add more sigstore verifier specific tests

Signed-off-by: Meredith Lancaster <malancas@github.com>

pkg/cmd/attestation/inspect/inspect_test.go

@@ -160,21 +160,6 @@ func TestRunInspect(t *testing.T) {
 		require.Error(t, runInspect(&customOpts))
 	})
 
-	t.Run("with invalid signature", func(t *testing.T) {
-		customOpts := opts
-		customOpts.BundlePath = "../test/data/sigstoreBundle-invalid-signature.json"
-
-		err := runInspect(&customOpts)
-		require.Error(t, err)
-		require.ErrorContains(t, err, "at least one attestation failed to verify")
-	})
-
-	t.Run("with valid artifact and JSON lines file containing multiple bundles", func(t *testing.T) {
-		customOpts := opts
-		customOpts.BundlePath = "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl"
-		require.Nil(t, runInspect(&customOpts))
-	})
-
 	t.Run("with missing OCI client", func(t *testing.T) {
 		customOpts := opts
 		customOpts.ArtifactPath = "oci://ghcr.io/github/test"

pkg/cmd/attestation/verification/sigstore_test.go

@@ -23,28 +23,38 @@ func buildPolicy(a artifact.DigestedArtifact) (verify.PolicyBuilder, error) {
 
 func TestNewSigstoreVerifier(t *testing.T) {
 	artifactPath := test.NormalizeRelativePath("../test/data/sigstore-js-2.1.0.tgz")
+	artifact, err := artifact.NewDigestedArtifact(nil, artifactPath, "sha512")
+	require.NoError(t, err)
+
+	policy, err := buildPolicy(*artifact)
+	require.NoError(t, err)
+
+	c := SigstoreConfig{
+		Logger: logging.NewTestLogger(),
+	}
+	verifier, err := NewSigstoreVerifier(c, policy)
+	require.NoError(t, err)
 
 	t.Run("with invalid signature", func(t *testing.T) {
-		artifact, err := artifact.NewDigestedArtifact(nil, artifactPath, "sha512")
-		require.NoError(t, err)
-
 		bundlePath := test.NormalizeRelativePath("../test/data/sigstoreBundle-invalid-signature.json")
 		attestations, err := GetLocalAttestations(bundlePath)
 		require.NotNil(t, attestations)
 		require.NoError(t, err)
 
-		policy, err := buildPolicy(*artifact)
-		require.NoError(t, err)
-
-		c := SigstoreConfig{
-			Logger: logging.NewTestLogger(),
-		}
-		verifier, err := NewSigstoreVerifier(c, policy)
-		require.NoError(t, err)
-
 		res := verifier.Verify(attestations)
 		require.Error(t, res.Error)
 		require.ErrorContains(t, res.Error, "verifying with issuer \"sigstore.dev\"")
 		require.Nil(t, res.VerifyResults)
 	})
+
+	t.Run("with valid artifact and JSON lines file containing multiple Sigstore bundles", func(t *testing.T) {
+		bundlePath := test.NormalizeRelativePath("../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl")
+		attestations, err := GetLocalAttestations(bundlePath)
+		require.Len(t, attestations, 2)
+		require.NoError(t, err)
+
+		res := verifier.Verify(attestations)
+		require.Len(t, res.VerifyResults, 2)
+		require.NoError(t, res.Error)
+	})
 }

pkg/cmd/attestation/verify/verify_test.go

@@ -262,16 +262,6 @@ func TestRunVerify(t *testing.T) {
 		require.Error(t, runVerify(&opts))
 	})
 
-	t.Run("with invalid signature", func(t *testing.T) {
-		opts := publicGoodOpts
-		opts.BundlePath = "../test/data/sigstoreBundle-invalid-signature.json"
-
-		err := runVerify(&opts)
-		require.Error(t, err)
-		require.ErrorContains(t, err, "at least one attestation failed to verify")
-		require.ErrorContains(t, err, "verifying with issuer \"sigstore.dev\"")
-	})
-
 	t.Run("with owner", func(t *testing.T) {
 		opts := publicGoodOpts
 		opts.BundlePath = ""
@@ -355,12 +345,6 @@ func TestRunVerify(t *testing.T) {
 		require.Error(t, runVerify(&opts))
 	})
 
-	t.Run("with valid artifact and JSON lines file containing multiple Sigstore bundles", func(t *testing.T) {
-		opts := publicGoodOpts
-		opts.BundlePath = "../test/data/sigstore-js-2.1.0_with_2_bundles.jsonl"
-		require.Nil(t, runVerify(&opts))
-	})
-
 	t.Run("with missing OCI client", func(t *testing.T) {
 		customOpts := publicGoodOpts
 		customOpts.ArtifactPath = "oci://ghcr.io/github/test"