feat: add support for oci1.1 cosign signatures(using referrers) (#1963)

- Cosign supports 2 types of signature formats:

	1. Using tag -> each new signature of the same manifest is
	added as a new layer of the signature manifest having that
	specific tag("{alghoritm}-{digest_of_signed_manifest}.sig")

	2. Using referrers -> each new signature of the same manifest is
	added as a new manifest

- For adding these cosign signature to metadb, we reserved index 0 of the
list of cosign signatures for tag-based signatures. When a new tag-based
signature is added for the same manifest, the element on first position
in its list of cosign signatures(in metadb) will be updated/overwritten.
When a new cosign signature(using referrers) will be added for the same
manifest this new signature will be appended to the list of cosign
signatures.

Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>

pkg/meta/dynamodb/dynamodb.go

@@ -1041,7 +1041,7 @@ func (dwr *DynamoDB) UpdateSignaturesValidity(repo string, manifestDigest godige
 }
 
 func (dwr *DynamoDB) AddManifestSignature(repo string, signedManifestDigest godigest.Digest,
-	sygMeta mTypes.SignatureMetadata,
+	sigMeta mTypes.SignatureMetadata,
 ) error {
 	protoRepoMeta, err := dwr.getProtoRepoMeta(context.Background(), repo)
 	if err != nil {
@@ -1054,11 +1054,11 @@ func (dwr *DynamoDB) AddManifestSignature(repo string, signedManifestDigest godi
 				Signatures: map[string]*proto_go.ManifestSignatures{
 					signedManifestDigest.String(): {
 						Map: map[string]*proto_go.SignaturesInfo{
-							sygMeta.SignatureType: {
+							sigMeta.SignatureType: {
 								List: []*proto_go.SignatureInfo{
 									{
-										SignatureManifestDigest: sygMeta.SignatureDigest,
-										LayersInfo:              mConvert.GetProtoLayersInfo(sygMeta.LayersInfo),
+										SignatureManifestDigest: sigMeta.SignatureDigest,
+										LayersInfo:              mConvert.GetProtoLayersInfo(sigMeta.LayersInfo),
 									},
 								},
 							},
@@ -1083,26 +1083,46 @@ func (dwr *DynamoDB) AddManifestSignature(repo string, signedManifestDigest godi
 	}
 
 	signatureSlice := &proto_go.SignaturesInfo{List: []*proto_go.SignatureInfo{}}
-	if sigSlice, found := manifestSignatures.Map[sygMeta.SignatureType]; found {
+	if sigSlice, found := manifestSignatures.Map[sigMeta.SignatureType]; found {
 		signatureSlice = sigSlice
 	}
 
-	if !common.ProtoSignatureAlreadyExists(signatureSlice.List, sygMeta) {
-		switch sygMeta.SignatureType {
+	if !common.ProtoSignatureAlreadyExists(signatureSlice.List, sigMeta) {
+		switch sigMeta.SignatureType {
 		case zcommon.NotationSignature:
 			signatureSlice.List = append(signatureSlice.List, &proto_go.SignatureInfo{
-				SignatureManifestDigest: sygMeta.SignatureDigest,
-				LayersInfo:              mConvert.GetProtoLayersInfo(sygMeta.LayersInfo),
+				SignatureManifestDigest: sigMeta.SignatureDigest,
+				LayersInfo:              mConvert.GetProtoLayersInfo(sigMeta.LayersInfo),
 			})
 		case zcommon.CosignSignature:
-			signatureSlice.List = []*proto_go.SignatureInfo{{
-				SignatureManifestDigest: sygMeta.SignatureDigest,
-				LayersInfo:              mConvert.GetProtoLayersInfo(sygMeta.LayersInfo),
-			}}
+			newCosignSig := &proto_go.SignatureInfo{
+				SignatureManifestDigest: sigMeta.SignatureDigest,
+				LayersInfo:              mConvert.GetProtoLayersInfo(sigMeta.LayersInfo),
+			}
+
+			if zcommon.IsCosignTag(sigMeta.SignatureTag) {
+				// the entry for "sha256-{digest}.sig" signatures should be overwritten if
+				// it exists or added on the first position if it doesn't exist
+				if len(signatureSlice.GetList()) == 0 {
+					signatureSlice.List = []*proto_go.SignatureInfo{newCosignSig}
+				} else {
+					signatureSlice.List[0] = newCosignSig
+				}
+			} else {
+				// the first position should be reserved for "sha256-{digest}.sig" signatures
+				if len(signatureSlice.GetList()) == 0 {
+					signatureSlice.List = []*proto_go.SignatureInfo{{
+						SignatureManifestDigest: "",
+						LayersInfo:              []*proto_go.LayersInfo{},
+					}}
+				}
+
+				signatureSlice.List = append(signatureSlice.List, newCosignSig)
+			}
 		}
 	}
 
-	manifestSignatures.Map[sygMeta.SignatureType] = signatureSlice
+	manifestSignatures.Map[sigMeta.SignatureType] = signatureSlice
 	protoRepoMeta.Signatures[signedManifestDigest.String()] = manifestSignatures
 
 	return dwr.setProtoRepoMeta(protoRepoMeta.Name, protoRepoMeta)