Skip to content

Commit

Permalink
incorporated review comments
Browse files Browse the repository at this point in the history
Signed-off-by: Mukuls77 <[email protected]>
  • Loading branch information
Mukuls77 committed Jan 25, 2024
1 parent 63a9897 commit d6a95df
Showing 1 changed file with 24 additions and 11 deletions.
35 changes: 24 additions & 11 deletions test/e2e_test_attach.sh
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,12 @@
# See the License for the specific language governing permissions and
# limitations under the License.

# This test case test two scenarios
# scenario 1: Attach a single signature with certificate and certificate chain to an artifact
# and verify it using root certificate
# scenario 2: Attaches second signature with diffrent certificate and certificate chain to same
# artifact and verify it using both root certificates separately

Check failure on line 21 in test/e2e_test_attach.sh

View workflow job for this annotation

GitHub Actions / Check Whitespace

[trailing whitespace] reported by reviewdog 🐶 # artifact and verify it using both root certificates separately Raw Output: test/e2e_test_attach.sh:21:# artifact and verify it using both root certificates separately

set -ex

go build -o cosign ./cmd/cosign
Expand Down Expand Up @@ -48,35 +54,42 @@ IMAGE_URI_DIGEST=$IMAGE_URI@$SRC_DIGEST
## Generate
./cosign generate $IMAGE_URI_DIGEST > payload.json

## Sign with Leafcert Private Key
## Scenario 1 Starts

## Sign with First Leafcert Private Key
openssl dgst -sha256 -sign ./private_key -out payload.sig payload.json
cat payload.sig | base64 > payloadbase64.sig
openssl dgst -sha256 -sign ./secondprivate_key -out secondpayload.sig payload.json
cat secondpayload.sig | base64 > secondpayloadbase64.sig


SIGNATURE=$(cat payloadbase64.sig | base64)
echo "Signature: $SIGNATURE"
SIGNATURE2=$(cat secondpayloadbase64.sig | base64)
echo "Second Signature: $SIGNATURE2"

PAYLOAD=$(cat payload.json)
echo "Payload: $PAYLOAD"



## Attach Signature, payload, cert and cert-chain
./cosign attach signature --signature ./payloadbase64.sig --payload ./payload.json --cert ./leafcert.pem --cert-chain ./certchain.pem $IMAGE_URI_DIGEST
./cosign attach signature --signature ./secondpayloadbase64.sig --payload ./payload.json --cert ./secondleafcert.pem --cert-chain ./secondcertchain.pem $IMAGE_URI_DIGEST


## confirm manifest conatins annotation for cert and cert chain
crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "application/vnd.oci.image.config.v1+json"
crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "dev.sigstore.cosign/certificate"
crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "dev.sigstore.cosign/chain"

## Verify Signature, payload, cert and cert-chain using Root certificate only
## Verify Signature, payload, cert and cert-chain using Root certificate only

Check failure on line 77 in test/e2e_test_attach.sh

View workflow job for this annotation

GitHub Actions / Check Whitespace

[trailing whitespace] reported by reviewdog 🐶 ## Verify Signature, payload, cert and cert-chain using Root certificate only Raw Output: test/e2e_test_attach.sh:77:## Verify Signature, payload, cert and cert-chain using Root certificate only
./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./rootcert.pem

## Scenario 2 Starts

## Sign with Leafcert Private Key
openssl dgst -sha256 -sign ./secondprivate_key -out secondpayload.sig payload.json
cat secondpayload.sig | base64 > secondpayloadbase64.sig

SIGNATURE2=$(cat secondpayloadbase64.sig | base64)
echo "Second Signature: $SIGNATURE2"

## Attach Second Signature, payload, cert and cert-chain
./cosign attach signature --signature ./secondpayloadbase64.sig --payload ./payload.json --cert ./secondleafcert.pem --cert-chain ./secondcertchain.pem $IMAGE_URI_DIGEST

## Verify Signature, payload, cert and cert-chain using Root certificate only

Check failure on line 92 in test/e2e_test_attach.sh

View workflow job for this annotation

GitHub Actions / Check Whitespace

[trailing whitespace] reported by reviewdog 🐶 ## Verify Signature, payload, cert and cert-chain using Root certificate only Raw Output: test/e2e_test_attach.sh:92:## Verify Signature, payload, cert and cert-chain using Root certificate only
./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./rootcert.pem

./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./secondrootcert.pem
Expand Down

0 comments on commit d6a95df

Please sign in to comment.