diff --git a/pkg/cmd/attestation/test/data/custom-issuer-artifact b/pkg/cmd/attestation/test/data/custom-issuer-artifact new file mode 100644 index 000000000..bdd51cc27 --- /dev/null +++ b/pkg/cmd/attestation/test/data/custom-issuer-artifact @@ -0,0 +1 @@ +hello-world \ No newline at end of file diff --git a/pkg/cmd/attestation/test/data/custom-issuer.sigstore.json b/pkg/cmd/attestation/test/data/custom-issuer.sigstore.json new file mode 100644 index 000000000..ad47e2478 --- /dev/null +++ b/pkg/cmd/attestation/test/data/custom-issuer.sigstore.json @@ -0,0 +1,61 @@ +{ + "mediaType": "application/vnd.dev.sigstore.bundle.v0.3+json", + "verificationMaterial": { + "tlogEntries": [ + { + "logIndex": "129601213", + "logId": { + "keyId": "wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0=" + }, + "kindVersion": { + "kind": "dsse", + "version": "0.0.1" + }, + "integratedTime": "1726082343", + "inclusionPromise": { + "signedEntryTimestamp": "MEQCICL0FAIR4ISP9CZJERTDWm0ZWQXmBfk1n2rNaKcThjFnAiAOpJMbjiwKD+Nt32VgodKh3whOZWERIerwtuTGChcKVg==" + }, + "inclusionProof": { + "logIndex": "7696951", + "rootHash": "jFHZ9WG6TKsPs3sSueywIxZ8kCLggGmqg2toWJ8seXk=", + "treeSize": "7696953", + "hashes": [ + "CYHKf/bh3CxW39mRO4FlajMmrzH8KleobYBryPGMjhQ=", + "kAIZZLHLd1KnJQ3CNShHaxG5wQjuF0wG49oq5AC4vXQ=", + "f9/xH+QDA5+muxMr2QouK2OLOLkI+jPM2lUX7diPaOA=", + "mlhYVIwuxUw07ewtU3um0c8IkYPf55EhyXwuOlzwJbs=", + "K2QMn27+dp+8+2utA7P0W1+pFT18nvdFMIlz3qXBC/0=", + "+5kLbgrjmfzkYQ0V+vofM18LsqyNpLa5oRr/24gOH+s=", + "kNWva6L6IlKsmCkDx0cdNtZJztdunXsjWqzwn/k9moQ=", + "W8NjV+EXoTQRJYFsLhEueUiT6vxbPXYoSIONJIJmCvM=", + "8tdMgSRLWN3UxGVxNBjKm/4Sjivq1EMAAomCJVhscmU=", + "hPmHSU/WMp+ST2P+1mEnh/wjLLY9KbulaYu+ELcIJ2o=", + "KYw9/y5e7chXWKn9xKSkwIm0ZV/niE9MccszZ/yMVH8=", + "52g33BcJumS4u9qvM95+2WQcPJoG3zKFTsDQU/yGT/Q=", + "57ZnG4cTkj/dfCv8Vz7kMnUbcY3NL1PkfzMA2cgdg0c=", + "uRsmea7eVXshBNN6huh/owmfaAy9Rx4Cq2M2vFb2Ntk=", + "NeHKGVl6KVXfx3+wnQrIrxra4Pr9Fa7YDpTlf86mlTc=" + ], + "checkpoint": { + "envelope": "rekor.sigstore.dev - 1193050959916656506\n7696953\njFHZ9WG6TKsPs3sSueywIxZ8kCLggGmqg2toWJ8seXk=\n\n— rekor.sigstore.dev wNI9ajBFAiEA4cRIk3KpKhPAmONZTnKJ84MWoy/uylIgvcQ5hZsQdsQCIFrXcNcJfpQQAXlhca0jAsz/4vqXvuFdHTT12JDyXhjW\n" + } + }, + "canonicalizedBody": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiZHNzZSIsInNwZWMiOnsiZW52ZWxvcGVIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiNTM0ZDM4OWFmY2ZiMGYyOGE1MzE2MDEzNmRhOTNmODQyNGEwOGMzMzZhMTQ5YzcxNjg5NWFiY2EyZDlhMzAxMSJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjhkOWMxNzg0NjA5ZGJkZmQxMjhhMjFlMzdiNzJhY2QwZDVmY2RhNjBlMzRjZjQwZGI2ZGYwMDQyODJmMGFjMDQifSwic2lnbmF0dXJlcyI6W3sic2lnbmF0dXJlIjoiTUVZQ0lRRG82SGN1ZkQxWDVXK0FMcUFzK0d0VXZvcEZYQlFGNUpDRFJXODlWTndOV1FJaEFKdjRTSjhINlJPM3JwV3Zib3VUWTdrNGJzUWN1NWNDa2l1aXRRSjlkMEgvIiwidmVyaWZpZXIiOiJMUzB0TFMxQ1JVZEpUaUJEUlZKVVNVWkpRMEZVUlMwdExTMHRDazFKU1VjNGFrTkRRbTV0WjBGM1NVSkJaMGxWVDBwd05EVmpPVTExVGxKU1JISk5XSEpMZG5sSWJHc3JVbFpKZDBObldVbExiMXBKZW1vd1JVRjNUWGNLVG5wRlZrMUNUVWRCTVZWRlEyaE5UV015Ykc1ak0xSjJZMjFWZFZwSFZqSk5ValIzU0VGWlJGWlJVVVJGZUZaNllWZGtlbVJIT1hsYVV6RndZbTVTYkFwamJURnNXa2RzYUdSSFZYZElhR05PVFdwUmQwOVVSWGhOVkd0NFQxUkJlbGRvWTA1TmFsRjNUMVJGZUUxVWEzbFBWRUY2VjJwQlFVMUdhM2RGZDFsSUNrdHZXa2w2YWpCRFFWRlpTVXR2V2tsNmFqQkVRVkZqUkZGblFVVlpUbVZEZFVsMUsySnRhRzR4UkdsdmRHRnVNakZpUjFsTGVGcHdSVFpOV2paUFlTOEtWMjh4WTNsNU5raFhNVVZJVEZsQ00wbG5XRE56Y1RkdFNFSklaMWQyY1dwMlFWVkdVelZZTUZaVFZGWktkR0Z4TkV0UFEwSmFaM2RuWjFkVlRVRTBSd3BCTVZWa1JIZEZRaTkzVVVWQmQwbElaMFJCVkVKblRsWklVMVZGUkVSQlMwSm5aM0pDWjBWR1FsRmpSRUY2UVdSQ1owNVdTRkUwUlVablVWVXJkVkkxQ2tSMFRHeDRWelJQTnpCMWFWcGtXVXBZTWlzd01EUnpkMGgzV1VSV1VqQnFRa0puZDBadlFWVXpPVkJ3ZWpGWmEwVmFZalZ4VG1wd1MwWlhhWGhwTkZrS1drUTRkMWwzV1VSV1VqQlNRVkZJTDBKR2EzZFdORnBXWVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBURE5TZG1KNU1YTmFWMlJ3WkVNNWFBcGtTRkpzWXpOUmRreHRaSEJrUjJneFdXazVNMkl6U25KYWJYaDJaRE5OZG1GWE5UQmFWMlI1V1ZoU2NHSXlOSFZsVnpGelVVaEtiRnB1VFhaaFIxWm9DbHBJVFhaaVYwWndZbXBDUmtKbmIzSkNaMFZGUVZsUEwwMUJSVUpDUkdSdlpFaFNkMk42YjNaTU0xSjJZVEpXZFV4dFJtcGtSMngyWW01TmRWb3liREFLWVVoV2FXUllUbXhqYlU1MlltNVNiR0p1VVhWWk1qbDBUREpvYUdKWE1XeGphVEV3WVZjeGJFMUNPRWREYVhOSFFWRlJRbWMzT0hkQlVVbEZSVmhrZGdwamJYUnRZa2M1TTFneVVuQmpNMEpvWkVkT2IwMUVXVWREYVhOSFFWRlJRbWMzT0hkQlVVMUZTMFJKTkUweVNtMVBWRmt6V20xRmVsbDZWVFZOVkd0NUNrNVhVbXROYWxac1RtMUZNbHBVYUd4T2VtZDRUbFJSZVUxVVJUTlpiVmwzUzJkWlMwdDNXVUpDUVVkRWRucEJRa0pCVVdOUldGSXdXbGhPTUZsWVVuQUtZakkwWjFOWE5UQmFWMlI1V1ZoU2NHSXlOR2RXUjFaNlpFUkJaVUpuYjNKQ1owVkZRVmxQTDAxQlJVWkNRa0l3WWpJNGRHSkhWbTVoV0ZGMldWaFNNQXBhV0U0d1RVSXdSME5wYzBkQlVWRkNaemM0ZDBGUldVVkVNMHBzV201TmRtRkhWbWhhU0UxMllsZEdjR0pxUWtoQ1oyOXlRbWRGUlVGWlR5OU5RVVZKQ2tKRWEwMU9NbWd3WkVoQ2VrOXBPSFprUnpseVdsYzBkVmxYVGpCaFZ6bDFZM2sxYm1GWVVtOWtWMG94WXpKV2VWa3lPWFZrUjFaMVpFTTFhbUl5TUhZS1lVZEdkR0pYVm5sTVdGSndZbGRWZDFwUldVdExkMWxDUWtGSFJIWjZRVUpEVVZKWVJFWldiMlJJVW5kamVtOTJUREprY0dSSGFERlphVFZxWWpJd2RncGtSemwyVEZkNGJGb3liREJNTWtZd1pFZFdlbVJET0hWYU1td3dZVWhXYVV3elpIWmpiWFJ0WWtjNU0yTjVPWEJpYmxKc1dqTkthR1JIYkhaaWFUVTFDbUpYZUVGamJWWnRZM2s1YjFwWFJtdGplVGwwV1Zkc2RVMUVaMGREYVhOSFFWRlJRbWMzT0hkQlVXOUZTMmQzYjAxcVozcFpiVmsxVG1wa2JWbFVUbW9LVGxScmVFOVVTVEZhUjFGNVRsZFZNbGxVV214UFIxVXpUMFJGTVU1RVNYaE5WR1JwV21wQlpFSm5iM0pDWjBWRlFWbFBMMDFCUlV4Q1FUaE5SRmRrY0Fwa1IyZ3hXV2t4YjJJelRqQmFWMUYzVFhkWlMwdDNXVUpDUVVkRWRucEJRa1JCVVd4RVEwNXZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV3BpTWpCMkNtUkhPWFpNVjNoc1dqSnNNRXd5UmpCa1IxWjZaRVJCTkVKbmIzSkNaMFZGUVZsUEwwMUJSVTVDUTI5TlMwUkpORTB5U20xUFZGa3pXbTFGZWxsNlZUVUtUVlJyZVU1WFVtdE5hbFpzVG0xRk1scFVhR3hPZW1kNFRsUlJlVTFVUlROWmJWbDNTSGRaUzB0M1dVSkNRVWRFZG5wQlFrUm5VVkpFUVRsNVdsZGFlZ3BNTW1oc1dWZFNla3d5TVdoaFZ6UjNSMUZaUzB0M1dVSkNRVWRFZG5wQlFrUjNVVXhFUVdzMFRsUkZORTlVVVRSTmFsRjNURUZaUzB0M1dVSkNRVWRFQ25aNlFVSkZRVkZsUkVKNGIyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1SSE9YWk1WM2hzV2pKc01FMUNhMGREYVhOSFFWRlJRbWMzT0hjS1FWSkZSVU4zZDBwTlZHZDNUWHBSTkUxRVVUSk5SMVZIUTJselIwRlJVVUpuTnpoM1FWSkpSVlozZUZaaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRRcFpNamwwVEROU2RtSjVNWE5hVjJSd1pFTTVhR1JJVW14ak0xRjJURzFrY0dSSGFERlphVGt6WWpOS2NscHRlSFprTTAxMllWYzFNRnBYWkhsWldGSndDbUl5TkhWbFZ6RnpVVWhLYkZwdVRYWmhSMVpvV2toTmRtSlhSbkJpYWtFMFFtZHZja0puUlVWQldVOHZUVUZGVkVKRGIwMUxSRWswVFRKS2JVOVVXVE1LV20xRmVsbDZWVFZOVkd0NVRsZFNhMDFxVm14T2JVVXlXbFJvYkU1NlozaE9WRkY1VFZSRk0xbHRXWGRKVVZsTFMzZFpRa0pCUjBSMmVrRkNSa0ZSVkFwRVFrWXpZak5LY2xwdGVIWmtNVGxyWVZoT2QxbFlVbXBoUkVKWVFtZHZja0puUlVWQldVOHZUVUZGVmtKRmEwMVNNbWd3WkVoQ2VrOXBPSFphTW13d0NtRklWbWxNYlU1MllsTTVNR0l5T0hSaVIxWnVZVmhSZGxsWVVqQmFXRTR3VERKR2FtUkhiSFppYmsxMlkyNVdkV041T0hoTlJHZDRUMFJKZVU1cVJYa0tUbE01YUdSSVVteGlXRUl3WTNrNGVFMUNXVWREYVhOSFFWRlJRbWMzT0hkQlVsbEZRMEYzUjJOSVZtbGlSMnhxVFVsSFMwSm5iM0pDWjBWRlFXUmFOUXBCWjFGRFFraDNSV1ZuUWpSQlNGbEJNMVF3ZDJGellraEZWRXBxUjFJMFkyMVhZek5CY1VwTFdISnFaVkJMTXk5b05IQjVaME00Y0Rkdk5FRkJRVWRTQ2pSdldtbFpRVUZCUWtGTlFWSjZRa1pCYVVGamJHNDNUR1JRUkZOS1lXZzVSRzFDTVdwT2EwMXlRMVZVYVU5WEwxbzNTMkpJZWtoNFZWQjZNek4zU1dnS1FVdGFhVmhwTDFjelVsSTVjbXh2ZVdWV1JsTlFOemc0U1VsdVprcERiekJPY21acWIybFhNRWh4TkhkTlFXOUhRME54UjFOTk5EbENRVTFFUVRKalFRcE5SMUZEVFVFd2RFWTFObmRDYlZCSWNtdzBVQ3RWTUVGaGNuRnNWbGg1VVV4eloxQkphVFU0UmxWeFlqVjNkMVZLZUZwQmRFOU1kbFJMYTI1dWNrVmxDakpNU3pCWlFVbDNVVTFtVUZsa2NHeHlWUzlWVUdaWlJtWlZOSFV2YlhGV05HdFBOVWh6WXpoUGFGcG9lVTE1WjBJNWJVSnhSMnBpYlRkVlFrNTRlakFLWXpNMVZXMUhRbWNLTFMwdExTMUZUa1FnUTBWU1ZFbEdTVU5CVkVVdExTMHRMUW89In1dfX0=" + } + ], + "timestampVerificationData": { + }, + "certificate": { + "rawBytes": "MIIG8jCCBnmgAwIBAgIUOJp45c9MuNRRDrMXrKvyHlk+RVIwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjQwOTExMTkxOTAzWhcNMjQwOTExMTkyOTAzWjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEYNeCuIu+bmhn1Diotan21bGYKxZpE6MZ6Oa/Wo1cyy6HW1EHLYB3IgX3sq7mHBHgWvqjvAUFS5X0VSTVJtaq4KOCBZgwggWUMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU+uR5DtLlxW4O70uiZdYJX2+004swHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wYwYDVR0RAQH/BFkwV4ZVaHR0cHM6Ly9naXRodWIuY29tL3Rvby1sZWdpdC9hdHRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvaW50ZWdyYXRpb24ueW1sQHJlZnMvaGVhZHMvbWFpbjBFBgorBgEEAYO/MAEBBDdodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL2hhbW1lci10aW1lMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQBg78wAQMEKDI4M2JmOTY3ZmEzYzU5MTkyNWRkMjVlNmE2ZThlNzgxNTQyMTE3YmYwKgYKKwYBBAGDvzABBAQcQXR0ZXN0YXRpb24gSW50ZWdyYXRpb24gVGVzdDAeBgorBgEEAYO/MAEFBBB0b28tbGVnaXQvYXR0ZXN0MB0GCisGAQQBg78wAQYED3JlZnMvaGVhZHMvbWFpbjBHBgorBgEEAYO/MAEIBDkMN2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20vaGFtbWVyLXRpbWUwZQYKKwYBBAGDvzABCQRXDFVodHRwczovL2dpdGh1Yi5jb20vdG9vLWxlZ2l0L2F0dGVzdC8uZ2l0aHViL3dvcmtmbG93cy9pbnRlZ3JhdGlvbi55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78wAQoEKgwoMjgzYmY5NjdmYTNjNTkxOTI1ZGQyNWU2YTZlOGU3ODE1NDIxMTdiZjAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwMwYKKwYBBAGDvzABDAQlDCNodHRwczovL2dpdGh1Yi5jb20vdG9vLWxlZ2l0L2F0dGVzdDA4BgorBgEEAYO/MAENBCoMKDI4M2JmOTY3ZmEzYzU5MTkyNWRkMjVlNmE2ZThlNzgxNTQyMTE3YmYwHwYKKwYBBAGDvzABDgQRDA9yZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk4NTE4OTQ4MjQwLAYKKwYBBAGDvzABEAQeDBxodHRwczovL2dpdGh1Yi5jb20vdG9vLWxlZ2l0MBkGCisGAQQBg78wAREECwwJMTgwMzQ4MDQ2MGUGCisGAQQBg78wARIEVwxVaHR0cHM6Ly9naXRodWIuY29tL3Rvby1sZWdpdC9hdHRlc3QvLmdpdGh1Yi93b3JrZmxvd3MvaW50ZWdyYXRpb24ueW1sQHJlZnMvaGVhZHMvbWFpbjA4BgorBgEEAYO/MAETBCoMKDI4M2JmOTY3ZmEzYzU5MTkyNWRkMjVlNmE2ZThlNzgxNTQyMTE3YmYwIQYKKwYBBAGDvzABFAQTDBF3b3JrZmxvd19kaXNwYXRjaDBXBgorBgEEAYO/MAEVBEkMR2h0dHBzOi8vZ2l0aHViLmNvbS90b28tbGVnaXQvYXR0ZXN0L2FjdGlvbnMvcnVucy8xMDgxODIyNjEyNS9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGR4oZiYAAABAMARzBFAiAcln7LdPDSJah9DmB1jNkMrCUTiOW/Z7KbHzHxUPz33wIhAKZiXi/W3RR9rloyeVFSP788IInfJCo0NrfjoiW0Hq4wMAoGCCqGSM49BAMDA2cAMGQCMA0tF56wBmPHrl4P+U0AarqlVXyQLsgPIi58FUqb5wwUJxZAtOLvTKknnrEe2LK0YAIwQMfPYdplrU/UPfYFfU4u/mqV4kO5Hsc8OhZhyMygB9mBqGjbm7UBNxz0c35UmGBg" + } + }, + "dsseEnvelope": { + "payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoiYXJ0aWZhY3QiLCJkaWdlc3QiOnsic2hhMjU2IjoiYWZhMjdiNDRkNDNiMDJhOWZlYTQxZDEzY2VkYzJlNDAxNmNmY2Y4N2M1ZGJmOTkwZTU5MzY2OWFhOGNlMjg2ZCJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vYWN0aW9ucy5naXRodWIuaW8vYnVpbGR0eXBlcy93b3JrZmxvdy92MSIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJ3b3JrZmxvdyI6eyJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5IjoiaHR0cHM6Ly9naXRodWIuY29tL3Rvby1sZWdpdC9hdHRlc3QiLCJwYXRoIjoiLmdpdGh1Yi93b3JrZmxvd3MvaW50ZWdyYXRpb24ueW1sIn19LCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiZ2l0aHViIjp7ImV2ZW50X25hbWUiOiJ3b3JrZmxvd19kaXNwYXRjaCIsInJlcG9zaXRvcnlfaWQiOiI4NTE4OTQ4MjQiLCJyZXBvc2l0b3J5X293bmVyX2lkIjoiMTgwMzQ4MDQ2IiwicnVubmVyX2Vudmlyb25tZW50IjoiZ2l0aHViLWhvc3RlZCJ9fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vdG9vLWxlZ2l0L2F0dGVzdEByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiMjgzYmY5NjdmYTNjNTkxOTI1ZGQyNWU2YTZlOGU3ODE1NDIxMTdiZiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vdG9vLWxlZ2l0L2F0dGVzdC8uZ2l0aHViL3dvcmtmbG93cy9pbnRlZ3JhdGlvbi55bWxAcmVmcy9oZWFkcy9tYWluIn0sIm1ldGFkYXRhIjp7Imludm9jYXRpb25JZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS90b28tbGVnaXQvYXR0ZXN0L2FjdGlvbnMvcnVucy8xMDgxODIyNjEyNS9hdHRlbXB0cy8xIn19fX0=", + "payloadType": "application/vnd.in-toto+json", + "signatures": [ + { + "sig": "MEYCIQDo6HcufD1X5W+ALqAs+GtUvopFXBQF5JCDRW89VNwNWQIhAJv4SJ8H6RO3rpWvbouTY7k4bsQcu5cCkiuitQJ9d0H/" + } + ] + } +} \ No newline at end of file diff --git a/pkg/cmd/attestation/verify/verify_integration_test.go b/pkg/cmd/attestation/verify/verify_integration_test.go index 611b1d89f..df24b31c4 100644 --- a/pkg/cmd/attestation/verify/verify_integration_test.go +++ b/pkg/cmd/attestation/verify/verify_integration_test.go @@ -85,6 +85,75 @@ func TestVerifyIntegration(t *testing.T) { }) } +func TestVerifyIntegrationCustomIssuer(t *testing.T) { + artifactPath := test.NormalizeRelativePath("../test/data/custom-issuer-artifact") + bundlePath := test.NormalizeRelativePath("../test/data/custom-issuer.sigstore.json") + + logger := io.NewTestHandler() + + sigstoreConfig := verification.SigstoreConfig{ + Logger: logger, + } + + cmdFactory := factory.New("test") + + hc, err := cmdFactory.HttpClient() + if err != nil { + t.Fatal(err) + } + + host, _ := auth.DefaultHost() + + baseOpts := Options{ + APIClient: api.NewLiveClient(hc, host, logger), + ArtifactPath: artifactPath, + BundlePath: bundlePath, + DigestAlgorithm: "sha256", + Logger: logger, + OCIClient: oci.NewLiveClient(), + OIDCIssuer: "https://token.actions.githubusercontent.com/hammer-time", + SigstoreVerifier: verification.NewLiveSigstoreVerifier(sigstoreConfig), + } + + t.Run("with owner and valid workflow SAN", func(t *testing.T) { + opts := baseOpts + opts.Owner = "too-legit" + opts.SAN = "https://github.com/too-legit/attest/.github/workflows/integration.yml@refs/heads/main" + + err := runVerify(&opts) + require.NoError(t, err) + }) + + t.Run("with owner and valid workflow SAN regex", func(t *testing.T) { + opts := baseOpts + opts.Owner = "too-legit" + opts.SANRegex = "^https://github.com/too-legit/attest" + + err := runVerify(&opts) + require.NoError(t, err) + }) + + t.Run("with repo and valid workflow SAN", func(t *testing.T) { + opts := baseOpts + opts.Owner = "too-legit" + opts.Repo = "too-legit/attest" + opts.SAN = "https://github.com/too-legit/attest/.github/workflows/integration.yml@refs/heads/main" + + err := runVerify(&opts) + require.NoError(t, err) + }) + + t.Run("with repo and valid workflow SAN regex", func(t *testing.T) { + opts := baseOpts + opts.Owner = "too-legit" + opts.Repo = "too-legit/attest" + opts.SANRegex = "^https://github.com/too-legit/attest" + + err := runVerify(&opts) + require.NoError(t, err) + }) +} + func TestVerifyIntegrationReusableWorkflow(t *testing.T) { artifactPath := test.NormalizeRelativePath("../test/data/reusable-workflow-artifact") bundlePath := test.NormalizeRelativePath("../test/data/reusable-workflow-attestation.sigstore.json")