diff --git a/pkg/cmd/attestation/test/data/gh-artifact-attestations-workflow-bundle.json b/pkg/cmd/attestation/test/data/gh-artifact-attestations-workflow-bundle.json new file mode 100644 index 000000000..ca17f4101 --- /dev/null +++ b/pkg/cmd/attestation/test/data/gh-artifact-attestations-workflow-bundle.json @@ -0,0 +1,59 @@ +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [ + { + "logIndex": "129027678", + "logId": { + "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=" + }, + "kindVersion": { + "kind": "dsse", + "version": "0.0.1" + }, + "integratedTime": "1725924650", + "inclusionPromise": { + "signedEntryTimestamp": "MEQCICZHyKBtXwvRDYWke7Pp0KfrBL8YNLoDHGP7lKFgkjGbAiB6V+IfSg/SYV/ySXOUg+t/Wp8wGjXMkKWnzPT9DWNsZA==" + }, + "inclusionProof": { + "logIndex": "7123416", + "rootHash": "LZ7MbkKAnq4sU1EMcWwJWWhw778o2w5vO6+Op/DFwm4=", + "treeSize": "7123418", + "hashes": [ + "pJMeUZ4R2LEEjf0JSmsoXTfHMgBAah4aOPBdXEa9sxo=", + "4f/Xq7IIiBbWQbSZZLkEBCSuOIbUXSvzYfxTIqh9rjY=", + "gy7fFADBSd5e37RIZy86inqhsnYB29bTUxY6/EtlJDk=", + "8JY4XnAVf8weXfLSChGSEbqVSN7FKSapmaM5Xi+qowM=", + "FKlHhO4TMH2pnrZUvSKA7Drig5MbABFy2KZx4esRxJY=", + "T+Ziyo74JC0j3MWEgjiiGuTCQ0w+AzLft+r9OyRldMw=", + "naRDgCL1Ch0MNzrXrAmrV1PLa/Bi5HV5GqrqlUceCVI=", + "c4TDdYxGB0ihJtrnXDSynGSSI83D5WVHvZJxuMti4Xg=", + "bcPqJfBdq24AxJvo1LAJKwcudDBLIIyVclqFzJW5TEY=", + "7Dvc6Q8qiduX8Oka5vLLU5oWAmybo8oaecNXPgkOQvA=", + "LAdu5Ynz/wk2uMNazU0CVickvA3YhhBz6TpIl5brTko=", + "uRsmea7eVXshBNN6huh/owmfaAy9Rx4Cq2M2vFb2Ntk=", + "NeHKGVl6KVXfx3+wnQrIrxra4Pr9Fa7YDpTlf86mlTc=" + ], + "checkpoint": { + "envelope": "rekor.sigstore.dev - 1193050959916656506\n7123418\nLZ7MbkKAnq4sU1EMcWwJWWhw778o2w5vO6+Op/DFwm4=\n\n— rekor.sigstore.dev wNI9ajBGAiEAy5505Eq4vOyji5LLmRbaN4/eqwOlVpgLOnozcVCJWvoCIQD+/CNPBY1eyyNypq25OIDwTVIHVxroif3cf2MsfEfplw==\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiYzk2YzgzYjE5NTAwOTJmOWEzYjc4NWE4ZWFlM2Y4MDY4YzcwYWQyZWJlZTFhNTRhYmIxZmJmYzk0ZTg1YzA3NSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImZmZTQ0OTYwMWI0ZmJjODQ4ODE0MzZkMzhlZjE4ZGRhNGI4NWM4YWY0NGI3YzM3ZmQwZTRhNGZhZmI0MGM2MzgifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVVQ0lRQ0FPQmRJT3M2MnR1TzQybDhBWGNyK2t5ampDa1VqMTZRZUlwWkpkUjM4SWdJZ0x3YWlLdlg0RU9IclEvVFczOFQ4UTJiRzBvYkZ2b3NDNUlqYTFMbDlJNU09IiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VoWmFrTkRRblZsWjBGM1NVSkJaMGxWWVRkNWJUSktNa1kyYVd0c1ZtdE1jMGhTUzNaVU9YTnZiR3BWZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmQwOVVRVFZOYWsxNlRVUlZkMWRvWTA1TmFsRjNUMVJCTlUxcVRUQk5SRlYzVjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVlFjekpOVmpNeU9HRkdRM2gyVWxKelFuQTNkR2R2WVRVcmJuUTFTbmR0TkdrM2Frc0tNR0ZUTUZFM2JVMDFZblpZZUZwdmRFdGtLMWxwTmpSMEswaFZOaXN4WnpWVlJIZzVNRFJJVjFCSlRUQkROemhwVUdGUFEwSm5XWGRuWjFsRFRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVm1iMmg2Q2s1bFRXMUNkMW9yUm5rMFN6aE5aU3MwVlc5aVkxcEpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMlZuV1VSV1VqQlNRVkZJTDBKSVFYZGliMXB6WVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBUREprY0dSSGFERlphVGxvWTI1U2NBcGFiVVpxWkVNeGFHUklVbXhqTTFKb1pFZHNkbUp1VFhSa01qbDVZVEphYzJJelpIcE1lVFZ1WVZoU2IyUlhTWFprTWpsNVlUSmFjMkl6WkhwTU1tUnZDbGt6U1hSalNGWnBZa2RzZW1GRE5UVmlWM2hCWTIxV2JXTjVPVzlhVjBaclkzazVkRmxYYkhWTlJHdEhRMmx6UjBGUlVVSm5OemgzUVZGRlJVc3lhREFLWkVoQ2VrOXBPSFprUnpseVdsYzBkVmxYVGpCaFZ6bDFZM2sxYm1GWVVtOWtWMG94WXpKV2VWa3lPWFZrUjFaMVpFTTFhbUl5TUhkSWQxbExTM2RaUWdwQ1FVZEVkbnBCUWtGblVWSmtNamw1WVRKYWMySXpaR1phUjJ4NlkwZEdNRmt5WjNkT1oxbExTM2RaUWtKQlIwUjJla0ZDUVhkUmIxa3lUVE5QUjAwMUNsa3lVVEZOUjAweldXMUdhbHBVV21wTk1rcHNUWHBhYVZsdFVYbE5iVmw1V21wR2FVNVhXVFJOVkdkNVdXcEJlVUpuYjNKQ1owVkZRVmxQTDAxQlJVVUtRa05TUW1SSVVteGpNMUZuVTFjeGFGb3lWV2RMUldSSlNVVk9kbUp1VW1oaFZ6VnNZMmxDVTFwWFpIQmpNMUo1WlZOcmQwNUJXVXRMZDFsQ1FrRkhSQXAyZWtGQ1FsRlJiVm95YkRCaFNGWnBUREpHZVdSSGJHMVpWMDR3VEZkR01HUkhWbnBrUjBZd1lWYzVkV041TVROaU0wcHlXbTE0ZG1RelRYZElVVmxMQ2t0M1dVSkNRVWRFZG5wQlFrSm5VVkJqYlZadFkzazViMXBYUm10amVUbDBXVmRzZFUxRWMwZERhWE5IUVZGUlFtYzNPSGRCVVdkRlRGRjNjbUZJVWpBS1kwaE5Oa3g1T1RCaU1uUnNZbWsxYUZrelVuQmlNalY2VEcxa2NHUkhhREZaYmxaNldsaEthbUl5TlRCYVZ6VXdURzFPZG1KVVFqaENaMjl5UW1kRlJRcEJXVTh2VFVGRlNrSkhORTFpUjJnd1pFaENlazlwT0haYU1td3dZVWhXYVV4dFRuWmlVemx1WVZoU2IyUlhTWFpaV0Vvd1lWZGFhRmt6VVhSWldGSXdDbHBZVGpCWldGSndZakkxZWt4WVpIWmpiWFJ0WWtjNU0yTjVPSFZhTW13d1lVaFdhVXd6WkhaamJYUnRZa2M1TTJONU9XNWhSMDU1VEZoQ01WbHRlSEFLWXpKbmRXVlhNWE5SU0Vwc1dtNU5kbUZIVm1oYVNFMTJZbGRHY0dKcVFUUkNaMjl5UW1kRlJVRlpUeTlOUVVWTFFrTnZUVXRIVG1wT2VtaHFUMWRPYXdwT1ZFSnFUakpLYUZreVZUSlplazVwV2xSTk1sbHRTbXROYWtwdFRXMVplRmxxVm0xUFJFVTBUVzFKZDBoUldVdExkMWxDUWtGSFJIWjZRVUpEZDFGUUNrUkJNVzVoV0ZKdlpGZEpkR0ZIT1hwa1IxWnJUVVZyUjBOcGMwZEJVVkZDWnpjNGQwRlJkMFZQZDNjMVlVaFNNR05JVFRaTWVUbHVZVmhTYjJSWFNYVUtXVEk1ZEV3eVpIQmtSMmd4V1drNWFHTnVVbkJhYlVacVpFTXhhR1JJVW14ak0xSm9aRWRzZG1KdVRYUmtNamw1WVRKYWMySXpaSHBOUkdkSFEybHpSd3BCVVZGQ1p6YzRkMEZSTUVWTFozZHZXVEpOTTA5SFRUVlpNbEV4VFVkTk0xbHRSbXBhVkZwcVRUSktiRTE2V21sWmJWRjVUVzFaZVZwcVJtbE9WMWswQ2sxVVozbFpha0ZtUW1kdmNrSm5SVVZCV1U4dlRVRkZUMEpDUlUxRU0wcHNXbTVOZG1GSFZtaGFTRTEyWWxkR2NHSnFRVnBDWjI5eVFtZEZSVUZaVHk4S1RVRkZVRUpCYzAxRFZHZDNUa1JSTWs5RVJYbFBWRUZ3UW1kdmNrSm5SVVZCV1U4dlRVRkZVVUpDYzAxSFYyZ3daRWhDZWs5cE9IWmFNbXd3WVVoV2FRcE1iVTUyWWxNNWJtRllVbTlrVjBsM1JrRlpTMHQzV1VKQ1FVZEVkbnBCUWtWUlVVZEVRVkUxVDFSRk5VMUlkMGREYVhOSFFWRlJRbWMzT0hkQlVrbEZDbUpuZUhOaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTW1Sd1pFZG9NVmxwT1doamJsSndXbTFHYW1SRE1XaGtTRkpzWXpOU2FHUkhiSFlLWW01TmRHUXlPWGxoTWxwellqTmtla3g1Tlc1aFdGSnZaRmRKZG1ReU9YbGhNbHB6WWpOa2Vrd3laRzlaTTBsMFkwaFdhV0pIYkhwaFF6VTFZbGQ0UVFwamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUVaMGREYVhOSFFWRlJRbWMzT0hkQlVrMUZTMmQzYjFreVRUTlBSMDAxV1RKUk1VMUhUVE5aYlVacUNscFVXbXBOTWtwc1RYcGFhVmx0VVhsTmJWbDVXbXBHYVU1WFdUUk5WR2Q1V1dwQmFFSm5iM0pDWjBWRlFWbFBMMDFCUlZWQ1FrMU5SVmhrZG1OdGRHMEtZa2M1TTFneVVuQmpNMEpvWkVkT2IwMUhNRWREYVhOSFFWRlJRbWMzT0hkQlVsVkZXSGQ0WkdGSVVqQmpTRTAyVEhrNWJtRllVbTlrVjBsMVdUSTVkQXBNTW1Sd1pFZG9NVmxwT1doamJsSndXbTFHYW1SRE1XaGtTRkpzWXpOU2FHUkhiSFppYmsxMFpESTVlV0V5V25OaU0yUjZUREpHYW1SSGJIWmliazEyQ21OdVZuVmplVGg0VFVSak5FMXFhM2hPVkVWNFRsTTVhR1JJVW14aVdFSXdZM2s0ZUUxQ1dVZERhWE5IUVZGUlFtYzNPSGRCVWxsRlEwRjNSMk5JVm1rS1lrZHNhazFKUjBwQ1oyOXlRbWRGUlVGa1dqVkJaMUZEUWtoelJXVlJRak5CU0ZWQk0xUXdkMkZ6WWtoRlZFcHFSMUkwWTIxWFl6TkJjVXBMV0hKcVpRcFFTek12YURSd2VXZERPSEEzYnpSQlFVRkhVakpUUVhaQlVVRkJRa0ZOUVZKcVFrVkJhVUp6UTBKUlZtTlBOVmxrZDBsQ01VNXBSVVJxU1V0aFJXdG5DblpvUm1OQ1pGWTJVbE5wTjFNM05qVlBaMGxuWWtoeldXMTVUVGRuU2xWaWFtMXNSRFIxT0M5cVdtWjFNbEZrZGpKYU1rWmFVVzQ1YUVGUFkyNWtOSGNLUTJkWlNVdHZXa2w2YWpCRlFYZE5SR0ZSUVhkYVowbDRRVWx2Wmsxd2FFMU9RbU5ZYVhGRE0wNXZZWFpWYm14d04wOVBlSE5ZTkhoUVUzcGhZbWRtVFFwc2N6Z3JiazVuTUhsRWEwSnVaazlQZVZwblZVcHFieXNyWjBsNFFVcDZOek5qTlZnMFZERm5PRmx4YWs1VVNtMUZjWG8yYW5WbFlYcEJTVzVZYTA5TUNsSmFlV0ZCYVc1RFNsVnVRVVEwVUU1SVpucEZWV0UwTDFKTGRrazNRVDA5Q2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIn1dfX0=" + } + ], + "timestampVerificationData": { + }, + "certificate": { + "rawBytes": "MIIHYjCCBuegAwIBAgIUa7ym2J2F6iklVkLsHRKvT9soljUwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwOTA5MjMzMDUwWhcNMjQwOTA5MjM0MDUwWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPs2MV328aFCxvRRsBp7tgoa5+nt5Jwm4i7jK0aS0Q7mM5bvXxZotKd+Yi64t+HU6+1g5UDx904HWPIM0C78iPaOCBgYwggYCMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUfohzNeMmBwZ+Fy4K8Me+4UobcZIwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wegYDVR0RAQH/BHAwboZsaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzLy5naXRodWIvd29ya2Zsb3dzL2doY3ItcHVibGlzaC55bWxAcmVmcy9oZWFkcy9tYWluMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wHwYKKwYBBAGDvzABAgQRd29ya2Zsb3dfZGlzcGF0Y2gwNgYKKwYBBAGDvzABAwQoY2M3OGM5Y2Q1MGM3YmFjZTZjM2JlMzZiYmQyMmYyZjFiNWY4MTgyYjAyBgorBgEEAYO/MAEEBCRBdHRlc3QgSW1hZ2UgKEdIIENvbnRhaW5lciBSZWdpc3RyeSkwNAYKKwYBBAGDvzABBQQmZ2l0aHViL2FydGlmYWN0LWF0dGVzdGF0aW9ucy13b3JrZmxvd3MwHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTB8BgorBgEEAYO/MAEJBG4MbGh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWIvYXJ0aWZhY3QtYXR0ZXN0YXRpb25zLXdvcmtmbG93cy8uZ2l0aHViL3dvcmtmbG93cy9naGNyLXB1Ymxpc2gueW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAEKBCoMKGNjNzhjOWNkNTBjN2JhY2U2YzNiZTM2YmJkMjJmMmYxYjVmODE4MmIwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMEkGCisGAQQBg78wAQwEOww5aHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzMDgGCisGAQQBg78wAQ0EKgwoY2M3OGM5Y2Q1MGM3YmFjZTZjM2JlMzZiYmQyMmYyZjFiNWY4MTgyYjAfBgorBgEEAYO/MAEOBBEMD3JlZnMvaGVhZHMvbWFpbjAZBgorBgEEAYO/MAEPBAsMCTgwNDQ2ODEyOTApBgorBgEEAYO/MAEQBBsMGWh0dHBzOi8vZ2l0aHViLmNvbS9naXRodWIwFAYKKwYBBAGDvzABEQQGDAQ5OTE5MHwGCisGAQQBg78wARIEbgxsaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzLy5naXRodWIvd29ya2Zsb3dzL2doY3ItcHVibGlzaC55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wARMEKgwoY2M3OGM5Y2Q1MGM3YmFjZTZjM2JlMzZiYmQyMmYyZjFiNWY4MTgyYjAhBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMG0GCisGAQQBg78wARUEXwxdaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzL2FjdGlvbnMvcnVucy8xMDc4MjkxNTExNS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGR2SAvAQAABAMARjBEAiBsCBQVcO5YdwIB1NiEDjIKaEkgvhFcBdV6RSi7S765OgIgbHsYmyM7gJUbjmlD4u8/jZfu2Qdv2Z2FZQn9hAOcnd4wCgYIKoZIzj0EAwMDaQAwZgIxAIofMphMNBcXiqC3NoavUnlp7OOxsX4xPSzabgfMls8+nNg0yDkBnfOOyZgUJjo++gIxAJz73c5X4T1g8YqjNTJmEqz6jueazAInXkOLRZyaAinCJUnAD4PNHfzEUa4/RKvI7A==" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiZ2hjci5pby9naXRodWIvYXJ0aWZhY3QtYXR0ZXN0YXRpb25zLXdvcmtmbG93cyIsImRpZ2VzdCI6eyJzaGEyNTYiOiIwNmU2ODE4MzI0Y2IyMGUxZWE2ZjIyZGE3ZmI5MjUzMjNmYjU3MjUxYzk4NzY4Yzg4YjkzODcyYjUwNTkwZjkyIn19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MSIsInByZWRpY2F0ZSI6eyJidWlsZERlZmluaXRpb24iOnsiYnVpbGRUeXBlIjoiaHR0cHM6Ly9hY3Rpb25zLmdpdGh1Yi5pby9idWlsZHR5cGVzL3dvcmtmbG93L3YxIiwiZXh0ZXJuYWxQYXJhbWV0ZXJzIjp7IndvcmtmbG93Ijp7InJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInJlcG9zaXRvcnkiOiJodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViL2FydGlmYWN0LWF0dGVzdGF0aW9ucy13b3JrZmxvd3MiLCJwYXRoIjoiLmdpdGh1Yi93b3JrZmxvd3MvZ2hjci1wdWJsaXNoLnltbCJ9fSwiaW50ZXJuYWxQYXJhbWV0ZXJzIjp7ImdpdGh1YiI6eyJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJyZXBvc2l0b3J5X2lkIjoiODA0NDY4MTI5IiwicmVwb3NpdG9yeV9vd25lcl9pZCI6Ijk5MTkiLCJydW5uZXJfZW52aXJvbm1lbnQiOiJnaXRodWItaG9zdGVkIn19LCJyZXNvbHZlZERlcGVuZGVuY2llcyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9naXRodWIvYXJ0aWZhY3QtYXR0ZXN0YXRpb25zLXdvcmtmbG93c0ByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiY2M3OGM5Y2Q1MGM3YmFjZTZjM2JlMzZiYmQyMmYyZjFiNWY4MTgyYiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vZ2l0aHViL2FydGlmYWN0LWF0dGVzdGF0aW9ucy13b3JrZmxvd3MvLmdpdGh1Yi93b3JrZmxvd3MvZ2hjci1wdWJsaXNoLnltbEByZWZzL2hlYWRzL21haW4ifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL2dpdGh1Yi9hcnRpZmFjdC1hdHRlc3RhdGlvbnMtd29ya2Zsb3dzL2FjdGlvbnMvcnVucy8xMDc4MjkxNTExNS9hdHRlbXB0cy8xIn19fX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEUCIQCAOBdIOs62tuO42l8AXcr+kyjjCkUj16QeIpZJdR38IgIgLwaiKvX4EOHrQ/TW38T8Q2bG0obFvosC5Ija1Ll9I5M=" + } + ] + } +} \ No newline at end of file diff --git a/pkg/cmd/attestation/verify/attestation_integration_test.go b/pkg/cmd/attestation/verify/attestation_integration_test.go index 46c239f61..480368519 100644 --- a/pkg/cmd/attestation/verify/attestation_integration_test.go +++ b/pkg/cmd/attestation/verify/attestation_integration_test.go @@ -80,21 +80,32 @@ func TestVerifyAttestations(t *testing.T) { }) t.Run("passes verification with 2/3 attestations passing cert extension verification", func(t *testing.T) { - rwAttestations := getAttestationsFor(t, "../test/data/reusable-workflow-attestation.sigstore.json") - sgjAttestations := getAttestationsFor(t, "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl") - attestations := []*api.Attestation{sgjAttestations[0], rwAttestations[0], sgjAttestations[1]} + customArtifactPath := test.NormalizeRelativePath("../test/data/reusable-workflow-artifact") + customArtifact, err := artifact.NewDigestedArtifact(nil, customArtifactPath, "sha256") + require.NoError(t, err) + + mlDemoAttestAttestation := getAttestationsFor(t, "../test/data/reusable-workflow-attestation.sigstore.json") + aareusableAttestation := getAttestationsFor(t, "../test/data/gh-artifact-attestations-workflow-bundle.json") + attestations := []*api.Attestation{mlDemoAttestAttestation[0], aareusableAttestation[0], mlDemoAttestAttestation[0]} require.Len(t, attestations, 3) - expectedCriteria := ec - expectedCriteria.SANRegex = "^https://github.com/" - esp, err := buildSigstoreVerifyPolicy(ec, *a) + certSummary := certificate.Summary{} + certSummary.SourceRepositoryOwnerURI = "https://github.com/malancas" + certSummary.Issuer = verification.GitHubOIDCIssuer - results, errMsg, err := verifyAttestations(attestations, sgVerifier, esp, expectedCriteria) + customEc := verification.EnforcementCriteria{ + Certificate: certSummary, + PredicateType: verification.SLSAPredicateV1, + SANRegex: "^https://github.com/github/artifact-attestations-workflows/", + } + esp, err := buildSigstoreVerifyPolicy(customEc, *customArtifact) + + results, errMsg, err := verifyAttestations(attestations, sgVerifier, esp, customEc) require.NoError(t, err) require.Zero(t, errMsg) require.Len(t, results, 2) for _, r := range results { - require.NotEqual(t, r.Attestation.Bundle.String(), rwAttestations[0].Bundle.String()) + require.NotEqual(t, r.Attestation.Bundle.String(), aareusableAttestation[0].Bundle.String()) } })