fix compile errors

Signed-off-by: Meredith Lancaster <malancas@github.com>

go.mod

@@ -40,22 +40,22 @@ require (
 	sigs.k8s.io/release-utils v0.7.6
 )
 
-replace github.com/sigstore/sigstore => github.com/malancas/sigstore v0.0.0-20230919024336-d4939b3b993e
+replace github.com/sigstore/sigstore => github.com/malancas/sigstore v0.0.0-20231031155517-ba36e0d7114c
 
-replace github.com/sigstore/sigstore/pkg/signature/kms/aws => github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20230919024336-d4939b3b993e
+replace github.com/sigstore/sigstore/pkg/signature/kms/aws => github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20231031155517-ba36e0d7114c
 
-replace github.com/sigstore/sigstore/pkg/signature/kms/azure => github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20230919024336-d4939b3b993e
+replace github.com/sigstore/sigstore/pkg/signature/kms/azure => github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20231031155517-ba36e0d7114c
 
-replace github.com/sigstore/sigstore/pkg/signature/kms/gcp => github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20230919024336-d4939b3b993e
+replace github.com/sigstore/sigstore/pkg/signature/kms/gcp => github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20231031155517-ba36e0d7114c
 
-replace github.com/sigstore/sigstore/pkg/signature/kms/hashivault => github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20230919024336-d4939b3b993e
+replace github.com/sigstore/sigstore/pkg/signature/kms/hashivault => github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20231031155517-ba36e0d7114c
 
 require (
 	cloud.google.com/go v0.110.8 // indirect
 	cloud.google.com/go/compute v1.23.0 // indirect
 	cloud.google.com/go/compute/metadata v0.2.3 // indirect
 	cloud.google.com/go/iam v1.1.2 // indirect
-	cloud.google.com/go/kms v1.15.3 // indirect
+	cloud.google.com/go/kms v1.15.4 // indirect
 	cloud.google.com/go/longrunning v0.5.1 // indirect
 	filippo.io/edwards25519 v1.0.0 // indirect
 	github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0 // indirect
@@ -65,7 +65,7 @@ require (
 	github.com/Azure/azure-sdk-for-go/sdk/security/keyvault/internal v1.0.0 // indirect
 	github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
-	github.com/aws/aws-sdk-go v1.46.3 // indirect
+	github.com/aws/aws-sdk-go v1.46.7 // indirect
 	github.com/aws/aws-sdk-go-v2 v1.21.2 // indirect
 	github.com/aws/aws-sdk-go-v2/config v1.19.1 // indirect
 	github.com/aws/aws-sdk-go-v2/credentials v1.13.43 // indirect
@@ -134,11 +134,11 @@ require (
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sagikazarmark/locafero v0.3.0 // indirect
 	github.com/sagikazarmark/slog-shim v0.1.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
 	github.com/sourcegraph/conc v0.3.0 // indirect
 	github.com/spf13/afero v1.10.0 // indirect
 	github.com/spf13/cast v1.5.1 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
-	github.com/theupdateframework/go-tuf v0.5.2 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
 	go.mongodb.org/mongo-driver v1.11.3 // indirect

go.sum

@@ -33,8 +33,8 @@ cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7
 cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/iam v1.1.2 h1:gacbrBdWcoVmGLozRuStX45YKvJtzIjJdAolzUs1sm4=
 cloud.google.com/go/iam v1.1.2/go.mod h1:A5avdyVL2tCppe4unb0951eI9jreack+RJ0/d+KUZOU=
-cloud.google.com/go/kms v1.15.3 h1:RYsbxTRmk91ydKCzekI2YjryO4c5Y2M80Zwcs9/D/cI=
-cloud.google.com/go/kms v1.15.3/go.mod h1:AJdXqHxS2GlPyduM99s9iGqi2nwbviBbhV/hdmt4iOQ=
+cloud.google.com/go/kms v1.15.4 h1:gEZzC54ZBI+aeW8/jg9tgz9KR4Aa+WEDPbdGIV3iJ7A=
+cloud.google.com/go/kms v1.15.4/go.mod h1:L3Sdj6QTHK8dfwK5D1JLsAyELsNMnd3tAIwGS4ltKpc=
 cloud.google.com/go/longrunning v0.5.1 h1:Fr7TXftcqTudoyRJa113hyaqlGdiBQkp0Gq7tErFDWI=
 cloud.google.com/go/longrunning v0.5.1/go.mod h1:spvimkwdz6SPWKEt/XBij79E9fiTkHSQl/fRUUQJYJc=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
@@ -72,8 +72,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj
 github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
 github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
-github.com/aws/aws-sdk-go v1.46.3 h1:zcrCu14ANOji6m38bUTxYdPqne4EXIvJQ2KXZ5oi9k0=
-github.com/aws/aws-sdk-go v1.46.3/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
+github.com/aws/aws-sdk-go v1.46.7 h1:IjvAWeiJZlbETOemOwvheN5L17CvKvKW0T1xOC6d3Sc=
+github.com/aws/aws-sdk-go v1.46.7/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
 github.com/aws/aws-sdk-go-v2 v1.21.2 h1:+LXZ0sgo8quN9UOKXXzAWRT3FWd4NxeXWOZom9pE7GA=
 github.com/aws/aws-sdk-go-v2 v1.21.2/go.mod h1:ErQhvNuEMhJjweavOYhxVkn2RUx7kQXVATHrjKtxIpM=
 github.com/aws/aws-sdk-go-v2/config v1.19.1 h1:oe3vqcGftyk40icfLymhhhNysAwk0NfiwkDi2GTPMXs=
@@ -398,16 +398,16 @@ github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN
 github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
 github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
 github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/malancas/sigstore v0.0.0-20230919024336-d4939b3b993e h1:w6W4PtdiTTFK78jlu5c6jddEMBnlv9lDLLST9l1VH4E=
-github.com/malancas/sigstore v0.0.0-20230919024336-d4939b3b993e/go.mod h1:p9U+UbdICzTUcOzXf76yW9eVfcsltCJz2dns7W33yfM=
-github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20230919024336-d4939b3b993e h1:D5CX5aJr7oN+v2RMdTqBpk0+hiYAusRsb0rx95RA3Us=
-github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20230919024336-d4939b3b993e/go.mod h1:OLH55fLYuDRtYCZMyeN/rT9UzgcmHWd1Yo4flr6tOU0=
-github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20230919024336-d4939b3b993e h1:+6YcLScf3kCB4r7Nxr1kgtFWySluYNGw5y96kAtowD4=
-github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20230919024336-d4939b3b993e/go.mod h1:/UsuTJyJEbGtDjfFjP5a0oUskl96r8dFe4W8+FjJWnM=
-github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20230919024336-d4939b3b993e h1:+L4QH9UFPMuo1TDn7r1kRA+iwwB+1buu9nKNcFwZUDY=
-github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20230919024336-d4939b3b993e/go.mod h1:tKRTrc+5587Q2AMDAajDv1j5/1xvz3xajtqkDyLlYic=
-github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20230919024336-d4939b3b993e h1:WLFRUZvB0ySuA3Ojt1iWk+4Zz3Y5urYfHJ62YfqW6tc=
-github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20230919024336-d4939b3b993e/go.mod h1:R+gAZ3uUE3xZbmUHgL8BeAs9po1y4po6/PVwIprJU7A=
+github.com/malancas/sigstore v0.0.0-20231031155517-ba36e0d7114c h1:b2CpZnqe6n1R031ZanXjy2LXUA/4pMA6HJ27y3twyjg=
+github.com/malancas/sigstore v0.0.0-20231031155517-ba36e0d7114c/go.mod h1:9OCmYWhzuq/G4e1cy9m297tuMRJ1LExyrXY3ZC3Zt/s=
+github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20231031155517-ba36e0d7114c h1:OhMuTlILM7k1FcOLTkCTNwz77oAhqlWTCmJNr8jh3WU=
+github.com/malancas/sigstore/pkg/signature/kms/aws v0.0.0-20231031155517-ba36e0d7114c/go.mod h1:3pL9u1lz6w1ySi+aKBgsX1gJDyCUhK11LmetPHAUPGA=
+github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20231031155517-ba36e0d7114c h1:uekPewfrD3Ds0qByJzxGFvMaNVqmGykzcHQ0HqJbuRE=
+github.com/malancas/sigstore/pkg/signature/kms/azure v0.0.0-20231031155517-ba36e0d7114c/go.mod h1:9nJQA5YgWsXrwjrVoVaO8JfTI/TpPF+oAkpkNKZu6lo=
+github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20231031155517-ba36e0d7114c h1:O2KyZSIiEA2fNqVgd2CNd1hAA7QlJbRHkiwj9i3RWeE=
+github.com/malancas/sigstore/pkg/signature/kms/gcp v0.0.0-20231031155517-ba36e0d7114c/go.mod h1:NzK4xwhukQnYPyf70yRKuIa6+TFg/boRad/GMJYOAho=
+github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20231031155517-ba36e0d7114c h1:zx4cjctdObyT3vyqNzxeok/MmbdXDs//CGx9/Jizdkc=
+github.com/malancas/sigstore/pkg/signature/kms/hashivault v0.0.0-20231031155517-ba36e0d7114c/go.mod h1:EI9vDWVGG8fQU9aFMY7Bd204xJiqmXcDMSkFifCf16Q=
 github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
 github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
 github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
@@ -472,6 +472,8 @@ github.com/sagikazarmark/locafero v0.3.0 h1:zT7VEGWC2DTflmccN/5T1etyKvxSxpHsjb9c
 github.com/sagikazarmark/locafero v0.3.0/go.mod h1:w+v7UsPNFwzF1cHuOajOOzoq4U7v/ig1mpRjqV+Bu1U=
 github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
 github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0 h1:OwvJ5jQf9LnIAS83waAjPbcMsODrTQUpJ02eNLUoxBg=
+github.com/secure-systems-lab/go-securesystemslib v0.7.0/go.mod h1:/2gYnlnHVQ6xeGtfIqFy7Do03K4cdCY0A/GlJLDKLHI=
 github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
 github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
 github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
@@ -509,8 +511,6 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU
 github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
-github.com/theupdateframework/go-tuf v0.5.2 h1:habfDzTmpbzBLIFGWa2ZpVhYvFBoK0C1onC3a4zuPRA=
-github.com/theupdateframework/go-tuf v0.5.2/go.mod h1:SyMV5kg5n4uEclsyxXJZI2UxPFJNDc4Y+r7wv+MlvTA=
 github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
 github.com/tidwall/pretty v1.2.0 h1:RWIZEg2iJ8/g6fDDYzMpobmaoGh5OLl4AXtGUGPcqCs=
 github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=

pkg/api/api.go

@@ -36,9 +36,9 @@ import (
 
 type API struct {
 	tsaSigner     kms.CryptoSignerWrapper // the signer to use for timestamping
+	tsaSignerHash crypto.Hash             // hash algorithm used to hash pre-signed timestamps
 	certChain     []*x509.Certificate     // timestamping cert chain
 	certChainPem  string                  // PEM encoded timestamping cert chain
-	tsaSignerHash crypto.Hash             // hash algorithm used to hash pre-signed timestamps
 }
 
 func NewAPI() (*API, error) {
@@ -49,7 +49,7 @@ func NewAPI() (*API, error) {
 		return nil, errors.Wrap(err, "error getting hash")
 	}
 	tsaSigner, err := signer.NewCryptoSigner(ctx, tsaSignerHash,
-		viper.GetString("timestamp-signer"),
+		signer.SignerScheme(viper.GetString("timestamp-signer")),
 		viper.GetString("kms-key-resource"),
 		viper.GetString("tink-key-resource"), viper.GetString("tink-keyset-path"),
 		viper.GetString("tink-hcvault-token"),

pkg/signer/signer.go

@@ -36,17 +36,17 @@ type SignerScheme string
 
 const (
 	KMSScheme    SignerScheme = "kms"
-	TinkScheme                = "tink"
-	MemoryScheme              = "memory"
-	FileScheme                = "file"
+	TinkScheme   SignerScheme = "tink"
+	MemoryScheme SignerScheme = "memory"
+	FileScheme   SignerScheme = "file"
 )
 
 type WrappedSigner interface {
 	crypto.Signer
 	HashFunc() crypto.Hash
 }
 
-func NewCryptoSigner(ctx context.Context, signer SignerScheme, kmsKey, tinkKmsKey, tinkKeysetPath, hcVaultToken, fileSignerPath, fileSignerPasswd string) (WrappedSigner, error) {
+func NewCryptoSigner(ctx context.Context, hash crypto.Hash, signer SignerScheme, kmsKey, tinkKmsKey, tinkKeysetPath, hcVaultToken, fileSignerPath, fileSignerPasswd string) (WrappedSigner, error) {
 	switch signer {
 	case MemoryScheme:
 		sv, _, err := signature.NewECDSASignerVerifier(elliptic.P256(), rand.Reader, crypto.SHA256)