From 191e6297d6511ab3ddfe969368545dfd32344999 Mon Sep 17 00:00:00 2001
From: Carlos Alexandro Becker <caarlos0@gmail.com>
Date: Sat, 11 Sep 2021 13:49:25 -0300
Subject: [PATCH] feat: allow to verify-blob from urls

Signed-off-by: Carlos Alexandro Becker <caarlos0@gmail.com>
---
 cmd/cosign/cli/verify_blob.go | 29 +++++++++++------------------
 1 file changed, 11 insertions(+), 18 deletions(-)

diff --git a/cmd/cosign/cli/verify_blob.go b/cmd/cosign/cli/verify_blob.go
index 36bc812d6f0..9ed1cd8026c 100644
--- a/cmd/cosign/cli/verify_blob.go
+++ b/cmd/cosign/cli/verify_blob.go
@@ -27,7 +27,6 @@ import (
 	"fmt"
 	"io/ioutil"
 	"os"
-	"path/filepath"
 
 	"github.com/peterbourgon/ff/v3/ffcli"
 	"github.com/pkg/errors"
@@ -161,32 +160,26 @@ func VerifyBlobCmd(ctx context.Context, ko KeyOpts, certRef, sigRef, blobRef str
 	}
 
 	var b64sig string
-	// This can be the base64-encoded bytes or a path to the signature
-	if _, err = os.Stat(sigRef); err != nil {
-		if os.IsNotExist(err) {
-			b64sig = sigRef
-		} else {
-			return err
-		}
-	} else {
-		targetSig, err := loadFileOrURL(sigRef)
-		if err != nil {
+	targetSig, err := loadFileOrURL(sigRef)
+	if err != nil {
+		if !os.IsNotExist(err) {
+			// ignore if file does not exist, it can be a base64 encoded string as well
 			return err
 		}
+		targetSig = []byte(sigRef)
+	}
 
-		if isb64(targetSig) {
-			b64sig = string(targetSig)
-		} else {
-			b64sig = base64.StdEncoding.EncodeToString(targetSig)
-		}
-
+	if isb64(targetSig) {
+		b64sig = string(targetSig)
+	} else {
+		b64sig = base64.StdEncoding.EncodeToString(targetSig)
 	}
 
 	var blobBytes []byte
 	if blobRef == "-" {
 		blobBytes, err = ioutil.ReadAll(os.Stdin)
 	} else {
-		blobBytes, err = ioutil.ReadFile(filepath.Clean(blobRef))
+		blobBytes, err = loadFileOrURL(blobRef)
 	}
 	if err != nil {
 		return err