgorithm:                hashAlgorithm,
+				BundlePath:                   o.BundlePath,
+				SignatureRef:                 o.SignatureRef,
 			}
-			return nil
+
+			return v.Exec(cmd.Context(), args)
 		},
 	}