diff --git a/.github/workflows/whitespace.yaml b/.github/workflows/whitespace.yaml index 9b182b7f1..dd345fa53 100644 --- a/.github/workflows/whitespace.yaml +++ b/.github/workflows/whitespace.yaml @@ -16,8 +16,8 @@ jobs: - name: Check out code uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: chainguard-dev/actions/trailing-space@84c993eaf02da1c325854fb272a4df9184bd80fc # main + - uses: chainguard-dev/actions/trailing-space@7071df0659dbd4a79804731f0da2d0f1dba0b356 # main if: ${{ always() }} - - uses: chainguard-dev/actions/eof-newline@84c993eaf02da1c325854fb272a4df9184bd80fc # main + - uses: chainguard-dev/actions/eof-newline@7071df0659dbd4a79804731f0da2d0f1dba0b356 # main if: ${{ always() }} diff --git a/Makefile b/Makefile index 409f8f69a..ac5310732 100644 --- a/Makefile +++ b/Makefile @@ -189,3 +189,6 @@ docs/generate-api: `find ./pkg/apis/policy/v1alpha1/ -iname '*types.go' | sort -r | tr '\n' ' '` \ > docs/api-types/index-v1alpha1.md; +.PHONY: generate-testdata +generate-testdata: + go run hack/gentestdata/gentestdata.go diff --git a/go.mod b/go.mod index e380b4c31..a3379110f 100644 --- a/go.mod +++ b/go.mod @@ -40,7 +40,7 @@ require ( golang.org/x/net v0.22.0 golang.org/x/sys v0.18.0 // indirect golang.org/x/time v0.5.0 - google.golang.org/grpc v1.61.1 // indirect + google.golang.org/grpc v1.62.0 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/yaml.v3 v3.0.1 k8s.io/api v0.29.3 @@ -61,6 +61,7 @@ require ( github.com/docker/docker v26.0.0+incompatible github.com/docker/go-connections v0.5.0 github.com/go-jose/go-jose/v3 v3.0.3 + github.com/sigstore/scaffolding v0.6.17 github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.2 github.com/sigstore/sigstore/pkg/signature/kms/azure v1.8.2 github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.2 @@ -166,7 +167,7 @@ require ( github.com/go-openapi/loads v0.21.5 // indirect github.com/go-openapi/runtime v0.27.1 // indirect github.com/go-openapi/spec v0.20.14 // indirect - github.com/go-openapi/strfmt v0.22.0 // indirect + github.com/go-openapi/strfmt v0.22.1 // indirect github.com/go-openapi/swag v0.22.9 // indirect github.com/go-openapi/validate v0.22.6 // indirect github.com/gobuffalo/flect v1.0.2 // indirect @@ -199,7 +200,6 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect @@ -217,9 +217,9 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.18.0 // indirect - github.com/prometheus/client_model v0.5.0 // indirect - github.com/prometheus/common v0.45.0 // indirect + github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_model v0.6.0 // indirect + github.com/prometheus/common v0.48.0 // indirect github.com/prometheus/procfs v0.12.0 // indirect github.com/prometheus/statsd_exporter v0.22.8 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect @@ -228,7 +228,7 @@ require ( github.com/sassoftware/relic v7.2.1+incompatible // indirect github.com/secure-systems-lab/go-securesystemslib v0.8.0 // indirect github.com/shibumi/go-pathspec v1.3.0 // indirect - github.com/sigstore/timestamp-authority v1.2.1 // indirect + github.com/sigstore/timestamp-authority v1.2.2 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sourcegraph/conc v0.3.0 // indirect github.com/spf13/afero v1.11.0 // indirect @@ -245,7 +245,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yashtewari/glob-intersection v0.2.0 // indirect - go.mongodb.org/mongo-driver v1.13.1 // indirect + go.mongodb.org/mongo-driver v1.14.0 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.48.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.48.0 // indirect diff --git a/go.sum b/go.sum index 83d9085c8..90fc4226b 100644 --- a/go.sum +++ b/go.sum @@ -236,8 +236,8 @@ github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUK github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= -github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa h1:jQCWAUqqlij9Pgj2i/PB79y4KOPYVyFYdROxgaCwdTQ= +github.com/cncf/xds/go v0.0.0-20231128003011-0fa0005c9caa/go.mod h1:x/1Gn8zydmfq8dk6e9PdstVsDgu9RuyIIJqAaF//0IM= github.com/cockroachdb/apd/v3 v3.2.1 h1:U+8j7t0axsIgvQUqthuNm82HIrYXodOV2iWLWtEaIwg= github.com/cockroachdb/apd/v3 v3.2.1/go.mod h1:klXJcjp+FffLTHlhIG69tezTDvdP065naDsHzKhYSqc= github.com/codahale/rfc6979 v0.0.0-20141003034818-6a90f24967eb h1:EDmT6Q9Zs+SbUoc7Ik9EfrFqcylYqgPZ9ANSbTAntnE= @@ -296,8 +296,8 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/envoyproxy/protoc-gen-validate v1.0.2 h1:QkIBuU5k+x7/QXPvPPnWXWlCdaBFApVqftFV6k087DA= -github.com/envoyproxy/protoc-gen-validate v1.0.2/go.mod h1:GpiZQP3dDbg4JouG/NNS7QWXpgx6x8QiMKdmN72jogE= +github.com/envoyproxy/protoc-gen-validate v1.0.4 h1:gVPz/FMfvh57HdSJQyvBtF00j8JU4zdyUgIUNhlgg0A= +github.com/envoyproxy/protoc-gen-validate v1.0.4/go.mod h1:qys6tmnRsYrQqIhm2bvKZH4Blx/1gTIZ2UKVY1M+Yew= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.7.0 h1:nJqP7uwL84RJInrohHfW0Fx3awjbm8qZeFv0nW9SYGc= @@ -358,8 +358,8 @@ github.com/go-openapi/runtime v0.27.1 h1:ae53yaOoh+fx/X5Eaq8cRmavHgDma65XPZuvBqv github.com/go-openapi/runtime v0.27.1/go.mod h1:fijeJEiEclyS8BRurYE1DE5TLb9/KZl6eAdbzjsrlLU= github.com/go-openapi/spec v0.20.14 h1:7CBlRnw+mtjFGlPDRZmAMnq35cRzI91xj03HVyUi/Do= github.com/go-openapi/spec v0.20.14/go.mod h1:8EOhTpBoFiask8rrgwbLC3zmJfz4zsCUueRuPM6GNkw= -github.com/go-openapi/strfmt v0.22.0 h1:Ew9PnEYc246TwrEspvBdDHS4BVKXy/AOVsfqGDgAcaI= -github.com/go-openapi/strfmt v0.22.0/go.mod h1:HzJ9kokGIju3/K6ap8jL+OlGAbjpSv27135Yr9OivU4= +github.com/go-openapi/strfmt v0.22.1 h1:5Ky8cybT4576C6Ffc+8gYji/wRXCo6Ozm8RaWjPI6jc= +github.com/go-openapi/strfmt v0.22.1/go.mod h1:OfVoytIXJasDkkGvkb1Cceb3BPyMOwk1FgmyyEw7NYg= github.com/go-openapi/swag v0.22.9 h1:XX2DssF+mQKM2DHsbgZK74y/zj4mo9I99+89xUmuZCE= github.com/go-openapi/swag v0.22.9/go.mod h1:3/OXnFfnMAwBD099SwYRk7GD3xOrr1iL7d/XNLXVVwE= github.com/go-openapi/validate v0.22.6 h1:+NhuwcEYpWdO5Nm4bmvhGLW0rt1Fcc532Mu3wpypXfo= @@ -417,7 +417,6 @@ github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaS github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= -github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -560,7 +559,6 @@ github.com/kelseyhightower/envconfig v1.4.0 h1:Im6hONhd3pLkfDFsbRgu68RDNkGF1r3dv github.com/kelseyhightower/envconfig v1.4.0/go.mod h1:cccZRl6mQpaq41TPp5QxidR+Sa3axMbJDNb//FQX6Gg= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk= github.com/klauspost/compress v1.17.2 h1:RlWWUY/Dr4fL8qk9YG7DTZ7PDgME2V4csBXA8L/ixi4= github.com/klauspost/compress v1.17.2/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -589,8 +587,6 @@ github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovk github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0 h1:jWpvCLoY8Z/e3VKvlsiIGKtc+UG6U5vzxaoagmhXfyg= -github.com/matttproud/golang_protobuf_extensions/v2 v2.0.0/go.mod h1:QUyp042oQthUoa9bqDv0ER0wrtXnBruoNd7aNjkbP+k= github.com/miekg/dns v1.1.55 h1:GoQ4hpsj0nFLYe+bWiCToyrBEJXkQfOOIvFGFy0lEgo= github.com/miekg/dns v1.1.55/go.mod h1:uInx36IzPl7FYnDcMeVWxj9byh7DutNykX4G9Sj60FY= github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= @@ -613,7 +609,6 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lN github.com/modern-go/reflect2 v1.0.1/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mozillazg/docker-credential-acr-helper v0.3.0 h1:DVWFZ3/O8BP6Ue3iS/Olw+G07u1hCq1EOVCDZZjCIBI= @@ -674,22 +669,22 @@ github.com/prometheus/client_golang v1.11.0/go.mod h1:Z6t4BnS23TR94PD6BsDNk8yVqr github.com/prometheus/client_golang v1.12.1/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.12.2/go.mod h1:3Z9XVyYiZYEO+YQWt3RD2R3jrbd179Rt297l4aS6nDY= github.com/prometheus/client_golang v1.13.0/go.mod h1:vTeo+zgvILHsnnj/39Ou/1fPN5nJFOEMgftOUOmlvYQ= -github.com/prometheus/client_golang v1.18.0 h1:HzFfmkOzH5Q8L8G+kSJKUx5dtG87sewO+FoDDqP5Tbk= -github.com/prometheus/client_golang v1.18.0/go.mod h1:T+GXkCk5wSJyOqMIzVgvvjFDlkOQntgjkJWKrN5txjA= +github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= +github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo= github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.2.0/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw= -github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI= +github.com/prometheus/client_model v0.6.0 h1:k1v3CzpSRUTrKMppY35TLwPvxHqBu0bYgxZzqGIgaos= +github.com/prometheus/client_model v0.6.0/go.mod h1:NTQHnmxFpouOD0DpvP4XujX3CdOAGQPoaGhyTchlyt8= github.com/prometheus/common v0.4.1/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4= github.com/prometheus/common v0.10.0/go.mod h1:Tlit/dnDKsSWFlCLTWaA1cyBgKHSMdTB80sz/V91rCo= github.com/prometheus/common v0.26.0/go.mod h1:M7rCNAaPfAosfx8veZJCuw84e35h3Cfd9VFqTh1DIvc= github.com/prometheus/common v0.32.1/go.mod h1:vu+V0TpY+O6vW9J44gczi3Ap/oXXR10b+M/gUGO4Hls= github.com/prometheus/common v0.35.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= github.com/prometheus/common v0.37.0/go.mod h1:phzohg0JFMnBEFGxTDbfu3QyL5GI8gTQJFhYO5B3mfA= -github.com/prometheus/common v0.45.0 h1:2BGz0eBc2hdMDLnO/8n0jeB3oPrt2D08CekT0lneoxM= -github.com/prometheus/common v0.45.0/go.mod h1:YJmSTw9BoKxJplESWWxlbyttQR4uaEcGyv9MZjVOJsY= +github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE= +github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc= github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk= github.com/prometheus/procfs v0.0.2/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA= github.com/prometheus/procfs v0.1.3/go.mod h1:lV6e/gmhEcM9IjHGsFOCxxuZ+z1YqCvr4OA4YeYWdaU= @@ -728,6 +723,8 @@ github.com/sigstore/cosign/v2 v2.2.3 h1:WX7yawI+EXu9h7S5bZsfYCbB9XW6Jc43ctKy/NoO github.com/sigstore/cosign/v2 v2.2.3/go.mod h1:WpMn4MBt0cI23GdHsePwO4NxhX1FOz1ITGB3ALUjFaI= github.com/sigstore/rekor v1.3.5 h1:QoVXcS7NppKY+rpbEFVHr4evGDZBBSh65X0g8PXoUkQ= github.com/sigstore/rekor v1.3.5/go.mod h1:CWqOk/fmnPwORQmm7SyDgB54GTJizqobbZ7yOP1lvw8= +github.com/sigstore/scaffolding v0.6.17 h1:60P4/x/PdIj7SjzhEgEDefrnDcHAKzztF/RXddjZGQ8= +github.com/sigstore/scaffolding v0.6.17/go.mod h1:jTrLu0YmR5pfQDBieDpn97GSqAPHBAvgjzk8iUNGVjo= github.com/sigstore/sigstore v1.8.2 h1:0Ttjcn3V0fVQXlYq7+oHaaHkGFIt3ywm7SF4JTU/l8c= github.com/sigstore/sigstore v1.8.2/go.mod h1:CHVcSyknCcjI4K2ZhS1SI28r0tcQyBlwtALG536x1DY= github.com/sigstore/sigstore/pkg/signature/kms/aws v1.8.2 h1:e0EtUcE7cqWBxxME7h6upA3EA0IR3EOE3F1t+WHOdTc= @@ -738,8 +735,8 @@ github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.2 h1:aX6hLH5v3JdOQJJ6+uC github.com/sigstore/sigstore/pkg/signature/kms/gcp v1.8.2/go.mod h1:OEFPub6XKsX6Fl/PpeIpQTsukG3I0CFWb9saHINV72U= github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.2 h1:hRC8sGPQtnTcoOqWbCNAvLpW1pHL4CQl7FT55IrEof8= github.com/sigstore/sigstore/pkg/signature/kms/hashivault v1.8.2/go.mod h1:frWJBbYRRHnbLE9h1fH349Mde84NZh6hDrnKqhPgMNU= -github.com/sigstore/timestamp-authority v1.2.1 h1:j9RmqSAdvKgSofeltPO4x7d+1M3AXaROBzUJ+AA7L5Q= -github.com/sigstore/timestamp-authority v1.2.1/go.mod h1:Ce+vWWEf0QaKLY2u6mpwEJbmYXEVeOfUk4fQ69kE6ck= +github.com/sigstore/timestamp-authority v1.2.2 h1:X4qyutnCQqJ0apMewFyx+3t7Tws00JQ/JonBiu3QvLE= +github.com/sigstore/timestamp-authority v1.2.2/go.mod h1:nEah4Eq4wpliDjlY342rXclGSO7Kb9hoRrl9tqLW13A= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.6.0/go.mod h1:7uNnSEd1DgxDLC74fIahvMZmmYsHGZGEOFrfsX/uA88= @@ -801,16 +798,12 @@ github.com/vbatts/tar-split v0.11.5 h1:3bHCTIheBm1qFTcgh9oPu+nNBtX+XJIupG/vacinC github.com/vbatts/tar-split v0.11.5/go.mod h1:yZbwRsSeGjusneWgA781EKej9HF8vme8okylkAeNKLk= github.com/xanzy/go-gitlab v0.96.0 h1:LGkZ+wSNMRtHIBaYE4Hq3dZVjprwHv3Y1+rhKU3WETs= github.com/xanzy/go-gitlab v0.96.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= -github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI= -github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4= -github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/yashtewari/glob-intersection v0.2.0 h1:8iuHdN88yYuCzCdjt0gDe+6bAhUwBeEWqThExu54RFg= github.com/yashtewari/glob-intersection v0.2.0/go.mod h1:LK7pIC3piUjovexikBbJ26Yml7g8xa5bsjfx2v1fwok= -github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -819,8 +812,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.2 h1:f0xmpYiSrHtSNAVgwip93Cg8tuF45HJM6rHq/A5RI/4= github.com/zalando/go-keyring v0.2.2/go.mod h1:sI3evg9Wvpw3+n4SqplGSJUMwtDeROfD4nsFz4z9PG0= -go.mongodb.org/mongo-driver v1.13.1 h1:YIc7HTYsKndGK4RFzJ3covLz1byri52x0IoMB0Pt/vk= -go.mongodb.org/mongo-driver v1.13.1/go.mod h1:wcDf1JBCXy2mOW0bWHwO/IOYqdca1MPCwDtFu/Z9+eo= +go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80= +go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -849,8 +842,8 @@ go.opentelemetry.io/otel/trace v1.24.0 h1:CsKnnL4dUAr/0llH9FKuc698G04IrpWV0MQA/Y go.opentelemetry.io/otel/trace v1.24.0/go.mod h1:HPc3Xr/cOApsBI154IU0OI0HJexz+aw5uPdbs3UCjNU= go.opentelemetry.io/proto/otlp v1.1.0 h1:2Di21piLrCqJ3U3eXGCTPHE9R8Nh+0uglSnOyxikMeI= go.opentelemetry.io/proto/otlp v1.1.0/go.mod h1:GpBHCBWiqvVLDqmHZsoMM3C5ySeKTC7ej/RNTae6MdY= -go.step.sm/crypto v0.42.1 h1:OmwHm3GJO8S4VGWL3k4+I+Q4P/F2s+j8msvTyGnh1Vg= -go.step.sm/crypto v0.42.1/go.mod h1:yNcTLFQBnYCA75fC5bklBoTAT7y0dRZsB1TkinB8JMs= +go.step.sm/crypto v0.43.1 h1:18Z/M49SnFDPXvFbfoN/ugE1i0J7phLWARhSQs/XSDI= +go.step.sm/crypto v0.43.1/go.mod h1:9n90D/SWjH1hTyQn1hgviUGyK8YRv743S8UZHYbt4BU= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8= go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0= @@ -873,7 +866,6 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= @@ -1216,8 +1208,8 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.61.1 h1:kLAiWrZs7YeDM6MumDe7m3y4aM6wacLzM1Y/wiLP9XY= -google.golang.org/grpc v1.61.1/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= +google.golang.org/grpc v1.62.0 h1:HQKZ/fa1bXkX1oFOvSjmZEUL8wLSaZTjCcLAlmZRtdk= +google.golang.org/grpc v1.62.0/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/hack/gentestdata/gentestdata.go b/hack/gentestdata/gentestdata.go new file mode 100644 index 000000000..150138679 --- /dev/null +++ b/hack/gentestdata/gentestdata.go @@ -0,0 +1,247 @@ +// Copyright 2024 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package main + +import ( + "bytes" + "context" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/x509" + "crypto/x509/pkix" + "encoding/json" + "encoding/pem" + "flag" + "log" + "math/big" + "os" + "path" + "path/filepath" + "time" + + "github.com/sigstore/cosign/v2/pkg/cosign" + "github.com/sigstore/policy-controller/pkg/apis/config" + testing "github.com/sigstore/policy-controller/pkg/reconciler/testing/v1alpha1" + "github.com/sigstore/scaffolding/pkg/repo" + "github.com/sigstore/sigstore/pkg/cryptoutils" +) + +// This program generates test data for the trustroot reconciler. +// +// To run this program, you can use the following command from the root of the repo: +// $ go run hack/gentestdata/gentestdata.go +// or, +// $ make generate-testdata +// +// The output of this program can be used to update the `marshalledEntry.json` +// file in the `pkg/reconciler/trustroot/testdata` package. +// +// Do not rely on the output of this program to produce valid results. Always +// verify the output manually before committing. + +var ( + dir = flag.String("output-dir", "pkg/reconciler/trustroot/testdata", "Output directory") +) + +func main() { + flag.Parse() + ctfePK, ctfeLogID := genPK() + rekorPK, rekorLogID := genPK() + fulcioChain := genCertChain(x509.KeyUsage(x509.ExtKeyUsageCodeSigning)) + fulcioChainConcat := bytes.Join(fulcioChain, nil) + tsaChain := genCertChain(x509.KeyUsage(x509.ExtKeyUsageTimeStamping)) + tsaChainConcat := bytes.Join(tsaChain, nil) + + sigstoreKeysMap := map[string]string{ + "ctfe": string(ctfePK), + "fulcio": string(fulcioChainConcat), + "rekor": string(rekorPK), + "tsa": string(tsaChainConcat), + } + marshalledEntry, err := genTrustRoot(sigstoreKeysMap) + if err != nil { + log.Fatal(err) + } + + marshalledEntryFromMirrorFS, tufRepo, rootJSON, err := genTUFRepo(sigstoreKeysMap) + if err != nil { + log.Fatal(err) + } + + mustWriteFile("ctfePublicKey.pem", ctfePK) + mustWriteFile("ctfeLogID.txt", []byte(ctfeLogID)) + mustWriteFile("rekorPublicKey.pem", rekorPK) + mustWriteFile("rekorLogID.txt", []byte(rekorLogID)) + mustWriteFile("fulcioCertChain.pem", fulcioChainConcat) + mustWriteFile("tsaCertChain.pem", tsaChainConcat) + mustWriteFile("marshalledEntry.json", marshalledEntry) + mustWriteFile("marshalledEntryFromMirrorFS.json", marshalledEntryFromMirrorFS) + mustWriteFile("tufRepo.tar", tufRepo) + mustWriteFile("root.json", rootJSON) +} + +func mustWriteFile(path string, data []byte) { + err := os.WriteFile(filepath.Join(*dir, path), data, 0600) + if err != nil { + log.Fatalf("failed to write file %s: %v", path, err) + } +} + +func genPK() ([]byte, string) { + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + log.Fatalf("failed to generate ecdsa key: %v", err) + } + der, err := x509.MarshalPKIXPublicKey(priv.Public().(*ecdsa.PublicKey)) + if err != nil { + log.Fatalf("failed to marshal ecdsa key: %v", err) + } + pemPK := pem.EncodeToMemory(&pem.Block{Type: "PUBLIC KEY", Bytes: der}) + + // generate log id + pk, err := cryptoutils.UnmarshalPEMToPublicKey(pemPK) + if err != nil { + log.Fatalf("failed to unmarshal ecdsa key: %v", err) + } + logID, err := cosign.GetTransparencyLogID(pk) + if err != nil { + log.Fatalf("failed to get transparency log id: %v", err) + } + return pemPK, logID +} + +func genCertChain(keyUsage x509.KeyUsage) [][]byte { + // Create a new CA certificate + caPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + log.Fatalf("failed to generate ecdsa key: %v", err) + } + template := &x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(1), + Subject: pkix.Name{CommonName: "ca"}, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(10, 0, 0), + KeyUsage: x509.KeyUsageCertSign, + BasicConstraintsValid: true, + IsCA: true, + } + caCertBytes, err := x509.CreateCertificate(rand.Reader, template, template, caPriv.Public(), caPriv) + if err != nil { + log.Fatalf("failed to create x509 certificate: %v", err) + } + + caCert, err := x509.ParseCertificate(caCertBytes) + if err != nil { + log.Fatalf("failed to parse x509 certificate: %v", err) + } + + // Create a new leaf certificate + leafPriv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + if err != nil { + log.Fatalf("failed to generate ecdsa key: %v", err) + } + leafCert, err := x509.CreateCertificate(rand.Reader, &x509.Certificate{ + SerialNumber: new(big.Int).SetInt64(2), + Subject: pkix.Name{CommonName: "leaf"}, + NotBefore: time.Now(), + NotAfter: time.Now().AddDate(10, 0, 0), + KeyUsage: keyUsage, + }, caCert, &leafPriv.PublicKey, caPriv) + if err != nil { + log.Fatalf("failed to create x509 certificate: %v", err) + } + + return [][]byte{pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: leafCert}), pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: caCertBytes})} +} + +func genTrustRoot(sigstoreKeysMap map[string]string) (marshalledEntry []byte, err error) { + trustRoot := testing.NewTrustRoot("test-trustroot", testing.WithSigstoreKeys(sigstoreKeysMap)) + sigstoreKeys := &config.SigstoreKeys{} + sigstoreKeys.ConvertFrom(context.Background(), trustRoot.Spec.SigstoreKeys) + err = populateLogIDs(sigstoreKeys) + if err != nil { + return nil, err + } + return json.MarshalIndent(sigstoreKeys, "", " ") +} + +func populateLogIDs(sigstoreKeys *config.SigstoreKeys) error { + for i := range sigstoreKeys.TLogs { + logID, err := genLogID(sigstoreKeys.TLogs[i].PublicKey) + if err != nil { + return err + } + sigstoreKeys.TLogs[i].LogID = logID + } + for i := range sigstoreKeys.CTLogs { + logID, err := genLogID(sigstoreKeys.CTLogs[i].PublicKey) + if err != nil { + return err + } + sigstoreKeys.CTLogs[i].LogID = logID + } + return nil +} + +func genLogID(pkBytes []byte) (string, error) { + pk, err := cryptoutils.UnmarshalPEMToPublicKey(pkBytes) + if err != nil { + return "", err + } + return cosign.GetTransparencyLogID(pk) +} + +func genTUFRepo(sigstoreKeysMap map[string]string) ([]byte, []byte, []byte, error) { + files := map[string][]byte{} + files["rekor.pem"] = []byte(sigstoreKeysMap["rekor"]) + files["ctfe.pem"] = []byte(sigstoreKeysMap["ctfe"]) + files["fulcio.pem"] = []byte(sigstoreKeysMap["fulcio"]) + + defer os.RemoveAll(path.Join(os.TempDir(), "tuf")) // TODO: Update scaffolding to use os.MkdirTemp and remove this + ctx := context.Background() + local, dir, err := repo.CreateRepo(ctx, files) + if err != nil { + return nil, nil, nil, err + } + meta, err := local.GetMeta() + if err != nil { + return nil, nil, nil, err + } + rootJSON, ok := meta["root.json"] + if !ok { + return nil, nil, nil, err + } + + var compressed bytes.Buffer + if err := repo.CompressFS(os.DirFS(dir), &compressed, map[string]bool{"keys": true, "staged": true}); err != nil { + return nil, nil, nil, err + } + + trustRoot := &config.SigstoreKeys{ + CertificateAuthorities: []config.CertificateAuthority{{CertChain: []byte(sigstoreKeysMap["fulcio"])}}, + TLogs: []config.TransparencyLogInstance{{PublicKey: []byte(sigstoreKeysMap["rekor"])}}, + CTLogs: []config.TransparencyLogInstance{{PublicKey: []byte(sigstoreKeysMap["ctfe"])}}, + } + err = populateLogIDs(trustRoot) + if err != nil { + return nil, nil, nil, err + } + trustRootBytes, err := json.MarshalIndent(trustRoot, "", " ") + if err != nil { + return nil, nil, nil, err + } + return trustRootBytes, compressed.Bytes(), rootJSON, nil +} diff --git a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt new file mode 100644 index 000000000..fe4d37d5d --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt @@ -0,0 +1 @@ +83e749763552c099b251d441566b9c12f160b24fbff28ab08d2681757d8acbde \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem new file mode 100644 index 000000000..fb91a0d3d --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZ4cgFaCk7JtO/wxDw2E1S3U+97F0 +2dF2fixniThvXgbxAQ+bkQ4dQUNwN46QcCzwYuJc9742Vi6LvNx7X7427A== +-----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCert.pem b/pkg/reconciler/trustroot/testdata/fulcioCert.pem new file mode 100644 index 000000000..03af73286 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/fulcioCert.pem @@ -0,0 +1,33 @@ +-----BEGIN CERTIFICATE----- +MIIFwzCCA6ugAwIBAgIIfUmh4cIZr8QwDQYJKoZIhvcNAQELBQAwfjEMMAoGA1UE +BhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp +c2NvMRYwFAYDVQQJEw01NDggTWFya2V0IFN0MQ4wDAYDVQQREwU1NzI3NDEZMBcG +A1UEChMQTGludXggRm91bmRhdGlvbjAeFw0yMzEyMTQxODUxMzlaFw0yNDEyMTQx +ODUxMzlaMH4xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG +A1UEBxMNU2FuIEZyYW5jaXNjbzEWMBQGA1UECRMNNTQ4IE1hcmtldCBTdDEOMAwG +A1UEERMFNTcyNzQxGTAXBgNVBAoTEExpbnV4IEZvdW5kYXRpb24wggIiMA0GCSqG +SIb3DQEBAQUAA4ICDwAwggIKAoICAQDHVwB8bv84fUgVOqjjWtMAK4i5Zl93I9ai +zh9S/qIuJNnKx1tA87xZcAuO5riq/kXA2fZGnnP4Vsp9VaVjK9o7+1QP2rFJ4p5r +rQlZFovvrD1e6jEaoMc06v+YY4yl37b17W9sfd+5x5wZ0ArRjPAihpdVjYJwlqDR +B0AlSo6Vq/aM9QejMG4CS1jXrEEUV8MwRNjyT2xdR4vkc6wj47A1/rknjCtMsieS +eSmH/ZDamUGuUh5ej4/dmCiLw93Rou/yLlDcvAcFVzrrLMF/lRwUDUgoH1XDlpeC +C1r5HB6jp1Huap9gcLNS3UCIZVpNDO0A3pjYaLBQ3bfHe6QxKuQcEd+VKqyP9SoP +dNn31cygF28VR+k+0jU5uXxW7ilXrv7DVYMOcMNZCDA0BQdH/A3fO0ri+8t2Luo+ +EilRWROBsJTuC28sesYc5NUUoszxVUoQFAhkxE6k5rGIzxO8XplgLjx0IPxU0wjj +VhcBa7AKkAMT7gDrPXijhJbv7Q3QVkChOdj6VTPagCS+JtWBkzGvCNJmaIrbLdWF +TtDMXfSSZoRyn/aXjQr/OFzBf6dDxJqEMvdD5T5Gg1sldZ00KLKqEx25i8HVZ8Xo +V4jrZOH1b9nZa3DGZOPmditlqUppvJ7c6OIGqkpE1o8mcNKko/p0dCwcHQtXgIN5 +76foyNG+twIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB +/wIBATAdBgNVHQ4EFgQU6A9czPqMog/PFdvjxH3V/56BBhcwDQYJKoZIhvcNAQEL +BQADggIBAAGqm7dJS+pNgCEUDE79S2r6c+BcH6DwTFvAujE0yvdTRdAVIo73CsqP +W4cDFuCw2ekOhD17JUT+9PEGJv++u16X4tLHVI5QHPleU/qzZHSEIYt0AE+y9JEL +R2RT0g11YToGzhIAto5OpOvBb1z+Q8uP5g4eK7Y8J2lVRkDk/62EtsaHTWgv9hJJ +qsdwoUMVWxn/s0oanPjyGBMSwpoFDXX/k14NDsCGp7d2e5/DxjgYAenDTtnID3VK +kvP46spBZ4yEbNIywjaubSXnNLsx2cY8Ypih23e8c1uQJ3O44FDYXVcqYZX9UOrK +HS0aE5VpU5J/j2fr4hGE3SfRXXDizcZJcVWPL+k1DHKWlCREMYw12ha3Oe0uIlwK +W7syTNnn8NgxxRgM4f83n0C/00CSqiTm8MYya3ue0m2gmCg6TguALbcIqZ3tEK3K +vvNIbgxM0ZSePI8YktvtLTQsRK8bbianOht+CwYD2NnFKo68G0l57ByKXze0wG18 +i943+NTOvU/Le+8SEwJ4asRld3v3L8pCpNAM7JX12zoqisAnCCj3hu6waA5XvMeh +STj8yYtIxP1l1I1qfRJzMB9nGv9KzwmozHiw3oGJr/G3j1u1krrQfj4S6z16Bq29 +nfILFnmk/MoeqYS6DBRY80b60289+R7CSCB5OQbQYvmjy/sxvcNO +-----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem new file mode 100644 index 000000000..59e6d6533 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIBPjCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMTIxMzcwNVoXDTM0MDMyMTIxMzcwNVowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABNnZTptnN0TWM6BRIPn/KLgo2u/W5Vt8lmOM +6xYfr1uXobdkmcUI+qMxAmXhOHDhcXgQKlgZuivcd8XwmOlpQ0SjMzAxMA4GA1Ud +DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRz6KN30XFdWO9mNjwtziSnqItmEjAKBggq +hkjOPQQDAgNJADBGAiEA9dnInoX3QVoKbqGohmvuHjcw3SLi3cYMkMCGyLI3sioC +IQDqFTNB7UGQG2HCCXoGO+hHd1uCDEz2i+56JDXYSiKnOQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMTIxMzcwNVoXDTM0MDMyMTIxMzcwNVowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAREu5I6L0ARFHjrcT+YWXuKOyo57mqOB6mCz74o +4Puipf3w8Ciuh9tnN2I1FlZ+gL3j9RKn613E399EUHkjpOoro0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUc+ijd9FxXVjvZjY8 +Lc4kp6iLZhIwCgYIKoZIzj0EAwIDSAAwRQIgGpcv3B78/j4Ru+AqVA934rCGqM/X +83pUXjS4/PUsP3UCIQDlosQuYkks7zlgY7rCYMF6Nqo/1OvTOwy9V2yY3v0a4A== +-----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntry.json b/pkg/reconciler/trustroot/testdata/marshalledEntry.json new file mode 100644 index 000000000..0945662ce --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/marshalledEntry.json @@ -0,0 +1,38 @@ +{ + "certificateAuthorities": [ + { + "subject": { + "organization": "fulcio-organization", + "commonName": "fulcio-common-name" + }, + "uri": "https://fulcio.example.com", + "certChain": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCNUtBREFnRUNBZ0VDTUFvR0NDcUdTTTQ5QkFNQ01BMHhDekFKQmdOVkJBTVRBbU5oTUI0WERUSTAKTURNeU1USXhNemN3TlZvWERUTTBNRE15TVRJeE16Y3dOVm93RHpFTk1Bc0dBMVVFQXhNRWJHVmhaakJaTUJNRwpCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk5uWlRwdG5OMFRXTTZCUklQbi9LTGdvMnUvVzVWdDhsbU9NCjZ4WWZyMXVYb2Jka21jVUkrcU14QW1YaE9IRGhjWGdRS2xnWnVpdmNkOFh3bU9scFEwU2pNekF4TUE0R0ExVWQKRHdFQi93UUVBd0lHd0RBZkJnTlZIU01FR0RBV2dCUno2S04zMFhGZFdPOW1Oand0emlTbnFJdG1FakFLQmdncQpoa2pPUFFRREFnTkpBREJHQWlFQTlkbklub1gzUVZvS2JxR29obXZ1SGpjdzNTTGkzY1lNa01DR3lMSTNzaW9DCklRRHFGVE5CN1VHUUcySENDWG9HTytoSGQxdUNERXoyaSs1NkpEWFlTaUtuT1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCU2pDQjhhQURBZ0VDQWdFQk1Bb0dDQ3FHU000OUJBTUNNQTB4Q3pBSkJnTlZCQU1UQW1OaE1CNFhEVEkwCk1ETXlNVEl4TXpjd05Wb1hEVE0wTURNeU1USXhNemN3TlZvd0RURUxNQWtHQTFVRUF4TUNZMkV3V1RBVEJnY3EKaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSRXU1STZMMEFSRkhqcmNUK1lXWHVLT3lvNTdtcU9CNm1Dejc0bwo0UHVpcGYzdzhDaXVoOXRuTjJJMUZsWitnTDNqOVJLbjYxM0UzOTlFVUhranBPb3JvMEl3UURBT0JnTlZIUThCCkFmOEVCQU1DQWdRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWMraWpkOUZ4WFZqdlpqWTgKTGM0a3A2aUxaaEl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnR3BjdjNCNzgvajRSdStBcVZBOTM0ckNHcU0vWAo4M3BVWGpTNC9QVXNQM1VDSVFEbG9zUXVZa2tzN3psZ1k3ckNZTUY2TnFvLzFPdlRPd3k5VjJ5WTN2MGE0QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ], + "tLogs": [ + { + "baseURL": "https://rekor.example.com", + "hashAlgorithm": "sha-256", + "publicKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMHh0SkYxNzZabE1qV0F5dFVTNXJpZXVrcEFWUgo5d1JpN1BDaG1Ed2NFTUZIemFwczN3NnVUcG9aSDQ1TzZkcnJvcGl1azNBZEJtbHc4Rkdpcnd4Z2ZnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "logID": "fe807d6c26f5b8e4f2f11a1e210c42a1dd38499c448d25ba04a5c5997dec4f3a" + } + ], + "ctLogs": [ + { + "baseURL": "https://ctfe.example.com", + "hashAlgorithm": "sha-256", + "publicKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFWjRjZ0ZhQ2s3SnRPL3d4RHcyRTFTM1UrOTdGMAoyZEYyZml4bmlUaHZYZ2J4QVErYmtRNGRRVU53TjQ2UWNDendZdUpjOTc0MlZpNkx2Tng3WDc0MjdBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "logID": "83e749763552c099b251d441566b9c12f160b24fbff28ab08d2681757d8acbde" + } + ], + "timestampAuthorities": [ + { + "subject": { + "organization": "tsa-organization", + "commonName": "tsa-common-name" + }, + "uri": "https://tsa.example.com", + "certChain": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQRENCNUtBREFnRUNBZ0VDTUFvR0NDcUdTTTQ5QkFNQ01BMHhDekFKQmdOVkJBTVRBbU5oTUI0WERUSTAKTURNeU1USXhNemN3TlZvWERUTTBNRE15TVRJeE16Y3dOVm93RHpFTk1Bc0dBMVVFQXhNRWJHVmhaakJaTUJNRwpCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk1RMXBPSHJpSGV1eHFDV3RrOVlVZkNDWWZsZ2ZzdUR2SWdHCitLeXExNTVlQVdqSjVjVzFkbXpLOHU3ZjQzU0F6dmVmRWRuUWo0OHlGZVBzeXRyOTNGQ2pNekF4TUE0R0ExVWQKRHdFQi93UUVBd0lFRURBZkJnTlZIU01FR0RBV2dCUXpHTVVTTmJTLzIrNU5jVTFoN3NaNXRML3VZVEFLQmdncQpoa2pPUFFRREFnTkhBREJFQWlBVXlUSHlhWDB1a2NWMHdaa3NMMUg1VkU3dmlKQVp4d1dNS2F1MlJiWURSd0lnCmJORW9MdDFvZGdqZ1B5OU9WdFNpYmIrOEZ3RlJwc0MxdWo3TFVXM1pWNzQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJTVENCOGFBREFnRUNBZ0VCTUFvR0NDcUdTTTQ5QkFNQ01BMHhDekFKQmdOVkJBTVRBbU5oTUI0WERUSTAKTURNeU1USXhNemN3TlZvWERUTTBNRE15TVRJeE16Y3dOVm93RFRFTE1Ba0dBMVVFQXhNQ1kyRXdXVEFUQmdjcQpoa2pPUFFJQkJnZ3Foa2pPUFFNQkJ3TkNBQVFDVDVVQ1RTYUtqUWZ1dDRUNWJXTy8rSWl0OWEzYW05SFhMZWdaClhMQUMrNU1Yd3lUM0ozWGVRcnRRZk8rMk4xb0NneWp0MVRLRE9sRGdkOXpOSkp5NG8wSXdRREFPQmdOVkhROEIKQWY4RUJBTUNBZ1F3RHdZRFZSMFRBUUgvQkFVd0F3RUIvekFkQmdOVkhRNEVGZ1FVTXhqRkVqVzB2OXZ1VFhGTgpZZTdHZWJTLzdtRXdDZ1lJS29aSXpqMEVBd0lEUndBd1JBSWdaS0Q2M0VUY2xHV0J0enJhSm1DdExobGduMWx6CmtBS1hwK0IyUUpkNnRKOENJQUdPZEJnZFFYemVDdFBEOTllVnpPSzVqSm5iMm1yWStXT0FCcTVzRDhpbQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" + } + ] +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json new file mode 100644 index 000000000..e93bd5647 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json @@ -0,0 +1,29 @@ +{ + "certificateAuthorities": [ + { + "subject": { + "organization": "", + "commonName": "" + }, + "uri": "", + "certChain": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJQakNCNUtBREFnRUNBZ0VDTUFvR0NDcUdTTTQ5QkFNQ01BMHhDekFKQmdOVkJBTVRBbU5oTUI0WERUSTAKTURNeU1USXhNemN3TlZvWERUTTBNRE15TVRJeE16Y3dOVm93RHpFTk1Bc0dBMVVFQXhNRWJHVmhaakJaTUJNRwpCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQk5uWlRwdG5OMFRXTTZCUklQbi9LTGdvMnUvVzVWdDhsbU9NCjZ4WWZyMXVYb2Jka21jVUkrcU14QW1YaE9IRGhjWGdRS2xnWnVpdmNkOFh3bU9scFEwU2pNekF4TUE0R0ExVWQKRHdFQi93UUVBd0lHd0RBZkJnTlZIU01FR0RBV2dCUno2S04zMFhGZFdPOW1Oand0emlTbnFJdG1FakFLQmdncQpoa2pPUFFRREFnTkpBREJHQWlFQTlkbklub1gzUVZvS2JxR29obXZ1SGpjdzNTTGkzY1lNa01DR3lMSTNzaW9DCklRRHFGVE5CN1VHUUcySENDWG9HTytoSGQxdUNERXoyaSs1NkpEWFlTaUtuT1E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlCU2pDQjhhQURBZ0VDQWdFQk1Bb0dDQ3FHU000OUJBTUNNQTB4Q3pBSkJnTlZCQU1UQW1OaE1CNFhEVEkwCk1ETXlNVEl4TXpjd05Wb1hEVE0wTURNeU1USXhNemN3TlZvd0RURUxNQWtHQTFVRUF4TUNZMkV3V1RBVEJnY3EKaGtqT1BRSUJCZ2dxaGtqT1BRTUJCd05DQUFSRXU1STZMMEFSRkhqcmNUK1lXWHVLT3lvNTdtcU9CNm1Dejc0bwo0UHVpcGYzdzhDaXVoOXRuTjJJMUZsWitnTDNqOVJLbjYxM0UzOTlFVUhranBPb3JvMEl3UURBT0JnTlZIUThCCkFmOEVCQU1DQWdRd0R3WURWUjBUQVFIL0JBVXdBd0VCL3pBZEJnTlZIUTRFRmdRVWMraWpkOUZ4WFZqdlpqWTgKTGM0a3A2aUxaaEl3Q2dZSUtvWkl6ajBFQXdJRFNBQXdSUUlnR3BjdjNCNzgvajRSdStBcVZBOTM0ckNHcU0vWAo4M3BVWGpTNC9QVXNQM1VDSVFEbG9zUXVZa2tzN3psZ1k3ckNZTUY2TnFvLzFPdlRPd3k5VjJ5WTN2MGE0QT09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" + } + ], + "tLogs": [ + { + "baseURL": "", + "hashAlgorithm": "", + "publicKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFMHh0SkYxNzZabE1qV0F5dFVTNXJpZXVrcEFWUgo5d1JpN1BDaG1Ed2NFTUZIemFwczN3NnVUcG9aSDQ1TzZkcnJvcGl1azNBZEJtbHc4Rkdpcnd4Z2ZnPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "logID": "fe807d6c26f5b8e4f2f11a1e210c42a1dd38499c448d25ba04a5c5997dec4f3a" + } + ], + "ctLogs": [ + { + "baseURL": "", + "hashAlgorithm": "", + "publicKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFWjRjZ0ZhQ2s3SnRPL3d4RHcyRTFTM1UrOTdGMAoyZEYyZml4bmlUaHZYZ2J4QVErYmtRNGRRVU53TjQ2UWNDendZdUpjOTc0MlZpNkx2Tng3WDc0MjdBPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==", + "logID": "83e749763552c099b251d441566b9c12f160b24fbff28ab08d2681757d8acbde" + } + ], + "timestampAuthorities": null +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorLogID.txt b/pkg/reconciler/trustroot/testdata/rekorLogID.txt new file mode 100644 index 000000000..b69acbab3 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/rekorLogID.txt @@ -0,0 +1 @@ +fe807d6c26f5b8e4f2f11a1e210c42a1dd38499c448d25ba04a5c5997dec4f3a \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem new file mode 100644 index 000000000..50ac0c589 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0xtJF176ZlMjWAytUS5rieukpAVR +9wRi7PChmDwcEMFHzaps3w6uTpoZH45O6drropiuk3AdBmlw8FGirwxgfg== +-----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/root.json b/pkg/reconciler/trustroot/testdata/root.json new file mode 100644 index 000000000..c1a671d73 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/root.json @@ -0,0 +1,87 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 1, + "expires": "2024-09-21T17:37:05-04:00", + "keys": { + "0eb0ad52cfe100a2a23a3ccd9d04be89ec8e2dd227b6c07f93c97ba520266e03": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "a206426b3e527818be479e2ed56af0bf40ac94e5b7c1c16fe971e916cbac0131" + } + }, + "6518b160ca979f75f590dd0eb2b63e5ade89020de7f249f49f41e7dd70102072": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "682a3ffa5b6831005501a880bdcf402cfc5957ed90e7f02603d454f7a6220f5b" + } + }, + "95e5d5d9bec66701589cf7c6469037ae792ace408b3db1165a7c8cfd388f2c87": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "5265fdc744fba2b29eac631b065b0f863a4dfbb6b6ee21a7088b0df65bcc6444" + } + }, + "ecff6ba56f1930f6ee81e3b4c7763bf79d3e8344400c3864e22456365c38cbde": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "feb8ba11326535d888cbd97eea3f031014e0fd40549c1eb907afff592be4c249" + } + } + }, + "roles": { + "root": { + "keyids": [ + "0eb0ad52cfe100a2a23a3ccd9d04be89ec8e2dd227b6c07f93c97ba520266e03" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "6518b160ca979f75f590dd0eb2b63e5ade89020de7f249f49f41e7dd70102072" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "ecff6ba56f1930f6ee81e3b4c7763bf79d3e8344400c3864e22456365c38cbde" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "95e5d5d9bec66701589cf7c6469037ae792ace408b3db1165a7c8cfd388f2c87" + ], + "threshold": 1 + } + }, + "consistent_snapshot": false + }, + "signatures": [ + { + "keyid": "0eb0ad52cfe100a2a23a3ccd9d04be89ec8e2dd227b6c07f93c97ba520266e03", + "sig": "a7afdd2cbe3518a0fa66a091f1647d7ce7a7e0b14304ce9c86f16f24d6da9aebef07b9ee97295bff1f2af6a5fbfdc35a5be21c6a393ce34fe34d34a2c713aa04" + } + ] +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/testdata.go b/pkg/reconciler/trustroot/testdata/testdata.go new file mode 100644 index 000000000..49c4e703a --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/testdata.go @@ -0,0 +1,33 @@ +// Copyright 2024 The Sigstore Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +// Package testdata contains test data for the trustroot reconciler. To +// regenerate, run `make generate-testdata` from the root of the repository. + +package testdata + +import ( + "embed" +) + +//go:embed * +var FS embed.FS + +func Get(filename string) []byte { + file, err := FS.ReadFile(filename) + if err != nil { + panic(err) + } + return file +} diff --git a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem new file mode 100644 index 000000000..5b568e52f --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMTIxMzcwNVoXDTM0MDMyMTIxMzcwNVowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABMQ1pOHriHeuxqCWtk9YUfCCYflgfsuDvIgG ++Kyq155eAWjJ5cW1dmzK8u7f43SAzvefEdnQj48yFePsytr93FCjMzAxMA4GA1Ud +DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBQzGMUSNbS/2+5NcU1h7sZ5tL/uYTAKBggq +hkjOPQQDAgNHADBEAiAUyTHyaX0ukcV0wZksL1H5VE7viJAZxwWMKau2RbYDRwIg +bNEoLt1odgjgPy9OVtSibb+8FwFRpsC1uj7LUW3ZV74= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDMyMTIxMzcwNVoXDTM0MDMyMTIxMzcwNVowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAQCT5UCTSaKjQfut4T5bWO/+Iit9a3am9HXLegZ +XLAC+5MXwyT3J3XeQrtQfO+2N1oCgyjt1TKDOlDgd9zNJJy4o0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUMxjFEjW0v9vuTXFN +Ye7GebS/7mEwCgYIKoZIzj0EAwIDRwAwRAIgZKD63ETclGWBtzraJmCtLhlgn1lz +kAKXp+B2QJd6tJ8CIAGOdBgdQXzeCtPD99eVzOK5jJnb2mrY+WOABq5sD8im +-----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/tufRepo.tar b/pkg/reconciler/trustroot/testdata/tufRepo.tar new file mode 100644 index 000000000..aeb86988a Binary files /dev/null and b/pkg/reconciler/trustroot/testdata/tufRepo.tar differ diff --git a/pkg/reconciler/trustroot/trustroot_test.go b/pkg/reconciler/trustroot/trustroot_test.go index d9bf70a49..882263225 100644 --- a/pkg/reconciler/trustroot/trustroot_test.go +++ b/pkg/reconciler/trustroot/trustroot_test.go @@ -15,8 +15,10 @@ package trustroot import ( + "bytes" "context" - "encoding/base64" + _ "embed" + "encoding/json" "fmt" "strings" "testing" @@ -39,6 +41,7 @@ import ( . "github.com/sigstore/policy-controller/pkg/reconciler/testing/v1alpha1" "github.com/sigstore/policy-controller/pkg/reconciler/trustroot/resources" + "github.com/sigstore/policy-controller/pkg/reconciler/trustroot/testdata" . "knative.dev/pkg/reconciler/testing" _ "knative.dev/pkg/system/testing" ) @@ -53,110 +56,6 @@ const ( uid = "test-uid" uid2 = "test-uid-2" - // NOTE: To generate these values, I deployed the scaffolding bits on a kind clusters - // using the setup-kind.sh and setup-scaffolding-from-release.sh scripts. - // Then I extracted the root.json from the tuf-system secrets 'tuf-root' and 'tuf-secrets'. - // Finally I extracted the rest of public keys from other secrets (ctlog-public-key, fulcio-pub-key) - // located in the cluster under the tuf-system namespace. - ctfePublicKey = `-----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEvffI/l54rF7zt3/3BfNoX1twzqH7 -7upU19F2Y+wuGoa2VcDZs2K98Q+gro8Ed8mAqA2zTTtHezAoi2oAueg78Q== ------END PUBLIC KEY----- -` - // This is the LogID for above PublicKey - ctfeLogID = "bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838" - - fulcioCert = `-----BEGIN CERTIFICATE----- -MIIFwzCCA6ugAwIBAgIIfUmh4cIZr8QwDQYJKoZIhvcNAQELBQAwfjEMMAoGA1UE -BhMDVVNBMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNp -c2NvMRYwFAYDVQQJEw01NDggTWFya2V0IFN0MQ4wDAYDVQQREwU1NzI3NDEZMBcG -A1UEChMQTGludXggRm91bmRhdGlvbjAeFw0yMzEyMTQxODUxMzlaFw0yNDEyMTQx -ODUxMzlaMH4xDDAKBgNVBAYTA1VTQTETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQG -A1UEBxMNU2FuIEZyYW5jaXNjbzEWMBQGA1UECRMNNTQ4IE1hcmtldCBTdDEOMAwG -A1UEERMFNTcyNzQxGTAXBgNVBAoTEExpbnV4IEZvdW5kYXRpb24wggIiMA0GCSqG -SIb3DQEBAQUAA4ICDwAwggIKAoICAQDHVwB8bv84fUgVOqjjWtMAK4i5Zl93I9ai -zh9S/qIuJNnKx1tA87xZcAuO5riq/kXA2fZGnnP4Vsp9VaVjK9o7+1QP2rFJ4p5r -rQlZFovvrD1e6jEaoMc06v+YY4yl37b17W9sfd+5x5wZ0ArRjPAihpdVjYJwlqDR -B0AlSo6Vq/aM9QejMG4CS1jXrEEUV8MwRNjyT2xdR4vkc6wj47A1/rknjCtMsieS -eSmH/ZDamUGuUh5ej4/dmCiLw93Rou/yLlDcvAcFVzrrLMF/lRwUDUgoH1XDlpeC -C1r5HB6jp1Huap9gcLNS3UCIZVpNDO0A3pjYaLBQ3bfHe6QxKuQcEd+VKqyP9SoP -dNn31cygF28VR+k+0jU5uXxW7ilXrv7DVYMOcMNZCDA0BQdH/A3fO0ri+8t2Luo+ -EilRWROBsJTuC28sesYc5NUUoszxVUoQFAhkxE6k5rGIzxO8XplgLjx0IPxU0wjj -VhcBa7AKkAMT7gDrPXijhJbv7Q3QVkChOdj6VTPagCS+JtWBkzGvCNJmaIrbLdWF -TtDMXfSSZoRyn/aXjQr/OFzBf6dDxJqEMvdD5T5Gg1sldZ00KLKqEx25i8HVZ8Xo -V4jrZOH1b9nZa3DGZOPmditlqUppvJ7c6OIGqkpE1o8mcNKko/p0dCwcHQtXgIN5 -76foyNG+twIDAQABo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB -/wIBATAdBgNVHQ4EFgQU6A9czPqMog/PFdvjxH3V/56BBhcwDQYJKoZIhvcNAQEL -BQADggIBAAGqm7dJS+pNgCEUDE79S2r6c+BcH6DwTFvAujE0yvdTRdAVIo73CsqP -W4cDFuCw2ekOhD17JUT+9PEGJv++u16X4tLHVI5QHPleU/qzZHSEIYt0AE+y9JEL -R2RT0g11YToGzhIAto5OpOvBb1z+Q8uP5g4eK7Y8J2lVRkDk/62EtsaHTWgv9hJJ -qsdwoUMVWxn/s0oanPjyGBMSwpoFDXX/k14NDsCGp7d2e5/DxjgYAenDTtnID3VK -kvP46spBZ4yEbNIywjaubSXnNLsx2cY8Ypih23e8c1uQJ3O44FDYXVcqYZX9UOrK -HS0aE5VpU5J/j2fr4hGE3SfRXXDizcZJcVWPL+k1DHKWlCREMYw12ha3Oe0uIlwK -W7syTNnn8NgxxRgM4f83n0C/00CSqiTm8MYya3ue0m2gmCg6TguALbcIqZ3tEK3K -vvNIbgxM0ZSePI8YktvtLTQsRK8bbianOht+CwYD2NnFKo68G0l57ByKXze0wG18 -i943+NTOvU/Le+8SEwJ4asRld3v3L8pCpNAM7JX12zoqisAnCCj3hu6waA5XvMeh -STj8yYtIxP1l1I1qfRJzMB9nGv9KzwmozHiw3oGJr/G3j1u1krrQfj4S6z16Bq29 -nfILFnmk/MoeqYS6DBRY80b60289+R7CSCB5OQbQYvmjy/sxvcNO ------END CERTIFICATE----- -` - rekorPublicKey = `-----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkv2fy2jJU+j8G2YeHkIUo+QRxnbG -09agOlsJ0yGUkNIVC1rBZjxVJp1JwcEiltd5TnQZvgbA89ceC+uTDaILWQ== ------END PUBLIC KEY----- -` - // This is the Rekor LogID constructed from above public key. - rekorLogID = "0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e" - - tsaCertChain = `-----BEGIN CERTIFICATE----- -MIIBzDCCAXKgAwIBAgIUZUPH+OO1avjh6yXuC5ULzb1+k2UwCgYIKoZIzj0EAwIw -MDEOMAwGA1UEChMFbG9jYWwxHjAcBgNVBAMTFVRlc3QgVFNBIEludGVybWVkaWF0 -ZTAeFw0yMzEyMTQxODQ5MTdaFw0zMjEyMTQxODUyMTdaMDAxDjAMBgNVBAoTBWxv -Y2FsMR4wHAYDVQQDExVUZXN0IFRTQSBUaW1lc3RhbXBpbmcwWTATBgcqhkjOPQIB -BggqhkjOPQMBBwNCAAR993Thn59aej2hIsxermMDZtkWPGiI/Mpt8832Aai09hpe -t0eAxZs63YZxpsaxe8dyPFRGPybqhcnS2ZCuDZBio2owaDAOBgNVHQ8BAf8EBAMC -B4AwHQYDVR0OBBYEFLVrD1+j0NPcLasvTR8dK7XKHBODMB8GA1UdIwQYMBaAFPFk -kA4uYP9CJQquNfmYzOoevKF7MBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMIMAoGCCqG -SM49BAMCA0gAMEUCIHGg+5vmjV8IVjF1YozA6T1/BfSvrzLdnYTzKcFifqt6AiEA -9wcCu+WOvXKjDHs2zBg+TMT7qXpAlBkOnnMm4yAGMSs= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIB0jCCAXigAwIBAgIURSspcypzjzFrHLwUtNszm0BP+/YwCgYIKoZIzj0EAwIw -KDEOMAwGA1UEChMFbG9jYWwxFjAUBgNVBAMTDVRlc3QgVFNBIFJvb3QwHhcNMjMx -MjE0MTg0NzE3WhcNMzMxMjE0MTg1MjE3WjAwMQ4wDAYDVQQKEwVsb2NhbDEeMBwG -A1UEAxMVVGVzdCBUU0EgSW50ZXJtZWRpYXRlMFkwEwYHKoZIzj0CAQYIKoZIzj0D -AQcDQgAEr64R6A+yPiaGiy8415wiNR2O+stQRBV6lZd4CRj3X1TRscubloPg8rqC -hI+rkKxZcorUcbttY8czAX2dfbKTF6N4MHYwDgYDVR0PAQH/BAQDAgEGMBMGA1Ud -JQQMMAoGCCsGAQUFBwMIMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPFkkA4u -YP9CJQquNfmYzOoevKF7MB8GA1UdIwQYMBaAFKvIdE0MNqeYCWwwXRgRSTZXUTEN -MAoGCCqGSM49BAMCA0gAMEUCIQD8GIA7qFSNDydORnYXXIwrJ5uO32FSaW0qcHMb -WOlolwIgb2kn+VSg4BmcKbmCgHeuFbTwFUqU6eFqfhBh8nvmtsA= ------END CERTIFICATE----- ------BEGIN CERTIFICATE----- -MIIBlTCCATqgAwIBAgIUTKlhisZwtRxym+KutMpP3tucKkQwCgYIKoZIzj0EAwIw -KDEOMAwGA1UEChMFbG9jYWwxFjAUBgNVBAMTDVRlc3QgVFNBIFJvb3QwHhcNMjMx -MjE0MTg0NzE3WhcNMzMxMjE0MTg1MjE3WjAoMQ4wDAYDVQQKEwVsb2NhbDEWMBQG -A1UEAxMNVGVzdCBUU0EgUm9vdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABA8X -+xFvyn5ErnM2ChAN4iF9h/RUhjsB97jyWStGt3UdjytbmOo6j6h9XNV0+txX5Bjy -zkUl2IXJQ0pum6IoRECjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTAD -AQH/MB0GA1UdDgQWBBSryHRNDDanmAlsMF0YEUk2V1ExDTAKBggqhkjOPQQDAgNJ -ADBGAiEAvjuFxcqrLptUj7oBl69g8lc/6xsb3rD5Yb6sr/3izHMCIQDJuZQFmoxe -hw3P1+pEhW1KFW0aig+q9lK0xNcidCTcxA== ------END CERTIFICATE----- -` - - // This is the marshalled entry from above keys/certs with fixed values - // (for ease of testing) for other parts. - marshalledEntry = `{"certificateAuthorities":[{"subject":{"organization":"fulcio-organization","commonName":"fulcio-common-name"},"uri":"https://fulcio.example.com","certChain":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ3ekNDQTZ1Z0F3SUJBZ0lJZlVtaDRjSVpyOFF3RFFZSktvWklodmNOQVFFTEJRQXdmakVNTUFvR0ExVUUKQmhNRFZWTkJNUk13RVFZRFZRUUlFd3BEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJZd0ZBWURWUVFKRXcwMU5EZ2dUV0Z5YTJWMElGTjBNUTR3REFZRFZRUVJFd1UxTnpJM05ERVpNQmNHCkExVUVDaE1RVEdsdWRYZ2dSbTkxYm1SaGRHbHZiakFlRncweU16RXlNVFF4T0RVeE16bGFGdzB5TkRFeU1UUXgKT0RVeE16bGFNSDR4RERBS0JnTlZCQVlUQTFWVFFURVRNQkVHQTFVRUNCTUtRMkZzYVdadmNtNXBZVEVXTUJRRwpBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVXTUJRR0ExVUVDUk1OTlRRNElFMWhjbXRsZENCVGRERU9NQXdHCkExVUVFUk1GTlRjeU56UXhHVEFYQmdOVkJBb1RFRXhwYm5WNElFWnZkVzVrWVhScGIyNHdnZ0lpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREhWd0I4YnY4NGZVZ1ZPcWpqV3RNQUs0aTVabDkzSTlhaQp6aDlTL3FJdUpObkt4MXRBODd4WmNBdU81cmlxL2tYQTJmWkdublA0VnNwOVZhVmpLOW83KzFRUDJyRko0cDVyCnJRbFpGb3Z2ckQxZTZqRWFvTWMwNnYrWVk0eWwzN2IxN1c5c2ZkKzV4NXdaMEFyUmpQQWlocGRWallKd2xxRFIKQjBBbFNvNlZxL2FNOVFlak1HNENTMWpYckVFVVY4TXdSTmp5VDJ4ZFI0dmtjNndqNDdBMS9ya25qQ3RNc2llUwplU21IL1pEYW1VR3VVaDVlajQvZG1DaUx3OTNSb3UveUxsRGN2QWNGVnpyckxNRi9sUndVRFVnb0gxWERscGVDCkMxcjVIQjZqcDFIdWFwOWdjTE5TM1VDSVpWcE5ETzBBM3BqWWFMQlEzYmZIZTZReEt1UWNFZCtWS3F5UDlTb1AKZE5uMzFjeWdGMjhWUitrKzBqVTV1WHhXN2lsWHJ2N0RWWU1PY01OWkNEQTBCUWRIL0EzZk8wcmkrOHQyTHVvKwpFaWxSV1JPQnNKVHVDMjhzZXNZYzVOVVVvc3p4VlVvUUZBaGt4RTZrNXJHSXp4TzhYcGxnTGp4MElQeFUwd2pqClZoY0JhN0FLa0FNVDdnRHJQWGlqaEpidjdRM1FWa0NoT2RqNlZUUGFnQ1MrSnRXQmt6R3ZDTkptYUlyYkxkV0YKVHRETVhmU1Nab1J5bi9hWGpRci9PRnpCZjZkRHhKcUVNdmRENVQ1R2cxc2xkWjAwS0xLcUV4MjVpOEhWWjhYbwpWNGpyWk9IMWI5blphM0RHWk9QbWRpdGxxVXBwdko3YzZPSUdxa3BFMW84bWNOS2tvL3AwZEN3Y0hRdFhnSU41Cjc2Zm95TkcrdHdJREFRQUJvMFV3UXpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKL3dJQkFUQWRCZ05WSFE0RUZnUVU2QTljelBxTW9nL1BGZHZqeEgzVi81NkJCaGN3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFBR3FtN2RKUytwTmdDRVVERTc5UzJyNmMrQmNINkR3VEZ2QXVqRTB5dmRUUmRBVklvNzNDc3FQClc0Y0RGdUN3MmVrT2hEMTdKVVQrOVBFR0p2Kyt1MTZYNHRMSFZJNVFIUGxlVS9xelpIU0VJWXQwQUUreTlKRUwKUjJSVDBnMTFZVG9HemhJQXRvNU9wT3ZCYjF6K1E4dVA1ZzRlSzdZOEoybFZSa0RrLzYyRXRzYUhUV2d2OWhKSgpxc2R3b1VNVld4bi9zMG9hblBqeUdCTVN3cG9GRFhYL2sxNE5Ec0NHcDdkMmU1L0R4amdZQWVuRFR0bklEM1ZLCmt2UDQ2c3BCWjR5RWJOSXl3amF1YlNYbk5Mc3gyY1k4WXBpaDIzZThjMXVRSjNPNDRGRFlYVmNxWVpYOVVPcksKSFMwYUU1VnBVNUovajJmcjRoR0UzU2ZSWFhEaXpjWkpjVldQTCtrMURIS1dsQ1JFTVl3MTJoYTNPZTB1SWx3SwpXN3N5VE5ubjhOZ3h4UmdNNGY4M24wQy8wMENTcWlUbThNWXlhM3VlMG0yZ21DZzZUZ3VBTGJjSXFaM3RFSzNLCnZ2TkliZ3hNMFpTZVBJOFlrdHZ0TFRRc1JLOGJiaWFuT2h0K0N3WUQyTm5GS282OEcwbDU3QnlLWHplMHdHMTgKaTk0MytOVE92VS9MZSs4U0V3SjRhc1JsZDN2M0w4cENwTkFNN0pYMTJ6b3Fpc0FuQ0NqM2h1NndhQTVYdk1laApTVGo4eVl0SXhQMWwxSTFxZlJKek1COW5HdjlLendtb3pIaXczb0dKci9HM2oxdTFrcnJRZmo0UzZ6MTZCcTI5Cm5mSUxGbm1rL01vZXFZUzZEQlJZODBiNjAyODkrUjdDU0NCNU9RYlFZdm1qeS9zeHZjTk8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="}],"tLogs":[{"baseURL":"https://rekor.example.com","hashAlgorithm":"sha-256","publicKey":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFa3YyZnkyakpVK2o4RzJZZUhrSVVvK1FSeG5iRwowOWFnT2xzSjB5R1VrTklWQzFyQlpqeFZKcDFKd2NFaWx0ZDVUblFadmdiQTg5Y2VDK3VURGFJTFdRPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==","logID":"0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e"}],"ctLogs":[{"baseURL":"https://ctfe.example.com","hashAlgorithm":"sha-256","publicKey":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFdmZmSS9sNTRyRjd6dDMvM0JmTm9YMXR3enFINwo3dXBVMTlGMlkrd3VHb2EyVmNEWnMySzk4UStncm84RWQ4bUFxQTJ6VFR0SGV6QW9pMm9BdWVnNzhRPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==","logID":"bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838"}],"timestampAuthorities":[{"subject":{"organization":"tsa-organization","commonName":"tsa-common-name"},"uri":"https://tsa.example.com","certChain":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUJ6RENDQVhLZ0F3SUJBZ0lVWlVQSCtPTzFhdmpoNnlYdUM1VUx6YjErazJVd0NnWUlLb1pJemowRUF3SXcKTURFT01Bd0dBMVVFQ2hNRmJHOWpZV3d4SGpBY0JnTlZCQU1URlZSbGMzUWdWRk5CSUVsdWRHVnliV1ZrYVdGMApaVEFlRncweU16RXlNVFF4T0RRNU1UZGFGdzB6TWpFeU1UUXhPRFV5TVRkYU1EQXhEakFNQmdOVkJBb1RCV3h2ClkyRnNNUjR3SEFZRFZRUURFeFZVWlhOMElGUlRRU0JVYVcxbGMzUmhiWEJwYm1jd1dUQVRCZ2NxaGtqT1BRSUIKQmdncWhrak9QUU1CQndOQ0FBUjk5M1RobjU5YWVqMmhJc3hlcm1NRFp0a1dQR2lJL01wdDg4MzJBYWkwOWhwZQp0MGVBeFpzNjNZWnhwc2F4ZThkeVBGUkdQeWJxaGNuUzJaQ3VEWkJpbzJvd2FEQU9CZ05WSFE4QkFmOEVCQU1DCkI0QXdIUVlEVlIwT0JCWUVGTFZyRDErajBOUGNMYXN2VFI4ZEs3WEtIQk9ETUI4R0ExVWRJd1FZTUJhQUZQRmsKa0E0dVlQOUNKUXF1TmZtWXpPb2V2S0Y3TUJZR0ExVWRKUUVCL3dRTU1Bb0dDQ3NHQVFVRkJ3TUlNQW9HQ0NxRwpTTTQ5QkFNQ0EwZ0FNRVVDSUhHZys1dm1qVjhJVmpGMVlvekE2VDEvQmZTdnJ6TGRuWVR6S2NGaWZxdDZBaUVBCjl3Y0N1K1dPdlhLakRIczJ6QmcrVE1UN3FYcEFsQmtPbm5NbTR5QUdNU3M9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KLS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUIwakNDQVhpZ0F3SUJBZ0lVUlNzcGN5cHpqekZySEx3VXROc3ptMEJQKy9Zd0NnWUlLb1pJemowRUF3SXcKS0RFT01Bd0dBMVVFQ2hNRmJHOWpZV3d4RmpBVUJnTlZCQU1URFZSbGMzUWdWRk5CSUZKdmIzUXdIaGNOTWpNeApNakUwTVRnME56RTNXaGNOTXpNeE1qRTBNVGcxTWpFM1dqQXdNUTR3REFZRFZRUUtFd1ZzYjJOaGJERWVNQndHCkExVUVBeE1WVkdWemRDQlVVMEVnU1c1MFpYSnRaV1JwWVhSbE1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMEQKQVFjRFFnQUVyNjRSNkEreVBpYUdpeTg0MTV3aU5SMk8rc3RRUkJWNmxaZDRDUmozWDFUUnNjdWJsb1BnOHJxQwpoSStya0t4WmNvclVjYnR0WThjekFYMmRmYktURjZONE1IWXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01CTUdBMVVkCkpRUU1NQW9HQ0NzR0FRVUZCd01JTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3SFFZRFZSME9CQllFRlBGa2tBNHUKWVA5Q0pRcXVOZm1Zek9vZXZLRjdNQjhHQTFVZEl3UVlNQmFBRkt2SWRFME1OcWVZQ1d3d1hSZ1JTVFpYVVRFTgpNQW9HQ0NxR1NNNDlCQU1DQTBnQU1FVUNJUUQ4R0lBN3FGU05EeWRPUm5ZWFhJd3JKNXVPMzJGU2FXMHFjSE1iCldPbG9sd0lnYjJrbitWU2c0Qm1jS2JtQ2dIZXVGYlR3RlVxVTZlRnFmaEJoOG52bXRzQT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJQmxUQ0NBVHFnQXdJQkFnSVVUS2xoaXNad3RSeHltK0t1dE1wUDN0dWNLa1F3Q2dZSUtvWkl6ajBFQXdJdwpLREVPTUF3R0ExVUVDaE1GYkc5allXd3hGakFVQmdOVkJBTVREVlJsYzNRZ1ZGTkJJRkp2YjNRd0hoY05Nak14Ck1qRTBNVGcwTnpFM1doY05Nek14TWpFME1UZzFNakUzV2pBb01RNHdEQVlEVlFRS0V3VnNiMk5oYkRFV01CUUcKQTFVRUF4TU5WR1Z6ZENCVVUwRWdVbTl2ZERCWk1CTUdCeXFHU000OUFnRUdDQ3FHU000OUF3RUhBMElBQkE4WAoreEZ2eW41RXJuTTJDaEFONGlGOWgvUlVoanNCOTdqeVdTdEd0M1Vkanl0Ym1PbzZqNmg5WE5WMCt0eFg1Qmp5CnprVWwySVhKUTBwdW02SW9SRUNqUWpCQU1BNEdBMVVkRHdFQi93UUVBd0lCQmpBUEJnTlZIUk1CQWY4RUJUQUQKQVFIL01CMEdBMVVkRGdRV0JCU3J5SFJORERhbm1BbHNNRjBZRVVrMlYxRXhEVEFLQmdncWhrak9QUVFEQWdOSgpBREJHQWlFQXZqdUZ4Y3FyTHB0VWo3b0JsNjlnOGxjLzZ4c2IzckQ1WWI2c3IvM2l6SE1DSVFESnVaUUZtb3hlCmh3M1AxK3BFaFcxS0ZXMGFpZytxOWxLMHhOY2lkQ1RjeEE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="}]}` - - // validRepository is a valid tar/gzipped repository representing an air-gap - // TUF repository. - validRepository = `H4sIAAAAAAAA/+x82ZIbt5K2r/kUir7lf0zsiyPORRWruHZx3/+YcGAlWdzXIjlx3n2C3Vpalmz5jGTZntN5oRYBsJCVAL78EkBy77abw/y42V9/+MMEAAA4pT8AyDnn5MPfD/IDJBQzRjjm93aEcvDDG/rHqfRBToej2v8AwHqz3m82x19t96X6dy/y7u/fRD6MfwH+eH/BH9PDZv1t+7jbgxHya+NPEEC/GH/GGPrhzXcx4n/4+P937s3DYT5dO/vw05v/zr158/Dz8bp1Dz+9ebi/7sP/uxcdts78fHb7w3yzvtfAH8FzxYcy+PTZXbbzvTvc2yCAyD8A+wckPSh+ougnQifPX1q46+FtZ28egPDYCeOYNhgowDRQkGCBPRLMIC+Yxx4b5qA2HlsiIDMaaEAo9J4RZd496Omx7zR3FlEK5VN3d/XNzK0+V7Fw17n9eaYOs5/VcrrZz4+z1V21//9U/ebhMFOIsretnz5SiB6ePv3Xh0ec1fK9Fm8etie9nN/VeiBEOY6xlRR6arCEWnki7/pDyDHW0FhotFdGUEc1FEQjjZDgHgMBAWDPHf3r/u+/nnp7QBRY5Thz0lmKOaICOY2hFAZZigkwzDDqieNaO4QBZtpQBb0E3FtCgfwLG8s4xRQR2hNLDbSWU0AIMxBT44zyEgGOrWPCGkSNktALQAX2kHOGPZL0U2MRBwCxxAHMnTAYWO6hw1hQiqwjHHHBrEQKcw6BhlBxpqghXANgJbPyr2wsBKRERBEJIACWCEWdVRxpQSUUVHjrEHAUUgsEskZDoIh0HFACgBPS4U+NpYBDEDpEEKfOIWeM05obLhVShgsmLNAYCAOBZ8AoAR1gWkOMIGPcQ/8XNpYThnJhCPIAYocMlZRrLzW3mnFrmACCAqkVJxBiJrwwhhpssNcSWKLlS2Pl3hrsYb9Zug8g9oSULy0wty/1/+pl+9GrHmd7d5htlnfAhi+G8LBW28PsNxX56lH+XYoc1X7qjoff0OOrl+bv02O+coejWm1/Q5Ovdj9f0OT9hDGb9WF+OLr18ecXA+XV8uByT02evLA6np7d512/57n1pPLTov/aWfR2msyn96dhdC/UwCOlLSLMc2wcZxYYqxSHEFvlqTWQQW6Qg0AwrzWFHikqCBUaQkox90AZArlzmDDp3JOhpCLaAq+BU4hD7BSBXBMFrZWWaoGgJxY8Ge5fuTf/lfvXn82A/rPlBf//g9j//4r/U4Rf+f/3kFf+/8r//wrGeuX/r/z/lf+/8v9X/v/K/1/l+8kL/v9uXn7zGOAL/B9C+kv+zwkAr/z/e8hv8P/3OPUHxAArd1Tv3edbh/E07z5g9dKtp8fZw09vEObsLcDeOcIHv/uBC/z05kF7xZAVFnCkgXWG3gEJSgsooJQo7bDUUnrokXfUeiEI5BYS7bxjVOE7SyIQcU49YARDj6SSFAjqOQfOWC6MxRxaTLkBBFELONDQ8vvkVUwi/pYmvFX0hVHe+4HfifNf7aQ/wnkCILaQQyiVwUBDKrWFHEh854SeMyaEZAIpYZwREmrnAdFQOiEAuTsVAbShAiqotLOMamE5olAoahDhinhPndHSYi844dIpYpVTxAlrGdHgFef/6vIC/98uw2/fx79//s8Qga/n/99DPh3/gjl69+P2pL9ZH1/w/wCxT/w/p/DV/38P+cddwrhcbbxp9cPHavFNPR4/FeaS0iKLs3GlvplUbykoBu1x9e3/o6BtovY0iM/eVwtLSvYlfjviAg59YzOCx+y2q/AcP237UJbQOJ+dyhuFBiaaHFBdinZ+ut+I2IpVsAvQrdc7Vtwt2MzRJji5KRftf/4z96RD3Ig+UevPttj/LfnM+venpZlvfj7DH83++OPWrb62jy/t/wMIP17/CBJOX9f/95AX678Yd3rVUrUY9OK3AFCtlrJbsRiw0zTIqmEwrVZ9fzUjpjrZi3YWtce1OyDMzqYRtOPHsB1kPo2TJNiUA9iPc+EsiQaDRph0kixuj6NBu12Ns200Hl62k5W86tVylnTGWSl4qqvEGeyNh2TaWddmetXY5gxqnF80qMUZgI1oOu0NS1eFBqBaaoCkTbLoub4TZ33YuFVxI4onSWjKubsaxVnS7pWXJzuaTjsrCfWqM7Pl5VmngStl4Jrc4mvSa1+aUf+S3JbqXtaInsty7wqTCrlEUVAPp41BGIx7ARz02r24l4Tx07sWw6TeRqWDGk7OZkW34148TML2swbhJWn0UelUjSfX8ZCmatRI9e25wdOXO0mj0WuTagxnZnVc2mLYs1HcTILs+QFxJyk1eubauLUv5V4wetZi04vjy1avB6QaT852SBfjUWerEcmm0+o8CUC52N2Vc92qxlE7DoN2PwhItRhlwb1BPdhUi0E7qgyyUOizIL4/HTR3aTo8JkGdzOlkKXFVqnnuNpPdwq56qjXW9Qs8BoJfJiY4Nel+vissRgHyk/J63SKDw1YO1CCtyw3Pw3YL7Us1sqX73L69nJQ25/M+go6lsdokBrBzfjwm1yXmGvKhPHibpxeaTUCw76StYD7b2kE6rmXLXdTJhSBYdjdssCuoRLZdmpRJsQvT0T6O+wORZJ1Geu2hi+2Q88KwLCU8gIX9Yp0Wj8lh7ro5111VCpNIrfrlU39GXUoKdlWcP2YSdzanwvVxGZlzYEqD237/mJQKy07Wj/rTTQWOouXWFXNFuKeVkKVbWDmprZyax0YX94vVyWDbiJogwNt0rB7DNta+4lj7Uj+1TWzzg/ru2pLdTStnG2sMzXVaQmLQyS/yIO3T0+gy5PPlaH/m0WCcNE3SmBSjAIRtWykE2DfBfp4XR/R42uRz8XzZGXaa4aHWOxWROLjD2NBGv7853C6D/qZdCmaLS8wWdF+u3i5NMdoup4/pBVRblz7I0jQ3mJlQ8aC+CJIen0b71miezmr6zNu4PVgUZ02bskGvpabFbr52HIaLW/lcbNRWqrrXj3ZYyvWOUTLy3e5k07muC2qUtveFZukWemajS20XJ2cb0R4tT+FhaScA1B/ru/iC6FxUBhMx2uQGJN1PmhWo5XqicFSeNFsrOz8ud/3t9lzjhjWr5d1iG8ONWJlGfbEpbIEtZqbSPo6m1QbNceY310Y5f8yqUdAOwg3oZ+1b0Lyvh0pbhIEXcRgkd6qSxdNxNOiAXtCuFMJgmoXTOMwV7jDWC+zzF0hcmrb7LJDm1tolm2mhVbLn9FLBgwJlYTgzn0BcLmwH0XRaDYOgvFtxW+vmt41pMe5HMZddtGcmH5oKi7Je6Ryc0hhcz7bXscGguuG4eNi1ckNiotKpmCG3aM4iyGv9Xl624nLtnM+fIBuR42NlUKXtSmvp+oXdbVLpxtXxEQRx/ipr8WOugzo9MIVw3NuUb7NqcNzQ5rZ5DjW85dvi1KJT4up8LGpoOegsokWBofh4UJXecHqWs1ottzvYbNNPBsPLunAAG7VupddymHSz7aYUjUaFBSSN6FAsb7lFjhaiSzodB24d9Y7raoQH9dzi3CLssA0n5BrrRvWapeqku6N14/FwQWYsxtv5DGEnDDy1a7hJSCkajwZmN56MZL+5r+cqXaBiOtj2aa2QIr8ns3KMu74zGkXzm5nUzGDYeswvYFSpD5fFTpyMM4hmCjcdOFWXWT035Idrr7Fei8b0culME+IFXoNiAYBidzfvrUQyvip8cmCFpqvilPWmp+BRm+pugo9xHddz53OjqqeXBEy6rlUV48XxfHzstQ+dutB6rtbN2TFfzMYRaqxL9Q0TZbCkPLzWRzcHsjIUubkkON/oNc/9wqPLi26c1Yg6dJYWn/Gj2Ba3jSDhtRFEt81ufgjWxWKKZyeWqYCOzomb5bq9VFzHx+qlBZewCne+U7sloVyXz7J+y1abW2We4U25ti+UcQpPcLHft31KuuwGWbhDMrf21cfSerUoJBu3G3dZFHbGAmgGkJD5Di92iyFttnV7fF6l18LhcjaN5gdW/Ymz/7OJyKv8KfIZ/r93i83+W24A/NvxPwKQvt7//y7ylfH/4oz8FaW1fj4VZTR2lUW1v8m3O5e1LueAVNPm8lAD13J/0agOinAfTtLLoLaFtczE8+XR0t66PTlPdSCkccX8qRep6uPwNf7/bvKZ9X88qJ/n66Pbr5ydq6P7GXzlRsCXzv8QI79Y/xjT1/j/u8gX4v8QpMViMJq/i//7ne5ha67bW3or7SuPWf/YONxWIGzlC+OsOH0PEHGQVbNc/W0M+zYKL+myTMfD7FJKg/5zCJv0okFnaXB7Oig1wmqpdta4nVVmppGkySWXpDFIelPQuMV4eC+8JZe3ZTBJYzxMg+xF/F+Ps8FBo8ZMR7FLwrfBc3BJBoPy4GaLYb8P4ml3SMFkVDtOhp3teNRZ/hbO5d4B3Z6RDgvy19ZcledXQSDN5o0OauYPx3YnHLDlxJJiJ8Uj2OsczEkvN62p2O+KuVk1v1/ULxOz2feNPh7HwtyCEbJe13sl1iBJZZxFz6FK6zlUaUfBNC4nYXK3m83V2u2nHZVi8VAO2v1SmCXVJBBPlXEWh4WsXUqC5B77ZJX204OaYTiOS63SYhGQU27cksVae3dq+NX41ty4c73Ek/D5AdWsPU5CFZTq56qNQdLYuXFxmGWjzrTT7U1G/V7cyD33vit3EyKfoiswDZK4X6y2I1GuBnxX6jaiq2121uPRqJrta/TUxKjUVUOwM5VE54bN5WaZVacaLdb5QXdKwpWp61VxWnGnku5lpf6uz1xp52fhTKzPq+Mh+OcrVf0u8iv4v3TKf6vt3y/jP/0l/kPMX/nfd5Ev4f8tuuN//T3+T/qtSr7ZhOqczth1dCrS/uNNw/wC9T/F/+RX8L+SBuYd/pde4n+8PNny4KqHg4UalkBu0vvlFm2bJj2rShm4Jen7bdvrvSyJgkuUBsm7vdFweDnnxqh0SDokqzw7iCi+DPqTUQNUS51euxv21RAuDe7M9Cjc6pXJhr2gF07NbrZIm612NcyF0+nbD0kYZo1iEHSkxL3ZmkrlUjSrHi5uv0qiyXExbJXn1UKyPQqBUaDmQM62LncELrhMDgyPJ5ftQV2csNdWqVNuXfVuZtZdNCmeokk436BNpqJPt7JyIQk+xvXHwT6C+RQ0WuZRHc69jrB1PqpXwmb0Cay3Sovc3Ql83geMnxrX2k9O5DNO5hn2c5/gfqU8zdPzKh2I6iAtwfHmFrAeLIS+e97fHu163LvVTWnud0cWzOMgJzNTPOWHzfOonkaVA7qF03wv6fHdaBssw0VzvU5W5BqUk+7hFfe/r/wK/j/lAn0v/IcEf3L+R17zf76LfAn/l71iMejt3uN/r76czQ+T7Ni5XFf5+umYbFv4eDL1RfvP4f+bX+H/H07fgkvSeMn/+yt5tlE4uTPs8PpMa++M+x3FDbK4EoBqEAZilMtfSufrmsb7dYKKs6BB5iU5K3T6s/QQSp5eh91j+Yj7Nr0e9aq5YSmbyVFjAPLHy4iG6TV3W/SXqDqqtcH2tGLVTScupu00DJKAPKFv9Ezh7wYLwzRoPeF/J3nG/15wj0AqhSQEz42n7WEYdvfXSqcRRWq9CpaHpATGcX+BBjC+RL2g/sFj3QOJRi0XRGH5DsPn9FS6mN3+cXvsp3wTLpmciqUpsMtB431Ex5od9gU8v1WSO7WvnSbt0mpzcblZhlswv41nQ1gvDYGaT/M7uayDS8PMbbFnLsE/X2H7byqf4v+3TwH90v0PCn95/48j+Ir/30V+4/73uzyeP+D69y9ShB7eXTn8zO1vyMWXL38jaCkQgnJmpNIUI4+p0pYDDYHh0FLBBFESUUSpoQxro7XF2HgslUECS2uA1dAzx7QCSnPtNMZWQYQ1oZ4rAxyA3nsNIWeCC4W1IpQRTgxnBnx8+ducDsfN6qWi8+nhuNm7D0VvHk4HNX0yc7FXit/ltr15OBzV8fRkvcAc52f3oea0n9+Ln7t6zkf7KIXvk2tbn7tKDyj/HdaUAAEDMTfeMkgc0kI6Zij3SFMvgIXOYkQM41oKxqWFGlptCNISQ+gl8VxggQhWXgrnMPDYA0CgwgBDa7mCAmPIFOOWA8go0ZgYAIVUVDmF2NdYs/RkhW9hz/fHYP/bSSkRQoJh6ZxWmACkIHIEGCMd4Nhgbz10xjrJvOOcUg2F1UR7JoQHXBqEJNIKWi2MoFRixbyQyHmEPBZccAe09MBgSoiVWEggMfNCWQcBt85b8TVm7Nxf/ltY8dcPEz5jVibRl81qJZWQMccNAFJhqKiCCCiPjXNOSY8RkUZDqwhTFlkOlRdQAK+1FgQzwqihVlIPqZEcUMQhMwIYriDQTkt3n8rcSwm0ZwxhYKA1UivLLSeQM/k1Zu11g29l1Jc7dJ8zpSC/I2eGa+4oUdJB6QQEHjohkPbGGomYB+4+w4CXxhhNDBVaM2EoZUASziGHSGMpnFcMEOScUV4j4JEDXElHEYZCSAaFkvQpfwZb5LiyEirCKOX+XQ7vn27Kl8Hu50wJ4ZdNKaQRUgEMECYaYwI4Z5zIu/dB2iPAIHcEIYIsIwwzq6BQzlltqDMcMww9lNp5CqyizAhqEMWOPv0SAIQeakcYo95L7SRGBAqgpIGUIEedNoiqP9WU/0Z201en/n6U3aQMUMAzCpyX1kOlnITEGUYRJFwKq5HAGkmODWCWSGMpcVQagbkiTnqDFbEYSYGd0sgD6RV3iOA7f+DYWCmZJI5LTgjnFEKNAZdUOCaRwIwC8PfPbnrJ/9/lS3/rCODL+Z/4l/yfktfz3+8iv8X/3+fP/9EJoB9lHn8WgX8H3YKKW0A0wN4TpzE1VCgMtedSMCilkJpL6QVB+I43gLo73zKCQKCkQN5BTSiBFGHklQYUSKEVtZBS7CA11D3lg3oODQEQSmKFhEhD6wAH0jMOvlkC6Ff/JsFHEMmJEgYBKCwzUCCNCWbUemE58hoIiqSS2kFjDDPGOkaNlE5KLy0lEFMBIWKUC6UEIkR7jLCFVGtFOcZGEo2gZ9pCi621lAFAqZZQEooFYc4B9PeHyFd5lVd5lf+T8j8BAAD//8yT4OsAXgAA` - - // IMPORTANT: The next expiration is on '2024-06-14T18:52:45Z' - // rootJSON is a valid base64 encoded root.json for above TUF repository. - rootJSON = `ewogInNpZ25lZCI6IHsKICAiX3R5cGUiOiAicm9vdCIsCiAgInNwZWNfdmVyc2lvbiI6ICIxLjAiLAogICJ2ZXJzaW9uIjogMSwKICAiZXhwaXJlcyI6ICIyMDI0LTA2LTE0VDE4OjUyOjQ1WiIsCiAgImtleXMiOiB7CiAgICIwOGYzZThjZTZiYzMwYTA2YjBhMTQzODNmMjg2YzJmODZmM2YzYzZlMWJjZjNkNDgxNmNiMGIwNDUxZmY2NGFjIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICI0NGFlNzMzZDk1MWY1YzM5MWJhZjQ5NmNiMDExNzMzYjFjZDFjYmZhYzg1ZTViMTg0YjJiMjI4N2YzMDgxMDA2IgogICAgfQogICB9LAogICAiMjUwZGFlNzZlOWVkNTM3MjU4MmViMzE5OGMyZDUzNDBjNmM2NWY0ZTdiYmUyMzAzNmJjNWExZjkwN2ZkNDUwOSI6IHsKICAgICJrZXl0eXBlIjogImVkMjU1MTkiLAogICAgInNjaGVtZSI6ICJlZDI1NTE5IiwKICAgICJrZXlpZF9oYXNoX2FsZ29yaXRobXMiOiBbCiAgICAgInNoYTI1NiIsCiAgICAgInNoYTUxMiIKICAgIF0sCiAgICAia2V5dmFsIjogewogICAgICJwdWJsaWMiOiAiY2VhNmE0OGJmNGQ1YzFkZDc1MDQ0NmMxMzVjZWNhZjkyMDczZGU2OGRjMjVjYTkxZjgwNTgzZjE3NzYzZjI5NSIKICAgIH0KICAgfSwKICAgIjRlMDA0ZDRlMDM3ZThjMzBkN2YxZTMzODU1MmRlNDcyNzg2ZDkyYTM3NzEwYjExYTc2YTVjNDdiMDBkOTZkOTkiOiB7CiAgICAia2V5dHlwZSI6ICJlZDI1NTE5IiwKICAgICJzY2hlbWUiOiAiZWQyNTUxOSIsCiAgICAia2V5aWRfaGFzaF9hbGdvcml0aG1zIjogWwogICAgICJzaGEyNTYiLAogICAgICJzaGE1MTIiCiAgICBdLAogICAgImtleXZhbCI6IHsKICAgICAicHVibGljIjogIjIwOTkyNGE0OTAxMDBkNDhhNWVkYTcyYjg1OTE4NThmZGUyMGU1MTVkMDgyZGNiMTBhNDllNzA1NDAwZTg5ZTMiCiAgICB9CiAgIH0sCiAgICJhMGUyMTFlMjQyNzVlZTJlY2NlYmI3Yzc5YTJhYzc4NjhkMGIzMDhjMTBmNjBjYTgxZTA2YmIxMzIxNjY3ZjFmIjogewogICAgImtleXR5cGUiOiAiZWQyNTUxOSIsCiAgICAic2NoZW1lIjogImVkMjU1MTkiLAogICAgImtleWlkX2hhc2hfYWxnb3JpdGhtcyI6IFsKICAgICAic2hhMjU2IiwKICAgICAic2hhNTEyIgogICAgXSwKICAgICJrZXl2YWwiOiB7CiAgICAgInB1YmxpYyI6ICJlOGM1NzhjNDJmMDEzZTJjNTk1N2JmOWI3ZGI2N2RjNjgwODUwOWJhNzQxMTM2OGY4Y2M1YzNjM2ZiOTBkNGI5IgogICAgfQogICB9CiAgfSwKICAicm9sZXMiOiB7CiAgICJyb290IjogewogICAgImtleWlkcyI6IFsKICAgICAiMjUwZGFlNzZlOWVkNTM3MjU4MmViMzE5OGMyZDUzNDBjNmM2NWY0ZTdiYmUyMzAzNmJjNWExZjkwN2ZkNDUwOSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAic25hcHNob3QiOiB7CiAgICAia2V5aWRzIjogWwogICAgICJhMGUyMTFlMjQyNzVlZTJlY2NlYmI3Yzc5YTJhYzc4NjhkMGIzMDhjMTBmNjBjYTgxZTA2YmIxMzIxNjY3ZjFmIgogICAgXSwKICAgICJ0aHJlc2hvbGQiOiAxCiAgIH0sCiAgICJ0YXJnZXRzIjogewogICAgImtleWlkcyI6IFsKICAgICAiNGUwMDRkNGUwMzdlOGMzMGQ3ZjFlMzM4NTUyZGU0NzI3ODZkOTJhMzc3MTBiMTFhNzZhNWM0N2IwMGQ5NmQ5OSIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9LAogICAidGltZXN0YW1wIjogewogICAgImtleWlkcyI6IFsKICAgICAiMDhmM2U4Y2U2YmMzMGEwNmIwYTE0MzgzZjI4NmMyZjg2ZjNmM2M2ZTFiY2YzZDQ4MTZjYjBiMDQ1MWZmNjRhYyIKICAgIF0sCiAgICAidGhyZXNob2xkIjogMQogICB9CiAgfSwKICAiY29uc2lzdGVudF9zbmFwc2hvdCI6IGZhbHNlCiB9LAogInNpZ25hdHVyZXMiOiBbCiAgewogICAia2V5aWQiOiAiMjUwZGFlNzZlOWVkNTM3MjU4MmViMzE5OGMyZDUzNDBjNmM2NWY0ZTdiYmUyMzAzNmJjNWExZjkwN2ZkNDUwOSIsCiAgICJzaWciOiAiMzJkNDUwYjBmMmFiZDI0NmY3M2NlNzZkMGNkYWE3MTEzZGFmNWRjMTYxN2MyZTEwODZmYmI1MWYyYTU4NDU4YjExNTUzN2YwYWM0MTdlZTM0NjllZWM2ZTFiOWE0YmQwZmIwZWEyNzEzZWE0MTdiNGExZGQ5ZDViODIxZjRkMGMiCiAgfQogXQp9` - // These are the public keys from an airgapped TUF repository. /* TODO(vaikas): Uncomment and test these make the roundtrip tufCTFE = `-----BEGIN PUBLIC KEY----- @@ -205,38 +104,54 @@ hw3P1+pEhW1KFW0aig+q9lK0xNcidCTcxA== ` */ - // this is the marshalled entry for when we construct from the repository. - marshalledEntryFromMirrorFS = `{"certificateAuthorities":[{"subject":{"organization":"","commonName":""},"uri":"","certChain":"LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZ3ekNDQTZ1Z0F3SUJBZ0lJZlVtaDRjSVpyOFF3RFFZSktvWklodmNOQVFFTEJRQXdmakVNTUFvR0ExVUUKQmhNRFZWTkJNUk13RVFZRFZRUUlFd3BEWVd4cFptOXlibWxoTVJZd0ZBWURWUVFIRXcxVFlXNGdSbkpoYm1OcApjMk52TVJZd0ZBWURWUVFKRXcwMU5EZ2dUV0Z5YTJWMElGTjBNUTR3REFZRFZRUVJFd1UxTnpJM05ERVpNQmNHCkExVUVDaE1RVEdsdWRYZ2dSbTkxYm1SaGRHbHZiakFlRncweU16RXlNVFF4T0RVeE16bGFGdzB5TkRFeU1UUXgKT0RVeE16bGFNSDR4RERBS0JnTlZCQVlUQTFWVFFURVRNQkVHQTFVRUNCTUtRMkZzYVdadmNtNXBZVEVXTUJRRwpBMVVFQnhNTlUyRnVJRVp5WVc1amFYTmpiekVXTUJRR0ExVUVDUk1OTlRRNElFMWhjbXRsZENCVGRERU9NQXdHCkExVUVFUk1GTlRjeU56UXhHVEFYQmdOVkJBb1RFRXhwYm5WNElFWnZkVzVrWVhScGIyNHdnZ0lpTUEwR0NTcUcKU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRREhWd0I4YnY4NGZVZ1ZPcWpqV3RNQUs0aTVabDkzSTlhaQp6aDlTL3FJdUpObkt4MXRBODd4WmNBdU81cmlxL2tYQTJmWkdublA0VnNwOVZhVmpLOW83KzFRUDJyRko0cDVyCnJRbFpGb3Z2ckQxZTZqRWFvTWMwNnYrWVk0eWwzN2IxN1c5c2ZkKzV4NXdaMEFyUmpQQWlocGRWallKd2xxRFIKQjBBbFNvNlZxL2FNOVFlak1HNENTMWpYckVFVVY4TXdSTmp5VDJ4ZFI0dmtjNndqNDdBMS9ya25qQ3RNc2llUwplU21IL1pEYW1VR3VVaDVlajQvZG1DaUx3OTNSb3UveUxsRGN2QWNGVnpyckxNRi9sUndVRFVnb0gxWERscGVDCkMxcjVIQjZqcDFIdWFwOWdjTE5TM1VDSVpWcE5ETzBBM3BqWWFMQlEzYmZIZTZReEt1UWNFZCtWS3F5UDlTb1AKZE5uMzFjeWdGMjhWUitrKzBqVTV1WHhXN2lsWHJ2N0RWWU1PY01OWkNEQTBCUWRIL0EzZk8wcmkrOHQyTHVvKwpFaWxSV1JPQnNKVHVDMjhzZXNZYzVOVVVvc3p4VlVvUUZBaGt4RTZrNXJHSXp4TzhYcGxnTGp4MElQeFUwd2pqClZoY0JhN0FLa0FNVDdnRHJQWGlqaEpidjdRM1FWa0NoT2RqNlZUUGFnQ1MrSnRXQmt6R3ZDTkptYUlyYkxkV0YKVHRETVhmU1Nab1J5bi9hWGpRci9PRnpCZjZkRHhKcUVNdmRENVQ1R2cxc2xkWjAwS0xLcUV4MjVpOEhWWjhYbwpWNGpyWk9IMWI5blphM0RHWk9QbWRpdGxxVXBwdko3YzZPSUdxa3BFMW84bWNOS2tvL3AwZEN3Y0hRdFhnSU41Cjc2Zm95TkcrdHdJREFRQUJvMFV3UXpBT0JnTlZIUThCQWY4RUJBTUNBUVl3RWdZRFZSMFRBUUgvQkFnd0JnRUIKL3dJQkFUQWRCZ05WSFE0RUZnUVU2QTljelBxTW9nL1BGZHZqeEgzVi81NkJCaGN3RFFZSktvWklodmNOQVFFTApCUUFEZ2dJQkFBR3FtN2RKUytwTmdDRVVERTc5UzJyNmMrQmNINkR3VEZ2QXVqRTB5dmRUUmRBVklvNzNDc3FQClc0Y0RGdUN3MmVrT2hEMTdKVVQrOVBFR0p2Kyt1MTZYNHRMSFZJNVFIUGxlVS9xelpIU0VJWXQwQUUreTlKRUwKUjJSVDBnMTFZVG9HemhJQXRvNU9wT3ZCYjF6K1E4dVA1ZzRlSzdZOEoybFZSa0RrLzYyRXRzYUhUV2d2OWhKSgpxc2R3b1VNVld4bi9zMG9hblBqeUdCTVN3cG9GRFhYL2sxNE5Ec0NHcDdkMmU1L0R4amdZQWVuRFR0bklEM1ZLCmt2UDQ2c3BCWjR5RWJOSXl3amF1YlNYbk5Mc3gyY1k4WXBpaDIzZThjMXVRSjNPNDRGRFlYVmNxWVpYOVVPcksKSFMwYUU1VnBVNUovajJmcjRoR0UzU2ZSWFhEaXpjWkpjVldQTCtrMURIS1dsQ1JFTVl3MTJoYTNPZTB1SWx3SwpXN3N5VE5ubjhOZ3h4UmdNNGY4M24wQy8wMENTcWlUbThNWXlhM3VlMG0yZ21DZzZUZ3VBTGJjSXFaM3RFSzNLCnZ2TkliZ3hNMFpTZVBJOFlrdHZ0TFRRc1JLOGJiaWFuT2h0K0N3WUQyTm5GS282OEcwbDU3QnlLWHplMHdHMTgKaTk0MytOVE92VS9MZSs4U0V3SjRhc1JsZDN2M0w4cENwTkFNN0pYMTJ6b3Fpc0FuQ0NqM2h1NndhQTVYdk1laApTVGo4eVl0SXhQMWwxSTFxZlJKek1COW5HdjlLendtb3pIaXczb0dKci9HM2oxdTFrcnJRZmo0UzZ6MTZCcTI5Cm5mSUxGbm1rL01vZXFZUzZEQlJZODBiNjAyODkrUjdDU0NCNU9RYlFZdm1qeS9zeHZjTk8KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo="}],"tLogs":[{"baseURL":"","hashAlgorithm":"","publicKey":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFa3YyZnkyakpVK2o4RzJZZUhrSVVvK1FSeG5iRwowOWFnT2xzSjB5R1VrTklWQzFyQlpqeFZKcDFKd2NFaWx0ZDVUblFadmdiQTg5Y2VDK3VURGFJTFdRPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==","logID":"0b2d9e709031929627f2b11ca95e033288e7f47d19284d184ce09f38a91ec35e"}],"ctLogs":[{"baseURL":"","hashAlgorithm":"","publicKey":"LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUZrd0V3WUhLb1pJemowQ0FRWUlLb1pJemowREFRY0RRZ0FFdmZmSS9sNTRyRjd6dDMvM0JmTm9YMXR3enFINwo3dXBVMTlGMlkrd3VHb2EyVmNEWnMySzk4UStncm84RWQ4bUFxQTJ6VFR0SGV6QW9pMm9BdWVnNzhRPT0KLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==","logID":"bbe211cdeecb41c47c88fb8e71ecc98196976a1c596cb563427004c02297b838"}],"timestampAuthorities":null}` - // Just some formatting strings that make it easier to construct patches // to config map. replacePatchFmtString = `[{"op":"replace","path":"/data/%s","value":"%s"}]` removePatchFmtString = `[{"op":"remove","path":"/data/%s"}]` ) -// testmap with prepopulated (grabbed from an instance of scaffolding) entries -// for creating TrustRoot resource. +// compactJSON compacts the given JSON, as the test data is formatted with +// indentation for readability, but the expected patches are compacted. +func compactJSON(in []byte) []byte { + out := bytes.NewBuffer([]byte{}) + err := json.Compact(out, in) + if err != nil { + panic("error compacting json test data: " + err.Error()) + } + return out.Bytes() +} + +// testmap with prepopulated entries for creating TrustRoot resource. // ctfe => CTLog Public Key // fulcio => CertificateAuthority certificate // rekor => TLog PublicKey // tsa => TimeStampAuthorities certificate chain (root, intermediate, leaf) var sigstoreKeys = map[string]string{ - "ctfe": ctfePublicKey, - "fulcio": fulcioCert, - "rekor": rekorPublicKey, - "tsa": tsaCertChain, + "ctfe": string(testdata.Get("ctfePublicKey.pem")), + "fulcio": string(testdata.Get("fulcioCertChain.pem")), + "rekor": string(testdata.Get("rekorPublicKey.pem")), + "tsa": string(testdata.Get("tsaCertChain.pem")), } -func TestReconcile(t *testing.T) { - rootJSONDecoded, err := base64.StdEncoding.DecodeString(rootJSON) - if err != nil { - t.Fatalf("Failed to decode rootJSON for testing: %v", err) - } - validRepositoryDecoded, err := base64.StdEncoding.DecodeString(validRepository) - if err != nil { - t.Fatalf("Failed to decode validRepository for testing: %v", err) - } +// This is the marshalled entry from above keys/certs with fixed values +// (for ease of testing) for other parts. +var marshalledEntry = string(compactJSON(testdata.Get("marshalledEntry.json"))) + +// this is the marshalled entry for when we construct from the repository. +var marshalledEntryFromMirrorFS = string(compactJSON(testdata.Get("marshalledEntryFromMirrorFS.json"))) +var rekorLogID = string(testdata.Get("rekorLogID.txt")) +var ctfeLogID = string(testdata.Get("ctfeLogID.txt")) + +// validRepository is a valid tarred repository representing an air-gap +// TUF repository. +var validRepository = testdata.Get("tufRepo.tar") + +// IMPORTANT: The next expiration is on 2024-09-21 +// rootJSON is a valid root.json for above TUF repository. +var rootJSON = testdata.Get("root.json") + +func TestReconcile(t *testing.T) { table := TableTest{{ Name: "bad workqueue key", // Make sure Reconcile handles bad keys. @@ -405,7 +320,7 @@ func TestReconcile(t *testing.T) { NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootJSONDecoded, validRepositoryDecoded), + WithRepository("targets", rootJSON, validRepository), WithTrustRootFinalizer, ), }, @@ -416,7 +331,7 @@ func TestReconcile(t *testing.T) { Object: NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootJSONDecoded, validRepositoryDecoded), + WithRepository("targets", rootJSON, validRepository), WithTrustRootFinalizer, MarkReadyTrustRoot, )}}, diff --git a/third_party/VENDOR-LICENSE/github.com/LICENSE b/third_party/VENDOR-LICENSE/github.com/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/LICENSE b/third_party/VENDOR-LICENSE/github.com/docker/distribution/registry/client/auth/challenge/LICENSE similarity index 99% rename from third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/LICENSE rename to third_party/VENDOR-LICENSE/github.com/docker/distribution/registry/client/auth/challenge/LICENSE index 8dada3eda..e06d20818 100644 --- a/third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/LICENSE +++ b/third_party/VENDOR-LICENSE/github.com/docker/distribution/registry/client/auth/challenge/LICENSE @@ -1,4 +1,4 @@ - Apache License +Apache License Version 2.0, January 2004 http://www.apache.org/licenses/ @@ -199,3 +199,4 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. + diff --git a/third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/NOTICE b/third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/NOTICE deleted file mode 100644 index 5d8cb5b72..000000000 --- a/third_party/VENDOR-LICENSE/github.com/matttproud/golang_protobuf_extensions/v2/pbutil/NOTICE +++ /dev/null @@ -1 +0,0 @@ -Copyright 2012 Matt T. Proud (matt.proud@gmail.com) diff --git a/third_party/VENDOR-LICENSE/github.com/moby/docker-image-spec/specs-go/v1/LICENSE b/third_party/VENDOR-LICENSE/github.com/moby/docker-image-spec/specs-go/v1/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/moby/docker-image-spec/specs-go/v1/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/third_party/VENDOR-LICENSE/github.com/sigstore/scaffolding/pkg/repo/LICENSE b/third_party/VENDOR-LICENSE/github.com/sigstore/scaffolding/pkg/repo/LICENSE new file mode 100644 index 000000000..261eeb9e9 --- /dev/null +++ b/third_party/VENDOR-LICENSE/github.com/sigstore/scaffolding/pkg/repo/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License.