feat: add policy, oci, attestation
This commit is contained in:
mrjoelkamp
48
test/testdata/example_attestation.json
vendored
Normal file
48
test/testdata/example_attestation.json
vendored
Normal file
File diff suppressed because one or more lines are too long
58
test/testdata/local-policy/doi/data.yaml
vendored
Normal file
58
test/testdata/local-policy/doi/data.yaml
vendored
Normal file
@@ -0,0 +1,58 @@
|
||||
config:
|
||||
doi:
|
||||
keys:
|
||||
- id: "f6a29392b1c08891ff456100aa448b4f6bf9c315850e11cc0883fe9c3c4412db"
|
||||
key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+XOm2uWjLJhpsJtHCFdGic26suOy
|
||||
mCl2pBgCof+AHGFZFca40JL833OT+nRSZJRMPKBGibWqsjFrLdRCkOB7bA==
|
||||
-----END PUBLIC KEY-----
|
||||
from: "2024-01-01T00:00:00Z"
|
||||
to: "2024-01-15T12:00:00Z"
|
||||
# this key was rotated at a planned time
|
||||
status: "rotated"
|
||||
signing-format: "dssev1"
|
||||
- id: "e6f4c70fbba21cbcac44915fff53fd2fdf90dd8849445795fe58014c2b5f8c64"
|
||||
key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZSkTE3si/JkRbuLjaYraS3//YBnX
|
||||
8KtEcgdYKZQPl2DnSl4gPsu3KiVeEBWp5GK06IoZlcBAL3NF0OsUUP+yVg==
|
||||
-----END PUBLIC KEY-----
|
||||
from: "2024-01-15T12:00:00Z"
|
||||
to: "2024-01-15T14:00:00Z"
|
||||
# this key was leaked at a known time, so it revoked from that time
|
||||
# this behaves the same way as "rotated" but might give another failure message
|
||||
status: "revoked"
|
||||
signing-format: "dssev1"
|
||||
- id: "d45980c5cf39a5e1bab9febe3f16c1c0820b97a8fd061b0064e54b0826e856e4"
|
||||
key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEafssq2x1EDQcKDZhuSrCOxWWl5D4
|
||||
JBa9iDJYDnLZp9kPKvv4RnD4rz7Ucfmd0l/zzM45qT29fSBTlguKmnOA8A==
|
||||
-----END PUBLIC KEY-----
|
||||
# this key was leaked at an unknown time, so it's completely distrusted
|
||||
distrust: true
|
||||
status: "revoked"
|
||||
signing-format: "dssev1"
|
||||
- id: "a0c296026645799b2a297913878e81b0aefff2a0c301e97232f717e14402f3e4"
|
||||
key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgH23D1i2+ZIOtVjmfB7iFvX8AhVN
|
||||
9CPJ4ie9axw+WRHozGnRy99U2dRge3zueBBg2MweF0zrToXGig2v3YOrdw==
|
||||
-----END PUBLIC KEY-----
|
||||
from: "2023-12-15T14:00:00Z"
|
||||
to: null
|
||||
# this key is still active
|
||||
status: "active"
|
||||
signing-format: "dssev1"
|
||||
- id: "b281835e00059de24fb06bd6db06eb0e4a33d7bd7210d7027c209f14b19e812a"
|
||||
key: |
|
||||
-----BEGIN PUBLIC KEY-----
|
||||
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgE4Jz6FrLc3lp/YRlbuwOjK4n6ac
|
||||
jVkSDAmFhi3Ir2Jy+cKeEB7iRPcLvBy9qoMZ9E93m1NdWY6KtDo+Qi52Rg==
|
||||
-----END PUBLIC KEY-----
|
||||
from: "2024-01-15T14:00:00Z"
|
||||
to: null
|
||||
# this key is still active
|
||||
status: "active"
|
||||
signing-format: "dssev1"
|
||||
49
test/testdata/local-policy/doi/policy.rego
vendored
Normal file
49
test/testdata/local-policy/doi/policy.rego
vendored
Normal file
@@ -0,0 +1,49 @@
|
||||
package docker
|
||||
|
||||
import rego.v1
|
||||
|
||||
import data.config
|
||||
|
||||
splitDigest := split(input.digest, ":")
|
||||
|
||||
digestType := splitDigest[0]
|
||||
|
||||
digest := splitDigest[1]
|
||||
|
||||
allow if {
|
||||
some env in attestations.attestation("https://slsa.dev/verification_summary/v0.1")
|
||||
some statement in verified_statements(config.doi.keys, env)
|
||||
}
|
||||
|
||||
|
||||
verified_statements(keys, env) := statements if {
|
||||
statements := {statement |
|
||||
statement := attestations.verify_envelope(env, keys)
|
||||
some subject in statement.subject
|
||||
valid_subject(subject)
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
valid_subject(sub) if {
|
||||
print("valid_subject")
|
||||
print("sub.digest[digestType]:", sub.digest[digestType])
|
||||
print("digest", digest)
|
||||
sub.digest[digestType] == digest
|
||||
print("digest matches")
|
||||
valid_subject_name(sub.name)
|
||||
}
|
||||
|
||||
valid_subject_name(name) if {
|
||||
input.canonical
|
||||
print("is canonical, ignoring name")
|
||||
}
|
||||
|
||||
valid_subject_name(name) if {
|
||||
not input.canonical
|
||||
print("valid_subject_name...")
|
||||
print("name:", name)
|
||||
print("input.purl:", input.purl)
|
||||
name == input.purl
|
||||
print("name match")
|
||||
}
|
||||
25
test/testdata/local-policy/doi/policy_test.rego
vendored
Normal file
25
test/testdata/local-policy/doi/policy_test.rego
vendored
Normal file
@@ -0,0 +1,25 @@
|
||||
package docker
|
||||
import rego.v1
|
||||
|
||||
config := {"keys": []}
|
||||
envs := [{"env": "test"}]
|
||||
purl := "pkg:docker/library/alpine:1.2.3"
|
||||
|
||||
statement := {"subject": [{"name": purl, "digest": {"sha256": "dea014f47cd49d694d3a68564eb9e6ae38a7ee9624fd52ec05ccbef3f3fab8a0"}}]}
|
||||
input_digest := "sha256:dea014f47cd49d694d3a68564eb9e6ae38a7ee9624fd52ec05ccbef3f3fab8a0"
|
||||
|
||||
test_with_mock_data if {
|
||||
allow with attestations.attestation as envs
|
||||
with attestations.verify_envelope as statement
|
||||
with input.digest as input_digest
|
||||
with input.purl as purl
|
||||
with input.canonical as false
|
||||
}
|
||||
|
||||
layout_digest := "sha256:da8b190665956ea07890a0273e2a9c96bfe291662f08e2860e868eef69c34620"
|
||||
outout_purl := "pkg:docker/test-image@test?platform=linux%2Famd64"
|
||||
test_with_signed_oci_layout if {
|
||||
allow with input.digest as layout_digest
|
||||
with input.purl as outout_purl
|
||||
with input.canonical as false
|
||||
}
|
||||
16
test/testdata/local-policy/mapping.yaml
vendored
Normal file
16
test/testdata/local-policy/mapping.yaml
vendored
Normal file
@@ -0,0 +1,16 @@
|
||||
# map repos to policies
|
||||
version: v1
|
||||
kind: policy-mapping
|
||||
policies:
|
||||
- origin:
|
||||
domain: docker.io
|
||||
prefix: library/
|
||||
name: test-images
|
||||
description: Local test images
|
||||
location: doi
|
||||
|
||||
mirrors:
|
||||
- name: test-images
|
||||
mirror:
|
||||
domains: [localhost:5001]
|
||||
prefix: ""
|
||||
@@ -0,0 +1 @@
|
||||
{"signatures":[{"keyid":"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3","sig":"3044022039b56cd2e3597df74e57d200a652ba020cdc9a8cd050bd65b5f8e2640d50691d02205e073e4b6fc260acc64327a331e4440601af5b1cbff594ea91cf7b70d5828fb1"}],"signed":{"_type":"snapshot","expires":"2034-04-03T15:59:47Z","meta":{"targets.json":{"version":5},"test-role.json":{"version":3}},"spec_version":"1.0.31","version":6}}
|
||||
@@ -0,0 +1 @@
|
||||
{"signatures":[{"keyid":"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3","sig":"3045022011f2afa9b448fcbbac983c11fc3e264e95d5d7a9c9527b09d83a316ee762635f022100d05197a78ccc7a713ebdb0bccb44844f67a7c5208af8d346e201064b7ce11055"}],"signed":{"_type":"timestamp","expires":"2034-04-03T15:59:47Z","meta":{"snapshot.json":{"version":6}},"spec_version":"1.0.31","version":6}}
|
||||
@@ -0,0 +1,65 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"sig": "3064023037bbb03c3472b140572a7d5a2895bd80e74435bbcb7053949731f81b104c6d05a0876590cd6a2e94d7ed619426a2f6fa02303adc8c9006fa5506fdd7ea87d2960074a537ad8bf2459f2863e806b47682cbb2f9b01b7502eaf5437a1a68fdaaeac114"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "root",
|
||||
"consistent_snapshot": true,
|
||||
"expires": "2034-04-02T17:00:22Z",
|
||||
"keys": {
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp256",
|
||||
"x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
|
||||
},
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp384",
|
||||
"x-tuf-on-ci-keyowner": "@mrjoelkamp"
|
||||
}
|
||||
},
|
||||
"roles": {
|
||||
"root": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"snapshot": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
},
|
||||
"targets": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"timestamp": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
},
|
||||
"spec_version": "1.0.31",
|
||||
"version": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":669,"digest":"sha256:ad4cacc170229608305ffccd8d09eeb59578fcb72ae394763cf7ef492175b1ee"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":2607,"digest":"sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","annotations":{"tuf.io/filename":"2.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":2200,"digest":"sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","annotations":{"tuf.io/filename":"1.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":410,"digest":"sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","annotations":{"tuf.io/filename":"6.snapshot.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":1683,"digest":"sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","annotations":{"tuf.io/filename":"5.targets.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":383,"digest":"sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950","annotations":{"tuf.io/filename":"timestamp.json"}}]}
|
||||
@@ -0,0 +1 @@
|
||||
{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":"3066023100e99acc5f74777ebf40376b60f0216e8fe1829c1a49a5f6a6899126c15de1df7a56533baf493b2b53159c50843a289102023100b6a006b24da62ea0b743fbe38e1497ff485bf3a0833894985fc27a0305ad0693eeb968a7b52723ed3c49af8bef2027b6"},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"30440220136debcc2f60dd1d63c9c2704f9b13c2cb2f5d2df58ea93f07f7c10f54f36742022059d7f8c6620e33506c6f1766394a32f86c9b008328f6398831ba7ebcf4ce0838"}],"signed":{"_type":"root","consistent_snapshot":true,"expires":"2034-04-03T08:45:50Z","keys":{"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-online-uri":"awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"},"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-keyowner":"@kipz"},"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"}},"roles":{"root":{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"threshold":1},"snapshot":{"keyids":["198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60},"targets":{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"threshold":1},"timestamp":{"keyids":["198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"],"threshold":1,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}},"spec_version":"1.0.31","version":2,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":669,"digest":"sha256:c927b30f17fa8c64e3c20b8f92b7e348733f9c1281b5b7e6b6d669a8a74230a7"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":2200,"digest":"sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","annotations":{"tuf.io/filename":"1.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":2607,"digest":"sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","annotations":{"tuf.io/filename":"2.root.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":410,"digest":"sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","annotations":{"tuf.io/filename":"6.snapshot.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":1683,"digest":"sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","annotations":{"tuf.io/filename":"5.targets.json"}},{"mediaType":"application/vnd.tuf.metadata+json","size":383,"digest":"sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950","annotations":{"tuf.io/filename":"timestamp.json"}}]}
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950"]},"config":{}}
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:61a98e1e86ae279e59415d927e38beae430d7e6d2bd6207054179429ea9b6763","sha256:a2e026ce65c198ee68a7ed2df6978ed0287bb38342f6ddb7bf934a456f1d6f87","sha256:1fd0d9781f02486718fcbd7724db0e4c4ba47b649930cec22a3e7e6b6077ba38","sha256:ea7713eb649ca1a33d79ebdccda9f7f066595b1b2c6e37e52dbfd250f5287260","sha256:4c1054844dba3241525cbd71ff9e58becca652fb1ce4a0e6ea55a01c4ec41950"]},"config":{}}
|
||||
@@ -0,0 +1 @@
|
||||
{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":""},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"3046022100f892a496c9bd96082e3b06d5eae85429355876b8eb455aa04b53ab9051911d90022100a3e89c29b15bccfc2877278c0fb2d3b34500da6351e245ad0b3f8c0ae6b67eff"}],"signed":{"_type":"targets","delegations":{"keys":{"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp256","x-tuf-on-ci-keyowner":"@kipz"},"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09":{"keytype":"ecdsa","keyval":{"public":"-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"},"scheme":"ecdsa-sha2-nistp384","x-tuf-on-ci-keyowner":"@mrjoelkamp"}},"roles":[{"keyids":["b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"],"name":"test-role","paths":["test-role/*","test-role/*/*","test-role/*/*/*","test-role/*/*/*/*"],"terminating":true,"threshold":1}]},"expires":"2034-04-03T15:28:29Z","spec_version":"1.0.31","targets":{"test.txt":{"hashes":{"sha256":"02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"},"length":31}},"version":5,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}
|
||||
11
test/testdata/tuf/test-repo-oci/metadata/index.json
vendored
Executable file
11
test/testdata/tuf/test-repo-oci/metadata/index.json
vendored
Executable file
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
"mediaType": "application/vnd.oci.image.index.v1+json",
|
||||
"manifests": [
|
||||
{
|
||||
"mediaType": "application/vnd.oci.image.manifest.v1+json",
|
||||
"size": 1220,
|
||||
"digest": "sha256:a744a2f1e62ae4ce410822b5e3f5508dbaf6a76768a9d23741828172bab1dc97"
|
||||
}
|
||||
]
|
||||
}
|
||||
3
test/testdata/tuf/test-repo-oci/metadata/oci-layout
vendored
Executable file
3
test/testdata/tuf/test-repo-oci/metadata/oci-layout
vendored
Executable file
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"imageLayoutVersion": "1.0.0"
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{"signatures":[{"keyid":"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09","sig":""},{"keyid":"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664","sig":"3044022015b6ebe9d30895e3be20e707a6738e38460197d90cae3dc37527ddb7c437868602207f85f3d4e068bef4c51a749f5d166cc7fe2cb9483999ea197e72395081c3aa61"}],"signed":{"_type":"targets","expires":"2034-04-03T15:39:02Z","spec_version":"1.0.31","targets":{"test-role/dir1/dir2/dir3/myfile.txt":{"hashes":{"sha256":"ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"},"length":10},"test-role/test.txt":{"hashes":{"sha256":"d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"},"length":32}},"version":3,"x-tuf-on-ci-expiry-period":3650,"x-tuf-on-ci-signing-period":60}}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:9edf24c022c2cd6796e87f49ec6a6ea2fad3e7c939c32a8219aaa4726792457c"},"layers":[{"mediaType":"application/vnd.tuf.metadata+json","size":764,"digest":"sha256:2b2d4fba192ec164e05e6d90399c5cf4a45e4fe2ddebb9066c55aa2bcf0a73d3","annotations":{"tuf.io/filename":"3.test-role.json"}}]}
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:2b2d4fba192ec164e05e6d90399c5cf4a45e4fe2ddebb9066c55aa2bcf0a73d3"]},"config":{}}
|
||||
11
test/testdata/tuf/test-repo-oci/metadata/test-role/index.json
vendored
Executable file
11
test/testdata/tuf/test-repo-oci/metadata/test-role/index.json
vendored
Executable file
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
"mediaType": "application/vnd.oci.image.index.v1+json",
|
||||
"manifests": [
|
||||
{
|
||||
"mediaType": "application/vnd.oci.image.manifest.v1+json",
|
||||
"size": 444,
|
||||
"digest": "sha256:7c8d8f5dfca62068e3a4b18bb41cf85dad23ec9cdc7d7d2e10bc37b86ebffff5"
|
||||
}
|
||||
]
|
||||
}
|
||||
3
test/testdata/tuf/test-repo-oci/metadata/test-role/oci-layout
vendored
Executable file
3
test/testdata/tuf/test-repo-oci/metadata/test-role/oci-layout
vendored
Executable file
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"imageLayoutVersion": "1.0.0"
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
this is a top-level target file
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"]},"config":{}}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:cf0c754e6415fab25e2f59fb6b010dcf0c2369f7a59a45ff29c693c844163ca7"},"layers":[{"mediaType":"application/vnd.tuf.target","size":31,"digest":"sha256:02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b","annotations":{"tuf.io/filename":"02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b.test.txt"}}]}
|
||||
@@ -0,0 +1,11 @@
|
||||
{
|
||||
"schemaVersion": 2,
|
||||
"mediaType": "application/vnd.oci.image.index.v1+json",
|
||||
"manifests": [
|
||||
{
|
||||
"mediaType": "application/vnd.oci.image.manifest.v1+json",
|
||||
"size": 493,
|
||||
"digest": "sha256:cf70a3b91fd7dfaa30952dfa9f094809e6cd9bd7364942c7f067c747bc535f94"
|
||||
}
|
||||
]
|
||||
}
|
||||
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"imageLayoutVersion": "1.0.0"
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:d9941355ca037d7e878e04c1bc7cbf9c71a5d8035b6e27be0d9e5d9087599055"},"layers":[{"mediaType":"application/vnd.tuf.target","size":32,"digest":"sha256:d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2","annotations":{"tuf.io/filename":"d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2.test.txt"}}]}
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"]},"config":{}}
|
||||
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":233,"digest":"sha256:0b6b8fdb10421310b9aca2f1fb6ce51537baa243fb9fccca03f2ff3c15fb52f8"},"layers":[{"mediaType":"application/vnd.tuf.target","size":10,"digest":"sha256:ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1","annotations":{"tuf.io/filename":"ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1.myfile.txt"}}]}
|
||||
@@ -0,0 +1 @@
|
||||
this is a delegated targets file
|
||||
@@ -0,0 +1 @@
|
||||
{"architecture":"","created":"0001-01-01T00:00:00Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"]},"config":{}}
|
||||
@@ -0,0 +1 @@
|
||||
hello tuf
|
||||
1
test/testdata/tuf/test-repo-oci/targets/test-role/index.json
vendored
Executable file
1
test/testdata/tuf/test-repo-oci/targets/test-role/index.json
vendored
Executable file
@@ -0,0 +1 @@
|
||||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.index.v1+json","manifests":[{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":495,"digest":"sha256:8d320e9d3f3663613df6e4fca1651604a6c0323011023145a140b38f02105b04","annotations":{"tuf.io/filename":"test-role/dir1/dir2/dir3/ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1.myfile.txt"}},{"mediaType":"application/vnd.oci.image.manifest.v1+json","size":493,"digest":"sha256:0a4afcdad291941327b070ab4feaf052425fbf4ded864bc55c18cfefec8be6e2","annotations":{"tuf.io/filename":"test-role/d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2.test.txt"}}]}
|
||||
3
test/testdata/tuf/test-repo-oci/targets/test-role/oci-layout
vendored
Executable file
3
test/testdata/tuf/test-repo-oci/targets/test-role/oci-layout
vendored
Executable file
@@ -0,0 +1,3 @@
|
||||
{
|
||||
"imageLayoutVersion": "1.0.0"
|
||||
}
|
||||
65
test/testdata/tuf/test-repo/metadata/1.root.json
vendored
Normal file
65
test/testdata/tuf/test-repo/metadata/1.root.json
vendored
Normal file
@@ -0,0 +1,65 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"sig": "3064023037bbb03c3472b140572a7d5a2895bd80e74435bbcb7053949731f81b104c6d05a0876590cd6a2e94d7ed619426a2f6fa02303adc8c9006fa5506fdd7ea87d2960074a537ad8bf2459f2863e806b47682cbb2f9b01b7502eaf5437a1a68fdaaeac114"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "root",
|
||||
"consistent_snapshot": true,
|
||||
"expires": "2034-04-02T17:00:22Z",
|
||||
"keys": {
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp256",
|
||||
"x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
|
||||
},
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp384",
|
||||
"x-tuf-on-ci-keyowner": "@mrjoelkamp"
|
||||
}
|
||||
},
|
||||
"roles": {
|
||||
"root": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"snapshot": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
},
|
||||
"targets": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"timestamp": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
},
|
||||
"spec_version": "1.0.31",
|
||||
"version": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
}
|
||||
79
test/testdata/tuf/test-repo/metadata/2.root.json
vendored
Normal file
79
test/testdata/tuf/test-repo/metadata/2.root.json
vendored
Normal file
@@ -0,0 +1,79 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"sig": "3066023100e99acc5f74777ebf40376b60f0216e8fe1829c1a49a5f6a6899126c15de1df7a56533baf493b2b53159c50843a289102023100b6a006b24da62ea0b743fbe38e1497ff485bf3a0833894985fc27a0305ad0693eeb968a7b52723ed3c49af8bef2027b6"
|
||||
},
|
||||
{
|
||||
"keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
|
||||
"sig": "30440220136debcc2f60dd1d63c9c2704f9b13c2cb2f5d2df58ea93f07f7c10f54f36742022059d7f8c6620e33506c6f1766394a32f86c9b008328f6398831ba7ebcf4ce0838"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "root",
|
||||
"consistent_snapshot": true,
|
||||
"expires": "2034-04-03T08:45:50Z",
|
||||
"keys": {
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEgDpP6O0sEt2R+l84WlfmqPBsFSby\nxJsJ6YmeUVgDk/wk9++8IAR6YBYewaKye56gMnIYjTFbyOI8WomA2NQFBw==\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp256",
|
||||
"x-tuf-on-ci-online-uri": "awskms:arn:aws:kms:us-east-1:175142243308:key/fbd8dab6-5677-4b57-87e6-8369c45b3b61"
|
||||
},
|
||||
"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp256",
|
||||
"x-tuf-on-ci-keyowner": "@kipz"
|
||||
},
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp384",
|
||||
"x-tuf-on-ci-keyowner": "@mrjoelkamp"
|
||||
}
|
||||
},
|
||||
"roles": {
|
||||
"root": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"snapshot": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
},
|
||||
"targets": {
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
|
||||
],
|
||||
"threshold": 1
|
||||
},
|
||||
"timestamp": {
|
||||
"keyids": [
|
||||
"198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3"
|
||||
],
|
||||
"threshold": 1,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
},
|
||||
"spec_version": "1.0.31",
|
||||
"version": 2,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
}
|
||||
34
test/testdata/tuf/test-repo/metadata/3.test-role.json
vendored
Normal file
34
test/testdata/tuf/test-repo/metadata/3.test-role.json
vendored
Normal file
@@ -0,0 +1,34 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"sig": ""
|
||||
},
|
||||
{
|
||||
"keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
|
||||
"sig": "3044022015b6ebe9d30895e3be20e707a6738e38460197d90cae3dc37527ddb7c437868602207f85f3d4e068bef4c51a749f5d166cc7fe2cb9483999ea197e72395081c3aa61"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "targets",
|
||||
"expires": "2034-04-03T15:39:02Z",
|
||||
"spec_version": "1.0.31",
|
||||
"targets": {
|
||||
"test-role/dir1/dir2/dir3/myfile.txt": {
|
||||
"hashes": {
|
||||
"sha256": "ea230621c53e0bb858ea5526125414f8957fb29c08350528d50a162c620f36b1"
|
||||
},
|
||||
"length": 10
|
||||
},
|
||||
"test-role/test.txt": {
|
||||
"hashes": {
|
||||
"sha256": "d1bb6181284970ae43fbbc88b5e72f9a5942ebac20588aa0c4bf78ba621e1ee2"
|
||||
},
|
||||
"length": 32
|
||||
}
|
||||
},
|
||||
"version": 3,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
}
|
||||
65
test/testdata/tuf/test-repo/metadata/5.targets.json
vendored
Normal file
65
test/testdata/tuf/test-repo/metadata/5.targets.json
vendored
Normal file
@@ -0,0 +1,65 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"sig": ""
|
||||
},
|
||||
{
|
||||
"keyid": "81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664",
|
||||
"sig": "3046022100f892a496c9bd96082e3b06d5eae85429355876b8eb455aa04b53ab9051911d90022100a3e89c29b15bccfc2877278c0fb2d3b34500da6351e245ad0b3f8c0ae6b67eff"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "targets",
|
||||
"delegations": {
|
||||
"keys": {
|
||||
"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEWmhpAfB7Q53UNluMhpkDxXXup4E0\n2Hh4PSgHC1Yh6brGl6Akq9a4io55LtZTk5mnCTqxuB+rc5cI/yaNUeWEqQ==\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp256",
|
||||
"x-tuf-on-ci-keyowner": "@kipz"
|
||||
},
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09": {
|
||||
"keytype": "ecdsa",
|
||||
"keyval": {
|
||||
"public": "-----BEGIN PUBLIC KEY-----\nMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE3+asmp2GD6UijwWvMezwVG/BwFLuQa3o\nT6eRxFvkILGpVDbZ92ZYWidHl9LZ/eJUjhIjuVEkNVKoenw5KjKl8veP3MthZrQA\nSkYytOIwkidZo9Rk2dczbDcFSJvLGsmd\n-----END PUBLIC KEY-----\n"
|
||||
},
|
||||
"scheme": "ecdsa-sha2-nistp384",
|
||||
"x-tuf-on-ci-keyowner": "@mrjoelkamp"
|
||||
}
|
||||
},
|
||||
"roles": [
|
||||
{
|
||||
"keyids": [
|
||||
"b7474a42f2588fa92ed4a2ebea6047a7b1b2f7351f1cfe0912732c0d0fb0fc09",
|
||||
"81cf5a78d6ea2cd904256b9d814b340289b765e6f75ec4397e4ebb7586cab664"
|
||||
],
|
||||
"name": "test-role",
|
||||
"paths": [
|
||||
"test-role/*",
|
||||
"test-role/*/*",
|
||||
"test-role/*/*/*",
|
||||
"test-role/*/*/*/*"
|
||||
],
|
||||
"terminating": true,
|
||||
"threshold": 1
|
||||
}
|
||||
]
|
||||
},
|
||||
"expires": "2034-04-03T15:28:29Z",
|
||||
"spec_version": "1.0.31",
|
||||
"targets": {
|
||||
"test.txt": {
|
||||
"hashes": {
|
||||
"sha256": "02119a076ec3878c736c3a95e20794f5a8d5bce3d7ecc264681bb7334ca2e24b"
|
||||
},
|
||||
"length": 31
|
||||
}
|
||||
},
|
||||
"version": 5,
|
||||
"x-tuf-on-ci-expiry-period": 3650,
|
||||
"x-tuf-on-ci-signing-period": 60
|
||||
}
|
||||
}
|
||||
22
test/testdata/tuf/test-repo/metadata/6.snapshot.json
vendored
Normal file
22
test/testdata/tuf/test-repo/metadata/6.snapshot.json
vendored
Normal file
@@ -0,0 +1,22 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3",
|
||||
"sig": "3044022039b56cd2e3597df74e57d200a652ba020cdc9a8cd050bd65b5f8e2640d50691d02205e073e4b6fc260acc64327a331e4440601af5b1cbff594ea91cf7b70d5828fb1"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "snapshot",
|
||||
"expires": "2034-04-03T15:59:47Z",
|
||||
"meta": {
|
||||
"targets.json": {
|
||||
"version": 5
|
||||
},
|
||||
"test-role.json": {
|
||||
"version": 3
|
||||
}
|
||||
},
|
||||
"spec_version": "1.0.31",
|
||||
"version": 6
|
||||
}
|
||||
}
|
||||
19
test/testdata/tuf/test-repo/metadata/timestamp.json
vendored
Normal file
19
test/testdata/tuf/test-repo/metadata/timestamp.json
vendored
Normal file
@@ -0,0 +1,19 @@
|
||||
{
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "198f00ff96ea7cbfa7eac480cc9bfc43ce13bb434b901011ab777856533997d3",
|
||||
"sig": "3045022011f2afa9b448fcbbac983c11fc3e264e95d5d7a9c9527b09d83a316ee762635f022100d05197a78ccc7a713ebdb0bccb44844f67a7c5208af8d346e201064b7ce11055"
|
||||
}
|
||||
],
|
||||
"signed": {
|
||||
"_type": "timestamp",
|
||||
"expires": "2034-04-03T15:59:47Z",
|
||||
"meta": {
|
||||
"snapshot.json": {
|
||||
"version": 6
|
||||
}
|
||||
},
|
||||
"spec_version": "1.0.31",
|
||||
"version": 6
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
this is a top-level target file
|
||||
@@ -0,0 +1 @@
|
||||
this is a delegated targets file
|
||||
@@ -0,0 +1 @@
|
||||
hello tuf
|
||||
48
test/testdata/vsa.json
vendored
Normal file
48
test/testdata/vsa.json
vendored
Normal file
@@ -0,0 +1,48 @@
|
||||
{
|
||||
"payloadType": "application/vnd.in-toto+json",
|
||||
"payload": "eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3ZlcmlmaWNhdGlvbl9zdW1tYXJ5L3YwLjEiLCJzdWJqZWN0IjpbeyJuYW1lIjoicGtnOmRvY2tlci90ZXN0LWltYWdlQHRlc3Q/cGxhdGZvcm09bGludXglMkZhbWQ2NCIsImRpZ2VzdCI6eyJzaGEyNTYiOiJkYThiMTkwNjY1OTU2ZWEwNzg5MGEwMjczZTJhOWM5NmJmZTI5MTY2MmYwOGUyODYwZTg2OGVlZjY5YzM0NjIwIn19XSwicHJlZGljYXRlIjp7InZlcmlmaWVyIjp7ImlkIjoiaHR0cHM6Ly9kb2NrZXIuY29tIn0sInRpbWVWZXJpZmllZCI6IjIwMjQtMDQtMTlUMTY6MjU6MTFaIiwicmVzb3VyY2VVcmkiOiJwa2c6ZG9ja2VyL3Rlc3QtaW1hZ2VAdGVzdD9kaWdlc3Q9c2hhMjU2JTNBZGE4YjE5MDY2NTk1NmVhMDc4OTBhMDI3M2UyYTljOTZiZmUyOTE2NjJmMDhlMjg2MGU4NjhlZWY2OWMzNDYyMFx1MDAyNnBsYXRmb3JtPWxpbnV4JTJGYW1kNjQiLCJwb2xpY3kiOnsidXJpIjoiaHR0cHM6Ly9kb2NrZXIuY29tL2xpYnJhcnkvcG9saWN5In0sImlucHV0QXR0ZXN0YXRpb25zIjpudWxsLCJ2ZXJpZmljYXRpb25SZXN1bHQiOiJQQVNTRUQiLCJ2ZXJpZmllZExldmVscyI6WyJTTFNBX0JVSUxEX0xFVkVMXzMiXX19",
|
||||
"signatures": [
|
||||
{
|
||||
"keyid": "a0c296026645799b2a297913878e81b0aefff2a0c301e97232f717e14402f3e4",
|
||||
"sig": "MEUCIDtkq1k1x7exFlKmRx8asV0a/nycXxdw71pRvbtVltprAiEA4aV45oCN3tfIf4KbQaRH3RO0wCbemP3woL0gK3lkscg=",
|
||||
"extension": {
|
||||
"kind": "application/vnd.docker.attestation-verification.v1+json",
|
||||
"ext": {
|
||||
"tl": {
|
||||
"kind": "Rekor",
|
||||
"data": {
|
||||
"body": "eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaGFzaGVkcmVrb3JkIiwic3BlYyI6eyJkYXRhIjp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJiODU4MTM2MWUzMDcwZjhjNzUxZTk4ODE3MWFmYzFhMjE1ZGJlZjQxMzk2NTMxOTJiZDMyYWIwYzE3ZDM2YzM1In19LCJzaWduYXR1cmUiOnsiY29udGVudCI6Ik1FVUNJRHRrcTFrMXg3ZXhGbEttUng4YXNWMGEvbnljWHhkdzcxcFJ2YnRWbHRwckFpRUE0YVY0NW9DTjN0ZklmNEtiUWFSSDNSTzB3Q2JlbVAzd29MMGdLM2xrc2NnPSIsInB1YmxpY0tleSI6eyJjb250ZW50IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVTkRWRU5EUVdFclowRjNTVUpCWjBsQ1FWUkJTMEpuWjNGb2EycFBVRkZSUkVGcVFreE5WV3QzVW5kWlJGWlJVVVJGTUVKb1RVZE5lVTlVV1hjS1RXcFpNazVFVlROUFZHeHBUVzFGZVU5VVl6Vk5WRTAwVG5wb2JFOUVSbWxOUjBac1dtMWFiVTF0UlhkWmVrMTNUVmRWTlU1NlNYcE5iVmt6VFZSa2JBcE5WRkV3VFVSS2JVMHlWVEJOUWpSWVJGUkpNRTFFVVhoUFZFVXlUV3BWZUUxV2IxaEVWRWt4VFVSUmVFOVVSVEpOYWxWNFRWWnZkMU42UmtwTlJXTkhDa0V4VlVWQmVFNUJXVlJDYWsxcWF6Sk5SRWt5VG1wUk1VNTZhelZaYWtwb1RXcHJNMDlVUlhwUFJHTTBXbFJuZUZscVFtaGFWMXB0V21wS2FFMUhUWG9LVFVSR2JFOVVZM2xOZWtwdFRucEZNMXBVUlRCT1JFRjVXbXBPYkU1RVFscE5RazFIUW5seFIxTk5ORGxCWjBWSFEwTnhSMU5OTkRsQmQwVklRVEJKUVFwQ1NVSTVkSGM1V1hSMmJWTkVjbFpaTlc1M1pUUm9ZakV2UVVsV1ZHWlJhbmxsU1c1MlYzTmpVR3hyVWpaTmVIQXdZM1ptVms1dVZWbElkRGczYm1kUkNsbE9hazFJYUdSTk5qQTJSbmh2YjA1eU9USkVjVE5sYW1kWlRYZG5XVUYzUkdkWlJGWlNNRkJCVVVndlFrRlJSRUZuWlVGTlFrMUhRVEZWWkVwUlVVMEtUVUZ2UjBORGMwZEJVVlZHUW5kTlJFMUJkMGRCTVZWa1JYZEZRaTkzVVVOTlFVRjNVM2RaUkZaU01GSkNSVkYzVVc5S1FWbFVRbXBOYW1zeVRVUkpNZ3BPYWxFeFRucHJOVmxxU21oTmFtc3pUMVJGZWs5RVl6UmFWR2Q0V1dwQ2FGcFhXbTFhYWtwb1RVZE5lazFFUm14UFZHTjVUWHBLYlU1NlJUTmFWRVV3Q2s1RVFYbGFhazVzVGtSQlMwSm5aM0ZvYTJwUFVGRlJSRUZuVGtsQlJFSkdRV2xGUVRaVk5pdDBjRTFGWlhCT1JYSnpMM0JPYW1kdlFWbzNWM1JtVlZRS1kxTmxiSEp3VTJsTFdqQjNPRkpCUTBsRVlWUXpWbXBETmpoTVlVeEtTbWxDWkhSbFYzTnVNMlYyWTBST1NFZFVjMmRNVDFwcGNXdDRTakJsQ2kwdExTMHRSVTVFSUVORlVsUkpSa2xEUVZSRkxTMHRMUzBLIn19fX0=",
|
||||
"integratedTime": 1713543910,
|
||||
"logID": "c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d",
|
||||
"logIndex": 87076941,
|
||||
"verification": {
|
||||
"inclusionProof": {
|
||||
"checkpoint": "rekor.sigstore.dev - 2605736670972794746\n82913511\nBaX/1AgGwb1Cxm3NpleUYCBgWPt6pj2hq/xGYEmZl/c=\n\n— rekor.sigstore.dev wNI9ajBFAiEAsrpsGf41VBvC0uci2OPfaB3y+gm4ri+Pw2892vlCPqECIAbjtBCF3fJBOxxTDcXuAHk5F4D6TmLQCJ5glIkDlCuZ\n",
|
||||
"hashes": [
|
||||
"1f87b20218e09db0b277220c8b32a32ca917775b1561f9ad63afd755e4ddbf62",
|
||||
"508e07a2fc0a8ac9c00b908c7ac3504dee1af18c6499283619b6f00ec0369145",
|
||||
"7828aaacc3c0f3e4ef486d002073e9147305b30fc9680b599ecd0e9d5473160f",
|
||||
"c11b0503e880276f1d6547843000b62f1503e34d440c2cfe67c822fa9f1dec01",
|
||||
"8fa564c7c1f550540d70ac5469c77b63b6eee30dbfdf935a1d27f01b90852da7",
|
||||
"de82a665a685584f93b92f15cd310bdd28a33faf5b592dea5c25e6f24ead3cf7",
|
||||
"5ccc2074cecc5e7e14bbc684ff420ec3d6658d2b54d95727b740761080dd4a8e",
|
||||
"690cf19a242b1dc4e4eb95c7249dda2bae94d793a85b70b83080c1375a736199",
|
||||
"421731b5a60ac1a92c79624f4d1b64b465ea0c36e4d67ba99f88157910bd4bec",
|
||||
"de48cf7a09019cd05ee06aa911cb8f103382632fa1b363921d4c4a19d6b1026e",
|
||||
"b66caf5e8b1f7b1fcd5a06ad2371b53dc1ae6524eb4775aed563ba31d565b426",
|
||||
"0c60918bcf6f554648566bcad8014e99e32a101ea7f91f7a65efaf8d601906fc",
|
||||
"f7c7a7ccc682fb1e6808cbc8650039cfcbeed9aa4330216f13ff77e4d7ee3f0f"
|
||||
],
|
||||
"logIndex": 82913510,
|
||||
"rootHash": "05a5ffd40806c1bd42c66dcda6579460206058fb7aa63da1abfc4660499997f7",
|
||||
"treeSize": 82913511
|
||||
},
|
||||
"signedEntryTimestamp": "MEQCIHkKq/L6PD0eCsNch7D89YpUScYxzW9rOEumpzBhnLRCAiBQkdPEHa5LFgvB7KwYrvs6xT29AWuIFk2qns3cmdk6IA=="
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
]
|
||||
}
|
||||
Reference in New Issue
Block a user