diff --git a/go.mod b/go.mod index d245cf0c..94c5209d 100644 --- a/go.mod +++ b/go.mod @@ -8,16 +8,16 @@ require ( github.com/opencontainers/go-digest v1.0.0 github.com/opencontainers/image-spec v1.1.0-rc2 github.com/veraison/go-cose v1.0.0-rc.2 - oras.land/oras-go/v2 v2.0.0-rc.6 + golang.org/x/mod v0.7.0 + oras.land/oras-go/v2 v2.0.0 ) require ( - github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e // indirect + github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect github.com/fxamacker/cbor/v2 v2.4.0 // indirect github.com/go-asn1-ber/asn1-ber v1.5.4 // indirect - github.com/golang-jwt/jwt/v4 v4.4.2 // indirect + github.com/golang-jwt/jwt/v4 v4.4.3 // indirect github.com/x448/float16 v0.8.4 // indirect - golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d // indirect - golang.org/x/mod v0.7.0 // indirect + golang.org/x/crypto v0.5.0 // indirect golang.org/x/sync v0.1.0 // indirect ) diff --git a/go.sum b/go.sum index b277c699..93c6f6e8 100644 --- a/go.sum +++ b/go.sum @@ -1,5 +1,6 @@ -github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e h1:NeAW1fUYUEWhft7pkxDf6WoUvEZJ/uOKsvtpjLnn8MU= github.com/Azure/go-ntlmssp v0.0.0-20220621081337-cb9428e4ac1e/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/fxamacker/cbor/v2 v2.4.0 h1:ri0ArlOR+5XunOP8CRUowT0pSJOwhW098ZCUyskZD88= @@ -8,8 +9,8 @@ github.com/go-asn1-ber/asn1-ber v1.5.4 h1:vXT6d/FNDiELJnLb6hGNa309LMsrCoYFvpwHDF github.com/go-asn1-ber/asn1-ber v1.5.4/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs= github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI= -github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs= -github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.4.3 h1:Hxl6lhQFj4AnOX6MLrsCb/+7tCj7DxP7VA+2rDIq5AU= +github.com/golang-jwt/jwt/v4 v4.4.3/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/notaryproject/notation-core-go v1.0.0-rc.1 h1:ACi0gr6mD1bzp9+gu3P0meJ/N6iWHlyM9zgtdnooNAA= github.com/notaryproject/notation-core-go v1.0.0-rc.1/go.mod h1:n8Gbvl9sKa00KptkKEL5XKUyMTIALe74QipKauE2rj4= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= @@ -25,8 +26,9 @@ github.com/veraison/go-cose v1.0.0-rc.2 h1:zH3QmP4N5kwpdGauceIT3aJm8iUyV9OqpUOb+ github.com/veraison/go-cose v1.0.0-rc.2/go.mod h1:7ziE85vSq4ScFTg6wyoMXjucIGOf4JkFEZi/an96Ct4= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d h1:sK3txAijHtOK88l68nt020reeT1ZdKLIYetKl95FzVY= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE= +golang.org/x/crypto v0.5.0/go.mod h1:NK/OQwhpMQP3MwtdjgLlYHnH9ebylxKWv3e0fK+mkQU= golang.org/x/mod v0.7.0 h1:LapD9S96VoQRhi/GrNTqeBJFrUjs5UHCAtTlgwA5oZA= golang.org/x/mod v0.7.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= @@ -41,5 +43,5 @@ golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGm gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -oras.land/oras-go/v2 v2.0.0-rc.6 h1:jGWysqm8flq+X0Vj8bZ6rkASAqTab5k18Mx9hEjFc8g= -oras.land/oras-go/v2 v2.0.0-rc.6/go.mod h1:iVExH1NxrccIxjsiq17L91WCZ4KIw6jVQyCLsZsu1gc= +oras.land/oras-go/v2 v2.0.0 h1:+LRAz92WF7AvYQsQjPEAIw3Xb2zPPhuydjpi4pIHmc0= +oras.land/oras-go/v2 v2.0.0/go.mod h1:iVExH1NxrccIxjsiq17L91WCZ4KIw6jVQyCLsZsu1gc= diff --git a/internal/mock/mocks.go b/internal/mock/mocks.go index fbb3ba2e..44c971ec 100644 --- a/internal/mock/mocks.go +++ b/internal/mock/mocks.go @@ -35,23 +35,29 @@ var MockSaExpiredSigEnv []byte //go:embed testdata/sa_plugin_sig_env.json var MockSaPluginSigEnv []byte // extended attributes are "SomeKey":"SomeValue", "io.cncf.notary.verificationPlugin":"plugin-name" -//go:embed testdata/ca_invalid_minver_sig_env1.json -var MockCaInvalidMinVerSigEnv1 []byte +//go:embed testdata/ca_incompatible_pluginver_sig_env_1.0.9.json +var MockCaIncompatiblePluginVerSigEnv_1_0_9 []byte -//go:embed testdata/ca_invalid_minver_sig_env2.json -var MockCaInvalidMinVerSigEnv2 []byte +//go:embed testdata/ca_incompatible_pluginver_sig_env_1.0.1.json +var MockCaIncompatiblePluginVerSigEnv_1_0_1 []byte -//go:embed testdata/ca_invalid_minver_sig_env3.json -var MockCaInvalidMinVerSigEnv3 []byte +//go:embed testdata/ca_incompatible_pluginver_sig_env_1.2.3.json +var MockCaIncompatiblePluginVerSigEnv_1_2_3 []byte -//go:embed testdata/ca_valid_minver_sig_env1.json -var MockCaValidMinVerSigEnv1 []byte +//go:embed testdata/ca_incompatible_pluginver_sig_env_1.1.0-alpha.json +var MockCaIncompatiblePluginVerSigEnv_1_1_0_alpha []byte -//go:embed testdata/ca_valid_minver_sig_env2.json -var MockCaValidMinVerSigEnv2 []byte +//go:embed testdata/ca_compatible_pluginver_sig_env_0.0.9.json +var MockCaCompatiblePluginVerSigEnv_0_0_9 []byte -//go:embed testdata/ca_valid_minver_sig_env3.json -var MockCaValidMinVerSigEnv3 []byte +//go:embed testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.json +var MockCaCompatiblePluginVerSigEnv_1_0_0_alpha []byte + +//go:embed testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json +var MockCaCompatiblePluginVerSigEnv_1_0_0_alpha_beta []byte + +//go:embed testdata/ca_compatible_pluginver_sig_env_1.0.0.json +var MockCaCompatiblePluginVerSigEnv_1_0_0 []byte var ( SampleArtifactUri = "registry.acme-rockets.io/software/net-monitor@sha256:60043cf45eaebc4c0867fea485a039b598f52fd09fd5b07b0b2d2f88fad9d74e" @@ -69,6 +75,12 @@ var ( Size: 300, Annotations: Annotations, } + TestImageDescriptor = ocispec.Descriptor{ + MediaType: "application/vnd.docker.distribution.manifest.v2+json", + Digest: digest.Digest("sha256:fe7e9333395060c2f5e63cf36a38fba10176f183b4163a5794e081a480abba5f"), + Size: 942, + Annotations: nil, + } JwsSigEnvDescriptor = ocispec.Descriptor{ MediaType: "application/jose+json", Digest: SampleDigest, diff --git a/internal/mock/testdata/ca_compatible_pluginver_sig_env_0.0.9.json b/internal/mock/testdata/ca_compatible_pluginver_sig_env_0.0.9.json new file mode 100644 index 00000000..6e5fa97d --- /dev/null +++ b/internal/mock/testdata/ca_compatible_pluginver_sig_env_0.0.9.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQwMDoyMTozNi0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjAuMC45In0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"VXWolnwKhCSYn1x1_0CUpvUxEihiuKCJ9Ae2Lm--gkW_tfbBlTzkq4TciXM4u4V9MBtbDczQ8k748tmEb7qbzPPT6CEPGMBX8WN7kDStqXGILmpIE5M7Z1nYVIYkgQPk_w6FyC291bluQQGu0yqNrAO3pT1Ym5DoHAyRHLROdDRChntI4Qrz5DGrjBsiibo_GAOxw1jY1ENvo5dlSTAgnZm9jkfbY0gsYTXuNGYk2atS0H1W_MVRdgDSI9gbQ6amLUf-qy_gcbl5UT8Pa5fWb_1KZPtAqoh4hA5PW4UKkxFE0Wz2pUAs9RpYI-xpw1B6KGtgiI9MuTYDFMmTXHBRig"} diff --git a/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json new file mode 100644 index 00000000..a411ec32 --- /dev/null +++ b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMzowMzoyMy0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wLWFscGhhLmJldGEifQ","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"iJthtqbz0O5nFuo5Z9nRddEjyZp3RG-KOY6SSB3sc8AgDBdT5Fjp9yltIoqTl-BLZhrGOAFeO0T_1JVsPbZZMxzJq4fb3gPaIPItrendkpit1m2RaB8fK1D_I6Vqu1_rGiYaxDcNpaqn1T_isxr4MVRekcLSNQnG3iMdJ0k-Attf8JdCXE0EWKyLBStMVAfo0J39ShFcwyIMvO0vm2_TRDVbcKovpY0vFrfyE2pFIChnJECmivImdKmBMIW78vEtN6qBrKskI3HzA9N1XjxGY4GOAu30iqtNRanO65nZGng0lqpJd15bAwUaqj-KD_BAZIUT9T2qCf2COF9GKvc3NQ"} diff --git a/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.json b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.json new file mode 100644 index 00000000..1bcb6791 --- /dev/null +++ b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo1NzowNC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wLWFscGhhIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"xZqE2HZye4qPmG688z875mHySGV_MoWOb99wChu-hInU8-CyxMesxzVCo_boG3Oae6tj6MKwdJ-Dj2cKbI3S4aX2l6t5IRFLB5z4DuIsDhmKZj9iN5LjtP8ua5_fni9dBk4e9c9TAsMq1hjXyNEen2rC1dzP_bcNYnoOs1yRWpO4JAcsslMYeqUIKKf39kzlOxOKIsJ8YhZoNeRc3HnAu4hlX2XpXwArovvMZtg1Akp6qCjVQcQQUTb_M0JeytmR8R5tdr_ZYqh-rCWbIe5tNU4u9jCP8xvlXPdSjpHgpmPsEnNd4u4gnLFxuYAq5l3UkdGDLXUsGrTx_Bi_LoFHUQ"} diff --git a/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0.json b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0.json new file mode 100644 index 00000000..9d884572 --- /dev/null +++ b/internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMzowNTo1OC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"JG7Gk8HwJbkUheyX9eRoBDPezynCmMetYATNsW0U4ERBiagKO-DxRMN4lqHxcVFf7HXVRCWPf3A6aIYo6Vox0fHNFDWyX7g4qcD0wy8mSIgt9FsN5EBFqkgUxfC2o_5OrlUEsbaN8vU3tH4jNoTjWEcT6cNVNv7gltzkTQDQFdgl7DC-Bf12p9HJsSQQlJqdS-BhDYp-ou7dwgd3jeomureLC6kOhaU3ssmSsn69cdCt9cZgZ9U9-5knjyicGUDaCpPHWpz3_R8JgyLq3L8nzEetPBHRShwMPUwV42F_9_C2-gXR7ZVaU3ENshViL0p0T70U4VElOb7IxqAMWRmIlw"} diff --git a/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.1.json b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.1.json new file mode 100644 index 00000000..4aee82f7 --- /dev/null +++ b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.1.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo0OTowMi0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4xIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"tb2xdd03j1ATBoG1K-9QmCjNeTnK-LKLHdZS44NJ0G5MfrzSFv56w3_FDqnS1jki8FTmGVUMdPAOciTuyoP_nREMBMr9QYn-qOAHisVrvxAcqmWEL-4Uoa_VIzmPvq-_wJKw9L_oZ2m-b9dx93tl2t2z0gxQaAgtVWJP6ap47lKlri6IFeFIXDq6jpdC9sy3q_wifnxFaZ9LM3892Pp7aMLvnT_TdTPxT1AHSq6ZOvddPbStvSUVICXZLmsglFym2c8RzatxulrnGlZ1fKKS0gR7W96-L1JsqIV5KeBMXq8vFnG-rK4fsqa0FeBBkmOOV6ZKKIruvfm7Z-SJ-nJLZw"} diff --git a/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.9.json b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.9.json new file mode 100644 index 00000000..02171548 --- /dev/null +++ b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.9.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQwMDo0NzoxOC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC45In0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"zdA6RgbS3-QUdrhJuhAz-4wi55PZjy0CezOyTpg0UP1zxRfigVefPne86GEhGmiC-m-QlJC6bWSYFdkF3EoBL1CpGo46zUeaGKhQXM0Db1I8VKhJE20o1T83yXm-_ZVgDEe3_LUhu_KYs-jvkfJu_DGl6DJdBp_lkEpc9Br3tYUvgkxtF2LlvSUNYuc4oILnidj2sYFO5o7IBKdDoBVlQ3Z29s2Z6NUzy48ab9mxZCq0T9-uGj8636GJ3yJ78086GI_lt-0_mXdJ592WguWb3WBogCz9NvLm-byPIC7cP4RpHRqJQRsvYp6txgsrDqy2T1I0BEsf-Fp1FSxBdWMwXA"} diff --git a/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.1.0-alpha.json b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.1.0-alpha.json new file mode 100644 index 00000000..0677452a --- /dev/null +++ b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.1.0-alpha.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo0MDozNC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMS4wLWFscGhhIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"In4X5VH7wiFuGRaop36jSxFMvgAmbnZ7Pwhl1iqhSFItCGpwCCq7Sb9fWn79fiRyxI9F6JuJSTnTtHnjmZXfShAe5KRlSUktPwRcGg6LAMG9YTvd1JayNdjAGyPvZw7PGqeKF_syNgSrw-UzLsR0YXqck639affiVlKRTMNeZla2iXb8gRa8LGGiGoizKMrwV3Ywf3QilWy4CR5NK9TUj-OmdpaBfmE3T--LDpaOt7fjzhCFMXDGq27I_7NfzhrIJ_LpS7f2R5dG6eVRIgmSOVKEkCVM0n38lJ0H1E2uwwYmhns5wzDWJeBVEem8ycFrQkEvsGHWJ1Ru9YYNXhfr9Q"} diff --git a/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.2.3.json b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.2.3.json new file mode 100644 index 00000000..4f2d8a75 --- /dev/null +++ b/internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.2.3.json @@ -0,0 +1 @@ +{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo1NDowMS0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMi4zIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"sB7vQl3zpK1JBjKa0gwj_s0Rbboo2kb4x81MNIbUINAc2ocvfRqyxMtlJYdgmx78GledCm4j8BfXr7_sV0_WkKI6Af6n_5rYMQ0a3EOI79-uzkRqrKBJsh4BsuQuweBql-W5-ofnwAhpNUmowHUcJlh0PmpOeYPQcj0TFMCZuqwMSKi4KLj4H5ENnmIWyR4rDoNueZkenbfh-eYR47PDb8KHyGTX86m-8IY-gNlAYRm_62MRecsGjg97EQ5niFGaRxlg7jf-1RVg3jLKXYlLRs41dnsMo1QGuTW7nPEUZKpXMZIyPnqPmS91icq0v1Obcx-r4aOqTKrPTeIPCYMoSQ"} diff --git a/internal/mock/testdata/ca_invalid_minver_sig_env1.json b/internal/mock/testdata/ca_invalid_minver_sig_env1.json deleted file mode 100644 index 5ee1c543..00000000 --- a/internal/mock/testdata/ca_invalid_minver_sig_env1.json +++ /dev/null @@ -1,3 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMTo1NToyMy0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4xIn0", - "header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"N4fntdsEyVmLdcpWfdaQ_MZDnaeGClPCaU0RAH0tuK9ohTKiRdXUNLeMUljMkYLR5Yo3m4NwCTt51jLpEo0ZblcLuHVdsaTY1liQ9eOkSELjSr0Gd-SyHEwqQynRllpxvbb9Vn0dP996A2aVEHRMV8DXSW3ip0KnXKNBxoUrYZB9NKpkUD7zPZ97HBml2m8gYb1F9w-SHIWBNjjoOCxqV_Rp2CprgZaH9YvRKAHGa5ZXYcfGJ8ZPGi3XVjEJRv3VKLUUkl2_dQSzMk7a9a0LyTBiQuDSIVRrmq3wYGNRYYEqVcbRCgWBtlqkWdi3qU_se38vu2MPWTo17spTkotnBg"} diff --git a/internal/mock/testdata/ca_invalid_minver_sig_env2.json b/internal/mock/testdata/ca_invalid_minver_sig_env2.json deleted file mode 100644 index 6d19c6f6..00000000 --- a/internal/mock/testdata/ca_invalid_minver_sig_env2.json +++ /dev/null @@ -1,3 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMTo1OTozNC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMS4wIn0", - "header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"JKW8ZXmoUX93kdLulbKR2KXaXz5ZmbXA8_FU1tUjnn6iPulFF-Lalj2n2bc5qco7DvxOcK18SMph9ChijWLN1Id6CmZeLRUNQfeHE5lWvzinstqn06kd-8I-tDxedSsoq2J3cZML-ht9ama0SRIwhfpfQp4jGJmxkQFmBo31K7N1SLF3Jjri8vU4eRocmWmCtRy5Ny-4KmSaPmGWwS1nEqIYbbcVVNeK_Ejl223LDh38f5z2k0L7OyP96vVtqxCf09T1RjR7onhh_tX3llxLtq5c0_8a3OCFrSEb7WOHNLloZZYn8pLOlOZ8UKL5wCdNolyRhF0jStJHLptZAWi1Lg"} diff --git a/internal/mock/testdata/ca_invalid_minver_sig_env3.json b/internal/mock/testdata/ca_invalid_minver_sig_env3.json deleted file mode 100644 index 1ac28c49..00000000 --- a/internal/mock/testdata/ca_invalid_minver_sig_env3.json +++ /dev/null @@ -1,3 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMzowMzoyNy0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMS4wLWFscGhhIn0", - "header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"c--r59JF7Aj3pNx9xsQZKAyByiomMGSLKIj4o3GQvig-Jcy8Pu8M7pHrhgaOfV1-3G4LrOot0MICUzDhKsKGjx1G6vYHO8HWIAQV69w7RLte0j6xpUX-Tw5kMLNPRZoWdi9Erdvp_0Awj371FyE1k2bj75y21QTiMGnR46NFLGdW4NgYFBKFcu3_9YLqDvI2GvpTuqLvd8nKJ07RhnsrU3iDzwgcSACpHPA3cITmWsdbqiuAPRCONTa8tN04jYe0D70aDvM4DGHWrBaIeIqhjVGbRjTJFsaii-jnGhQTJWIN1tTO6aQ5dZ1QwtL98MsFK1pCgBcJDFOL0PCnXYYjxg"} diff --git a/internal/mock/testdata/ca_valid_minver_sig_env1.json b/internal/mock/testdata/ca_valid_minver_sig_env1.json deleted file mode 100644 index 199a445c..00000000 --- a/internal/mock/testdata/ca_valid_minver_sig_env1.json +++ /dev/null @@ -1,4 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMzozMToxOC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wLWFscGhhIn0", - "header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"], - "io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"MZg2902BOtu8I5HMjD0moLf8FsqaumVLmZz_fXb0_nFQkT_3uRgjaAiW03DEZEBQwHQ4ghAfDDyBb5q8NXLu7dqw5ob-4CPWuHemsJjl-3AfsheimMbG7vTtxPjx8IJsyNGFiTF3lWRE0K-MVNEGmDI--JHD-IYoKrcTudEMFcAtjD0qbt_3HhiVpMy4bTY9WrtcmUKd7RF184sp16iQmiIjkoSTyHPrNEH9QMCI-lqlExa8I-qFzt40xqDPAJBZW6y_UgesdUFfUusqD1D6QBwTHFXAqKPbUHA2wNPhBMxqpsD_oy4xB0oYLp_00JHug3J28WKTcf5-iYvq_0d0yQ"} diff --git a/internal/mock/testdata/ca_valid_minver_sig_env2.json b/internal/mock/testdata/ca_valid_minver_sig_env2.json deleted file mode 100644 index 6c220105..00000000 --- a/internal/mock/testdata/ca_valid_minver_sig_env2.json +++ /dev/null @@ -1,3 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMzo0NTo1OC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wIn0", - "header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"AyHlc1Fz0vqOoFSsN2bPxqUc5GLEJGA_kX68Gjq2W9RDikjDdCYAEXJ9E7ZZ-kwgXSij8htEz-IzPizkRRC4JpLIwPwiJz0ZGoG7Fmwpg9JRdr0esf7MBTHEcL84ctbqXyxjvP-01h-ls80eUJe1U7Qrxr5EcCjQK4lW8H-EWH6VlEaljtm5w5lm0vpnMy6kVEanD4O7jo2Mbu0JvAoVMnP_OCFdX9N8VoCoMXDK3plNaJtoF8m-dygoYhs1rghYPCsQhTyrgXDXKpdCpoUh1C-_RRtJoYA2fEzlUqjGDpjBLwXJ9xuwRDB47nxwjrZ-O38UsBhs6uz3ZW5TZd8hYA"} diff --git a/internal/mock/testdata/ca_valid_minver_sig_env3.json b/internal/mock/testdata/ca_valid_minver_sig_env3.json deleted file mode 100644 index 975ebc3b..00000000 --- a/internal/mock/testdata/ca_valid_minver_sig_env3.json +++ /dev/null @@ -1,2 +0,0 @@ -{"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ", - "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xMVQyMzo1MTo1OS0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjAuMC45In0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMjAxNDUzMloXDTIzMDExMzAxNDUzMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPRo4SKWNljXTQ+Ru9LT/XcFRKsTzTU3ljED2Lqha1Nl3eo6luSpwMfMRyiM9wfYDQkTZffNAlSljtoR9Mk+GowK/KFO5xEw7aYwYkFdozwGp+NW4y16kYf+C4m1ixdxQLdSGEMfZI4xdDAhcepIGS6U1zW00lHQSeMRJHbOYWHE7CO6AG/PJjiIkmYg0OvqU4NxR3jXZpiMoHZu2V5r7MetG2JFVqCn5Nf0COvtNacSYxsQVF8/6hBGQBQlTKiaoR2DIgxZFcZJ88D2uB58DQ5Zd0obwK+pBuqq+qMcdyc81N1bSXrdAtoWUYO6a5TP1zy0qs9P2dzGBb+u/PERcMUCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQCWYJvGUQKNTL3/wJMx1VTJ/EVlog51ZPKI18i1WTgv1ybY5JSIxK5XZWfD4spedX6PLmONwkOqLF3ZYn3+BTyHaoeUt2Rn6upIFt7H39QFK2wbcXOXgUgEtm7FGpgurNLYCmw2N3k13ARv+UvrBrU+SVyvzJMV2ldnMJrKAHTTccH3FpI0l1jOxu8QrMlRt7+gmm8KBbz1TC2tWGThwzL9kzSRriqcIGaApjmTnnctbblDLGkWR3yHaQ8YMe9YWreauqKEisGahGUSZb+pBHm0tmhA2wLRPU3J5HGmUaRqXQALxD41zIOMxdpmBG+kQ38Hv5aUiWJad7fvjdqChPt+"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"G3v26pei0Cj5E1dnN47TrP6nQNQ0IYic8ApUXFuiQh_1wRFSWvqtMC8-rSPD8WcpZ6VvmISO2bUMmfFoF2DHNd0XPVHaanGfjMx-BrzrUAe7w3wX3CyosaaCRoH_LCgh6QM4GXLPyMbNOaqAEo9_OxEy4l7C3lVKeuB435fPDdv_4F4A0Lh9cAOimfO2i2IHzy5RNiNYbZqIHYPtZjToyH3B-6hKEJWL7rQS22ccj7MqbRCOIyIt-i-L8TKaa7dNQ2cvQSD9gZjs4XHubLDjHHGHwTzEsl3wNtMT-Ns9R_gFNqcOtx8tRN5os6KArl_RGbiBGxChrRYSnBvsNM7W_w"} diff --git a/verifier/helpers.go b/verifier/helpers.go index c9ee6da8..9c495b2f 100644 --- a/verifier/helpers.go +++ b/verifier/helpers.go @@ -32,7 +32,7 @@ var VerificationPluginHeaders = []string{ var errExtendedAttributeNotExist = errors.New("extended attribute not exist") -// regex is takenfrom https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string +// semVerRegEx is takenfrom https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string var semVerRegEx = regexp.MustCompile(`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`) func loadX509TrustStores(ctx context.Context, scheme signature.SigningScheme, policy *trustpolicy.TrustPolicy, x509TrustStore truststore.X509TrustStore) ([]*x509.Certificate, error) { @@ -128,13 +128,15 @@ func getVerificationPluginMinVersion(signerInfo *signature.SignerInfo) (string, if err != nil { return "", err } - // empty version if strings.TrimSpace(version) == "" { return "", fmt.Errorf("%v from extended attribute is an empty string", HeaderVerificationPluginMinVersion) } - - if !semVerRegEx.MatchString(version) { + if !isVersionSemverValid(version) { return "", fmt.Errorf("%v from extended attribute is not a valid SemVer", HeaderVerificationPluginMinVersion) } return version, nil } + +func isVersionSemverValid(version string) bool { + return semVerRegEx.MatchString(version) +} diff --git a/verifier/helpers_test.go b/verifier/helpers_test.go index 6471e1bc..b92ea9a6 100644 --- a/verifier/helpers_test.go +++ b/verifier/helpers_test.go @@ -78,7 +78,7 @@ func TestLoadX509TrustStore(t *testing.T) { if err != nil { t.Fatalf("TestLoadX509TrustStore should not throw error for a valid trust store. Error: %v", err) } - if len(caCerts) != 3 || len(saCerts) != 3 { + if len(caCerts) != 4 || len(saCerts) != 3 { t.Fatalf("Both of the named stores should have 3 certs") } } diff --git a/verifier/testdata/truststore/x509/ca/valid-trust-store/wabbit-networks.io.crt b/verifier/testdata/truststore/x509/ca/valid-trust-store/wabbit-networks.io.crt new file mode 100644 index 00000000..60028b63 --- /dev/null +++ b/verifier/testdata/truststore/x509/ca/valid-trust-store/wabbit-networks.io.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL +MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb +MBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMz +MDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH +EwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3 +b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7h +sGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYE +s4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3 +w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwK +GvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9 +X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMH +PsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG +AQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrW +LYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDA +e2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvj +FE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/i +oe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qo +zfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo +-----END CERTIFICATE----- diff --git a/verifier/verifier.go b/verifier/verifier.go index 7ed8681e..bbc94216 100644 --- a/verifier/verifier.go +++ b/verifier/verifier.go @@ -181,7 +181,7 @@ func (v *verifier) processSignature(ctx context.Context, sigBlob []byte, envelop pluginVersion := metadata.Version //checking if the plugin version is in valid semver format - if !semVerRegEx.MatchString(pluginVersion) { + if !isVersionSemverValid(pluginVersion) { return notation.ErrorVerificationInconclusive{Msg: fmt.Sprintf("plugin %s has pluginVersion %s which is not in valid semver format", verificationPluginName, pluginVersion)} } diff --git a/verifier/verifier_test.go b/verifier/verifier_test.go index 59e1cb83..b8e81119 100644 --- a/verifier/verifier_test.go +++ b/verifier/verifier_test.go @@ -609,38 +609,56 @@ func TestVerifyX509TrustedIdentities(t *testing.T) { func TestPluginVersionCompatibility(t *testing.T) { errTemplate := "found plugin io.cncf.notary.plugin.unittest.mock with version 1.0.0 but signature verification needs plugin version greater than or equal to " - errIgnore := "digital signature requires plugin \"io.cncf.notary.plugin.unittest.mock\" with signature verification capabilities (\"SIGNATURE_VERIFIER.TRUSTED_IDENTITY\" and/or \"SIGNATURE_VERIFIER.REVOCATION_CHECK\") installed" - policyDocument := dummyPolicyDocument() + var policyDocument = trustpolicy.Document{ + Version: "1.0", + TrustPolicies: []trustpolicy.TrustPolicy{ + { + Name: "wabbit-networks-images", + RegistryScopes: []string{"localhost:5000/net-monitor"}, + SignatureVerification: trustpolicy.SignatureVerification{VerificationLevel: trustpolicy.LevelStrict.Name}, + TrustStores: []string{"ca:valid-trust-store"}, + TrustedIdentities: []string{"x509.subject: CN=wabbit-networks.io,O=Notary,L=Seattle,ST=WA,C=US"}, + }, + }, + } + pluginManager := mock.PluginManager{} + pluginManager.PluginCapabilities = []proto.Capability{proto.CapabilityTrustedIdentityVerifier} + pluginManager.PluginRunnerExecuteResponse = &proto.VerifySignatureResponse{ + VerificationResults: map[proto.Capability]*proto.VerificationResult{ + proto.CapabilityTrustedIdentityVerifier: { + Success: true, + }, + }, + ProcessedAttributes: []interface{}{mock.PluginExtendedCriticalAttribute.Key}, + } + dir.UserConfigDir = "testdata" + x509TrustStore := truststore.NewX509TrustStore(dir.ConfigFS()) v := verifier{ trustPolicyDoc: &policyDocument, - pluginManager: mock.PluginManager{}, + trustStore: x509TrustStore, + pluginManager: pluginManager, } - opts := notation.VerifyOptions{ArtifactReference: mock.SampleArtifactUri, SignatureMediaType: "application/jose+json"} - envelopeMediaType := opts.SignatureMediaType - trustPolicy, _ := v.trustPolicyDoc.GetApplicableTrustPolicy(mock.SampleArtifactUri) - pluginConfig := opts.PluginConfig - verificationLevel, _ := trustPolicy.SignatureVerification.GetVerificationLevel() + opts := notation.VerifyOptions{ArtifactReference: "localhost:5000/net-monitor@sha256:fe7e9333395060c2f5e63cf36a38fba10176f183b4163a5794e081a480abba5f", SignatureMediaType: "application/jose+json"} tests := []struct { minPluginVerTests []byte - wantErr []string + wantErr string }{ - {mock.MockCaInvalidMinVerSigEnv1, []string{errTemplate + "1.0.1"}}, - {mock.MockCaInvalidMinVerSigEnv2, []string{errTemplate + "1.1.0"}}, - {mock.MockCaInvalidMinVerSigEnv3, []string{errTemplate + "1.1.0-alpha"}}, - {mock.MockCaValidMinVerSigEnv1, []string{"", errIgnore}}, - {mock.MockCaValidMinVerSigEnv2, []string{"", errIgnore}}, - {mock.MockCaValidMinVerSigEnv3, []string{"", errIgnore}}, + + {mock.MockCaIncompatiblePluginVerSigEnv_1_0_9, errTemplate + "1.0.9"}, + {mock.MockCaIncompatiblePluginVerSigEnv_1_0_1, errTemplate + "1.0.1"}, + {mock.MockCaIncompatiblePluginVerSigEnv_1_2_3, errTemplate + "1.2.3"}, + {mock.MockCaIncompatiblePluginVerSigEnv_1_1_0_alpha, errTemplate + "1.1.0-alpha"}, + {mock.MockCaCompatiblePluginVerSigEnv_0_0_9, ""}, + {mock.MockCaCompatiblePluginVerSigEnv_1_0_0_alpha, ""}, + {mock.MockCaCompatiblePluginVerSigEnv_1_0_0_alpha_beta, ""}, + {mock.MockCaCompatiblePluginVerSigEnv_1_0_0, ""}, } for _, tt := range tests { - outcome := ¬ation.VerificationOutcome{ - RawSignature: tt.minPluginVerTests, - VerificationLevel: verificationLevel, - } - err := v.processSignature(context.Background(), tt.minPluginVerTests, envelopeMediaType, trustPolicy, pluginConfig, outcome) - if err.Error() != tt.wantErr[0] { - if err.Error() != tt.wantErr[1] { - t.Errorf("TestPluginVersionCompatibility Error: %s, WantErr: %s ", err.Error(), tt.wantErr[0]) + + if _, err := v.Verify(context.Background(), mock.TestImageDescriptor, tt.minPluginVerTests, opts); err != nil && tt.wantErr != "" { + if err.Error() != tt.wantErr { + t.Errorf("TestPluginVersionCompatibility Error: %s, WantErr: %s ", err.Error(), tt.wantErr) } } } @@ -666,7 +684,7 @@ func TestIsRequiredVerificationPluginVer(t *testing.T) { for _, tt := range tests { funcVal := isRequiredVerificationPluginVer(testPlugVer, tt.minVerTests[0]) if funcVal != tt.expectedVal { - t.Errorf("TestIsRequiredVerificationPluginVer Error: version comparison mis match between plugin with version %s and min verification plugin version %s, function output: %v, expected output: %v", testPlugVer, tt.minVerTests[0], funcVal, tt.expectedVal) + t.Errorf("TestIsRequiredVerificationPluginVer Error: version comparison mismatch between plugin with version %s and min verification plugin version %s, function output: %v, expected output: %v", testPlugVer, tt.minVerTests[0], funcVal, tt.expectedVal) } } }