From a675a5b3bba0849e81e1f176c8d67b03c9b8667a Mon Sep 17 00:00:00 2001
From: Asra Ali <asraa@google.com>
Date: Tue, 26 Apr 2022 12:37:22 -0500
Subject: [PATCH 1/3] add rekor index on materials

Signed-off-by: Asra Ali <asraa@google.com>
---
 pkg/types/intoto/v0.0.1/entry.go      | 20 ++++++++++++++++++++
 pkg/types/intoto/v0.0.1/entry_test.go | 17 +++++++++++++++++
 2 files changed, 37 insertions(+)

diff --git a/pkg/types/intoto/v0.0.1/entry.go b/pkg/types/intoto/v0.0.1/entry.go
index 8268427ca..82842c155 100644
--- a/pkg/types/intoto/v0.0.1/entry.go
+++ b/pkg/types/intoto/v0.0.1/entry.go
@@ -92,6 +92,14 @@ func (v V001Entry) IndexKeys() ([]string, error) {
 				result = append(result, alg+":"+ds)
 			}
 		}
+		predicate, err := parseSlsaPredicate(v.env.Payload)
+		if err == nil {
+			for _, s := range predicate.Predicate.Materials {
+				for alg, ds := range s.Digest {
+					result = append(result, alg+":"+ds)
+				}
+			}
+		}
 	default:
 		log.Logger.Infof("Unknown in_toto Statement Type: %s", v.env.PayloadType)
 	}
@@ -110,6 +118,18 @@ func parseStatement(p string) (*in_toto.Statement, error) {
 	return &ps, nil
 }
 
+func parseSlsaPredicate(p string) (*in_toto.ProvenanceStatement, error) {
+	predicate := in_toto.ProvenanceStatement{}
+	payload, err := base64.StdEncoding.DecodeString(p)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(payload, &predicate); err != nil {
+		return nil, err
+	}
+	return &predicate, nil
+}
+
 func (v *V001Entry) Unmarshal(pe models.ProposedEntry) error {
 	it, ok := pe.(*models.Intoto)
 	if !ok {
diff --git a/pkg/types/intoto/v0.0.1/entry_test.go b/pkg/types/intoto/v0.0.1/entry_test.go
index a276151ed..b6b819300 100644
--- a/pkg/types/intoto/v0.0.1/entry_test.go
+++ b/pkg/types/intoto/v0.0.1/entry_test.go
@@ -37,6 +37,8 @@ import (
 	"github.com/go-openapi/swag"
 	"github.com/google/go-cmp/cmp"
 	"github.com/in-toto/in-toto-golang/in_toto"
+	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
+
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore/pkg/signature"
@@ -278,6 +280,21 @@ func TestV001Entry_IndexKeys(t *testing.T) {
 				Predicate: "hello",
 			},
 		},
+		{
+			name: "slsa",
+			want: []string{"sha256:bar", hashkey},
+			statement: in_toto.Statement{
+				Predicate: slsa.ProvenancePredicate{
+					Materials: []slsa.ProvenanceMaterial{
+						{
+							URI: "foo",
+							Digest: map[string]string{
+								"sha256": "bar",
+							}},
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {

From 47035c051d8f24b012a6f0bb3fa0c4f78f8402af Mon Sep 17 00:00:00 2001
From: Asra Ali <asraa@google.com>
Date: Tue, 26 Apr 2022 13:54:27 -0500
Subject: [PATCH 2/3] update

Signed-off-by: Asra Ali <asraa@google.com>
---
 pkg/types/intoto/v0.0.1/entry.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/pkg/types/intoto/v0.0.1/entry.go b/pkg/types/intoto/v0.0.1/entry.go
index 82842c155..4e0ea889f 100644
--- a/pkg/types/intoto/v0.0.1/entry.go
+++ b/pkg/types/intoto/v0.0.1/entry.go
@@ -92,11 +92,15 @@ func (v V001Entry) IndexKeys() ([]string, error) {
 				result = append(result, alg+":"+ds)
 			}
 		}
-		predicate, err := parseSlsaPredicate(v.env.Payload)
-		if err == nil {
-			for _, s := range predicate.Predicate.Materials {
-				for alg, ds := range s.Digest {
-					result = append(result, alg+":"+ds)
+		// Not all in-toto statements will contain a SLSA provenance predicate.
+		// See https://github.com/in-toto/attestation/blob/main/spec/README.md#predicate
+		// for other predicates.
+		if predicate, err := parseSlsaPredicate(v.env.Payload); err == nil {
+			if predicate.Predicate.Materials != nil {
+				for _, s := range predicate.Predicate.Materials {
+					for alg, ds := range s.Digest {
+						result = append(result, alg+":"+ds)
+					}
 				}
 			}
 		}

From 864c3d3deff3a1a5357b8e9d55924d67d7bf3e96 Mon Sep 17 00:00:00 2001
From: Asra Ali <asraa@google.com>
Date: Tue, 26 Apr 2022 13:55:04 -0500
Subject: [PATCH 3/3] update

Signed-off-by: Asra Ali <asraa@google.com>
---
 pkg/types/intoto/v0.0.1/entry_test.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/pkg/types/intoto/v0.0.1/entry_test.go b/pkg/types/intoto/v0.0.1/entry_test.go
index b6b819300..38734aa34 100644
--- a/pkg/types/intoto/v0.0.1/entry_test.go
+++ b/pkg/types/intoto/v0.0.1/entry_test.go
@@ -38,7 +38,6 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"github.com/in-toto/in-toto-golang/in_toto"
 	slsa "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2"
-
 	"github.com/secure-systems-lab/go-securesystemslib/dsse"
 	"github.com/sigstore/rekor/pkg/generated/models"
 	"github.com/sigstore/sigstore/pkg/signature"