├── .github ├── .codecov.yml ├── ISSUE_TEMPLATE │ ├── bug-or-issue.yaml │ ├── config.yml │ └── feature-request.yaml ├── dependabot.yml ├── licenserc.yml └── workflows │ ├── add-to-project.yml │ ├── build.yml │ ├── codeql.yml │ ├── license-checker.yml │ └── stale.yml ├── .gitignore ├── CODEOWNERS ├── CODE_OF_CONDUCT.md ├── LICENSE ├── MAINTAINERS ├── Makefile ├── README.md ├── RELEASE_CHECKLIST.md ├── config ├── base.go ├── base_test.go ├── config.go ├── config_test.go ├── errors.go ├── errors_test.go ├── keys.go ├── keys_test.go └── testdata │ ├── malformed-duplicate │ └── signingkeys.json │ ├── malformed-invalid-default │ └── signingkeys.json │ └── valid │ ├── config.json │ └── signingkeys.json ├── dir ├── fs.go ├── fs_test.go ├── path.go ├── path_test.go └── testdata │ └── data.txt ├── errors.go ├── errors_test.go ├── example_localSign_test.go ├── example_localVerify_test.go ├── example_remoteSign_test.go ├── example_remoteVerify_test.go ├── example_signBlob_test.go ├── example_signWithTimestmap_test.go ├── example_verifyBlob_test.go ├── example_verifyWithTimestamp_test.go ├── go.mod ├── go.sum ├── internal ├── container │ └── set.go ├── envelope │ ├── envelope.go │ └── envelope_test.go ├── file │ ├── file.go │ └── file_test.go ├── io │ ├── limitedwriter.go │ └── limitedwriter_test.go ├── mock │ ├── mockfs │ │ └── fs.go │ ├── mocks.go │ ├── ocilayout │ │ ├── ocilayout.go │ │ └── ocilayout_test.go │ └── testdata │ │ ├── ca_compatible_pluginver_sig_env_0.0.9.json │ │ ├── ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json │ │ ├── ca_compatible_pluginver_sig_env_1.0.0-alpha.json │ │ ├── ca_compatible_pluginver_sig_env_1.0.0.json │ │ ├── ca_expired_sig_env.json │ │ ├── ca_incompatible_pluginver_sig_env_1.0.1.json │ │ ├── ca_incompatible_pluginver_sig_env_1.0.9.json │ │ ├── ca_incompatible_pluginver_sig_env_1.1.0-alpha.json │ │ ├── ca_incompatible_pluginver_sig_env_1.2.3.json │ │ ├── ca_invalid_sig_env.json │ │ ├── ca_plugin_sig_env.json │ │ ├── ca_valid_sig_env.json │ │ ├── sa_expired_sig_env.json │ │ ├── sa_invalid_sig_env.json │ │ ├── sa_plugin_sig_env.json │ │ ├── sa_valid_sig_env.json │ │ └── sig_env_with_metadata.json ├── pkix │ ├── fuzz_test.go │ ├── pkix.go │ └── pkix_test.go ├── semver │ ├── semver.go │ └── semver_test.go ├── slices │ └── slices.go ├── testdata │ ├── cose_signature.sig │ ├── jws_signature.sig │ └── oci-layout │ │ ├── blobs │ │ └── sha256 │ │ │ ├── 19dbd2e48e921426ee8ace4dc892edfb2ecdc1d1a72d5416c83670c30acecef0 │ │ │ ├── 572996c3caeacea40b947911a9dda21516c082b5a64af30048a02a6f5eb956d4 │ │ │ └── 63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c │ │ ├── index.json │ │ ├── manifest.json │ │ └── oci-layout └── trustpolicy │ └── trustpolicy.go ├── log ├── log.go └── log_test.go ├── notation.go ├── notation_test.go ├── plugin ├── errors.go ├── integration_test.go ├── manager.go ├── manager_test.go ├── manager_unix.go ├── manager_windows.go ├── plugin.go ├── plugin_test.go ├── proto │ ├── algorithm.go │ ├── algorithm_test.go │ ├── errors.go │ ├── errors_test.go │ ├── metadata.go │ ├── metadata_test.go │ ├── proto.go │ ├── sign.go │ └── verify.go └── testdata │ ├── main.go │ └── plugins │ ├── badplugin │ └── notation-badplugin │ │ └── badplugin │ └── foo │ ├── libfoo │ └── notation-foo ├── registry ├── interface.go ├── internal │ └── artifactspec │ │ └── artifact.go ├── mediatype.go ├── repository.go └── repository_test.go ├── signer ├── plugin.go ├── plugin_test.go ├── signer.go ├── signer_test.go └── testdata │ └── DigiCertTSARootSHA384.cer └── verifier ├── crl ├── crl.go └── crl_test.go ├── helpers.go ├── helpers_test.go ├── testdata ├── timestamp │ ├── countersignature │ │ ├── TimeStampToken.p7s │ │ ├── TimeStampTokenWithInvalidTSTInfo.p7s │ │ ├── TimeStampTokenWithInvalideContentType.p7s │ │ └── TimeStampTokenWithoutCertificate.p7s │ └── sigEnv │ │ ├── coseExpiredWithTimestamp.sig │ │ ├── coseWithTimestamp.sig │ │ ├── jwsExpiredWithTimestamp.sig │ │ ├── jwsWithTimestamp.sig │ │ ├── timestampAfterNotAfter.sig │ │ ├── timestampBeforeNotBefore.sig │ │ └── withoutTimestamp.sig ├── truststore │ └── x509 │ │ ├── ca │ │ ├── trust-store-with-invalid-certs │ │ │ └── invalid │ │ ├── trust-store-with-leaf-certs-in-single-file │ │ │ └── RootAndLeafCerts.crt │ │ ├── trust-store-with-leaf-certs │ │ │ ├── GlobalSignRootCA.crt │ │ │ └── non-ca.crt │ │ ├── valid-trust-store-2 │ │ │ ├── GlobalSign.der │ │ │ └── GlobalSignRootCA.crt │ │ ├── valid-trust-store-self-signed │ │ │ └── openssl-minimum-self-signed.pem │ │ ├── valid-trust-store │ │ │ ├── GlobalSign.der │ │ │ ├── GlobalSignRootCA.crt │ │ │ ├── NotationTestRoot.pem │ │ │ ├── TestTimestamp.crt │ │ │ ├── TestTimestampNotYetValid.crt │ │ │ └── wabbit-networks.io.crt │ │ └── valid-trust-store_SYMLINK │ │ │ └── valid-trust-store_SYMLINK │ │ ├── signingAuthority │ │ ├── valid-trust-store-2 │ │ │ ├── GlobalSign.der │ │ │ └── GlobalSignRootCA.crt │ │ └── valid-trust-store │ │ │ ├── GlobalSign.der │ │ │ ├── GlobalSignRootCA.crt │ │ │ └── NotationTestRoot.pem │ │ ├── trust-store-with-cert-symlinks │ │ ├── GlobalSignRootCA.crt │ │ └── GlobalSignRootCA_SYMLINK.crt │ │ ├── trust-store-with-directories │ │ ├── GlobalSignRootCA.crt │ │ └── sub-dir │ │ │ └── .gitkeep │ │ └── tsa │ │ ├── test-mismatch │ │ └── DigiCertTSARootSHA384.cer │ │ ├── test-nonCA │ │ └── wabbit-networks.io.crt │ │ ├── test-nonSelfIssued │ │ └── nonSelfIssued.crt │ │ └── test-timestamp │ │ └── globalsignRoot.cer └── verifier │ ├── bad-cert.pem │ └── signing-cert.pem ├── timestamp_test.go ├── trustpolicy ├── blob.go ├── blob_test.go ├── oci.go ├── oci_test.go ├── trustpolicy.go └── trustpolicy_test.go ├── truststore ├── errors.go ├── truststore.go └── truststore_test.go ├── verifier.go └── verifier_test.go /.github/.codecov.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | coverage: 15 | status: 16 | project: 17 | default: 18 | target: 80% 19 | patch: 20 | default: 21 | target: 80% -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-or-issue.yaml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: 🐛 Bug or Issue 15 | description: Something is not working as expected or not working at all! Report it here! 16 | labels: [bug, triage] 17 | body: 18 | - type: markdown 19 | attributes: 20 | value: | 21 | Thank you for taking the time to fill out this issue report. 🛑 Please check existing issues first before continuing: https://github.com/notaryproject/notation-go/issues 22 | - type: textarea 23 | id: verbatim 24 | validations: 25 | required: true 26 | attributes: 27 | label: "What is not working as expected?" 28 | description: "In your own words, describe what the issue is." 29 | - type: textarea 30 | id: expect 31 | validations: 32 | required: true 33 | attributes: 34 | label: "What did you expect to happen?" 35 | description: "A clear and concise description of what you expected to happen." 36 | - type: textarea 37 | id: reproduce 38 | validations: 39 | required: true 40 | attributes: 41 | label: "How can we reproduce it?" 42 | description: "Detailed steps to reproduce the behavior, code snippets are welcome." 43 | - type: textarea 44 | id: environment 45 | validations: 46 | required: true 47 | attributes: 48 | label: Describe your environment 49 | description: "OS and Golang version" 50 | - type: textarea 51 | id: version 52 | validations: 53 | required: true 54 | attributes: 55 | label: What is the version of your notation-go Library? 56 | description: "Check the `go.mod` file for the library version." 57 | - type: markdown 58 | attributes: 59 | value: | 60 | If you want to contribute to this project, we will be happy to guide you through the contribution process especially when you already have a good proposal or understanding of how to fix this issue. Join us at https://slack.cncf.io/ and choose #notary-project channel. 61 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | blank_issues_enabled: false 15 | contact_links: 16 | - name: Ask a question 17 | url: https://slack.cncf.io/ 18 | about: "Join #notary-project channel on CNCF Slack" 19 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature-request.yaml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: 🚀 Feature Request 15 | description: Suggest an idea for this project. 16 | labels: [enhancement, triage] 17 | body: 18 | - type: markdown 19 | attributes: 20 | value: | 21 | Thank you for taking the time to suggest a useful feature for the project! 22 | - type: textarea 23 | id: problem 24 | validations: 25 | required: true 26 | attributes: 27 | label: "Is your feature request related to a problem?" 28 | description: "A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]" 29 | - type: textarea 30 | id: solution 31 | validations: 32 | required: true 33 | attributes: 34 | label: "What solution do you propose?" 35 | description: "A clear and concise description of what you want to happen." 36 | - type: textarea 37 | id: alternatives 38 | validations: 39 | required: true 40 | attributes: 41 | label: "What alternatives have you considered?" 42 | description: "A clear and concise description of any alternative solutions or features you've considered." 43 | - type: textarea 44 | id: context 45 | validations: 46 | required: false 47 | attributes: 48 | label: "Any additional context?" 49 | description: "Add any other context or screenshots about the feature request here." 50 | - type: markdown 51 | attributes: 52 | value: | 53 | If you want to contribute to this project, we will be happy to guide you through the contribution process especially when you already have a good proposal or understanding of how to improve the functionality. Join us at https://slack.cncf.io/ and choose #notary-project channel. 54 | -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | version: 2 15 | updates: 16 | - package-ecosystem: "gomod" 17 | directory: "/" 18 | schedule: 19 | interval: "weekly" 20 | - package-ecosystem: "github-actions" 21 | directory: "/" 22 | schedule: 23 | interval: "weekly" 24 | -------------------------------------------------------------------------------- /.github/licenserc.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | header: 15 | license: 16 | spdx-id: Apache-2.0 17 | content: | 18 | Copyright The Notary Project Authors. 19 | Licensed under the Apache License, Version 2.0 (the "License"); 20 | you may not use this file except in compliance with the License. 21 | You may obtain a copy of the License at 22 | 23 | http://www.apache.org/licenses/LICENSE-2.0 24 | 25 | Unless required by applicable law or agreed to in writing, software 26 | distributed under the License is distributed on an "AS IS" BASIS, 27 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 28 | See the License for the specific language governing permissions and 29 | limitations under the License. 30 | 31 | paths-ignore: 32 | - '**/*.md' 33 | - 'CODEOWNERS' 34 | - 'LICENSE' 35 | - 'MAINTAINERS' 36 | - 'go.mod' 37 | - 'go.sum' 38 | - '**/testdata/**' 39 | 40 | comment: on-failure 41 | 42 | dependency: 43 | files: 44 | - go.mod -------------------------------------------------------------------------------- /.github/workflows/add-to-project.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | on: 15 | issues: 16 | types: 17 | - opened 18 | 19 | jobs: 20 | add-to-project: 21 | name: Add issue to project 22 | runs-on: ubuntu-latest 23 | steps: 24 | - uses: actions/add-to-project@main 25 | with: 26 | project-url: https://github.com/orgs/notaryproject/projects/10 27 | github-token: ${{ secrets.ADD_TO_PROJECT_PAT }} -------------------------------------------------------------------------------- /.github/workflows/build.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: build 15 | 16 | on: 17 | push: 18 | branches: 19 | - main 20 | - release-* 21 | pull_request: 22 | branches: 23 | - main 24 | - release-* 25 | 26 | jobs: 27 | build: 28 | uses: notaryproject/notation-core-go/.github/workflows/reusable-build.yml@main 29 | secrets: 30 | CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} 31 | -------------------------------------------------------------------------------- /.github/workflows/codeql.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: "CodeQL" 15 | 16 | on: 17 | push: 18 | branches: 19 | - main 20 | - release-* 21 | pull_request: 22 | branches: 23 | - main 24 | - release-* 25 | schedule: 26 | - cron: '29 2 * * 5' 27 | 28 | jobs: 29 | analyze: 30 | uses: notaryproject/notation-core-go/.github/workflows/reusable-codeql.yml@main -------------------------------------------------------------------------------- /.github/workflows/license-checker.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: License Checker 15 | 16 | on: 17 | push: 18 | branches: 19 | - main 20 | - release-* 21 | pull_request: 22 | branches: 23 | - main 24 | - release-* 25 | 26 | permissions: 27 | contents: write 28 | pull-requests: write 29 | 30 | jobs: 31 | check-license: 32 | uses: notaryproject/notation-core-go/.github/workflows/reusable-license-checker.yml@main -------------------------------------------------------------------------------- /.github/workflows/stale.yml: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | name: "Close stale issues and PRs" 15 | on: 16 | schedule: 17 | - cron: "30 1 * * *" 18 | 19 | jobs: 20 | stale: 21 | runs-on: ubuntu-latest 22 | steps: 23 | - uses: actions/stale@v9 24 | with: 25 | stale-issue-message: "This issue is stale because it has been opened for 60 days with no activity. Remove stale label or comment. Otherwise, it will be closed in 30 days." 26 | stale-pr-message: "This PR is stale because it has been opened for 45 days with no activity. Remove stale label or comment. Otherwise, it will be closed in 30 days." 27 | close-issue-message: "Issue closed due to no activity in the past 30 days." 28 | close-pr-message: "PR closed due to no activity in the past 30 days." 29 | days-before-issue-stale: 60 30 | days-before-pr-stale: 45 31 | days-before-issue-close: 30 32 | days-before-pr-close: 30 33 | exempt-all-milestones: true 34 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | # Code Editors 15 | .vscode 16 | .idea 17 | *.sublime-project 18 | *.sublime-workspace 19 | 20 | # Custom 21 | coverage.txt 22 | 23 | # tmp directory was generated by example_remoteVerify_test.go 24 | tmp/ -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | # Repo-Level Owners (in alphabetical order) 2 | # Note: This is only for the notaryproject/notation-go repo 3 | * @gokarnm @JeyJeyGao @niazfk @priteshbandi @rgnote @shizhMSFT @toddysm @Two-Hearts @vaninrao10 @yizha1 4 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | Notation follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). -------------------------------------------------------------------------------- /MAINTAINERS: -------------------------------------------------------------------------------- 1 | # Org-Level Maintainers (in alphabetical order) 2 | # Pattern: [First Name] [Last Name] <[Email Address]> ([GitHub Handle]) 3 | Niaz Khan (@niazfk) 4 | Pritesh Bandi (@priteshbandi) 5 | Shiwei Zhang (@shizhMSFT) 6 | Toddy Mladenov (@toddysm) 7 | Vani Rao (@vaninrao10) 8 | Yi Zha (@yizha1) 9 | 10 | # Repo-Level Maintainers (in alphabetical order) 11 | # Note: This is for the notaryproject/notation-go repo 12 | Junjie Gao (@JeyJeyGao) 13 | Milind Gokarn (@gokarnm) 14 | Patrick Zheng (@Two-Hearts) 15 | Rakesh Gariganti (@rgnote) 16 | 17 | # Emeritus Org Maintainers (in alphabetical order) 18 | Justin Cormack (@justincormack) 19 | Steve Lasker (@stevelasker) -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # Copyright The Notary Project Authors. 2 | # Licensed under the Apache License, Version 2.0 (the "License"); 3 | # you may not use this file except in compliance with the License. 4 | # You may obtain a copy of the License at 5 | # 6 | # http://www.apache.org/licenses/LICENSE-2.0 7 | # 8 | # Unless required by applicable law or agreed to in writing, software 9 | # distributed under the License is distributed on an "AS IS" BASIS, 10 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | # See the License for the specific language governing permissions and 12 | # limitations under the License. 13 | 14 | .PHONY: help 15 | help: 16 | @grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) | sort | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-25s\033[0m %s\n", $$1, $$2}' 17 | 18 | .PHONY: all 19 | all: test 20 | 21 | .PHONY: test 22 | test: check-line-endings ## run unit tests 23 | go test -race -v -coverprofile=coverage.txt -covermode=atomic ./... 24 | 25 | .PHONY: clean 26 | clean: 27 | git status --ignored --short | grep '^!! ' | sed 's/!! //' | xargs rm -rf 28 | 29 | .PHONY: check-line-endings 30 | check-line-endings: ## check line endings 31 | ! find . -name "*.go" -type f -exec file "{}" ";" | grep CRLF 32 | ! find . -name "*.sh" -type f -exec file "{}" ";" | grep CRLF 33 | 34 | .PHONY: fix-line-endings 35 | fix-line-endings: ## fix line endings 36 | find . -type f -name "*.go" -exec sed -i -e "s/\r//g" {} + 37 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # notation-go 2 | 3 | [![Build Status](https://github.com/notaryproject/notation-go/actions/workflows/build.yml/badge.svg?event=push&branch=main)](https://github.com/notaryproject/notation-go/actions/workflows/build.yml?query=workflow%3Abuild+event%3Apush+branch%3Amain) 4 | [![Codecov](https://codecov.io/gh/notaryproject/notation-go/branch/main/graph/badge.svg)](https://codecov.io/gh/notaryproject/notation-go) 5 | [![Go Reference](https://pkg.go.dev/badge/github.com/notaryproject/notation-go.svg)](https://pkg.go.dev/github.com/notaryproject/notation-go@main) 6 | [![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/notaryproject/notation-go/badge)](https://scorecard.dev/viewer/?uri=github.com/notaryproject/notation-go) 7 | 8 | notation-go contains libraries for signing and verification of artifacts as per [Notary Project specifications](https://github.com/notaryproject/specifications). notation-go is being used by [notation](https://github.com/notaryproject/notation) CLI for signing and verifying artifacts. 9 | 10 | notation-go reached a stable release as of July 2023 and continues to be actively developed and maintained. 11 | 12 | Please visit [README](https://github.com/notaryproject/.github/blob/main/README.md) to know more about Notary Project. 13 | 14 | > [!NOTE] 15 | > The Notary Project documentation is available [here](https://notaryproject.dev/docs/). 16 | 17 | ## Table of Contents 18 | 19 | - [Documentation](#documentation) 20 | - [Code of Conduct](#code-of-conduct) 21 | - [License](#license) 22 | 23 | ## Documentation 24 | 25 | Library documentation is available at [Go Reference](https://pkg.go.dev/github.com/notaryproject/notation-go). 26 | 27 | ## Code of Conduct 28 | 29 | This project has adopted the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/master/code-of-conduct.md). See [CODE_OF_CONDUCT.md](CODE_OF_CONDUCT.md) for further details. 30 | 31 | ## License 32 | 33 | This project is covered under the Apache 2.0 license. You can read the license [here](LICENSE). 34 | -------------------------------------------------------------------------------- /config/base.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package config 15 | 16 | import ( 17 | "encoding/json" 18 | "fmt" 19 | "io/fs" 20 | "os" 21 | "path/filepath" 22 | 23 | "github.com/notaryproject/notation-go/dir" 24 | ) 25 | 26 | // save stores the cfg struct to file 27 | func save(filePath string, cfg interface{}) error { 28 | dir := filepath.Dir(filePath) 29 | if err := os.MkdirAll(dir, 0700); err != nil { 30 | return err 31 | } 32 | 33 | file, err := os.OpenFile(filePath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600) 34 | if err != nil { 35 | return err 36 | } 37 | defer file.Close() 38 | 39 | encoder := json.NewEncoder(file) 40 | encoder.SetIndent("", " ") 41 | return encoder.Encode(cfg) 42 | } 43 | 44 | // load reads file, parses json and stores in cfg struct 45 | func load(filePath string, cfg interface{}) error { 46 | path, err := dir.ConfigFS().SysPath(filePath) 47 | if err != nil { 48 | return err 49 | } 50 | 51 | // throw error if path is a directory or is a symlink or does not exist. 52 | fileInfo, err := os.Lstat(path) 53 | if err != nil { 54 | return err 55 | } 56 | mode := fileInfo.Mode() 57 | if mode.IsDir() || mode&fs.ModeSymlink != 0 { 58 | return fmt.Errorf("%q is not a regular file (symlinks are not supported)", path) 59 | } 60 | 61 | file, err := os.Open(path) 62 | if err != nil { 63 | return err 64 | } 65 | defer file.Close() 66 | return json.NewDecoder(file).Decode(cfg) 67 | } 68 | -------------------------------------------------------------------------------- /config/base_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package config 15 | 16 | import ( 17 | "fmt" 18 | "os" 19 | "path/filepath" 20 | "runtime" 21 | "testing" 22 | 23 | "github.com/notaryproject/notation-go/dir" 24 | ) 25 | 26 | func TestLoadNonExistentFile(t *testing.T) { 27 | dir.UserConfigDir = "testdata/valid" 28 | 29 | var config string 30 | err := load("non-existent", &config) 31 | if err == nil { 32 | t.Fatalf("load() expected error but not found") 33 | } 34 | } 35 | 36 | func TestLoadSymlink(t *testing.T) { 37 | if runtime.GOOS == "windows" { 38 | t.Skip("skipping test on Windows") 39 | } 40 | root := t.TempDir() 41 | dir.UserConfigDir = root 42 | fileName := "symlink" 43 | os.Symlink("testdata/valid/config.json", filepath.Join(root, fileName)) 44 | 45 | expectedError := fmt.Sprintf("\"%s/%s\" is not a regular file (symlinks are not supported)", dir.UserConfigDir, fileName) 46 | var config string 47 | err := load(fileName, &config) 48 | if err != nil && err.Error() != expectedError { 49 | t.Fatalf("load() expected error= %s but found= %v", expectedError, err) 50 | } 51 | } 52 | -------------------------------------------------------------------------------- /config/config.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package config provides the ability to load and save config.json and 15 | // signingkeys.json. 16 | package config 17 | 18 | import ( 19 | "errors" 20 | "io/fs" 21 | 22 | "github.com/notaryproject/notation-go/dir" 23 | ) 24 | 25 | // Config reflects the config.json file. 26 | // Specification: https://github.com/notaryproject/notation/pull/76 27 | type Config struct { 28 | InsecureRegistries []string `json:"insecureRegistries"` 29 | CredentialsStore string `json:"credsStore,omitempty"` 30 | CredentialHelpers map[string]string `json:"credHelpers,omitempty"` 31 | // SignatureFormat defines the signature envelope type for signing 32 | SignatureFormat string `json:"signatureFormat,omitempty"` 33 | } 34 | 35 | // NewConfig creates a new config file 36 | func NewConfig() *Config { 37 | return &Config{} 38 | } 39 | 40 | // Save stores the config to file 41 | func (c *Config) Save() error { 42 | path, err := dir.ConfigFS().SysPath(dir.PathConfigFile) 43 | if err != nil { 44 | return err 45 | } 46 | return save(path, c) 47 | } 48 | 49 | // LoadConfig reads the config from file or return a default config if not found. 50 | func LoadConfig() (*Config, error) { 51 | var config Config 52 | 53 | err := load(dir.PathConfigFile, &config) 54 | if err != nil { 55 | if errors.Is(err, fs.ErrNotExist) { 56 | return NewConfig(), nil 57 | } 58 | return nil, err 59 | } 60 | return &config, nil 61 | } 62 | -------------------------------------------------------------------------------- /config/config_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package config 15 | 16 | import ( 17 | "reflect" 18 | "testing" 19 | 20 | "github.com/notaryproject/notation-go/dir" 21 | ) 22 | 23 | var sampleConfig = &Config{ 24 | InsecureRegistries: []string{ 25 | "registry.wabbit-networks.io", 26 | }, 27 | SignatureFormat: "jws", 28 | } 29 | 30 | func TestLoadFile(t *testing.T) { 31 | dir.UserConfigDir = "./testdata/valid" 32 | got, err := LoadConfig() 33 | if err != nil { 34 | t.Fatalf("LoadConfig() error. err = %v", err) 35 | } 36 | 37 | if !reflect.DeepEqual(got, sampleConfig) { 38 | t.Errorf("loadFile() = %v, want %v", got, sampleConfig) 39 | } 40 | } 41 | 42 | func TestSaveFile(t *testing.T) { 43 | root := t.TempDir() 44 | dir.UserConfigDir = root 45 | sampleConfig.Save() 46 | config, err := LoadConfig() 47 | if err != nil { 48 | t.Fatal("Load config file from temp dir failed") 49 | } 50 | if !reflect.DeepEqual(sampleConfig, config) { 51 | t.Fatal("save config file failed.") 52 | } 53 | } 54 | 55 | func TestLoadNonExistedConfig(t *testing.T) { 56 | dir.UserConfigDir = "./testdata/non-existed" 57 | got, err := LoadConfig() 58 | if err != nil { 59 | t.Fatalf("LoadConfig() error. err = %v", err) 60 | } 61 | 62 | if !reflect.DeepEqual(got, NewConfig()) { 63 | t.Errorf("loadFile() = %v, want %v", got, NewConfig()) 64 | } 65 | } 66 | -------------------------------------------------------------------------------- /config/errors.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package config 15 | 16 | import ( 17 | "errors" 18 | "fmt" 19 | ) 20 | 21 | // ErrKeyNameEmpty is used when key name is empty. 22 | var ErrKeyNameEmpty = errors.New("key name cannot be empty") 23 | 24 | // KeyNotFoundError is used when key is not found in the signingkeys.json file. 25 | type KeyNotFoundError struct { 26 | KeyName string 27 | } 28 | 29 | // Error returns the error message. 30 | func (e KeyNotFoundError) Error() string { 31 | if e.KeyName != "" { 32 | return fmt.Sprintf("signing key %s not found", e.KeyName) 33 | } 34 | return "signing key not found" 35 | } 36 | -------------------------------------------------------------------------------- /config/errors_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package config 15 | 16 | import "testing" 17 | 18 | func TestErrorKeyNotFound(t *testing.T) { 19 | e := KeyNotFoundError{} 20 | if e.Error() != "signing key not found" { 21 | t.Fatalf("ErrorKeyNotFound.Error() = %v, want %v", e.Error(), "signing key not found") 22 | } 23 | 24 | e = KeyNotFoundError{KeyName: "testKey"} 25 | if e.Error() != `signing key testKey not found` { 26 | t.Fatalf("ErrorKeyNotFound.Error() = %v, want %v", e.Error(), "signing key testKey not found") 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /config/testdata/malformed-duplicate/signingkeys.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": "wabbit-networks", 3 | "keys": [ 4 | { 5 | "name": "wabbit-networks", 6 | "keyPath": "/home/demo/.config/notation/localkeys/wabbit-networks.key", 7 | "certPath": "/home/demo/.config/notation/localkeys/wabbit-networks.crt" 8 | }, 9 | { 10 | "name": "wabbit-networks", 11 | "keyPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.key", 12 | "certPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.crt" 13 | }, 14 | { 15 | "name": "external-key", 16 | "id": "id1", 17 | "pluginName": "pluginX", 18 | "pluginConfig": { 19 | "key": "value" 20 | } 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /config/testdata/malformed-invalid-default/signingkeys.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": "missing-default", 3 | "keys": [ 4 | { 5 | "name": "wabbit-networks", 6 | "keyPath": "/home/demo/.config/notation/localkeys/wabbit-networks.key", 7 | "certPath": "/home/demo/.config/notation/localkeys/wabbit-networks.crt" 8 | }, 9 | { 10 | "name": "import.acme-rockets", 11 | "keyPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.key", 12 | "certPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.crt" 13 | }, 14 | { 15 | "name": "external-key", 16 | "id": "id1", 17 | "pluginName": "pluginX", 18 | "pluginConfig": { 19 | "key": "value" 20 | } 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /config/testdata/valid/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "insecureRegistries": [ 3 | "registry.wabbit-networks.io" 4 | ], 5 | "signatureFormat": "jws" 6 | } -------------------------------------------------------------------------------- /config/testdata/valid/signingkeys.json: -------------------------------------------------------------------------------- 1 | { 2 | "default": "wabbit-networks", 3 | "keys": [ 4 | { 5 | "name": "wabbit-networks", 6 | "keyPath": "/home/demo/.config/notation/localkeys/wabbit-networks.key", 7 | "certPath": "/home/demo/.config/notation/localkeys/wabbit-networks.crt" 8 | }, 9 | { 10 | "name": "import.acme-rockets", 11 | "keyPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.key", 12 | "certPath": "/home/demo/.config/notation/localkeys/import.acme-rockets.crt" 13 | }, 14 | { 15 | "name": "external-key", 16 | "id": "id1", 17 | "pluginName": "pluginX", 18 | "pluginConfig": { 19 | "key": "value" 20 | } 21 | } 22 | ] 23 | } -------------------------------------------------------------------------------- /dir/fs.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package dir 15 | 16 | import ( 17 | "io/fs" 18 | "os" 19 | "path/filepath" 20 | ) 21 | 22 | // SysFS is virtual file system interface that support fs.FS and SysPath method. 23 | type SysFS interface { 24 | fs.FS 25 | 26 | // SysPath returns the real system path of the given path items in the SysFS. 27 | SysPath(items ...string) (string, error) 28 | } 29 | 30 | type sysFS struct { 31 | fs.FS 32 | root string 33 | } 34 | 35 | // SysPath returns the real system path of the given name in the SysFS. 36 | func (s sysFS) SysPath(items ...string) (string, error) { 37 | pathItems := []string{s.root} 38 | pathItems = append(pathItems, items...) 39 | return filepath.Join(pathItems...), nil 40 | } 41 | 42 | // NewSysFS returns the SysFS for the given root directory. 43 | // 44 | // Support one root directory for rc.1, and may support union directories FS 45 | // after rc.1. 46 | func NewSysFS(root string) SysFS { 47 | return sysFS{ 48 | FS: os.DirFS(root), 49 | root: root} 50 | } 51 | 52 | // ConfigFS is the config SysFS 53 | func ConfigFS() SysFS { 54 | return NewSysFS(userConfigDirPath()) 55 | } 56 | 57 | // PluginFS is the plugin SysFS 58 | func PluginFS() SysFS { 59 | return NewSysFS(filepath.Join(userLibexecDirPath(), PathPlugins)) 60 | } 61 | 62 | // CacheFS is the cache SysFS. 63 | // 64 | // To get the root of crl file cache, use `CacheFS().SysFS(PathCRLCache)`. 65 | func CacheFS() SysFS { 66 | return NewSysFS(userCacheDirPath()) 67 | } 68 | -------------------------------------------------------------------------------- /dir/fs_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package dir 15 | 16 | import ( 17 | "bytes" 18 | "path/filepath" 19 | "testing" 20 | ) 21 | 22 | func TestSysFS_SysPath(t *testing.T) { 23 | wantPath := filepath.FromSlash("/path/notation/config.json") 24 | fsys := NewSysFS("/path/notation") 25 | path, err := fsys.SysPath(PathConfigFile) 26 | if err != nil { 27 | t.Fatalf("SysPath() failed. err = %v", err) 28 | } 29 | if path != wantPath { 30 | t.Fatalf(`SysPath() failed. got: %q, want: %q`, path, wantPath) 31 | } 32 | } 33 | 34 | func TestOsFs(t *testing.T) { 35 | wantData := []byte("data") 36 | fsys := NewSysFS("./testdata") 37 | 38 | // read test file 39 | path, err := fsys.Open("data.txt") 40 | if err != nil { 41 | t.Fatalf("Open() failed. err = %v", err) 42 | } 43 | data := make([]byte, 4) 44 | _, err = path.Read(data) 45 | if err != nil { 46 | t.Fatalf("Read() failed. err = %v", err) 47 | } 48 | if !bytes.Equal(data, wantData) { 49 | t.Fatalf("SysFS read failed. got data = %v, want %v", data, wantData) 50 | } 51 | } 52 | 53 | func TestConfigFS(t *testing.T) { 54 | configFS := ConfigFS() 55 | path, err := configFS.SysPath(PathConfigFile) 56 | if err != nil { 57 | t.Fatalf("SysPath() failed. err = %v", err) 58 | } 59 | if path != filepath.Join(UserConfigDir, PathConfigFile) { 60 | t.Fatalf(`SysPath() failed. got: %q, want: %q`, path, filepath.Join(UserConfigDir, PathConfigFile)) 61 | } 62 | } 63 | 64 | func TestPluginFS(t *testing.T) { 65 | pluginFS := PluginFS() 66 | path, err := pluginFS.SysPath("plugin") 67 | if err != nil { 68 | t.Fatalf("SysPath() failed. err = %v", err) 69 | } 70 | if path != filepath.Join(userLibexecDirPath(), PathPlugins, "plugin") { 71 | t.Fatalf(`SysPath() failed. got: %q, want: %q`, path, filepath.Join(userLibexecDirPath(), PathPlugins, "plugin")) 72 | } 73 | } 74 | 75 | func TestCRLFileCacheFS(t *testing.T) { 76 | cacheFS := CacheFS() 77 | path, err := cacheFS.SysPath(PathCRLCache) 78 | if err != nil { 79 | t.Fatalf("SysPath() failed. err = %v", err) 80 | } 81 | if path != filepath.Join(UserCacheDir, PathCRLCache) { 82 | t.Fatalf(`SysPath() failed. got: %q, want: %q`, path, UserConfigDir) 83 | } 84 | } 85 | -------------------------------------------------------------------------------- /dir/path_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package dir 15 | 16 | import ( 17 | "os" 18 | "path/filepath" 19 | "testing" 20 | ) 21 | 22 | func mockUserPath() (string, error) { 23 | return "/path/", nil 24 | } 25 | 26 | func setup() { 27 | UserConfigDir = "" 28 | UserLibexecDir = "" 29 | UserCacheDir = "" 30 | } 31 | 32 | func Test_UserConfigDirPath(t *testing.T) { 33 | userConfigDir = mockUserPath 34 | setup() 35 | got := userConfigDirPath() 36 | if got != "/path/notation" { 37 | t.Fatalf(`UserConfigDirPath() = %q, want "/path/notation"`, got) 38 | } 39 | } 40 | 41 | func Test_NoHomeVariable(t *testing.T) { 42 | t.Setenv("HOME", "") 43 | t.Setenv("XDG_CONFIG_HOME", "") 44 | t.Setenv("XDG_CACHE_HOME", "") 45 | setup() 46 | userConfigDir = os.UserConfigDir 47 | got := userConfigDirPath() 48 | if got != ".notation" { 49 | t.Fatalf(`userConfigDirPath() = %q, want ".notation"`, got) 50 | } 51 | got = userCacheDirPath() 52 | want := filepath.Join("."+notation, "cache") 53 | if got != want { 54 | t.Fatalf(`userCacheDirPath() = %q, want %q`, got, want) 55 | } 56 | } 57 | 58 | func Test_UserLibexecDirPath(t *testing.T) { 59 | userConfigDir = mockUserPath 60 | setup() 61 | got := userLibexecDirPath() 62 | if got != "/path/notation" { 63 | t.Fatalf(`UserConfigDirPath() = %q, want "/path/notation"`, got) 64 | } 65 | } 66 | 67 | func Test_UserCacheDirPath(t *testing.T) { 68 | userCacheDir = mockUserPath 69 | setup() 70 | got := userCacheDirPath() 71 | if got != "/path/notation" { 72 | t.Fatalf(`UserCacheDirPath() = %q, want "/path/notation"`, got) 73 | } 74 | } 75 | 76 | func TestLocalKeyPath(t *testing.T) { 77 | userConfigDir = mockUserPath 78 | setup() 79 | _ = userConfigDirPath() 80 | _ = userLibexecDirPath() 81 | gotKeyPath, gotCertPath := LocalKeyPath("web") 82 | if gotKeyPath != "localkeys/web.key" { 83 | t.Fatalf(`LocalKeyPath() gotKeyPath = %q, want "localkeys/web.key"`, gotKeyPath) 84 | } 85 | if gotCertPath != "localkeys/web.crt" { 86 | t.Fatalf(`LocalKeyPath() gotCertPath = %q, want "localkeys/web.crt"`, gotCertPath) 87 | } 88 | } 89 | 90 | func TestX509TrustStoreDir(t *testing.T) { 91 | userConfigDir = mockUserPath 92 | setup() 93 | _ = userConfigDirPath() 94 | _ = userLibexecDirPath() 95 | if got := X509TrustStoreDir("ca", "web"); got != "truststore/x509/ca/web" { 96 | t.Fatalf(`X509TrustStoreDir() = %q, want "truststore/x509/ca/web"`, got) 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /dir/testdata/data.txt: -------------------------------------------------------------------------------- 1 | data -------------------------------------------------------------------------------- /example_localSign_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package notation_test 15 | 16 | import ( 17 | "context" 18 | "crypto/x509" 19 | "fmt" 20 | 21 | "github.com/notaryproject/notation-core-go/signature" 22 | "github.com/notaryproject/notation-core-go/signature/cose" 23 | "github.com/notaryproject/notation-core-go/testhelper" 24 | "github.com/notaryproject/notation-go" 25 | "github.com/notaryproject/notation-go/signer" 26 | ocispec "github.com/opencontainers/image-spec/specs-go/v1" 27 | ) 28 | 29 | var ( 30 | // exampleDesc is an example of the target manifest descriptor. 31 | exampleDesc = ocispec.Descriptor{ 32 | MediaType: "application/vnd.docker.distribution.manifest.v2+json", 33 | Digest: "sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c", 34 | Size: 528, 35 | } 36 | 37 | // exampleCertTuple contains a RSA privateKey and a self-signed X509 38 | // certificate generated for demo purpose ONLY. 39 | exampleCertTuple = testhelper.GetRSASelfSignedSigningCertTuple("Notation Example self-signed") 40 | exampleCerts = []*x509.Certificate{exampleCertTuple.Cert} 41 | ) 42 | 43 | // ExampleLocalSign demonstrates how to use signer.Sign to sign an artifact 44 | // at local (without using a registry.Repository). 45 | func Example_localSign() { 46 | // exampleSigner is a notation.Signer given key and X509 certificate chain. 47 | // Users should replace `exampleCertTuple.PrivateKey` with their own private 48 | // key and replace `exampleCerts` with the corresponding full certificate 49 | // chain, following the Notary Project certificate requirements: 50 | // https://github.com/notaryproject/notaryproject/blob/v1.0.0/specs/signature-specification.md#certificate-requirements 51 | exampleSigner, err := signer.NewGenericSigner(exampleCertTuple.PrivateKey, exampleCerts) 52 | if err != nil { 53 | panic(err) // Handle error 54 | } 55 | 56 | // Both COSE ("application/cose") and JWS ("application/jose+json") 57 | // signature mediaTypes are supported. 58 | exampleSignatureMediaType := cose.MediaTypeEnvelope 59 | 60 | // exampleSignOptions is an example of notation.SignerSignOptions. 61 | exampleSignOptions := notation.SignerSignOptions{ 62 | SignatureMediaType: exampleSignatureMediaType, 63 | SigningAgent: "example signing agent", 64 | } 65 | 66 | // local sign core process 67 | // upon successful signing, signature envelope and signerInfo are returned. 68 | // signatureEnvelope can be used in a verification process later on. 69 | signatureEnvelope, signerInfo, err := exampleSigner.Sign(context.Background(), exampleDesc, exampleSignOptions) 70 | if err != nil { 71 | panic(err) // Handle error 72 | } 73 | 74 | fmt.Println("Successfully signed") 75 | 76 | // a peek of the signature envelope generated from Sign 77 | sigBlob, err := signature.ParseEnvelope(exampleSignatureMediaType, signatureEnvelope) 78 | if err != nil { 79 | panic(err) // Handle error 80 | } 81 | sigContent, err := sigBlob.Content() 82 | if err != nil { 83 | panic(err) // Handle error 84 | } 85 | fmt.Println("signature Payload ContentType:", sigContent.Payload.ContentType) 86 | fmt.Println("signature Payload Content:", string(sigContent.Payload.Content)) 87 | fmt.Println("signerInfo SigningAgent:", signerInfo.UnsignedAttributes.SigningAgent) 88 | 89 | // Output: 90 | // Successfully signed 91 | // signature Payload ContentType: application/vnd.cncf.notary.payload.v1+json 92 | // signature Payload Content: {"targetArtifact":{"mediaType":"application/vnd.docker.distribution.manifest.v2+json","digest":"sha256:c0d488a800e4127c334ad20d61d7bc21b4097540327217dfab52262adc02380c","size":528}} 93 | // signerInfo SigningAgent: example signing agent 94 | } 95 | -------------------------------------------------------------------------------- /example_remoteSign_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package notation_test 15 | 16 | import ( 17 | "context" 18 | "crypto/x509" 19 | "fmt" 20 | 21 | "oras.land/oras-go/v2/registry/remote" 22 | 23 | "github.com/notaryproject/notation-core-go/signature/cose" 24 | "github.com/notaryproject/notation-core-go/testhelper" 25 | "github.com/notaryproject/notation-go" 26 | "github.com/notaryproject/notation-go/registry" 27 | "github.com/notaryproject/notation-go/signer" 28 | ) 29 | 30 | // Both COSE ("application/cose") and JWS ("application/jose+json") 31 | // signature mediaTypes are supported. 32 | var exampleSignatureMediaType = cose.MediaTypeEnvelope 33 | 34 | // ExampleRemoteSign demonstrates how to use notation.Sign to sign an artifact 35 | // in the remote registry and push the signature to the remote. 36 | func Example_remoteSign() { 37 | // exampleArtifactReference is an example of the target artifact reference 38 | var exampleArtifactReference = "localhost:5000/software@sha256:60043cf45eaebc4c0867fea485a039b598f52fd09fd5b07b0b2d2f88fad9d74e" 39 | 40 | // exampleCertTuple contains a RSA privateKey and a self-signed X509 41 | // certificate generated for demo purpose ONLY. 42 | exampleCertTuple := testhelper.GetRSASelfSignedSigningCertTuple("Notation Example self-signed") 43 | exampleCerts := []*x509.Certificate{exampleCertTuple.Cert} 44 | 45 | // exampleSigner is a notation.Signer given key and X509 certificate chain. 46 | // Users should replace `exampleCertTuple.PrivateKey` with their own private 47 | // key and replace `exampleCerts` with the corresponding full certificate 48 | // chain, following the Notary Project certificate requirements: 49 | // https://github.com/notaryproject/notaryproject/blob/v1.0.0/specs/signature-specification.md#certificate-requirements 50 | exampleSigner, err := signer.NewGenericSigner(exampleCertTuple.PrivateKey, exampleCerts) 51 | if err != nil { 52 | panic(err) // Handle error 53 | } 54 | 55 | // exampleRepo is an example of registry.Repository. 56 | remoteRepo, err := remote.NewRepository(exampleArtifactReference) 57 | if err != nil { 58 | panic(err) // Handle error 59 | } 60 | exampleRepo := registry.NewRepository(remoteRepo) 61 | 62 | // exampleSignOptions is an example of notation.SignOptions. 63 | exampleSignOptions := notation.SignOptions{ 64 | SignerSignOptions: notation.SignerSignOptions{ 65 | SignatureMediaType: exampleSignatureMediaType, 66 | }, 67 | ArtifactReference: exampleArtifactReference, 68 | } 69 | 70 | // remote sign core process 71 | // upon successful signing, descriptor of the sign content is returned and 72 | // the generated signature is pushed into remote registry. 73 | targetManifestDesc, sigManifestDesc, err := notation.SignOCI(context.Background(), exampleSigner, exampleRepo, exampleSignOptions) 74 | if err != nil { 75 | panic(err) // Handle error 76 | } 77 | 78 | fmt.Println("Successfully signed") 79 | fmt.Println("targetManifestDesc.MediaType:", targetManifestDesc.MediaType) 80 | fmt.Println("targetManifestDesc.Digest:", targetManifestDesc.Digest) 81 | fmt.Println("targetManifestDesc.Size:", targetManifestDesc.Size) 82 | fmt.Println("sigManifestDesc.MediaType:", sigManifestDesc.MediaType) 83 | fmt.Println("sigManifestDesc.Digest:", sigManifestDesc.Digest) 84 | fmt.Println("sigManifestDesc.Size:", sigManifestDesc.Size) 85 | } 86 | -------------------------------------------------------------------------------- /example_signBlob_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package notation_test 15 | 16 | import ( 17 | "context" 18 | "fmt" 19 | "strings" 20 | 21 | "github.com/notaryproject/notation-core-go/signature" 22 | "github.com/notaryproject/notation-core-go/signature/jws" 23 | "github.com/notaryproject/notation-go" 24 | "github.com/notaryproject/notation-go/signer" 25 | ) 26 | 27 | // ExampleSignBlob demonstrates how to use [notation.SignBlob] to sign arbitrary 28 | // data. 29 | func Example_signBlob() { 30 | // exampleSigner implements [notation.Signer] and [notation.BlobSigner]. 31 | // Given key and X509 certificate chain, it provides method to sign OCI 32 | // artifacts or blobs. 33 | // Users should replace `exampleCertTuple.PrivateKey` with their own private 34 | // key and replace `exampleCerts` with the corresponding certificate chain, 35 | // following the Notary Project certificate requirements: 36 | // https://github.com/notaryproject/specifications/tree/9c81dc773508dedc5a81c02c8d805de04f65050b/specs/signature-specification.md#certificate-requirements 37 | exampleSigner, err := signer.NewGenericSigner(exampleCertTuple.PrivateKey, exampleCerts) 38 | if err != nil { 39 | panic(err) // Handle error 40 | } 41 | 42 | // Both COSE ("application/cose") and JWS ("application/jose+json") 43 | // signature mediaTypes are supported. 44 | exampleSignatureMediaType := jws.MediaTypeEnvelope 45 | exampleContentMediaType := "video/mp4" 46 | 47 | // exampleSignOptions is an example of [notation.SignBlobOptions]. 48 | exampleSignOptions := notation.SignBlobOptions{ 49 | SignerSignOptions: notation.SignerSignOptions{ 50 | SignatureMediaType: exampleSignatureMediaType, 51 | SigningAgent: "example signing agent", 52 | }, 53 | ContentMediaType: exampleContentMediaType, 54 | UserMetadata: map[string]string{"buildId": "101"}, 55 | } 56 | 57 | // exampleReader reads the data that needs to be signed. 58 | // This data can be in a file or in memory. 59 | exampleReader := strings.NewReader("example blob") 60 | 61 | // Upon successful signing, signature envelope and signerInfo are returned. 62 | // signatureEnvelope can be used in a verification process later on. 63 | signatureEnvelope, signerInfo, err := notation.SignBlob(context.Background(), exampleSigner, exampleReader, exampleSignOptions) 64 | if err != nil { 65 | panic(err) // Handle error 66 | } 67 | 68 | fmt.Println("Successfully signed") 69 | 70 | // a peek of the signature envelope generated 71 | sigBlob, err := signature.ParseEnvelope(exampleSignatureMediaType, signatureEnvelope) 72 | if err != nil { 73 | panic(err) // Handle error 74 | } 75 | sigContent, err := sigBlob.Content() 76 | if err != nil { 77 | panic(err) // Handle error 78 | } 79 | fmt.Println("signature Payload ContentType:", sigContent.Payload.ContentType) 80 | fmt.Println("signature Payload Content:", string(sigContent.Payload.Content)) 81 | fmt.Println("signerInfo SigningAgent:", signerInfo.UnsignedAttributes.SigningAgent) 82 | 83 | // Output: 84 | // Successfully signed 85 | // signature Payload ContentType: application/vnd.cncf.notary.payload.v1+json 86 | // signature Payload Content: {"targetArtifact":{"annotations":{"buildId":"101"},"digest":"sha384:b8ab24dafba5cf7e4c89c562f811cf10493d4203da982d3b1345f366ca863d9c2ed323dbd0fb7ff83a80302ceffa5a61","mediaType":"video/mp4","size":12}} 87 | // signerInfo SigningAgent: example signing agent 88 | } 89 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module github.com/notaryproject/notation-go 2 | 3 | go 1.23.0 4 | 5 | require ( 6 | github.com/go-ldap/ldap/v3 v3.4.11 7 | github.com/notaryproject/notation-core-go v1.3.0 8 | github.com/notaryproject/notation-plugin-framework-go v1.0.0 9 | github.com/notaryproject/tspclient-go v1.0.0 10 | github.com/opencontainers/go-digest v1.0.0 11 | github.com/opencontainers/image-spec v1.1.1 12 | github.com/veraison/go-cose v1.3.0 13 | golang.org/x/crypto v0.38.0 14 | golang.org/x/mod v0.24.0 15 | oras.land/oras-go/v2 v2.6.0 16 | ) 17 | 18 | require ( 19 | github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect 20 | github.com/fxamacker/cbor/v2 v2.8.0 // indirect 21 | github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect 22 | github.com/golang-jwt/jwt/v4 v4.5.2 // indirect 23 | github.com/google/uuid v1.6.0 // indirect 24 | github.com/x448/float16 v0.8.4 // indirect 25 | golang.org/x/sync v0.14.0 // indirect 26 | ) 27 | -------------------------------------------------------------------------------- /internal/container/set.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package set 15 | 16 | // Set is a map as a set data structure. 17 | type Set[T comparable] map[T]struct{} 18 | 19 | // Add adds the element of type T into the Set. 20 | func (s Set[T]) Add(elem T) { 21 | s[elem] = struct{}{} 22 | } 23 | 24 | // Contains checks if element exists in the Set. 25 | func (s Set[T]) Contains(elem T) bool { 26 | _, ok := s[elem] 27 | 28 | return ok 29 | } 30 | 31 | // New creates an empty Set for elements of type T. 32 | func New[T comparable]() Set[T] { 33 | return make(map[T]struct{}) 34 | } 35 | 36 | // NewWithSize creates an empty Set of fixed size for elements of type T. 37 | func NewWithSize[T comparable](size int) Set[T] { 38 | return make(map[T]struct{}, size) 39 | } 40 | -------------------------------------------------------------------------------- /internal/envelope/envelope.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package envelope 15 | 16 | import ( 17 | "errors" 18 | "fmt" 19 | "time" 20 | 21 | "github.com/notaryproject/notation-core-go/signature" 22 | ocispec "github.com/opencontainers/image-spec/specs-go/v1" 23 | ) 24 | 25 | // MediaTypePayloadV1 is the supported content type for signature's payload. 26 | const ( 27 | MediaTypePayloadV1 = "application/vnd.cncf.notary.payload.v1+json" 28 | AnnotationX509ChainThumbprint = "io.cncf.notary.x509chain.thumbprint#S256" 29 | ) 30 | 31 | // Payload describes the content that gets signed. 32 | type Payload struct { 33 | TargetArtifact ocispec.Descriptor `json:"targetArtifact"` 34 | } 35 | 36 | // ValidatePayloadContentType validates signature payload's content type. 37 | func ValidatePayloadContentType(payload *signature.Payload) error { 38 | switch payload.ContentType { 39 | case MediaTypePayloadV1: 40 | return nil 41 | default: 42 | return fmt.Errorf("payload content type %q not supported", payload.ContentType) 43 | } 44 | } 45 | 46 | // SanitizeTargetArtifact filters out unrelated ocispec.Descriptor fields based 47 | // on notation spec (https://github.com/notaryproject/notaryproject/blob/main/specs/signature-specification.md#payload). 48 | func SanitizeTargetArtifact(targetArtifact ocispec.Descriptor) ocispec.Descriptor { 49 | return ocispec.Descriptor{ 50 | MediaType: targetArtifact.MediaType, 51 | Digest: targetArtifact.Digest, 52 | Size: targetArtifact.Size, 53 | Annotations: targetArtifact.Annotations, 54 | } 55 | } 56 | 57 | // SigningTime returns the signing time of a signature envelope blob 58 | func SigningTime(signerInfo *signature.SignerInfo) (time.Time, error) { 59 | // sanity check 60 | if signerInfo == nil { 61 | return time.Time{}, errors.New("failed to generate annotations: signerInfo cannot be nil") 62 | } 63 | signingTime := signerInfo.SignedAttributes.SigningTime 64 | if signingTime.IsZero() { 65 | return time.Time{}, errors.New("signing time is missing") 66 | } 67 | return signingTime.UTC(), nil 68 | } 69 | -------------------------------------------------------------------------------- /internal/envelope/envelope_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package envelope 15 | 16 | import ( 17 | "errors" 18 | "testing" 19 | "time" 20 | 21 | "github.com/notaryproject/notation-core-go/signature" 22 | "github.com/notaryproject/notation-core-go/signature/cose" 23 | "github.com/notaryproject/notation-core-go/signature/jws" 24 | gcose "github.com/veraison/go-cose" 25 | ) 26 | 27 | var ( 28 | validCoseSignatureEnvelope []byte 29 | ) 30 | 31 | func init() { 32 | msg := gcose.Sign1Message{ 33 | Headers: gcose.NewSign1Message().Headers, 34 | Payload: []byte("valid"), 35 | Signature: []byte("valid"), 36 | } 37 | validCoseSignatureEnvelope, _ = msg.MarshalCBOR() 38 | } 39 | 40 | const invalidMediaType = "invalid" 41 | 42 | func checkErrorEqual(expected, got error) bool { 43 | if expected == nil && got == nil { 44 | return true 45 | } 46 | if expected != nil && got != nil { 47 | return expected.Error() == got.Error() 48 | } 49 | return false 50 | } 51 | 52 | func TestValidateEnvelopeMediaType(t *testing.T) { 53 | tests := []struct { 54 | name string 55 | mediaType string 56 | expectedErr error 57 | }{ 58 | { 59 | name: "jws signature media type", 60 | mediaType: jws.MediaTypeEnvelope, 61 | expectedErr: nil, 62 | }, 63 | { 64 | name: "cose signature media type", 65 | mediaType: cose.MediaTypeEnvelope, 66 | expectedErr: nil, 67 | }, 68 | { 69 | name: "invalid media type", 70 | mediaType: invalidMediaType, 71 | expectedErr: errors.New("invalid envelope media type"), 72 | }, 73 | } 74 | for _, tt := range tests { 75 | t.Run(tt.name, func(t *testing.T) { 76 | if err := validateEnvelopeMediaType(tt.mediaType); !checkErrorEqual(tt.expectedErr, err) { 77 | t.Fatalf("expected validate envelope media type err: %v, got: %v", tt.expectedErr, err) 78 | } 79 | }) 80 | } 81 | } 82 | 83 | func TestValidatePayloadContentType(t *testing.T) { 84 | payload := &signature.Payload{ 85 | ContentType: MediaTypePayloadV1, 86 | } 87 | err := ValidatePayloadContentType(payload) 88 | if !isErrEqual(nil, err) { 89 | t.Fatalf("ValidatePayloadContentType() expects error: %v, but got: %v.", nil, err) 90 | } 91 | 92 | payload = &signature.Payload{ 93 | ContentType: "invalid", 94 | } 95 | err = ValidatePayloadContentType(payload) 96 | expect := errors.New("payload content type \"invalid\" not supported") 97 | if !isErrEqual(expect, err) { 98 | t.Fatalf("ValidatePayloadContentType() expects error: %v, but got: %v.", expect, err) 99 | } 100 | } 101 | 102 | func TestSigningTime(t *testing.T) { 103 | testTime, err := time.Parse(time.RFC3339, "2023-03-14T04:45:22Z") 104 | if err != nil { 105 | t.Fatal("failed to generate time") 106 | } 107 | signerInfo := signature.SignerInfo{ 108 | SignedAttributes: signature.SignedAttributes{ 109 | SigningTime: testTime, 110 | }, 111 | } 112 | signingTime, err := SigningTime(&signerInfo) 113 | if err != nil { 114 | t.Fatalf("failed to get signing time from signature: %v", err) 115 | } 116 | expectedSigningTime := "2023-03-14T04:45:22Z" 117 | if signingTime.Format(time.RFC3339) != expectedSigningTime { 118 | t.Fatalf("expected signing time: %q, got: %q", expectedSigningTime, signingTime.Format(time.RFC3339)) 119 | } 120 | } 121 | 122 | func isErrEqual(wanted, got error) bool { 123 | if wanted == nil && got == nil { 124 | return true 125 | } 126 | if wanted != nil && got != nil { 127 | return wanted.Error() == got.Error() 128 | } 129 | return false 130 | } 131 | 132 | // validateEnvelopeMediaType validetes envelope media type is supported by 133 | // notation-core-go. 134 | func validateEnvelopeMediaType(mediaType string) error { 135 | for _, types := range signature.RegisteredEnvelopeTypes() { 136 | if mediaType == types { 137 | return nil 138 | } 139 | } 140 | return errors.New("invalid envelope media type") 141 | } 142 | -------------------------------------------------------------------------------- /internal/io/limitedwriter.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package io provides a LimitWriter that writes to an underlying writer up to 15 | // a limit. 16 | 17 | package io 18 | 19 | import ( 20 | "errors" 21 | "io" 22 | ) 23 | 24 | // ErrLimitExceeded is returned when the write limit is exceeded. 25 | var ErrLimitExceeded = errors.New("write limit exceeded") 26 | 27 | // LimitedWriter is a writer that writes to an underlying writer up to a limit. 28 | type LimitedWriter struct { 29 | W io.Writer // underlying writer 30 | N int64 // remaining bytes 31 | } 32 | 33 | // LimitWriter returns a new LimitWriter that writes to w. 34 | // 35 | // parameters: 36 | // w: the writer to write to 37 | // limit: the maximum number of bytes to write 38 | func LimitWriter(w io.Writer, limit int64) *LimitedWriter { 39 | return &LimitedWriter{W: w, N: limit} 40 | } 41 | 42 | // Write writes p to the underlying writer up to the limit. 43 | func (l *LimitedWriter) Write(p []byte) (int, error) { 44 | if l.N <= 0 { 45 | return 0, ErrLimitExceeded 46 | } 47 | if int64(len(p)) > l.N { 48 | p = p[:l.N] 49 | } 50 | n, err := l.W.Write(p) 51 | l.N -= int64(n) 52 | return n, err 53 | } 54 | -------------------------------------------------------------------------------- /internal/io/limitedwriter_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package io 15 | 16 | import ( 17 | "bytes" 18 | "errors" 19 | "testing" 20 | ) 21 | 22 | func TestLimitWriter(t *testing.T) { 23 | limit := int64(10) 24 | 25 | tests := []struct { 26 | input string 27 | expected string 28 | written int 29 | }{ 30 | {"hello", "hello", 5}, 31 | {" world", " world", 6}, 32 | {"!", "!", 1}, 33 | {"1234567891011", "1234567891", 10}, 34 | } 35 | 36 | for _, tt := range tests { 37 | var buf bytes.Buffer 38 | lw := LimitWriter(&buf, limit) 39 | n, err := lw.Write([]byte(tt.input)) 40 | if err != nil { 41 | t.Fatalf("unexpected error: %v", err) 42 | } 43 | if n != tt.written { 44 | t.Errorf("expected %d bytes written, got %d", tt.written, n) 45 | } 46 | if buf.String() != tt.expected { 47 | t.Errorf("expected buffer %q, got %q", tt.expected, buf.String()) 48 | } 49 | } 50 | } 51 | 52 | func TestLimitWriterFailed(t *testing.T) { 53 | limit := int64(10) 54 | longString := "1234567891011" 55 | 56 | var buf bytes.Buffer 57 | lw := LimitWriter(&buf, limit) 58 | _, err := lw.Write([]byte(longString)) 59 | if err != nil { 60 | t.Fatalf("unexpected error: %v", err) 61 | } 62 | _, err = lw.Write([]byte(longString)) 63 | expectedErr := errors.New("write limit exceeded") 64 | if err.Error() != expectedErr.Error() { 65 | t.Errorf("expected error %v, got %v", expectedErr, err) 66 | } 67 | } 68 | -------------------------------------------------------------------------------- /internal/mock/mockfs/fs.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package mockfs 15 | 16 | import ( 17 | "io/fs" 18 | "path/filepath" 19 | 20 | "github.com/notaryproject/notation-go/dir" 21 | ) 22 | 23 | type sysFSMock struct { 24 | fs.FS 25 | root string 26 | } 27 | 28 | // SysPath returns the system path of the FS. 29 | func (s sysFSMock) SysPath(items ...string) (string, error) { 30 | pathItems := []string{s.root} 31 | pathItems = append(pathItems, items...) 32 | return filepath.Join(pathItems...), nil 33 | } 34 | 35 | // NewSysFSMock returns a SysFS mock of the given FS. 36 | func NewSysFSMock(fsys fs.FS) dir.SysFS { 37 | return sysFSMock{ 38 | FS: fsys, 39 | root: ""} 40 | } 41 | 42 | // NewSysFSWithRootMock returns a SysFS mock of the given fs and 43 | // a root directory 44 | func NewSysFSWithRootMock(fsys fs.FS, root string) dir.SysFS { 45 | return sysFSMock{ 46 | FS: fsys, 47 | root: root} 48 | } 49 | -------------------------------------------------------------------------------- /internal/mock/ocilayout/ocilayout.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package ocilayout 15 | 16 | import ( 17 | "context" 18 | "os" 19 | 20 | "oras.land/oras-go/v2" 21 | "oras.land/oras-go/v2/content/oci" 22 | ) 23 | 24 | // Copy creates a temporary OCI layout for testing 25 | // and returns the path to the layout. 26 | func Copy(sourcePath, destPath, tag string) error { 27 | ctx := context.Background() 28 | 29 | srcStore, err := oci.NewFromFS(ctx, os.DirFS(sourcePath)) 30 | if err != nil { 31 | return err 32 | } 33 | 34 | // create a dest store for store the generated oci layout. 35 | destStore, err := oci.New(destPath) 36 | if err != nil { 37 | return err 38 | } 39 | 40 | // copy data 41 | _, err = oras.ExtendedCopy(ctx, srcStore, tag, destStore, "", oras.DefaultExtendedCopyOptions) 42 | if err != nil { 43 | return err 44 | } 45 | 46 | return nil 47 | } 48 | -------------------------------------------------------------------------------- /internal/mock/ocilayout/ocilayout_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package ocilayout 15 | 16 | import ( 17 | "os" 18 | "runtime" 19 | "testing" 20 | ) 21 | 22 | func TestCopy(t *testing.T) { 23 | t.Run("empty oci layout", func(t *testing.T) { 24 | err := Copy("", "", "v2") 25 | if err == nil { 26 | t.Errorf("expected error, got nil") 27 | } 28 | }) 29 | 30 | t.Run("invalid target path permission", func(t *testing.T) { 31 | if runtime.GOOS == "windows" { 32 | t.Skip("skipping test on Windows") 33 | } 34 | tempDir := t.TempDir() 35 | // change the permission of the tempDir to make it invalid 36 | if err := os.Chmod(tempDir, 0); err != nil { 37 | t.Fatalf("failed to change the permission of the tempDir: %v", err) 38 | } 39 | err := Copy("../../testdata/oci-layout", tempDir, "v2") 40 | if err == nil { 41 | t.Errorf("expected error, got nil") 42 | } 43 | 44 | if err := os.Chmod(tempDir, 0755); err != nil { 45 | t.Fatalf("failed to change the permission of the tempDir: %v", err) 46 | } 47 | }) 48 | 49 | t.Run("copy failed", func(t *testing.T) { 50 | tempDir := t.TempDir() 51 | err := Copy("../../testdata/oci-layout", tempDir, "v3") 52 | if err == nil { 53 | t.Errorf("expected error, got nil") 54 | } 55 | }) 56 | 57 | t.Run("copy success", func(t *testing.T) { 58 | tempDir := t.TempDir() 59 | err := Copy("../../testdata/oci-layout", tempDir, "v2") 60 | if err != nil { 61 | t.Errorf("expected nil, got %v", err) 62 | } 63 | }) 64 | } 65 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_compatible_pluginver_sig_env_0.0.9.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQwMDoyMTozNi0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjAuMC45In0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"VXWolnwKhCSYn1x1_0CUpvUxEihiuKCJ9Ae2Lm--gkW_tfbBlTzkq4TciXM4u4V9MBtbDczQ8k748tmEb7qbzPPT6CEPGMBX8WN7kDStqXGILmpIE5M7Z1nYVIYkgQPk_w6FyC291bluQQGu0yqNrAO3pT1Ym5DoHAyRHLROdDRChntI4Qrz5DGrjBsiibo_GAOxw1jY1ENvo5dlSTAgnZm9jkfbY0gsYTXuNGYk2atS0H1W_MVRdgDSI9gbQ6amLUf-qy_gcbl5UT8Pa5fWb_1KZPtAqoh4hA5PW4UKkxFE0Wz2pUAs9RpYI-xpw1B6KGtgiI9MuTYDFMmTXHBRig"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.beta.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMzowMzoyMy0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wLWFscGhhLmJldGEifQ","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"iJthtqbz0O5nFuo5Z9nRddEjyZp3RG-KOY6SSB3sc8AgDBdT5Fjp9yltIoqTl-BLZhrGOAFeO0T_1JVsPbZZMxzJq4fb3gPaIPItrendkpit1m2RaB8fK1D_I6Vqu1_rGiYaxDcNpaqn1T_isxr4MVRekcLSNQnG3iMdJ0k-Attf8JdCXE0EWKyLBStMVAfo0J39ShFcwyIMvO0vm2_TRDVbcKovpY0vFrfyE2pFIChnJECmivImdKmBMIW78vEtN6qBrKskI3HzA9N1XjxGY4GOAu30iqtNRanO65nZGng0lqpJd15bAwUaqj-KD_BAZIUT9T2qCf2COF9GKvc3NQ"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0-alpha.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo1NzowNC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wLWFscGhhIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"xZqE2HZye4qPmG688z875mHySGV_MoWOb99wChu-hInU8-CyxMesxzVCo_boG3Oae6tj6MKwdJ-Dj2cKbI3S4aX2l6t5IRFLB5z4DuIsDhmKZj9iN5LjtP8ua5_fni9dBk4e9c9TAsMq1hjXyNEen2rC1dzP_bcNYnoOs1yRWpO4JAcsslMYeqUIKKf39kzlOxOKIsJ8YhZoNeRc3HnAu4hlX2XpXwArovvMZtg1Akp6qCjVQcQQUTb_M0JeytmR8R5tdr_ZYqh-rCWbIe5tNU4u9jCP8xvlXPdSjpHgpmPsEnNd4u4gnLFxuYAq5l3UkdGDLXUsGrTx_Bi_LoFHUQ"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_compatible_pluginver_sig_env_1.0.0.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMzowNTo1OC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4wIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"JG7Gk8HwJbkUheyX9eRoBDPezynCmMetYATNsW0U4ERBiagKO-DxRMN4lqHxcVFf7HXVRCWPf3A6aIYo6Vox0fHNFDWyX7g4qcD0wy8mSIgt9FsN5EBFqkgUxfC2o_5OrlUEsbaN8vU3tH4jNoTjWEcT6cNVNv7gltzkTQDQFdgl7DC-Bf12p9HJsSQQlJqdS-BhDYp-ou7dwgd3jeomureLC6kOhaU3ssmSsn69cdCt9cZgZ9U9-5knjyicGUDaCpPHWpz3_R8JgyLq3L8nzEetPBHRShwMPUwV42F_9_C2-gXR7ZVaU3ENshViL0p0T70U4VElOb7IxqAMWRmIlw"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_expired_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmV4cGlyeSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjAyMi0wNy0yOVQyMzo1OTowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nVGltZSI6IjIwMjItMDctMjlUMDA6MDA6MDBaIn0", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "RZtqCD4KGh5_CD8wjG69TJIzzB4Cr-cxQhKTvZJYsRVIJyl3s5D0215GhBrggomVk9-LGD2FdWd2VfuaLd4bmhW3rSV3ltmAext7DNQFg2xtMeYSeCL2U_ygN2j4bc80RDaX8w_zOTVOmuhW6i2jgwRjWXdDaJeYTbZA2syA5R38tYYewVcZJ6U057Wsflt5yPWJCdxZLuTago5CkbLASL8HHnmlUkDvKKB1Y9SNDOQ3AmGP4-XJykcX_MfPo5RGRvZE-zHUJOEKj3ryfC0UTUT7V1ISTagqOt7zOa1BEzgQ-1GQk1MbaPPZWkiOZX4RqMXMV3hVqtDuZxlpT25KzZPm1USwWwJkycv7YB69fc2aoHJAPo-39uEV9fdAz_03whnrQSpfJbmHHTXMJkWKrZ5ozU-8zlEttWyL5D85zAouSMVXWm22zMrDW-XxST9QoeV4b1_BedW1PwJDbeU6P1hhobnQh3jHmSueVl_WZ5_g8_iVepSmSBcR1e4WpoPi" 12 | } -------------------------------------------------------------------------------- /internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.1.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo0OTowMi0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC4xIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"tb2xdd03j1ATBoG1K-9QmCjNeTnK-LKLHdZS44NJ0G5MfrzSFv56w3_FDqnS1jki8FTmGVUMdPAOciTuyoP_nREMBMr9QYn-qOAHisVrvxAcqmWEL-4Uoa_VIzmPvq-_wJKw9L_oZ2m-b9dx93tl2t2z0gxQaAgtVWJP6ap47lKlri6IFeFIXDq6jpdC9sy3q_wifnxFaZ9LM3892Pp7aMLvnT_TdTPxT1AHSq6ZOvddPbStvSUVICXZLmsglFym2c8RzatxulrnGlZ1fKKS0gR7W96-L1JsqIV5KeBMXq8vFnG-rK4fsqa0FeBBkmOOV6ZKKIruvfm7Z-SJ-nJLZw"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.0.9.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQwMDo0NzoxOC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMC45In0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"zdA6RgbS3-QUdrhJuhAz-4wi55PZjy0CezOyTpg0UP1zxRfigVefPne86GEhGmiC-m-QlJC6bWSYFdkF3EoBL1CpGo46zUeaGKhQXM0Db1I8VKhJE20o1T83yXm-_ZVgDEe3_LUhu_KYs-jvkfJu_DGl6DJdBp_lkEpc9Br3tYUvgkxtF2LlvSUNYuc4oILnidj2sYFO5o7IBKdDoBVlQ3Z29s2Z6NUzy48ab9mxZCq0T9-uGj8636GJ3yJ78086GI_lt-0_mXdJ592WguWb3WBogCz9NvLm-byPIC7cP4RpHRqJQRsvYp6txgsrDqy2T1I0BEsf-Fp1FSxBdWMwXA"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.1.0-alpha.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo0MDozNC0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMS4wLWFscGhhIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"In4X5VH7wiFuGRaop36jSxFMvgAmbnZ7Pwhl1iqhSFItCGpwCCq7Sb9fWn79fiRyxI9F6JuJSTnTtHnjmZXfShAe5KRlSUktPwRcGg6LAMG9YTvd1JayNdjAGyPvZw7PGqeKF_syNgSrw-UzLsR0YXqck639affiVlKRTMNeZla2iXb8gRa8LGGiGoizKMrwV3Ywf3QilWy4CR5NK9TUj-OmdpaBfmE3T--LDpaOt7fjzhCFMXDGq27I_7NfzhrIJ_LpS7f2R5dG6eVRIgmSOVKEkCVM0n38lJ0H1E2uwwYmhns5wzDWJeBVEem8ycFrQkEvsGHWJ1Ru9YYNXhfr9Q"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_incompatible_pluginver_sig_env_1.2.3.json: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6ZmU3ZTkzMzMzOTUwNjBjMmY1ZTYzY2YzNmEzOGZiYTEwMTc2ZjE4M2I0MTYzYTU3OTRlMDgxYTQ4MGFiYmE1ZiIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo5NDJ9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbk1pblZlcnNpb24iLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMy0wMS0xOVQxMjo1NDowMS0wODowMCIsImlvLmNuY2Yubm90YXJ5LnZlcmlmaWNhdGlvblBsdWdpbiI6ImlvLmNuY2Yubm90YXJ5LnBsdWdpbi51bml0dGVzdC5tb2NrIiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luTWluVmVyc2lvbiI6IjEuMi4zIn0","header":{"x5c":["MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMzMDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7hsGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYEs4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwKGvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMHPsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrWLYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDAe2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvjFE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/ioe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qozfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"sB7vQl3zpK1JBjKa0gwj_s0Rbboo2kb4x81MNIbUINAc2ocvfRqyxMtlJYdgmx78GledCm4j8BfXr7_sV0_WkKI6Af6n_5rYMQ0a3EOI79-uzkRqrKBJsh4BsuQuweBql-W5-ofnwAhpNUmowHUcJlh0PmpOeYPQcj0TFMCZuqwMSKi4KLj4H5ENnmIWyR4rDoNueZkenbfh-eYR47PDb8KHyGTX86m-8IY-gNlAYRm_62MRecsGjg97EQ5niFGaRxlg7jf-1RVg3jLKXYlLRs41dnsMo1QGuTW7nPEUZKpXMZIyPnqPmS91icq0v1Obcx-r4aOqTKrPTeIPCYMoSQ"} 2 | -------------------------------------------------------------------------------- /internal/mock/testdata/ca_invalid_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ=", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmV4cGlyeSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjEyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nVGltZSI6IjIwMjAtMTEtMDlUMDc6MDA6MDBaIn0", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "ZvsxyaSqDzS7mY_jKpnq2XtBcmyWmSE461BHL6q2pAx_-Rxr8Fvs2oIfZdSG2o3qugPDjzZDMhKdYdnrW1AIEkVIG_QUmeyGj28PVXxsC5NKpXwrPUMOzrXSFLHIvBNZ2q87wRYInsgCPtv5ZPv0IgA2sAW6y7NlVM2D0vJax55ITsJO5aEaEUlAdi_H7-TCD48DHuFpnJdNkVB_hZkwYfxuqIKU2C__Z2hLLHxaS2LzuzhqOnYlbqn4e225uZt9odXq3qmZ_44Vx3DYL_-ZuV0S9jEk7NW8-dO0T0MeQn6VXDyfT1rjc6IVPnLxAnELFyLn121GYulYC8V2D1_MLcv8sDHY23rHb3-R-WCLMDSfaIvReY89vQfxcfpdCRC0F3N2CcnrgsrUC6Fplm5Uy45Gn9--b7x5cdSzOzQsefCH1GpixW7YyNs1xZQ17WqdYyWD2EBrB5vqVFzkzDYnQ4H-p9G3AzM4HTrjWqHX-0cYHlpmTS4AjVxn0UV80Jn9" 12 | } -------------------------------------------------------------------------------- /internal/mock/testdata/ca_plugin_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJTb21lS2V5IjoiU29tZVZhbHVlIiwiYWxnIjoiUFMzODQiLCJjcml0IjpbImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiLCJTb21lS2V5IiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luIl0sImN0eSI6ImFwcGxpY2F0aW9uL3ZuZC5jbmNmLm5vdGFyeS5wYXlsb2FkLnYxK2pzb24iLCJpby5jbmNmLm5vdGFyeS5leHBpcnkiOiIyMTIwLTExLTA5VDA3OjAwOjAwWiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOSIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdUaW1lIjoiMjAyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iOiJwbHVnaW4tbmFtZSJ9", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "cyB34qtMss9N1E_2XAQ_71c6j1fOcamenm7YrYsXn562XOhFgJKUjmDYWkz9mmdLN-GqQNKA8MhAfKt2ipXxsWldrb3a-6AZ-y4jIkY5XIY_s7Sndz58DPtez0X4kAehvKiyUtDVPbqIJQ5Hwgj8tC_f0Yva6pdrSD7xwenxwiCZmxM6N_LV9d1oYSDQi9890XRrFK4M1YRlOZquJ19HrhADLVJXS-ZfqcTE_tceoU2Hq82pqd2MnazAtJiWZm0cxwt-OsGlgGrkvHoNcMYS8K6BSBvL-vVtOuSpca89QrLsTCnKnmvUlw3wrWTDf83qhPyfw-2ASrE2V57vunpxSNyoA_70fNgOuhWUZZUTi9eXxutp0GCcGTem7MzZRBJVOVdw9OgR3pClGiRxP3BE2Atn3EUXs2HgQHEiE1KZvVHFeObB6asMqfbAMMNDgZCsZi7Yah7NaYg1NH9YwrJgAtNFW0p2trxiQ6uqICD2m54yGtRmvw_O9kt5HnUaBQJX" 12 | } -------------------------------------------------------------------------------- /internal/mock/testdata/ca_valid_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmV4cGlyeSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjEyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nVGltZSI6IjIwMjAtMTEtMDlUMDc6MDA6MDBaIn0", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "ZvsxyaSqDzS7mY_jKpnq2XtBcmyWmSE461BHL6q2pAx_-Rxr8Fvs2oIfZdSG2o3qugPDjzZDMhKdYdnrW1AIEkVIG_QUmeyGj28PVXxsC5NKpXwrPUMOzrXSFLHIvBNZ2q87wRYInsgCPtv5ZPv0IgA2sAW6y7NlVM2D0vJax55ITsJO5aEaEUlAdi_H7-TCD48DHuFpnJdNkVB_hZkwYfxuqIKU2C__Z2hLLHxaS2LzuzhqOnYlbqn4e225uZt9odXq3qmZ_44Vx3DYL_-ZuV0S9jEk7NW8-dO0T0MeQn6VXDyfT1rjc6IVPnLxAnELFyLn121GYulYC8V2D1_MLcv8sDHY23rHb3-R-WCLMDSfaIvReY89vQfxcfpdCRC0F3N2CcnrgsrUC6Fplm5Uy45Gn9--b7x5cdSzOzQsefCH1GpixW7YyNs1xZQ17WqdYyWD2EBrB5vqVFzkzDYnQ4H-p9G3AzM4HTrjWqHX-0cYHlpmTS4AjVxn0UV80Jn9" 12 | } -------------------------------------------------------------------------------- /internal/mock/testdata/sa_expired_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmF1dGhlbnRpY1NpZ25pbmdUaW1lIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5Il0sImN0eSI6ImFwcGxpY2F0aW9uL3ZuZC5jbmNmLm5vdGFyeS5wYXlsb2FkLnYxK2pzb24iLCJpby5jbmNmLm5vdGFyeS5hdXRoZW50aWNTaWduaW5nVGltZSI6IjIwMjItMDctMjlUMDA6MDA6MDBaIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjAyMi0wNy0yOVQyMzo1OTowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkuc2lnbmluZ0F1dGhvcml0eSJ9", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "nDpYiwd536V2krjmxH2FCk6QgUTRyA6AFL9D5sDBJ3JwS9q9znsefSIg9rz6PMskVO9GUzUSG0ZIna5izrVR9pctLw4yQrWIZz3fp-lc3orK4w1nmHG_pCdpasH4FxpvXa0-4dllJmX2Yc3GrdeFaxJhcgtr2iiArabKnOFh5DbfOpeyMGDEa2XVRnrcS4VRgc5UdewFkq2NslMw1Y9loQwrNr3JGTQQpvZHOR4yBtnfCWFJ7G8AYDUb4H1Us8iaIlyp-jSIVSOT9HQzizDzZgn-Gtv90pq9xqAEtrW4thkPUOOJP_P0-_huAH3475UEPi-Yc7ekyt7PH6PazyI9yuTsJlkM_eWDsNLDARRfgygzr9DJHPkYQG3S8MRfNGqskob6Lcfl8nPaXnTfAhLNl-JiWvzMpwq1af2sWek-NVcGf5-81hRF9GTCE1IAtjQ0ITR86zq_G8pEj4JfI-H0c0yXTDUilUHzwzXV_7zE0gEB8UFHHg9VHGflYRdbWuS9" 12 | } -------------------------------------------------------------------------------- /internal/mock/testdata/sa_invalid_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ=", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmF1dGhlbnRpY1NpZ25pbmdUaW1lIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5Il0sImN0eSI6ImFwcGxpY2F0aW9uL3ZuZC5jbmNmLm5vdGFyeS5wYXlsb2FkLnYxK2pzb24iLCJpby5jbmNmLm5vdGFyeS5hdXRoZW50aWNTaWduaW5nVGltZSI6IjIwMjAtMTEtMDlUMDc6MDA6MDBaIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjEyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkuc2lnbmluZ0F1dGhvcml0eSJ9", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "kqt4plYZgCdPkoVmC-1_JfH7dPUjIQOMaONP6pEucnKC1QiTa7peN83Ka8_0kAvAT3BIZ8CFjVuazioZpjHw-ydRlL3-pgagnENS8Fz2Vfwj9nKJF7mmFGi3R0t6fFFyx_Tw9rtxi4Nsv8y4k-2XLFLeSm1_EEDThHPVMbWE6XJpOIdvr2w3Iq1PsEOVo9QqVOd3FYcGLQAbiAAi_jREYpEKImFqQeY8noUCDOtULPwxbslrglOOBtKouI4OUT0ZtG3tDCBdoZUOAfNgKSlHQutlA0-G6GdBuytCz0ku45DTnGAPS11WwsuPBJfouYlusJuZHmqJTodwEnu2B2AZpLu5wxRUwWOpSyc8ftnSBkiHJWIT3bwatPjlaHoIgwcEsGPRwvFCq7V7yH2yW2uHI1FsiMUHYuWx-hDpLf4Nzag5oc-PyaV3lzsvZZHwy43ilFO-WJOZeDQCWjIZ_U1f4hGsoDkqvoRn-aFZ-pE7Nn99buVRHDjQ6-8-jfJncJaB" 12 | } 13 | -------------------------------------------------------------------------------- /internal/mock/testdata/sa_plugin_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJTb21lS2V5IjoiU29tZVZhbHVlIiwiYWxnIjoiUFMzODQiLCJjcml0IjpbImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiLCJTb21lS2V5IiwiaW8uY25jZi5ub3RhcnkuYXV0aGVudGljU2lnbmluZ1RpbWUiLCJpby5jbmNmLm5vdGFyeS5leHBpcnkiLCJpby5jbmNmLm5vdGFyeS52ZXJpZmljYXRpb25QbHVnaW4iXSwiY3R5IjoiYXBwbGljYXRpb24vdm5kLmNuY2Yubm90YXJ5LnBheWxvYWQudjEranNvbiIsImlvLmNuY2Yubm90YXJ5LmF1dGhlbnRpY1NpZ25pbmdUaW1lIjoiMjAyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS5leHBpcnkiOiIyMTIwLTExLTA5VDA3OjAwOjAwWiIsImlvLmNuY2Yubm90YXJ5LnNpZ25pbmdTY2hlbWUiOiJub3RhcnkueDUwOS5zaWduaW5nQXV0aG9yaXR5IiwiaW8uY25jZi5ub3RhcnkudmVyaWZpY2F0aW9uUGx1Z2luIjoicGx1Z2luLW5hbWUifQ", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "DwrGzND2JgpkeFASatpp-kBKpgrlt1Io3fbetSB3VUnRb0zWkj3vreKzAFpNBI6MN0lTuIWA3_igTqkYcFq8VFW2VSvWGidARJnzd4WDrCFp7n-Qp9TQPqbkLknZUxT2pFsTw1EF_plyAdJmRwbJikwvc2RkxW1Bz6fAcagJEul4lm6j2Yq4iTE8xThjn1ih7_9XMQ9I1f79CK3CTdu9jCrlQbyC1wEI9btyx-91OJ2V1oeGVtasNvRhA1ttVS3h7EQvzcJ9eKdEHPCVK6j5X7xvbjz40Z2kouZAb3ve9jsYZquMx6krrwAh4JPwUDJGT2x6ujdIIU6QioJgbOqRLdyYYERHqhO3P3FAsIJqIwtupMkcSJZJrMlzdi_nuHPHvy9ToQTW5z98LSQHqHtmWf4JdfVGq5iOWwrwLO4QINi716wcqiVp8srd2VdpoxvA5nnT2zzukzSXXVFj3V7XcqWutQoM3ihfw-aWDLU_OBo7aaSLaZUXhYkLsB3pHX1G" 12 | } 13 | -------------------------------------------------------------------------------- /internal/mock/testdata/sa_valid_sig_env.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload": "eyJ0YXJnZXRBcnRpZmFjdCI6eyJtZWRpYVR5cGUiOiJhcHBsaWNhdGlvbi92bmQuZG9ja2VyLmRpc3RyaWJ1dGlvbi5tYW5pZmVzdC52Mitqc29uIiwiZGlnZXN0Ijoic2hhMjU2OjYwMDQzY2Y0NWVhZWJjNGMwODY3ZmVhNDg1YTAzOWI1OThmNTJmZDA5ZmQ1YjA3YjBiMmQyZjg4ZmFkOWQ3NGUiLCJzaXplIjo1Mjh9fQ", 3 | "protected": "eyJhbGciOiJQUzM4NCIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSIsImlvLmNuY2Yubm90YXJ5LmF1dGhlbnRpY1NpZ25pbmdUaW1lIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5Il0sImN0eSI6ImFwcGxpY2F0aW9uL3ZuZC5jbmNmLm5vdGFyeS5wYXlsb2FkLnYxK2pzb24iLCJpby5jbmNmLm5vdGFyeS5hdXRoZW50aWNTaWduaW5nVGltZSI6IjIwMjAtMTEtMDlUMDc6MDA6MDBaIiwiaW8uY25jZi5ub3RhcnkuZXhwaXJ5IjoiMjEyMC0xMS0wOVQwNzowMDowMFoiLCJpby5jbmNmLm5vdGFyeS5zaWduaW5nU2NoZW1lIjoibm90YXJ5Lng1MDkuc2lnbmluZ0F1dGhvcml0eSJ9", 4 | "header": { 5 | "x5c": [ 6 | "MIIEWDCCAsCgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMTAwOTA3MDAwMFoYDzIxMjIwODA2MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwE8YkFUAA0R7aUkRYxHKYoVbFPx9xhuNovLKDy72/7X0+j4XdGP4C0aAX2KLfgy9OR1RIUwtpMyI7k7ZFRd+ljcMW/FgbirfhkY/8axjamOYMBO0Qg+w93oaI6HA1gvZ/WZem4PHu68LlZhLQ2BrQwCz/F/3Ft0IZ2S1aF6N6vajx2le8xTI5hQS+UZFPQGrBUqrjcYc6GkL8XqL+rLGZaKGfh3c7bF9cEbA1H2Tm6MDFnfoFemerbP3v19JoUH+EtOnvYmNZWEU51RaLsNGkC3E/unXAnIfXrNxHDcbehyfa5y3AT10Shiron6O4Bc9S0MvwtXyLT6qein3Nh0VKBFUMSdthu5ZrSR28T9wDWHMXngpa115VjHOQDY3gDPwfzZ0xitN3NpMnivxculGUCkEQpst957tqQNJpS/zipI5Mtej0YOAhVKGQMjDIJekZ2DXDNd1X3xfahrR5VEQF0gnRFhA3vhycDqFj4E6Hoc5y3SxnFqrhX3w2wyFt/xRAgMBAAGjJzAlMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0BAQsFAAOCAYEAAdONCAJxdB7H0uFDw6H+8Z5MtoRdJe6ZhlM2O5WMzkC1DLSyrF7arPnUMTeSyNS2Fx1BU38n5R1wvdgSfWtjm7o2ZyR8JQ+AngPklUCTNeL18kxNNXpmjDuMvsRlfHcr5hherjiQ49jWlpFqGRrNtZQWiVEI0r9Qz8DtZTw3GYF4MSuotA6wuUjolI1V2oMn/gdt8FFo0XUTDyiA12qpZzkUHY1rg3zJxKq3pIk04E7k6rFakHyZL91ipV2UeSbNq9vwLL7cglfPJ8+J+9AKvIPDstDF5k0ivUCYH5fIFZBGoceLiNfHSMcqA/qWfErqLBWAkACRUNyCWpAEv3DfDRbTHId0n6QQwOXj5d9YnDrmOLvQcn/sa+ZBfFMK7RdG9uVwMRyo+sRUnxo+v2lcvYwWymL7ONQqVWZbTJCxuG90Unxa3cQHZiKB5mgKweMft+vp6C3IQFhFfP8j1kvRTJq8ZqSEBADppUuBZJ1KWalwauK0AE4jpHlE0KsYDXiP", 7 | "MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIxMjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZegqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2obqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCkLkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nbcWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXgNQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGjWjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMBAf8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkqhkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6LuHf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+05iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLOWXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gjmhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08LDL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r583OtFLmywl1HRgQkobGgw" 8 | ], 9 | "io.cncf.notary.SigningAgent": "Notation/1.0.0" 10 | }, 11 | "signature": "kqt4plYZgCdPkoVmC-1_JfH7dPUjIQOMaONP6pEucnKC1QiTa7peN83Ka8_0kAvAT3BIZ8CFjVuazioZpjHw-ydRlL3-pgagnENS8Fz2Vfwj9nKJF7mmFGi3R0t6fFFyx_Tw9rtxi4Nsv8y4k-2XLFLeSm1_EEDThHPVMbWE6XJpOIdvr2w3Iq1PsEOVo9QqVOd3FYcGLQAbiAAi_jREYpEKImFqQeY8noUCDOtULPwxbslrglOOBtKouI4OUT0ZtG3tDCBdoZUOAfNgKSlHQutlA0-G6GdBuytCz0ku45DTnGAPS11WwsuPBJfouYlusJuZHmqJTodwEnu2B2AZpLu5wxRUwWOpSyc8ftnSBkiHJWIT3bwatPjlaHoIgwcEsGPRwvFCq7V7yH2yW2uHI1FsiMUHYuWx-hDpLf4Nzag5oc-PyaV3lzsvZZHwy43ilFO-WJOZeDQCWjIZ_U1f4hGsoDkqvoRn-aFZ-pE7Nn99buVRHDjQ6-8-jfJncJaB" 12 | } 13 | -------------------------------------------------------------------------------- /internal/mock/testdata/sig_env_with_metadata.json: -------------------------------------------------------------------------------- 1 | { 2 | "payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJhbm5vdGF0aW9ucyI6eyJpby53YWJiaXQtbmV0d29ya3MuYnVpbGRJZCI6IjEyMyIsImlvLndhYmJpdC1uZXR3b3Jrcy5idWlsZFRpbWUiOiIxNjcyOTQ0NjE1In0sImRpZ2VzdCI6InNoYTI1Njo1YTA3Mzg1YWY0ZTZiNmFmODFiMGViZmQ0MzVhZWRjY2RmYTM1MDdmMDYwOWM2NTgyMDllMWFiYTU3MTU5YjJiIiwibWVkaWFUeXBlIjoiYXBwbGljYXRpb24vdm5kLmRvY2tlci5kaXN0cmlidXRpb24ubWFuaWZlc3QudjIranNvbiIsInNpemUiOjk0Mn19", 3 | "protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDIzLTAxLTExVDEwOjAyOjU0LTA4OjAwIn0", 4 | "header": { 5 | "x5c": [ 6 | "MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExMTAwNTIxMloXDTIzMDExMjAwNTIxMlowWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANH4GCn0bO8LurJvnDh9F6E5iU8MydVw5bypnPlRpP3Mt9AmdWgBYhTegHT9DecA7smkLP3FAZG33Z9c1oxeZaeMnkWmiPGtuGQtXRHoj3+ioe4zH8LKYtCDW2uNs0xaDI1CldDXf4xZGa1mYqXVT1SeYXLwHf2dAL9q6FY98lYLax139PIwJwgEiod1hyIJyQZ2Zf9+IHe+v+Aja0wNLp/w4tO9Q5FR6VNhtmeGL/zPLD8chcj4iBzArsPyos2jBDUwogsEPTYoa6Rtn6IrUyrg4aJ8S3W0qGX7qGPeSY3wbsI63Q7XYQkRrD+cb1yvwt1+YhqN8nnvM/ujVtT+JfsCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQBs475D3dkDhjTksg+ff0zhu2MaO0UR0kVuW+7tLFkgGptfos7Z6WN4xsjpMOL44xYx3DIKHkPybTFFEr75TGsfXUFRjYRoXCYW6L72p53kzR27Im14xiELGQoIw9n0/7ajIh1j4qKg+jP7dNSGg5234QllmZZMiRWl1/X2UlE1TEgJP26vuLKsw0bPsmRPaxoKcAAQxSWuOG5gdpZVw2p08rEwsaleK2Hbh7rIQwyL7JOGrUMYyEXuF/gE72Az4NYBVlLYPE5up/Cuq4bhjpRZ4qmVTQfiDoyhn5gSCJh+1wVewbqS/DECRpKETHTCYtrfrnxsROOkB8jtaSp7vTLk" 7 | ], 8 | "io.cncf.notary.signingAgent":"Notation/1.0.0" 9 | }, 10 | "signature":"Fqe_cSgUlbYXKYz5K-O_iZobcmwUdQVaT_mPsI-fnp2ibsFbWOfokYS-DJboJJJEJyzDH41WWAi9Xxr_yieub3Eq9vD4TIz5iVm7oJxI-x92mqe3MhgeybIQDyivtChmb2ufwmr1bFCtj4girLeYc_kUVj_BZDIUYo8rlx8nyr6ucFsxK-YyNYez9ySeInWCGz-Lce4ySuXCopgiGB-lVAeDzpxBwQHVYacKfvhvoXJgmsw372dBYUVVOHbfK5PX04r2ArpysNpvlPT7iY3t6pUVsRniDNFQ1nh2t7ZttuG9qQMTrpeegAIVDJ4i-PZnLS_8LQmF07Z6rpU8e1E6_Q" 11 | } 12 | -------------------------------------------------------------------------------- /internal/pkix/fuzz_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package pkix 15 | 16 | import ( 17 | "testing" 18 | ) 19 | 20 | func FuzzParseDistinguishedName(f *testing.F) { 21 | f.Fuzz(func(t *testing.T, name string) { 22 | _, _ = ParseDistinguishedName(name) 23 | }) 24 | } 25 | -------------------------------------------------------------------------------- /internal/pkix/pkix.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package pkix 15 | 16 | import ( 17 | "fmt" 18 | "strings" 19 | 20 | ldapv3 "github.com/go-ldap/ldap/v3" 21 | ) 22 | 23 | // ParseDistinguishedName parses a DN name and validates Notary Project rules 24 | func ParseDistinguishedName(name string) (map[string]string, error) { 25 | if strings.Contains(name, "=#") { 26 | return nil, fmt.Errorf("unsupported distinguished name (DN) %q: notation does not support x509.subject identities containing \"=#\"", name) 27 | } 28 | 29 | attrKeyValue := make(map[string]string) 30 | dn, err := ldapv3.ParseDN(name) 31 | if err != nil { 32 | return nil, fmt.Errorf("parsing distinguished name (DN) %q failed with err: %v. A valid DN must contain 'C', 'ST' or 'S', and 'O' RDN attributes at a minimum, and follow RFC 4514 standard", name, err) 33 | } 34 | 35 | for _, rdn := range dn.RDNs { 36 | // multi-valued RDNs are not supported (TODO: add spec reference here) 37 | if len(rdn.Attributes) > 1 { 38 | return nil, fmt.Errorf("distinguished name (DN) %q has multi-valued RDN attributes, remove multi-valued RDN attributes as they are not supported", name) 39 | } 40 | for _, attribute := range rdn.Attributes { 41 | // stateOrProvince name 'S' is an alias for 'ST' 42 | if attribute.Type == "S" { 43 | attribute.Type = "ST" 44 | } 45 | if attrKeyValue[attribute.Type] == "" { 46 | attrKeyValue[attribute.Type] = attribute.Value 47 | } else { 48 | return nil, fmt.Errorf("distinguished name (DN) %q has duplicate RDN attribute for %q, DN can only have unique RDN attributes", name, attribute.Type) 49 | } 50 | } 51 | } 52 | 53 | // Verify mandatory fields are present 54 | mandatoryFields := []string{"C", "ST", "O"} 55 | for _, field := range mandatoryFields { 56 | if attrKeyValue[field] == "" { 57 | return nil, fmt.Errorf("distinguished name (DN) %q has no mandatory RDN attribute for %q, it must contain 'C', 'ST' or 'S', and 'O' RDN attributes at a minimum", name, field) 58 | } 59 | } 60 | 61 | // No errors 62 | return attrKeyValue, nil 63 | } 64 | 65 | // IsSubsetDN returns true if dn1 is a subset of dn2 i.e. every key/value pair 66 | // of dn1 has a matching key/value pair in dn2, otherwise returns false 67 | func IsSubsetDN(dn1 map[string]string, dn2 map[string]string) bool { 68 | for key := range dn1 { 69 | if dn1[key] != dn2[key] { 70 | return false 71 | } 72 | } 73 | return true 74 | } 75 | -------------------------------------------------------------------------------- /internal/pkix/pkix_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package pkix 15 | 16 | import "testing" 17 | 18 | func TestParseDistinguishedName(t *testing.T) { 19 | // Test cases 20 | tests := []struct { 21 | name string 22 | input string 23 | wantErr bool 24 | }{ 25 | { 26 | name: "valid DN", 27 | input: "C=US,ST=California,O=Notary Project", 28 | wantErr: false, 29 | }, 30 | { 31 | name: "valid DN with State alias", 32 | input: "C=US,S=California,O=Notary Project", 33 | wantErr: false, 34 | }, 35 | { 36 | name: "invalid DN", 37 | input: "C=US,ST=California", 38 | wantErr: true, 39 | }, 40 | { 41 | name: "invalid DN without State", 42 | input: "C=US,O=Notary Project", 43 | wantErr: true, 44 | }, 45 | { 46 | name: "invalid DN without State", 47 | input: "invalid", 48 | wantErr: true, 49 | }, 50 | { 51 | name: "duplicate RDN attribute", 52 | input: "C=US,ST=California,O=Notary Project,S=California", 53 | wantErr: true, 54 | }, 55 | { 56 | name: "unsupported DN =#", 57 | input: "C=US,ST=California,O=Notary Project=#", 58 | wantErr: true, 59 | }, 60 | { 61 | name: "multi-valued RDN attributes", 62 | input: "OU=Sales+CN=J. Smith,DC=example,DC=net", 63 | wantErr: true, 64 | }, 65 | } 66 | 67 | // Run tests 68 | for _, tt := range tests { 69 | t.Run(tt.name, func(t *testing.T) { 70 | _, err := ParseDistinguishedName(tt.input) 71 | if tt.wantErr != (err != nil) { 72 | t.Errorf("ParseDistinguishedName() error = %v, wantErr %v", err, tt.wantErr) 73 | } 74 | }) 75 | } 76 | } 77 | 78 | func TestIsSubsetDN(t *testing.T) { 79 | // Test cases 80 | tests := []struct { 81 | name string 82 | dn1 map[string]string 83 | dn2 map[string]string 84 | want bool 85 | }{ 86 | { 87 | name: "subset DN", 88 | dn1: map[string]string{ 89 | "C": "US", 90 | "ST": "California", 91 | "O": "Notary Project", 92 | }, 93 | dn2: map[string]string{ 94 | "C": "US", 95 | "ST": "California", 96 | "O": "Notary Project", 97 | "L": "Los Angeles", 98 | }, 99 | want: true, 100 | }, 101 | { 102 | name: "not subset DN", 103 | dn1: map[string]string{ 104 | "C": "US", 105 | "ST": "California", 106 | "O": "Notary Project", 107 | }, 108 | dn2: map[string]string{ 109 | "C": "US", 110 | "ST": "California", 111 | "O": "Notary Project 2", 112 | "L": "Los Angeles", 113 | "CN": "Notary", 114 | }, 115 | want: false, 116 | }, 117 | { 118 | name: "not subset DN 2", 119 | dn1: map[string]string{ 120 | "C": "US", 121 | "ST": "California", 122 | "O": "Notary Project", 123 | "CN": "Notary", 124 | }, 125 | dn2: map[string]string{ 126 | "C": "US", 127 | "ST": "California", 128 | "O": "Notary Project", 129 | "L": "Los Angeles", 130 | }, 131 | want: false, 132 | }, 133 | } 134 | 135 | // Run tests 136 | for _, tt := range tests { 137 | t.Run(tt.name, func(t *testing.T) { 138 | if got := IsSubsetDN(tt.dn1, tt.dn2); got != tt.want { 139 | t.Errorf("IsSubsetDN() = %v, want %v", got, tt.want) 140 | } 141 | }) 142 | } 143 | } 144 | -------------------------------------------------------------------------------- /internal/semver/semver.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package semver provides functions related to semanic version. 15 | // This package is based on "golang.org/x/mod/semver" 16 | package semver 17 | 18 | import ( 19 | "fmt" 20 | "regexp" 21 | 22 | "golang.org/x/mod/semver" 23 | ) 24 | 25 | // semVerRegEx is taken from https://semver.org/#is-there-a-suggested-regular-expression-regex-to-check-a-semver-string 26 | var semVerRegEx = regexp.MustCompile(`^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(?:-((?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(?:\.(?:0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*))?(?:\+([0-9a-zA-Z-]+(?:\.[0-9a-zA-Z-]+)*))?$`) 27 | 28 | // IsValid returns true if version is a valid semantic version 29 | func IsValid(version string) bool { 30 | return semVerRegEx.MatchString(version) 31 | } 32 | 33 | // ComparePluginVersion validates and compares two plugin semantic versions. 34 | // 35 | // The result will be 0 if v == w, -1 if v < w, or +1 if v > w. 36 | func ComparePluginVersion(v, w string) (int, error) { 37 | // sanity check 38 | if !IsValid(v) { 39 | return 0, fmt.Errorf("%s is not a valid semantic version", v) 40 | } 41 | if !IsValid(w) { 42 | return 0, fmt.Errorf("%s is not a valid semantic version", w) 43 | } 44 | 45 | // golang.org/x/mod/semver requires semantic version strings must begin 46 | // with a leading "v". Adding prefix "v" to the inputs. 47 | // Reference: https://pkg.go.dev/golang.org/x/mod/semver#pkg-overview 48 | return semver.Compare("v"+v, "v"+w), nil 49 | } 50 | -------------------------------------------------------------------------------- /internal/semver/semver_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package semver 15 | 16 | import "testing" 17 | 18 | func TestComparePluginVersion(t *testing.T) { 19 | t.Run("compare with lower version", func(t *testing.T) { 20 | comp, err := ComparePluginVersion("1.0.0", "1.0.1") 21 | if err != nil || comp >= 0 { 22 | t.Fatal("expected nil err and negative comp") 23 | } 24 | }) 25 | 26 | t.Run("compare with equal version", func(t *testing.T) { 27 | comp, err := ComparePluginVersion("1.0.1", "1.0.1") 28 | if err != nil || comp != 0 { 29 | t.Fatal("expected nil err and comp equal to 0") 30 | } 31 | }) 32 | 33 | t.Run("failed due to invalid semantic version", func(t *testing.T) { 34 | expectedErrMsg := "v1.0.0 is not a valid semantic version" 35 | _, err := ComparePluginVersion("v1.0.0", "1.0.1") 36 | if err == nil || err.Error() != expectedErrMsg { 37 | t.Fatalf("expected err %s, but got %s", expectedErrMsg, err) 38 | } 39 | }) 40 | } 41 | -------------------------------------------------------------------------------- /internal/slices/slices.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package slices 15 | 16 | // Contains reports whether v is present in s. 17 | func Contains[E comparable](s []E, v E) bool { 18 | for _, vs := range s { 19 | if v == vs { 20 | return true 21 | } 22 | } 23 | return false 24 | } 25 | 26 | // ContainsAny reports whether v is present in s 27 | func ContainsAny(s []any, v any) bool { 28 | for _, vs := range s { 29 | if vs == v { 30 | return true 31 | } 32 | } 33 | return false 34 | } 35 | 36 | // Delete removes element at index i from slice s and 37 | // returns the modified slice. 38 | func Delete[T any](s []T, i int) []T { 39 | return append(s[:i], s[i+1:]...) 40 | } 41 | 42 | type isser interface { 43 | Is(string) bool 44 | } 45 | 46 | // IndexIsser returns the index of the first occurrence of name in s, 47 | // or -1 if not present. 48 | func IndexIsser[E isser](s []E, name string) int { 49 | for i, v := range s { 50 | if v.Is(name) { 51 | return i 52 | } 53 | } 54 | return -1 55 | } 56 | 57 | // ContainsIsser reports whether name is present in s. 58 | func ContainsIsser[E isser](s []E, name string) bool { 59 | return IndexIsser(s, name) >= 0 60 | } 61 | -------------------------------------------------------------------------------- /internal/testdata/cose_signature.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/internal/testdata/cose_signature.sig -------------------------------------------------------------------------------- /internal/testdata/jws_signature.sig: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6MTlkYmQyZTQ4ZTkyMTQyNmVlOGFjZTRkYzg5MmVkZmIyZWNkYzFkMWE3MmQ1NDE2YzgzNjcwYzMwYWNlY2VmMCIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5vY2kuaW1hZ2UubWFuaWZlc3QudjEranNvbiIsInNpemUiOjQ4MX19","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDIzLTAzLTE0VDE2OjEwOjAyKzA4OjAwIn0","header":{"x5c":["MIIDQDCCAiigAwIBAgIBUTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEPMA0GA1UEAxMGYWxwaW5lMCAXDTAwMDgyOTEzNTAwMFoYDzIxMjMwODI5MTM1MDAwWjBOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEPMA0GA1UEAxMGYWxwaW5lMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAocg3qEsyNDDLfB8OHD4dhi+M1NPK1Asy5NX84c+gvacZuoPLTwmpOfm6nPt7GPPB9G7S6xxhFNbRxTYfYUjK+kaCj38XjBRf5lGewbSJKVkxQ82/axU70ceSW3JpazrageN9JUTZ/Jfi4MfnipITwcmMoiij8eGrHskjyVyZbJd0WMMKRDWVhLPUiPMVWt/4d7YtZItzacaQKtXmXgsTCTWpIols3gftNYjrQoMsUelUdD8vOAWN9J28/SyC+uSh/K1KfyUlbqufn4di8DEBxntP5wnXYbJL1jtjsUgExAVjQxT1zI59X36m3t3YKqCQh1cud02L5onObY6zj57N6QIDAQABoycwJTAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEBAC8AjBLy7EsRpi6oguCdFSb6nRGjvF17N+b6mDb3sARnB8T1pxvzTT26ya+AyWR+jjodEwbMIS+13lV+9qT2LwqlbOUNY519Pa2GRRY72JjeowWI3iKkKaMzfZUB7lRTGXdEuZApLbTO/3JVcR9ffu00N1UaAP9YGElSt4JDJYA9M+d/Qto+HiIsE0Kj+jdnwIYovPPOlryKOLfFb/r1GEq7n63xFZz83iyWNaZdsJ5N3YHxdOpkbBbCalOEBDJTjQKqeAYBLoANNU0OBslmqHCSBTEnhbqJHN6QKyF09ScOl5LwM1QsTl0UY5siGLAfj/jSf9OH9VLTPHOS8/N0Ka4="],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"eac34SOR2yT0jJcqu2Kd_3TxOBLhRU06RW1ue39Yg_VJeB2v0hYMy-Ufb-q1edcmh9S6LwXX9yRe4xeWaH-rjO_34q3e3nhSYV2dMUx78uQs2Np_6QhdEr0RZwZw9Vw0Jxr-FuMD7gBGdIQlJKbA7HHzBV9B0Gyy6I_SWnQuXtoOBEsFVFHJrT6UeZd2LrUcNRtqvkwjP0Hydx1RwPJMiGHu-K2sCBMeZuRRMhOqDyC9ArqapcnHgu0Cemoiur1zADm2MdUBvqkUsfc6Ogh9gknfDEpO4z66Kogt4zA7hqCl2d_nKKY4rIIIsrGUDZ0C3d7eWLP_YRordU6Mbs2ozg"} -------------------------------------------------------------------------------- /internal/testdata/oci-layout/blobs/sha256/19dbd2e48e921426ee8ace4dc892edfb2ecdc1d1a72d5416c83670c30acecef0: -------------------------------------------------------------------------------- 1 | { 2 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 3 | "schemaVersion": 2, 4 | "config": { 5 | "mediaType": "application/vnd.oci.image.config.v1+json", 6 | "digest": "sha256:572996c3caeacea40b947911a9dda21516c082b5a64af30048a02a6f5eb956d4", 7 | "size": 1035 8 | }, 9 | "layers": [ 10 | { 11 | "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", 12 | "digest": "sha256:63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c", 13 | "size": 3374446 14 | } 15 | ] 16 | } -------------------------------------------------------------------------------- /internal/testdata/oci-layout/blobs/sha256/572996c3caeacea40b947911a9dda21516c082b5a64af30048a02a6f5eb956d4: -------------------------------------------------------------------------------- 1 | {"architecture":"amd64","config":{"Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"],"Cmd":["/bin/bash"],"ArgsEscaped":true,"OnBuild":null},"created":"2023-02-11T04:46:42.558343068Z","history":[{"created":"2023-02-11T04:46:42.449083344Z","created_by":"/bin/sh -c #(nop) ADD file:40887ab7c06977737e63c215c9bd297c0c74de8d12d16ebdf1c3d40ac392f62d in / "},{"created":"2023-02-11T04:46:42.558343068Z","created_by":"/bin/sh -c #(nop) CMD [\"/bin/sh\"]","empty_layer":true},{"created":"2023-02-11T04:46:42.558343068Z","created_by":"CMD [\"/bin/bash\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"moby.buildkit.buildinfo.v1":"eyJmcm9udGVuZCI6ImRvY2tlcmZpbGUudjAiLCJzb3VyY2VzIjpbeyJ0eXBlIjoiZG9ja2VyLWltYWdlIiwicmVmIjoiZG9ja2VyLmlvL2xpYnJhcnkvYWxwaW5lOmxhdGVzdCIsInBpbiI6InNoYTI1Njo2OTY2NWQwMmNiMzIxOTJlNTJlMDc2NDRkNzZiYzZmMjVhYmViNTQxMGVkYzFjN2E4MWExMGJhM2YwZWZiOTBhIn1dfQ==","os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:7cd52847ad775a5ddc4b58326cf884beee34544296402c6292ed76474c686d39"]}} -------------------------------------------------------------------------------- /internal/testdata/oci-layout/blobs/sha256/63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/internal/testdata/oci-layout/blobs/sha256/63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c -------------------------------------------------------------------------------- /internal/testdata/oci-layout/index.json: -------------------------------------------------------------------------------- 1 | { 2 | "schemaVersion": 2, 3 | "manifests": [ 4 | { 5 | "mediaType": "application/vnd.oci.image.manifest.v1+json", 6 | "digest": "sha256:19dbd2e48e921426ee8ace4dc892edfb2ecdc1d1a72d5416c83670c30acecef0", 7 | "size": 481, 8 | "annotations": { 9 | "io.containerd.image.name": "docker.io/library/alpine:v2", 10 | "org.opencontainers.image.created": "2023-03-13T02:31:43Z", 11 | "org.opencontainers.image.ref.name": "v2" 12 | }, 13 | "platform": { 14 | "architecture": "amd64", 15 | "os": "linux" 16 | } 17 | } 18 | ] 19 | } -------------------------------------------------------------------------------- /internal/testdata/oci-layout/manifest.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "Config": "blobs/sha256/572996c3caeacea40b947911a9dda21516c082b5a64af30048a02a6f5eb956d4", 4 | "RepoTags": null, 5 | "Layers": [ 6 | "blobs/sha256/63b65145d645c1250c391b2d16ebe53b3747c295ca8ba2fcb6b0cf064a4dc21c" 7 | ] 8 | } 9 | ] -------------------------------------------------------------------------------- /internal/testdata/oci-layout/oci-layout: -------------------------------------------------------------------------------- 1 | {"imageLayoutVersion":"1.0.0"} -------------------------------------------------------------------------------- /internal/trustpolicy/trustpolicy.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package trustpolicy 15 | 16 | const ( 17 | Wildcard = "*" 18 | X509Subject = "x509.subject" 19 | ) 20 | -------------------------------------------------------------------------------- /log/log.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package log provides logging functionality to notation. 15 | // Users who want to enable logging option in notation should implement the 16 | // log.Logger interface and include it in context by calling log.WithLogger. 17 | // 3rd party loggers that implement log.Logger: github.com/uber-go/zap.SugaredLogger 18 | // and github.com/sirupsen/logrus.Logger. 19 | package log 20 | 21 | import "context" 22 | 23 | type contextKey int 24 | 25 | // loggerKey is the associated key type for logger entry in context. 26 | const loggerKey contextKey = iota 27 | 28 | // Discard is a discardLogger that is used to disenable logging in notation. 29 | var Discard Logger = &discardLogger{} 30 | 31 | // Logger is implemented by users and/or 3rd party loggers. 32 | // For example, github.com/uber-go/zap.SugaredLogger 33 | // and github.com/sirupsen/logrus.Logger. 34 | type Logger interface { 35 | // Debug logs a debug level message. 36 | Debug(args ...interface{}) 37 | 38 | // Debugf logs a debug level message with format. 39 | Debugf(format string, args ...interface{}) 40 | 41 | // Debugln logs a debug level message. Spaces are always added between 42 | // operands. 43 | Debugln(args ...interface{}) 44 | 45 | // Info logs an info level message. 46 | Info(args ...interface{}) 47 | 48 | // Infof logs an info level message with format. 49 | Infof(format string, args ...interface{}) 50 | 51 | // Infoln logs an info level message. Spaces are always added between 52 | // operands. 53 | Infoln(args ...interface{}) 54 | 55 | // Warn logs a warn level message. 56 | Warn(args ...interface{}) 57 | 58 | // Warnf logs a warn level message with format. 59 | Warnf(format string, args ...interface{}) 60 | 61 | // Warnln logs a warn level message. Spaces are always added between 62 | // operands. 63 | Warnln(args ...interface{}) 64 | 65 | // Error logs an error level message. 66 | Error(args ...interface{}) 67 | 68 | // Errorf logs an error level message with format. 69 | Errorf(format string, args ...interface{}) 70 | 71 | // Errorln logs an error level message. Spaces are always added between 72 | // operands. 73 | Errorln(args ...interface{}) 74 | } 75 | 76 | // WithLogger is used by callers to set the Logger in the context. 77 | // It enables logging option in notation. 78 | func WithLogger(ctx context.Context, logger Logger) context.Context { 79 | return context.WithValue(ctx, loggerKey, logger) 80 | } 81 | 82 | // GetLogger is used to retrieve the Logger from the context. 83 | func GetLogger(ctx context.Context) Logger { 84 | if logger, ok := ctx.Value(loggerKey).(Logger); ok { 85 | return logger 86 | } 87 | return Discard 88 | } 89 | 90 | // discardLogger implements Logger but logs nothing. It is used when user 91 | // disenabled logging option in notation, i.e. loggerKey is not in the context. 92 | type discardLogger struct{} 93 | 94 | func (dl *discardLogger) Debug(args ...interface{}) { 95 | } 96 | 97 | func (dl *discardLogger) Debugf(format string, args ...interface{}) { 98 | } 99 | 100 | func (dl *discardLogger) Debugln(args ...interface{}) { 101 | } 102 | 103 | func (dl *discardLogger) Info(args ...interface{}) { 104 | } 105 | 106 | func (dl *discardLogger) Infof(format string, args ...interface{}) { 107 | } 108 | 109 | func (dl *discardLogger) Infoln(args ...interface{}) { 110 | } 111 | 112 | func (dl *discardLogger) Warn(args ...interface{}) { 113 | } 114 | 115 | func (dl *discardLogger) Warnf(format string, args ...interface{}) { 116 | } 117 | 118 | func (dl *discardLogger) Warnln(args ...interface{}) { 119 | } 120 | 121 | func (dl *discardLogger) Error(args ...interface{}) { 122 | } 123 | 124 | func (dl *discardLogger) Errorf(format string, args ...interface{}) { 125 | } 126 | 127 | func (dl *discardLogger) Errorln(args ...interface{}) { 128 | } 129 | -------------------------------------------------------------------------------- /log/log_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package log provides logging functionality to notation. 15 | // Users who want to enable logging option in notation should implement the 16 | // log.Logger interface and include it in context by calling log.WithLogger. 17 | // 3rd party loggers that implement log.Logger: github.com/uber-go/zap.SugaredLogger 18 | // and github.com/sirupsen/logrus.Logger. 19 | package log 20 | 21 | import ( 22 | "context" 23 | "testing" 24 | ) 25 | 26 | func TestWithLoggerAndGetLogger(t *testing.T) { 27 | tl := &discardLogger{} 28 | ctx := WithLogger(context.Background(), tl) 29 | 30 | if got := GetLogger(ctx); got != tl { 31 | t.Errorf("GetLogger() = %v, want %v", got, tl) 32 | } 33 | } 34 | 35 | func TestGetLoggerWithNoLogger(t *testing.T) { 36 | ctx := context.Background() 37 | 38 | if got := GetLogger(ctx); got != Discard { 39 | t.Errorf("GetLogger() = %v, want Discard", got) 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /plugin/errors.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package plugin 15 | 16 | import "errors" 17 | 18 | // ErrNotCompliant is returned by plugin methods when the response is not 19 | // compliant. 20 | var ErrNotCompliant = errors.New("plugin not compliant") 21 | 22 | // ErrNotRegularFile is returned when the plugin file is not an regular file. 23 | var ErrNotRegularFile = errors.New("plugin executable file is not a regular file") 24 | 25 | // PluginDowngradeError is returned when installing a plugin with version 26 | // lower than the exisiting plugin version. 27 | type PluginDowngradeError struct { 28 | Msg string 29 | } 30 | 31 | // Error returns the error message. 32 | func (e PluginDowngradeError) Error() string { 33 | if e.Msg != "" { 34 | return e.Msg 35 | } 36 | return "installing plugin with version lower than the existing plugin version" 37 | } 38 | 39 | // InstallEqualVersionError is returned when installing a plugin with version 40 | // equal to the exisiting plugin version. 41 | type InstallEqualVersionError struct { 42 | Msg string 43 | } 44 | 45 | // Error returns the error message. 46 | func (e InstallEqualVersionError) Error() string { 47 | if e.Msg != "" { 48 | return e.Msg 49 | } 50 | return "installing plugin with version equal to the existing plugin version" 51 | } 52 | 53 | // PluginMalformedError is used when there is an issue with plugin and 54 | // should be fixed by plugin developers. 55 | type PluginMalformedError struct { 56 | Msg string 57 | InnerError error 58 | } 59 | 60 | // Error returns the error message. 61 | func (e PluginMalformedError) Error() string { 62 | if e.Msg != "" { 63 | return e.Msg 64 | } 65 | return e.InnerError.Error() 66 | } 67 | 68 | // Unwrap returns the inner error. 69 | func (e PluginMalformedError) Unwrap() error { 70 | return e.InnerError 71 | } 72 | 73 | // PluginDirectoryWalkError is used when there is an issue with plugins directory 74 | // and should suggest user to check the permission of plugin directory. 75 | type PluginDirectoryWalkError error 76 | 77 | // PluginExecutableFileError is used when there is an issue with plugin 78 | // executable file and should suggest user to check the existence, permission 79 | // and platform/arch compatibility of plugin. 80 | type PluginExecutableFileError struct { 81 | Msg string 82 | InnerError error 83 | } 84 | 85 | // Error returns the error message. 86 | func (e PluginExecutableFileError) Error() string { 87 | if e.Msg != "" { 88 | return e.Msg 89 | } 90 | return e.InnerError.Error() 91 | } 92 | 93 | // Unwrap returns the inner error. 94 | func (e PluginExecutableFileError) Unwrap() error { 95 | return e.InnerError 96 | } 97 | -------------------------------------------------------------------------------- /plugin/integration_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package plugin 15 | 16 | import ( 17 | "context" 18 | "io" 19 | "os" 20 | "os/exec" 21 | "path/filepath" 22 | "reflect" 23 | "testing" 24 | 25 | "github.com/notaryproject/notation-go/dir" 26 | "github.com/notaryproject/notation-plugin-framework-go/plugin" 27 | ) 28 | 29 | var exampleMetadata = plugin.GetMetadataResponse{ 30 | Name: "foo", 31 | Description: "friendly", 32 | Version: "1", 33 | URL: "example.com", 34 | SupportedContractVersions: []string{"1.0"}, 35 | Capabilities: []plugin.Capability{"cap"}} 36 | 37 | func preparePlugin(t *testing.T) string { 38 | root := t.TempDir() 39 | src, err := os.Open("./testdata/main.go") 40 | if err != nil { 41 | t.Fatal(err) 42 | } 43 | defer src.Close() 44 | 45 | dst, err := os.Create(filepath.Join(root, "main.go")) 46 | if err != nil { 47 | t.Fatal(err) 48 | } 49 | defer dst.Close() 50 | _, err = io.Copy(dst, src) 51 | if err != nil { 52 | t.Fatal(err) 53 | } 54 | err = os.WriteFile(filepath.Join(root, "go.mod"), []byte("module main"), 0600) 55 | if err != nil { 56 | t.Fatal(err) 57 | } 58 | err = os.Mkdir(filepath.Join(root, "foo"), 0700) 59 | if err != nil { 60 | t.Fatal(err) 61 | } 62 | out := filepath.Join(root, "foo", binName("foo")) 63 | cmd := exec.Command("go", "build", "-o", out) 64 | cmd.Dir = root 65 | err = cmd.Run() 66 | if err != nil { 67 | t.Fatal(err) 68 | } 69 | return root 70 | } 71 | 72 | func TestIntegration(t *testing.T) { 73 | if _, err := exec.LookPath("go"); err != nil { 74 | t.Skip() 75 | } 76 | root := preparePlugin(t) 77 | fsys := dir.NewSysFS(root) 78 | mgr := NewCLIManager(fsys) 79 | 80 | // check list 81 | plugins, err := mgr.List(context.Background()) 82 | if err != nil { 83 | t.Fatal(err) 84 | } 85 | if len(plugins) != 1 { 86 | t.Fatalf("Manager.List() len got %d, want 1", len(plugins)) 87 | } 88 | 89 | // validate and create 90 | pl, err := mgr.Get(context.Background(), "foo") 91 | if err != nil { 92 | t.Fatal(err) 93 | } 94 | metadata, err := pl.GetMetadata(context.Background(), &plugin.GetMetadataRequest{}) 95 | if err != nil { 96 | t.Fatal(err) 97 | } 98 | 99 | if !reflect.DeepEqual(&exampleMetadata, metadata) { 100 | t.Fatalf("Metadata error. want: %+v, got: %+v", exampleMetadata, metadata) 101 | } 102 | } 103 | -------------------------------------------------------------------------------- /plugin/manager_unix.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | //go:build !windows 15 | // +build !windows 16 | 17 | package plugin 18 | 19 | import ( 20 | "fmt" 21 | "os" 22 | "strings" 23 | 24 | "github.com/notaryproject/notation-plugin-framework-go/plugin" 25 | ) 26 | 27 | func binName(name string) string { 28 | return plugin.BinaryPrefix + name 29 | } 30 | 31 | // isExecutableFile checks if a file at filePath is user executable 32 | func isExecutableFile(filePath string) (bool, error) { 33 | fi, err := os.Stat(filePath) 34 | if err != nil { 35 | return false, err 36 | } 37 | mode := fi.Mode() 38 | if !mode.IsRegular() { 39 | return false, ErrNotRegularFile 40 | } 41 | return mode.Perm()&0100 != 0, nil 42 | } 43 | 44 | // parsePluginName checks if fileName is a valid plugin file name 45 | // and gets plugin name from it based on spec: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md#installation 46 | func parsePluginName(fileName string) (string, error) { 47 | pluginName, found := strings.CutPrefix(fileName, plugin.BinaryPrefix) 48 | if !found || pluginName == "" { 49 | return "", fmt.Errorf("invalid plugin executable file name. Plugin file name requires format notation-{plugin-name}, but got %s", fileName) 50 | } 51 | return pluginName, nil 52 | } 53 | 54 | // setExecutable sets file to be user executable 55 | func setExecutable(filePath string) error { 56 | fileInfo, err := os.Stat(filePath) 57 | if err != nil { 58 | return err 59 | } 60 | return os.Chmod(filePath, fileInfo.Mode()|os.FileMode(0100)) 61 | } 62 | -------------------------------------------------------------------------------- /plugin/manager_windows.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package plugin 15 | 16 | import ( 17 | "fmt" 18 | "os" 19 | "path/filepath" 20 | "strings" 21 | 22 | "github.com/notaryproject/notation-go/internal/file" 23 | "github.com/notaryproject/notation-plugin-framework-go/plugin" 24 | ) 25 | 26 | func binName(name string) string { 27 | return plugin.BinaryPrefix + name + ".exe" 28 | } 29 | 30 | // isExecutableFile checks if a file at filePath is executable 31 | func isExecutableFile(filePath string) (bool, error) { 32 | fi, err := os.Stat(filePath) 33 | if err != nil { 34 | return false, err 35 | } 36 | if !fi.Mode().IsRegular() { 37 | return false, ErrNotRegularFile 38 | } 39 | return strings.EqualFold(filepath.Ext(filepath.Base(filePath)), ".exe"), nil 40 | } 41 | 42 | // parsePluginName checks if fileName is a valid plugin file name 43 | // and gets plugin name from it based on spec: https://github.com/notaryproject/specifications/blob/main/specs/plugin-extensibility.md#installation 44 | func parsePluginName(fileName string) (string, error) { 45 | if !strings.EqualFold(filepath.Ext(fileName), ".exe") { 46 | return "", fmt.Errorf("invalid plugin executable file name. Plugin file name requires format notation-{plugin-name}.exe, but got %s", fileName) 47 | } 48 | fname := file.TrimFileExtension(fileName) 49 | pluginName, found := strings.CutPrefix(fname, plugin.BinaryPrefix) 50 | if !found || pluginName == "" { 51 | return "", fmt.Errorf("invalid plugin executable file name. Plugin file name requires format notation-{plugin-name}.exe, but got %s", fileName) 52 | } 53 | return pluginName, nil 54 | } 55 | 56 | // setExecutable returns error on Windows. User needs to install the correct 57 | // plugin file. 58 | func setExecutable(filePath string) error { 59 | return fmt.Errorf(`plugin executable file must have file extension ".exe", but got %q`, filepath.Base(filePath)) 60 | } 61 | -------------------------------------------------------------------------------- /plugin/proto/metadata.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package proto 15 | 16 | import "github.com/notaryproject/notation-plugin-framework-go/plugin" 17 | 18 | // GetMetadataRequest contains the parameters passed in a get-plugin-metadata request. 19 | // 20 | // Deprecated: GetMetadataRequest exists for historical compatibility and should not be used. 21 | // To access GetMetadataRequest, use the notation-plugin-framework-go's [plugin.GetMetadataRequest] type. 22 | type GetMetadataRequest = plugin.GetMetadataRequest 23 | 24 | // GetMetadataResponse provided by the plugin. 25 | // 26 | // Deprecated: GetMetadataResponse exists for historical compatibility and should not be used. 27 | // To access GetMetadataResponse, use the notation-plugin-framework-go's [plugin.GetMetadataResponse] type. 28 | type GetMetadataResponse = plugin.GetMetadataResponse 29 | -------------------------------------------------------------------------------- /plugin/proto/metadata_test.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package proto 15 | 16 | import ( 17 | "testing" 18 | ) 19 | 20 | func TestGetMetadataResponse_HasCapability(t *testing.T) { 21 | type args struct { 22 | capability Capability 23 | } 24 | tests := []struct { 25 | name string 26 | m *GetMetadataResponse 27 | args args 28 | want bool 29 | }{ 30 | {"empty capabilities", &GetMetadataResponse{}, args{"cap"}, false}, 31 | {"other capabilities", &GetMetadataResponse{Capabilities: []Capability{"foo", "baz"}}, args{"cap"}, false}, 32 | {"empty target capability", &GetMetadataResponse{Capabilities: []Capability{"foo", "baz"}}, args{""}, true}, 33 | {"found", &GetMetadataResponse{Capabilities: []Capability{"foo", "baz"}}, args{"baz"}, true}, 34 | } 35 | for _, tt := range tests { 36 | t.Run(tt.name, func(t *testing.T) { 37 | if got := tt.m.HasCapability(tt.args.capability); got != tt.want { 38 | t.Errorf("GetMetadataResponse.HasCapability() = %v, want %v", got, tt.want) 39 | } 40 | }) 41 | } 42 | } 43 | -------------------------------------------------------------------------------- /plugin/proto/sign.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package proto 15 | 16 | import "github.com/notaryproject/notation-plugin-framework-go/plugin" 17 | 18 | // DescribeKeyRequest contains the parameters passed in a describe-key request. 19 | // 20 | // Deprecated: DescribeKeyRequest exists for historical compatibility and should not be used. 21 | // To access DescribeKeyRequest, use the notation-plugin-framework-go's [plugin.DescribeKeyRequest] type. 22 | type DescribeKeyRequest = plugin.DescribeKeyRequest 23 | 24 | // DescribeKeyResponse is the response of a describe-key request. 25 | // 26 | // Deprecated: DescribeKeyResponse exists for historical compatibility and should not be used. 27 | // To access DescribeKeyResponse, use the notation-plugin-framework-go's [plugin.DescribeKeyResponse] type. 28 | type DescribeKeyResponse = plugin.DescribeKeyResponse 29 | 30 | // GenerateSignatureRequest contains the parameters passed in a 31 | // generate-signature request. 32 | // 33 | // Deprecated: GenerateSignatureRequest exists for historical compatibility and should not be used. 34 | // To access GenerateSignatureRequest, use the notation-plugin-framework-go's [plugin.GenerateSignatureRequest] type. 35 | type GenerateSignatureRequest = plugin.GenerateSignatureRequest 36 | 37 | // GenerateSignatureResponse is the response of a generate-signature request. 38 | // 39 | // Deprecated: GenerateSignatureResponse exists for historical compatibility and should not be used. 40 | // To access GenerateSignatureResponse, use the notation-plugin-framework-go's [plugin.GenerateSignatureResponse] type. 41 | type GenerateSignatureResponse = plugin.GenerateSignatureResponse 42 | 43 | // GenerateEnvelopeRequest contains the parameters passed in a generate-envelope 44 | // request. 45 | // 46 | // Deprecated: GenerateEnvelopeRequest exists for historical compatibility and should not be used. 47 | // To access GenerateEnvelopeRequest, use the notation-plugin-framework-go's [plugin.GenerateEnvelopeRequest] type. 48 | type GenerateEnvelopeRequest = plugin.GenerateEnvelopeRequest 49 | 50 | // GenerateEnvelopeResponse is the response of a generate-envelope request. 51 | // 52 | // Deprecated: GenerateEnvelopeResponse exists for historical compatibility and should not be used. 53 | // To access GenerateEnvelopeResponse, use the notation-plugin-framework-go's [plugin.GenerateEnvelopeResponse] type. 54 | type GenerateEnvelopeResponse = plugin.GenerateEnvelopeResponse 55 | -------------------------------------------------------------------------------- /plugin/proto/verify.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package proto 15 | 16 | import ( 17 | "github.com/notaryproject/notation-plugin-framework-go/plugin" 18 | ) 19 | 20 | // VerifySignatureRequest contains the parameters passed in a verify-signature 21 | // request. 22 | // 23 | // Deprecated: VerifySignatureRequest exists for historical compatibility and should not be used. 24 | // To access VerifySignatureRequest, use the notation-plugin-framework-go'[s plugin.VerifySignatureRequest] type. 25 | type VerifySignatureRequest = plugin.VerifySignatureRequest 26 | 27 | // Signature represents a signature pulled from the envelope 28 | // 29 | // Deprecated: Signature exists for historical compatibility and should not be used. 30 | // To access Signature, use the notation-plugin-framework-go's [plugin.Signature] type. 31 | type Signature = plugin.Signature 32 | 33 | // CriticalAttributes contains all Notary Project defined critical 34 | // attributes and their values in the signature envelope 35 | // 36 | // Deprecated: CriticalAttributes exists for historical compatibility and should not be used. 37 | // To access CriticalAttributes, use the notation-plugin-framework-go's [plugin.CriticalAttributes] type. 38 | type CriticalAttributes = plugin.CriticalAttributes 39 | 40 | // TrustPolicy represents trusted identities that sign the artifacts 41 | // 42 | // Deprecated: TrustPolicy exists for historical compatibility and should not be used. 43 | // To access TrustPolicy, use the notation-plugin-framework-go's [plugin.TrustPolicy] type. 44 | type TrustPolicy = plugin.TrustPolicy 45 | 46 | // VerifySignatureResponse is the response of a verify-signature request. 47 | // 48 | // Deprecated: VerifySignatureResponse exists for historical compatibility and should not be used. 49 | // To access VerifySignatureResponse, use the notation-plugin-framework-go's [plugin.VerifySignatureResponse] type. 50 | type VerifySignatureResponse = plugin.VerifySignatureResponse 51 | 52 | // VerificationResult is the result of a verification performed by the plugin. 53 | // 54 | // Deprecated: VerificationResult exists for historical compatibility and should not be used. 55 | // To access VerificationResult, use the notation-plugin-framework-go's [plugin.VerificationResult] type. 56 | type VerificationResult = plugin.VerificationResult 57 | -------------------------------------------------------------------------------- /plugin/testdata/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "encoding/json" 5 | "flag" 6 | "os" 7 | ) 8 | 9 | func main() { 10 | flag.Parse() 11 | if flag.NArg() < 1 { 12 | os.Exit(1) 13 | } 14 | if flag.Arg(0) == "get-plugin-metadata" { 15 | // This does not import notation-go/plugin to simplify testing setup. 16 | m := struct { 17 | Name string `json:"name"` 18 | Description string `json:"description"` 19 | Version string `json:"version"` 20 | URL string `json:"url"` 21 | SupportedContractVersions []string `json:"supportedContractVersions"` 22 | Capabilities []string `json:"capabilities"` 23 | }{Name: "foo", Description: "friendly", Version: "1", URL: "example.com", SupportedContractVersions: []string{"1.0"}, Capabilities: []string{"cap"}} 24 | data, err := json.Marshal(&m) 25 | if err != nil { 26 | panic(err) 27 | } 28 | os.Stdout.Write(data) 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /plugin/testdata/plugins/badplugin/notation-badplugin/badplugin: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/plugin/testdata/plugins/badplugin/notation-badplugin/badplugin -------------------------------------------------------------------------------- /plugin/testdata/plugins/foo/libfoo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/plugin/testdata/plugins/foo/libfoo -------------------------------------------------------------------------------- /plugin/testdata/plugins/foo/notation-foo: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/plugin/testdata/plugins/foo/notation-foo -------------------------------------------------------------------------------- /registry/interface.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | // Package registry provides access to signatures in a registry 15 | package registry 16 | 17 | import ( 18 | "context" 19 | 20 | ocispec "github.com/opencontainers/image-spec/specs-go/v1" 21 | ) 22 | 23 | // Repository provides registry functionalities for storage and retrieval 24 | // of signature. 25 | type Repository interface { 26 | // Resolve resolves a reference(tag or digest) to a manifest descriptor 27 | Resolve(ctx context.Context, reference string) (ocispec.Descriptor, error) 28 | 29 | // ListSignatures returns signature manifests filtered by fn given the 30 | // target artifact's manifest descriptor 31 | ListSignatures(ctx context.Context, desc ocispec.Descriptor, fn func(signatureManifests []ocispec.Descriptor) error) error 32 | 33 | // FetchSignatureBlob returns signature envelope blob and descriptor for 34 | // given signature manifest descriptor 35 | FetchSignatureBlob(ctx context.Context, desc ocispec.Descriptor) ([]byte, ocispec.Descriptor, error) 36 | 37 | // PushSignature creates and uploads an signature manifest along with its 38 | // linked signature envelope blob. 39 | PushSignature(ctx context.Context, mediaType string, blob []byte, subject ocispec.Descriptor, annotations map[string]string) (blobDesc, manifestDesc ocispec.Descriptor, err error) 40 | } 41 | -------------------------------------------------------------------------------- /registry/internal/artifactspec/artifact.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package artifactspec 15 | 16 | import ocispec "github.com/opencontainers/image-spec/specs-go/v1" 17 | 18 | // MediaTypeArtifactManifest specifies the media type for a content descriptor. 19 | const MediaTypeArtifactManifest = "application/vnd.oci.artifact.manifest.v1+json" 20 | 21 | // Artifact describes an artifact manifest. 22 | // This structure provides `application/vnd.oci.artifact.manifest.v1+json` mediatype when marshalled to JSON. 23 | // 24 | // This manifest type was introduced in image-spec v1.1.0-rc1 and was removed in 25 | // image-spec v1.1.0-rc3. It is not part of the current image-spec and is kept 26 | // here for Go compatibility. 27 | // 28 | // Reference: https://github.com/opencontainers/image-spec/pull/999 29 | type Artifact struct { 30 | // MediaType is the media type of the object this schema refers to. 31 | MediaType string `json:"mediaType"` 32 | 33 | // ArtifactType is the IANA media type of the artifact this schema refers to. 34 | ArtifactType string `json:"artifactType"` 35 | 36 | // Blobs is a collection of blobs referenced by this manifest. 37 | Blobs []ocispec.Descriptor `json:"blobs,omitempty"` 38 | 39 | // Subject (reference) is an optional link from the artifact to another manifest forming an association between the artifact and the other manifest. 40 | Subject *ocispec.Descriptor `json:"subject,omitempty"` 41 | 42 | // Annotations contains arbitrary metadata for the artifact manifest. 43 | Annotations map[string]string `json:"annotations,omitempty"` 44 | } 45 | -------------------------------------------------------------------------------- /registry/mediatype.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package registry 15 | 16 | // ArtifactTypeNotation specifies the artifact type for a notation object. 17 | // spec: https://github.com/notaryproject/specifications/blob/v1.1.0/specs/signature-specification.md#signature 18 | const ArtifactTypeNotation = "application/vnd.cncf.notary.signature" 19 | -------------------------------------------------------------------------------- /signer/testdata/DigiCertTSARootSHA384.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/signer/testdata/DigiCertTSARootSHA384.cer -------------------------------------------------------------------------------- /verifier/testdata/timestamp/countersignature/TimeStampToken.p7s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/countersignature/TimeStampToken.p7s -------------------------------------------------------------------------------- /verifier/testdata/timestamp/countersignature/TimeStampTokenWithInvalidTSTInfo.p7s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/countersignature/TimeStampTokenWithInvalidTSTInfo.p7s -------------------------------------------------------------------------------- /verifier/testdata/timestamp/countersignature/TimeStampTokenWithInvalideContentType.p7s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/countersignature/TimeStampTokenWithInvalideContentType.p7s -------------------------------------------------------------------------------- /verifier/testdata/timestamp/countersignature/TimeStampTokenWithoutCertificate.p7s: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/countersignature/TimeStampTokenWithoutCertificate.p7s -------------------------------------------------------------------------------- /verifier/testdata/timestamp/sigEnv/coseExpiredWithTimestamp.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/sigEnv/coseExpiredWithTimestamp.sig -------------------------------------------------------------------------------- /verifier/testdata/timestamp/sigEnv/coseWithTimestamp.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/sigEnv/coseWithTimestamp.sig -------------------------------------------------------------------------------- /verifier/testdata/timestamp/sigEnv/timestampAfterNotAfter.sig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/timestamp/sigEnv/timestampAfterNotAfter.sig -------------------------------------------------------------------------------- /verifier/testdata/timestamp/sigEnv/withoutTimestamp.sig: -------------------------------------------------------------------------------- 1 | {"payload":"eyJ0YXJnZXRBcnRpZmFjdCI6eyJkaWdlc3QiOiJzaGEyNTY6YzA2NjllZjM0Y2RjMTQzMzJjMGYxYWIwYzJjMDFhY2I5MWQ5NjAxNGIxNzJmMWE3NmYzYTM5ZTYzZDFmMGJkYSIsIm1lZGlhVHlwZSI6ImFwcGxpY2F0aW9uL3ZuZC5kb2NrZXIuZGlzdHJpYnV0aW9uLm1hbmlmZXN0LnYyK2pzb24iLCJzaXplIjo1Mjh9fQ","protected":"eyJhbGciOiJQUzI1NiIsImNyaXQiOlsiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSJdLCJjdHkiOiJhcHBsaWNhdGlvbi92bmQuY25jZi5ub3RhcnkucGF5bG9hZC52MStqc29uIiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1NjaGVtZSI6Im5vdGFyeS54NTA5IiwiaW8uY25jZi5ub3Rhcnkuc2lnbmluZ1RpbWUiOiIyMDI0LTA2LTE4VDE3OjA4OjM1KzA4OjAwIn0","header":{"x5c":["MIIDPjCCAiagAwIBAgIBeTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEPMA0GA1UEAxMGYWxwaW5lMB4XDTIzMDUwOTA0NTUxMloXDTMzMDUxMDA0NTUxMlowTjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxDzANBgNVBAMTBmFscGluZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK5hpq1229GGLjMK6i9KZhuUO+SV7rUFnWIDiIPO5yWxYDkl+bGroeAvJYu6MVCMQ6FMRXD9jhnG6R+sAHwY7gVgcJ1OXak87PkLp/Ii1Cr7XkkySZeD+Br1vSQzfxs3pFG+iBCeVVkeZdsg+xqwnAlqAILXwIbTGRyJP1Xiu9nwOeuX1YmxPl2m29Pt1EtfVCL9COsVKt5LgOVyWP/9ISWevOBqSCU9bk35HFo9VTeUf6+ffhSMjv0Y9uwkFFOKXpcV8Sa3ArqyBmgQlUfGg1iwYlqiDE0fTYxiB3gLgETAlmTm50J+WB9LoDrnrQpbXFLoegm+JV+uSD8J8H7DL2sCAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAt0Nvna1c4pPn8kzoN5VvmFmeIgdO/BJpmdhdg0WIQ9aeN/xPXXaVjPp1Mk7edXHAvBwQr0Gyzqyy7g/h0gdnAFG7f6blrRNzbrRBCq6cNqX8iwgK/9+2OYKxk1QWj8Gx0cvu1DN1aXjPPGgQ2j3tHjJvJv32J/zuZa8gU40RPPSLaBlc5ZjpFmyi29sKlTeeZ+F/Ssic51qXXw2CsYGGWK5yQ3xSCxbw6bb2G/s/YI7/KlWg9BktBJHzRu04ZNR77W7/dyJ3Lj17PlW1XKmMOFHsQivagXeRCbmYZ43fX4ugFRFKL7KE0EgmGOWpJ0xv+6ig93sqHzQ/0uv1YgFov"],"io.cncf.notary.signingAgent":"Notation/1.0.0"},"signature":"ToCyclYJtk-Gtb13j1sWW7FQ7iZA9Vq6u_x6nJD3pRkBXhtatvSBsaZ_mqFHKrJWEY3UOBzi2SYobCQYww0cVwbzeDetPhjBhmH-bW-N_pbjGntgB2K1owvJnlycUoOfC2RQ1eDa4mC7Dj1mKzA5Tb-qnNbrT75pvQKZjTY1RZaN6p_xKBJA-AAiQrgHEvlf4m8ZbvqtZ0x4_uiGwfWoNCqPtrZK71mEpPSjfOT3mN5FkZqY0L3jSKRtFRLd1rb0UA2RB-E0CshsNb-hJgTX4SIzUlgcVT10SJnKw0yy_QqrxhMlejOUiV8HHKgbsZqQg1kwFjP5QwzWr5HB6vbRzg"} -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/trust-store-with-invalid-certs/invalid: -------------------------------------------------------------------------------- 1 | invalid 2 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/trust-store-with-leaf-certs-in-single-file/RootAndLeafCerts.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe 4 | MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX 5 | DTIyMDkyMTA2MzExM1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD 6 | VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1u 7 | ZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiZp5O+ 8 | 6YtaNO5GbWaZUxvJPXktJ7k7LBX5G/Kn6eh9JkJln1agqbax9MRDB/5YCdQBKMBq 9 | NE2wYIwmCs7ArFU5DxvRhoBnCGLjcsIZ9pfaZ6lBppEvxMmUAYDmgjze0J13PwRp 10 | WAZMfBlisZnJAWokgE5sWtggUXURyFk67H0R+4sWlm8SSZOiJCA/e0bYPCHTfFA/ 11 | 2zg6koNRSwvI6zvftGnnJ9ny0BTuGOjZ6lDfIX5awFrgRdO8wmwejo4oJ45tUotF 12 | /Rt/yHkmjdGhONbJjcMLf9AIyVwMHg6t6mj2SYbHqzIyTcpjk90HgeiU5eS5JMqj 13 | Jkug5U9XrGGCqIcCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG 14 | CCsGAQUFBwMDMB8GA1UdIwQYMBaAFLAy4Il5S9zOd/AMWF8hATmldAjYMA0GCSqG 15 | SIb3DQEBCwUAA4IBAQBLYBnSuMNCzzLmeqH/wBr6kKUtF10AN9VF8/3iZW8iCj4B 16 | Bx7VDq7iZR/G9UTLsWdZqkkxnOGu4QffBHz2Lc1v9D923EEPDAP5mJYvUchvdXYT 17 | lmyQr9QEjRC6IFhlBB27Bi207QJ8UxYgmbseQ3FQFE16Usdmlg9iWDn5tx/DZn9/ 18 | yUd81yKKYp2uLx0x2sQDJh61QSZB6jtzjN7w4Xax2NViabLaH7raMrDbIqigkXJh 19 | iXG9fWx1Ax7S3dJVIglbZGPgYDW14Ass40gs8vcOBg8CwszrKiEuwp20d12Ky87/ 20 | 0pLsOWJmcNyXbd3gztX01N1frSEbvTBJNI9E/jmI 21 | -----END CERTIFICATE----- 22 | -----BEGIN CERTIFICATE----- 23 | MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL 24 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe 25 | MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX 26 | DTIyMTAyMDA2MzExM1owXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD 27 | VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxHjAcBgNVBAMTFXdhYmJpdC1u 28 | ZXR3b3Jrcy5pbyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNM 29 | 3dUToC4TyegGMw47ax9aZt13pQgTeV7xZbVsOmZiv/8gZ9tEZWgQbvBJrWUH8y4o 30 | eQLCVQOTESNP2TSyTqizNtG1ex6YfSpWKSqUkfGX2II9xCX8hNXZqTphAjrGGf2Z 31 | EOLRIIkbhjkuiAR+7q4TF/KJhdfYD1HQBJ2PF92egV5JEZTrxIjVIi+WK19VKSwx 32 | m7oFiijve4VPaQYQnWgj0dk+Tn9cMB/OMX6cszoJbn98ogQIvWaY3dd1qba4uGJ9 33 | vmkNKDJcUd1PbkaVlikXC4UM+PxXy7/ZvSihOXurAPIChS6JgWC8Ru2vxm9SC+BN 34 | 5J/hr92W2TdsrvLkrc8CAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM 35 | MAoGCCsGAQUFBwMDMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFLAy4Il5 36 | S9zOd/AMWF8hATmldAjYMA0GCSqGSIb3DQEBCwUAA4IBAQCTf6GbT5Z0x5ciNr9i 37 | 8i+QsIAg7ZHzv5RLLJuocGcKwbdi+btU6BPl/X4U5ZB6OArv4oiyPSbECoxkgGRq 38 | cj+mfzXdm/3jEyRskHDfoxcJFYmcBsEykS7DoLYEy5HxgKSaGOLl4dMWbbj/E8mR 39 | e9XC5ruvPNZX52pQMqSqUUTYlbR4YQojsp7ShcLLD/Iea90wXk44+wHAKNFpwkN1 40 | h5JMlYm+jKkol6u/Nmd3vNqhzrL91ZLPVtSWpfsBxh7l4BsDns2uPl+/fgCav9MJ 41 | jUkWJbEaDPY5bSbHDhCbxMO37VbvkkFUvz7lfKAkXj6DnkPzMj3++KTFNdw3fJ4+ 42 | WzLe 43 | -----END CERTIFICATE----- 44 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/trust-store-with-leaf-certs/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe 4 | MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX 5 | DTIyMTAyMDA2MzExM1owXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD 6 | VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxHjAcBgNVBAMTFXdhYmJpdC1u 7 | ZXR3b3Jrcy5pbyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNM 8 | 3dUToC4TyegGMw47ax9aZt13pQgTeV7xZbVsOmZiv/8gZ9tEZWgQbvBJrWUH8y4o 9 | eQLCVQOTESNP2TSyTqizNtG1ex6YfSpWKSqUkfGX2II9xCX8hNXZqTphAjrGGf2Z 10 | EOLRIIkbhjkuiAR+7q4TF/KJhdfYD1HQBJ2PF92egV5JEZTrxIjVIi+WK19VKSwx 11 | m7oFiijve4VPaQYQnWgj0dk+Tn9cMB/OMX6cszoJbn98ogQIvWaY3dd1qba4uGJ9 12 | vmkNKDJcUd1PbkaVlikXC4UM+PxXy7/ZvSihOXurAPIChS6JgWC8Ru2vxm9SC+BN 13 | 5J/hr92W2TdsrvLkrc8CAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM 14 | MAoGCCsGAQUFBwMDMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFLAy4Il5 15 | S9zOd/AMWF8hATmldAjYMA0GCSqGSIb3DQEBCwUAA4IBAQCTf6GbT5Z0x5ciNr9i 16 | 8i+QsIAg7ZHzv5RLLJuocGcKwbdi+btU6BPl/X4U5ZB6OArv4oiyPSbECoxkgGRq 17 | cj+mfzXdm/3jEyRskHDfoxcJFYmcBsEykS7DoLYEy5HxgKSaGOLl4dMWbbj/E8mR 18 | e9XC5ruvPNZX52pQMqSqUUTYlbR4YQojsp7ShcLLD/Iea90wXk44+wHAKNFpwkN1 19 | h5JMlYm+jKkol6u/Nmd3vNqhzrL91ZLPVtSWpfsBxh7l4BsDns2uPl+/fgCav9MJ 20 | jUkWJbEaDPY5bSbHDhCbxMO37VbvkkFUvz7lfKAkXj6DnkPzMj3++KTFNdw3fJ4+ 21 | WzLe 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/trust-store-with-leaf-certs/non-ca.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe 4 | MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX 5 | DTIyMDkyMTA2MzExM1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD 6 | VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1u 7 | ZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiZp5O+ 8 | 6YtaNO5GbWaZUxvJPXktJ7k7LBX5G/Kn6eh9JkJln1agqbax9MRDB/5YCdQBKMBq 9 | NE2wYIwmCs7ArFU5DxvRhoBnCGLjcsIZ9pfaZ6lBppEvxMmUAYDmgjze0J13PwRp 10 | WAZMfBlisZnJAWokgE5sWtggUXURyFk67H0R+4sWlm8SSZOiJCA/e0bYPCHTfFA/ 11 | 2zg6koNRSwvI6zvftGnnJ9ny0BTuGOjZ6lDfIX5awFrgRdO8wmwejo4oJ45tUotF 12 | /Rt/yHkmjdGhONbJjcMLf9AIyVwMHg6t6mj2SYbHqzIyTcpjk90HgeiU5eS5JMqj 13 | Jkug5U9XrGGCqIcCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG 14 | CCsGAQUFBwMDMB8GA1UdIwQYMBaAFLAy4Il5S9zOd/AMWF8hATmldAjYMA0GCSqG 15 | SIb3DQEBCwUAA4IBAQBLYBnSuMNCzzLmeqH/wBr6kKUtF10AN9VF8/3iZW8iCj4B 16 | Bx7VDq7iZR/G9UTLsWdZqkkxnOGu4QffBHz2Lc1v9D923EEPDAP5mJYvUchvdXYT 17 | lmyQr9QEjRC6IFhlBB27Bi207QJ8UxYgmbseQ3FQFE16Usdmlg9iWDn5tx/DZn9/ 18 | yUd81yKKYp2uLx0x2sQDJh61QSZB6jtzjN7w4Xax2NViabLaH7raMrDbIqigkXJh 19 | iXG9fWx1Ax7S3dJVIglbZGPgYDW14Ass40gs8vcOBg8CwszrKiEuwp20d12Ky87/ 20 | 0pLsOWJmcNyXbd3gztX01N1frSEbvTBJNI9E/jmI 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store-2/GlobalSign.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/ca/valid-trust-store-2/GlobalSign.der -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store-2/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store-self-signed/openssl-minimum-self-signed.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFbTCCA1WgAwIBAgIJAMbezFlbmYcEMA0GCSqGSIb3DQEBCwUAMF8xCzAJBgNV 3 | BAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRYw 4 | FAYDVQQKDA1Ob3RhdGlvbiBUZXN0MREwDwYDVQQLDAhUZXN0Q2VydDAgFw0yMjA5 5 | MTUwNjEzMTNaGA8yMTIyMDgyMjA2MTMxM1owXzELMAkGA1UEBhMCVVMxEzARBgNV 6 | BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxFjAUBgNVBAoMDU5vdGF0 7 | aW9uIFRlc3QxETAPBgNVBAsMCFRlc3RDZXJ0MIICIjANBgkqhkiG9w0BAQEFAAOC 8 | Ag8AMIICCgKCAgEAwo9PS2/9TAEMGkgVfbVVyjkdSav8zDgQLRg6Vkf67r231qOm 9 | JAevz1x9n3wbEqsKNs6UbQYteL2Yayn9rWvSqpNR/nREgM7pc3Sg3vHsar9BNCGn 10 | bVMrLKg+eQrmKtdfp8HftMSSQXSBcxNtMTnCBle+UIlqt9LBVk7KEKuImPIMxecO 11 | XEGWyT0l17QiSJURgUA7clMeh9uUzWPe4hf7TEX3I8hvWQenRFemapa9Xb+i4+tg 12 | MPDJWNqfVUk8SxvOlK73s2JCevSWoS0+HVfHKlMRCVzlxb2s35Mk35mCx/MXkR/U 13 | HkRnu6PPeeTQWT1pbF852ddthSSHKvylWVBVQ8Nbi5fqT5QE39k2TuS1Zbv++UEY 14 | KHC5xmaARr9G3ERczh999Hsm6PLm9QMHWLO/5GcoPYSqW5EQXL6dDClUgDnJntL3 15 | bDUsxAtJB1qT34o2aGmGxHdfWwgBGpUPBGWnU93eV+L8v/NAQRow84g65XVTu3zJ 16 | 7Lex5/LDJ/sL+59JuFPCW1GcDgfO/+tEbgx5/T9sl4zZbytF90SaBKci+bmT6Hr3 17 | xPB+mnrf0UEhMGMjaNxauZdIr7nTg9tR179FNmfxbWEqHcfN1oU5AmfTeruKiQiP 18 | /Zj3+Jr1X63DXpYf4XGaAusQ9kwaJk11kJgMedkkrcKMAP07DA27R42aBakCAwEA 19 | AaMqMCgwDgYDVR0PAQH/BAQDAgeAMBYGA1UdJQEB/wQMMAoGCCsGAQUFBwMDMA0G 20 | CSqGSIb3DQEBCwUAA4ICAQApBIbhVop3zsfKDL0H6CMl1LYq3rfoJ7/Tlj9tFZxM 21 | 42hh1N2HMP7/WKO5csj+pJ1C27vYSWBmGj2XmkfAvTY3I65F2uhVScoBXSKhYZZz 22 | +iTgLvK5RtR3kGcR+8TH5nLEBI+ZomDUBUHF8p92caUDFJkMNLq3o7PQ8wOgXgRn 23 | wYZcwGz7eSjq8Fg4Up3oq06Ll0/NGwqQKf5C7KeMfTTiDIqs1xha3BSH4B67ZoAh 24 | bMuR4/XIP+T0pQAFtDMa8WFeAztvVDa8Vw173UJCqiWK5WOBNzv87H5oE5PtN7mG 25 | v0yIXQuJXq6BGcmkYKxYCgvnCHwHJ6zTfddRlq32YSAhqotzHP7XAUKyMvuOhnQl 26 | IG7Itzw+qYs4/AZhmeLhpxnwhv1zBHMO4k/K6AvZfudP7afN6PeObsVGU9ElK7HL 27 | MSrnYFWrez9kN18aVCPIi9dGHY73EPSg+l6j2AQCK7BZck2qO4BQAIWGAzOyrd6W 28 | TZeotWo0pt+UoN0Ihk9zbiQVmuSan3qaTNmYPZZeVB58hyjdL7xI6+180Qmtb3uk 29 | oUoLHLKXxN1t7BewUVRs9UA4uxjBK9kWuIROGwwFcdIm+JkZtd0AF/Sko2J9VxmM 30 | Colw5b7EymcXx6RTvoPNFTWO0TmCMc+HHRPue8fsu8GcQmzvMX0682qF8uT0ekQM 31 | Mw== 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/GlobalSign.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/ca/valid-trust-store/GlobalSign.der -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/NotationTestRoot.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb 4 | MBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIx 5 | MjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNV 6 | BAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24g 7 | VGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZe 8 | gqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2o 9 | bqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B 10 | 7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCk 11 | LkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz 12 | 6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nb 13 | cWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7 14 | Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXg 15 | NQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGj 16 | WjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMB 17 | Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkq 18 | hkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6Lu 19 | Hf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+0 20 | 5iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLO 21 | WXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gj 22 | mhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08L 23 | DL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8 24 | NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8 25 | BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r58 26 | 3OtFLmywl1HRgQkobGgw 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestamp.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDPjCCAiagAwIBAgIBeTANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEP 4 | MA0GA1UEAxMGYWxwaW5lMB4XDTIzMDUwOTA0NTUxMloXDTMzMDUxMDA0NTUxMlow 5 | TjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8w 6 | DQYDVQQKEwZOb3RhcnkxDzANBgNVBAMTBmFscGluZTCCASIwDQYJKoZIhvcNAQEB 7 | BQADggEPADCCAQoCggEBAK5hpq1229GGLjMK6i9KZhuUO+SV7rUFnWIDiIPO5yWx 8 | YDkl+bGroeAvJYu6MVCMQ6FMRXD9jhnG6R+sAHwY7gVgcJ1OXak87PkLp/Ii1Cr7 9 | XkkySZeD+Br1vSQzfxs3pFG+iBCeVVkeZdsg+xqwnAlqAILXwIbTGRyJP1Xiu9nw 10 | OeuX1YmxPl2m29Pt1EtfVCL9COsVKt5LgOVyWP/9ISWevOBqSCU9bk35HFo9VTeU 11 | f6+ffhSMjv0Y9uwkFFOKXpcV8Sa3ArqyBmgQlUfGg1iwYlqiDE0fTYxiB3gLgETA 12 | lmTm50J+WB9LoDrnrQpbXFLoegm+JV+uSD8J8H7DL2sCAwEAAaMnMCUwDgYDVR0P 13 | AQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IB 14 | AQAt0Nvna1c4pPn8kzoN5VvmFmeIgdO/BJpmdhdg0WIQ9aeN/xPXXaVjPp1Mk7ed 15 | XHAvBwQr0Gyzqyy7g/h0gdnAFG7f6blrRNzbrRBCq6cNqX8iwgK/9+2OYKxk1QWj 16 | 8Gx0cvu1DN1aXjPPGgQ2j3tHjJvJv32J/zuZa8gU40RPPSLaBlc5ZjpFmyi29sKl 17 | TeeZ+F/Ssic51qXXw2CsYGGWK5yQ3xSCxbw6bb2G/s/YI7/KlWg9BktBJHzRu04Z 18 | NR77W7/dyJ3Lj17PlW1XKmMOFHsQivagXeRCbmYZ43fX4ugFRFKL7KE0EgmGOWpJ 19 | 0xv+6ig93sqHzQ/0uv1YgFov 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/TestTimestampNotYetValid.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDRTCCAi2gAwIBAgICAKYwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UEBhMCVVMx 3 | CzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3Rhcnkx 4 | EDAOBgNVBAMTB3Rlc3RUU0EwIhgPMjA5OTA5MTgxMTU0MzRaGA8yMTAwMDkxODEx 5 | NTQzNFowTzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQHEwdTZWF0 6 | dGxlMQ8wDQYDVQQKEwZOb3RhcnkxEDAOBgNVBAMTB3Rlc3RUU0EwggEiMA0GCSqG 7 | SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDI7xKl3GyBZregnHgxUw7rb3yO5jSo31Pa 8 | +EhxghQ0/rRKc/1DtfMQURjDYDdjqRmEXq8rVyEAuaBXSKqBMq9bazP7Ot8N/B0O 9 | gRCgXwizn//Ha5XfpHqV9lUud4oztdxapejfT6UQSIVqtgWEbZkr4N74G5NV13Ll 10 | ITtWmHpTLo2LfE7jAXTaoCjo/U/eVFFc6X7jyXwaAVyNC2Pi45d/GOaFx/MGHnK6 11 | zbN8PeIh5KqInp0UNcHZLBbduxWQhdISULR/x6pVocqExv6zLmRbn5I65wrYL/8g 12 | pQPTeZv4S2COpB+25Xy8oyaM6tPa96Pi1NIXtChWO8+muXj1Z4VfAgMBAAGjJzAl 13 | MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B 14 | AQsFAAOCAQEAXFaaITvi3skq+czzmbyebtrAa8I9iEbjmWSPjoaUir2NYOLWsyQ7 15 | +gkBlMcw5+anP+BC98VBgNVjuQ5oXwdu57xouW7jk/dI5uuKLOFxFdCG7FwW3ycD 16 | 6GGgj+/2LthxNOxc7CnnMjUuSw2FKJKesiuHQJpdPjgw9cKs+fZF5tr6ZhX4yAUF 17 | qouZJ7Hc5JSj3zyEpIbFapVpSAK8O1/mct4KDtt1SmyYn34o55ggyLurrlZ9ctQW 18 | HT8xyjc6+b4lEKbilA+xjTt+/BLIs/v/8CVIUzz6OzTCwBraj3kayM7CdGKSysoc 19 | nJZ/yUcHVw1hLs1+JIMj75i0T6s+GtuT4A== 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store/wabbit-networks.io.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb 4 | MBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMz 5 | MDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH 6 | EwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3 7 | b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7h 8 | sGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYE 9 | s4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3 10 | w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwK 11 | GvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9 12 | X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMH 13 | PsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG 14 | AQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrW 15 | LYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDA 16 | e2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvj 17 | FE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/i 18 | oe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qo 19 | zfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/ca/valid-trust-store_SYMLINK/valid-trust-store_SYMLINK: -------------------------------------------------------------------------------- 1 | ca/valid-trust-store -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/signingAuthority/valid-trust-store-2/GlobalSign.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/signingAuthority/valid-trust-store-2/GlobalSign.der -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/signingAuthority/valid-trust-store-2/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/signingAuthority/valid-trust-store/GlobalSign.der: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/signingAuthority/valid-trust-store/GlobalSign.der -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/signingAuthority/valid-trust-store/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/signingAuthority/valid-trust-store/NotationTestRoot.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIEizCCAvOgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb 4 | MBkGA1UEAxMSTm90YXRpb24gVGVzdCBSb290MCAXDTIwMDkwOTA3MDAwMFoYDzIx 5 | MjIwOTA1MjAzODQ1WjBaMQswCQYDVQQGEwJVUzELMAkGA1UECBMCV0ExEDAOBgNV 6 | BAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEbMBkGA1UEAxMSTm90YXRpb24g 7 | VGVzdCBSb290MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxxAZ8VZe 8 | gqBUctz3BkwhObZKnW+KsN5/N1/u2vPLmEzHDj6xgd8Hn0JoughDaxeQCV66NC2o 9 | bqPnPp4+68G/qZnxkXVXdFyqVodu4FgPUjiqcJjft7bh45BVgLFpOqSqDQ3ko30B 10 | 7gdGfIIkoBj/8gz3tHnmIvl3MywtOhDeGnlLNzBY52wVmhPIdKOaW/7WkMrXKFCk 11 | LkNICGnIpWuyBtC+7RfM8hG6eRW1KCm5xrkRmn5ptonjxix/JTGj4me/NMkwdVkz 12 | 6wcCSAJnqTgHi2oqk73qqNu0LHsEMFBF8IGqmVkn2MOHkFamPBokzQ6HXXfvR4nb 13 | cWQZCUgRinPTVg9CF0B6XSCEMCSH5kveZxTQtAFRB6NosbzuU5jDmJgpbDfauev7 14 | Eg/6bZzphcugRkVuwulymzsake5Jbvs9Kyw3CNPYH2G3Kli1FNhfc46ugXHbIfXg 15 | NQcou3xabcu+r6cFRqqK6NmV9ouMQRj8Ri95Gp2BUlpTEFhcvMb9d4nXAgMBAAGj 16 | WjBYMA4GA1UdDwEB/wQEAwICBDATBgNVHSUEDDAKBggrBgEFBQcDAzASBgNVHRMB 17 | Af8ECDAGAQH/AgEBMB0GA1UdDgQWBBS5FZjt9UsEPkcKrStrnjSpTq4kDTANBgkq 18 | hkiG9w0BAQsFAAOCAYEAKtxfv12LzM85bxOMp5++pIDa6eMcBaurYbAM2yC9B6Lu 19 | Hf0JGeFdNqt4Fw38Ajooj2vWMWBrARVEZRVqTC5+ZSN2meGBXBXlT4n8FdEdmv+0 20 | 5iwVYdmDFp8FKeoOZZZF23u+r2OrazJo1ufWmoSI2P0lEfZQQFQElltWu3QH+OLO 21 | WXJmB7KbLKyheelGK5XhtAYYapRdW4sKJ398ybpv5C1oALCcTwoSmvH8wW5J4/gj 22 | mhKICYh2goMauf0lesdxj+0His7E8blOWrUmfOB5dp73XawLKcd/UxHN8zAPC08L 23 | DL9NMcihn3ZHKi7/dtkiV2iSaDPD1ChSGdqfXIysYqOhYoktgAfBZ43CWnqQhgB8 24 | NezRKdOStYC3P2AGJW18irxxTRp2CO+gnXEcyhyr+cvyf0j8MkRSaHLXzjIrECu8 25 | BUitB6sKughdN13fs5t5SIiO6foeFdvIpZFFKO8s+4oTOSDCos2WFoC+8TZS6r58 26 | 3OtFLmywl1HRgQkobGgw 27 | -----END CERTIFICATE----- 28 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/trust-store-with-cert-symlinks/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/trust-store-with-cert-symlinks/GlobalSignRootCA_SYMLINK.crt: -------------------------------------------------------------------------------- 1 | GlobalSignRootCA.crt -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/trust-store-with-directories/GlobalSignRootCA.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G 3 | A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp 4 | Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 5 | MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG 6 | A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI 7 | hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 8 | RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT 9 | gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm 10 | KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd 11 | QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ 12 | XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw 13 | DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o 14 | LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU 15 | RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp 16 | jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK 17 | 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX 18 | mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs 19 | Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH 20 | WD9f 21 | -----END CERTIFICATE----- 22 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/trust-store-with-directories/sub-dir/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/trust-store-with-directories/sub-dir/.gitkeep -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/tsa/test-mismatch/DigiCertTSARootSHA384.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/tsa/test-mismatch/DigiCertTSARootSHA384.cer -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/tsa/test-nonCA/wabbit-networks.io.crt: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDVjCCAj6gAwIBAgIBUTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJVUzEL 3 | MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEb 4 | MBkGA1UEAxMSd2FiYml0LW5ldHdvcmtzLmlvMB4XDTIzMDExOTA4MTkwN1oXDTMz 5 | MDExOTA4MTkwN1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYDVQQH 6 | EwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1uZXR3 7 | b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANHhlP+SiY7h 8 | sGlf2mADOzJW/J9siqMkiQvSOx0OSM2yxetfVQL/abi4iqCXM6wkSxviBeNwIoYE 9 | s4thMA8NGEbnKoXktyh9vmiLB1FW7HHr4QLwjgLzgWJKIQTy1JmDBecXZh56d0f3 10 | w3Yj1IDTvkIScXCNI+5v/08GUQKhyBwv7Fq9MYpo2lfXSI7V33BKKddXIxPGVWwK 11 | GvPE0sg2VV7WM84ZZLdDKz2mq0PtPTHrSwg3hlK/mjn+blg3gsYQ4h9/7Z6nNaF9 12 | X0SdyESl841ZWrtMhAOFpIzLbz9ete8NRd3bYCRBIr5gscHWTf6lyUgy4xzsSwMH 13 | PsGLM4A+Z00CAwEAAaMnMCUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoGCCsG 14 | AQUFBwMDMA0GCSqGSIb3DQEBCwUAA4IBAQAbN0Eru56uTQSC28ZTf8D7VyCkYrrW 15 | LYiJMYdOKBzzKV9mKaM0OGF2uyWwDaPxp9KTdLXmBp9EFq5SXXArFA+nRS7KinDA 16 | e2O7A/9Std2XjKi927rkA2cj239d5lRsjWXqJXf9vAMV9a2FjUM/in2Eevlq7bvj 17 | FE3l26VXCKtOs9ErmfxrL+6ETRKSVYOOG/rSHFv/SB2MlqDg5QsXC9lZjzL5/X/i 18 | oe2qZKhp6X5DPpad1q1Q4ItKdTN+2EXyMyoHn1BJKNba7CUUvXf03EJebT/Im+qo 19 | zfEksJeZJUSlSujANUPoCpsEYGWWQx5G+ViG05Sqs+6ppKrut+P+DVPo 20 | -----END CERTIFICATE----- 21 | -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/tsa/test-nonSelfIssued/nonSelfIssued.crt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/tsa/test-nonSelfIssued/nonSelfIssued.crt -------------------------------------------------------------------------------- /verifier/testdata/truststore/x509/tsa/test-timestamp/globalsignRoot.cer: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/notaryproject/notation-go/2bc67e7695ef13bd63157651d9573278fad89da5/verifier/testdata/truststore/x509/tsa/test-timestamp/globalsignRoot.cer -------------------------------------------------------------------------------- /verifier/testdata/verifier/bad-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFPjCCAyYCCQCUhFkkjvs/QzANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQGEwJV 3 | UzELMAkGA1UECAwCV0ExEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAMMB0JhZD0j 4 | Q04xDzANBgNVBAsMBlNvbWVPVTEQMA4GA1UECgwHU29tZU9yZzAeFw0yMzAyMTAy 5 | MjU4MjZaFw0yNDAyMTAyMjU4MjZaMGExCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJX 6 | QTEQMA4GA1UEBwwHU2VhdHRsZTEQMA4GA1UEAwwHQmFkPSNDTjEPMA0GA1UECwwG 7 | U29tZU9VMRAwDgYDVQQKDAdTb21lT3JnMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A 8 | MIICCgKCAgEA3eCwQ3snC1akVZKRFTqzoJ9HldLtzhmIbzaQeofKRn1HG18Dxbfw 9 | XGtL0kqFL7ew9C7Qg0JpSo4tp0r3TdMsykFOPf9nkMjGQOA4TTPdYCGtKYLP0UiE 10 | yDeLita5VkXABuwSGG5wi1tcuPQXVCXvnyzTPVj9eRGMBvFNop5P8y8cY4Jv5PJc 11 | PLlgnMskdTqElKyIqk5E6KP9NeVdiJW1c6JZ+TvICfjcwhinAVVE00dgMidDRk/+ 12 | LorlWFJoXLw4i6b8uLXar8Xh7kn83LMOFM217WiW8h78ANPjtDxBnzw9BiCEQXBo 13 | ScpIdmyhmm4TBiXJHOOTwhZPUtRFmAsk/apP+OkNI20ENQUvu7MHD0Rjy1ZHCI2W 14 | VDAQt7/8PeDKsVeM8HNpehN9Rjom5mF9PE21Y2meZKhbU3vlWNO+MAXm4yitp5m3 15 | 1gS+cLnh88YPkRPlJVNv/HbJerqh+9sFB94IxRbpgOP2np5XyR+1yTKSbUZt6kIg 16 | Zoo9vsOjCZ2Mgy67dVMJ7mqMeRKw/v3LapGuUizv8XlTF3Sg2LBkzrPe0+PVOw85 17 | Oymprd0rasM0CoxQt3uI+shGUA7ZwEUwg6cjvV4VqvbXsRAgJyvNedp2fawrNC01 18 | EPP63c8zXmS9j/PDfS9zSAgsNJnBcuoqWCFXQmbI2+FHjzYgPdjtYEECAwEAATAN 19 | BgkqhkiG9w0BAQsFAAOCAgEAXnOIleUM6unIJGpsCQkaVBG2bqIkbTZRkO85ekQG 20 | GeU7J9RMF8w+qO5zqcK6X5iUlN+w/eLbu7oLPK0ST4NIV9cXxf+mWrX2Tceee65e 21 | qLPbtinPm9oSVcc7TGTx0scmHaOTmh6v01zGo/oQMVah2uCeTbanuRyoH9Qa/rOv 22 | 1o8/JmbYqDrNP9/Lm6c8+iOPBab0MmR17Vp6zs2gAimGD+30at8nm4uEMHGbT4XL 23 | 8HVxI6Qn/jUJTKq6XpWSLYI2g2L0Sr0vGmqhnNKb2fPQJsYGL5dO4RTuQOoKGrnQ 24 | LMNQZuh2ifDI2Eri9PZTCUJ/T1Iqenko6GxTfLcCe1nVB3bUqvS+fDKWri4Vdf2P 25 | w9hCdnRycL6llfGGjMMYvRx/HK8mzGrfMUhqa6/raRiK7REzZpFt9walbAtdi/o4 26 | iIh7Tb4ju7pj0GfzsqGJXEGZQyv/RNfkhXBJdFuSsB7ysGIPMzf5lcpNbVBVdahi 27 | hI2BJ0x+1JtJ1YqM1bQtyaikieEkj5PrhK1Uugev3zdo9wtuQPXo9mLX86aBNIBB 28 | v8+lWu6Y1vWinDYiztdZAiK2P7Nn9V3EbORvf2r5F4lKCYEJbUl42+ANwir6fMBb 29 | u+gbgN7ueDcsd3MQ2VJ4mVvaA2UQspbZdpoDIwnBchy8IDbwtx8aARzw8NrAXjrl 30 | F/Y= 31 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /verifier/testdata/verifier/signing-cert.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIDozCCAougAwIBAgIUA5HjR8ZgidbFgL8NLsFXPd6iDBEwDQYJKoZIhvcNAQEL 3 | BQAwYDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxl 4 | MRAwDgYDVQQKDAdTb21lT3JnMQ8wDQYDVQQLDAZTb21lT1UxDzANBgNVBAMMBlNv 5 | bWVDTjAgFw0yMjA2MTMwNDQ2MjNaGA8yMTIyMDUyMDA0NDYyM1owYDELMAkGA1UE 6 | BhMCVVMxCzAJBgNVBAgMAldBMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAdT 7 | b21lT3JnMQ8wDQYDVQQLDAZTb21lT1UxDzANBgNVBAMMBlNvbWVDTjCCASIwDQYJ 8 | KoZIhvcNAQEBBQADggEPADCCAQoCggEBALyAm8sfyY6zhixbAJu8/nNJzMnxO4zA 9 | XDeE8V1bCB6N1WR/V4vbZY3wCDdG+M/gsexNgaqrNUaEp4OjmwWp7h4d86ReoVRf 10 | uvfiDXfWAq/y4KtjdlAzkd/q4JhgUc7oI9YnDTVFXvi9yxBRDIXF/nNW6yS4iul7 11 | fpj0iDBWR5tlOI3bvJLM4mX6MxIzGUNjLB4PN3kO3vH3wfhLI1XFO+6y5Rr+QzcY 12 | B2R8tPfQG2y2mMx06Ee7Jov/li4FtMJMe9ziSeSE3JGJ/gXQvSi4PTfYA/FNW2Sz 13 | 2eb9TMjGoskfPd47wSvBZrKoV6/pm9vGsu5Givr8mPQHN8QDvURUTpcCAwEAAaNT 14 | MFEwHQYDVR0OBBYEFEDMH1VsIikMGD104MmzA8G8YLopMB8GA1UdIwQYMBaAFEDM 15 | H1VsIikMGD104MmzA8G8YLopMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL 16 | BQADggEBAKiVQWOxF8rNr/Jj2iCYofUJ4g7o4Mq00bx4Ei4nZc+PqgXvDatE07+N 17 | V7GgO9chgvEbSwOVfX1tALjwvcHdDeYdcnxskTpMdMUOvPaFN6vZ5tiJPiZvcupv 18 | kkINd9L7w7cS8NaG+MTbjkC890ZuAPG+id5G+u9MQYPdOWJlOqNVWgoDAK/L4949 19 | 5HHZWfAFv0ieig4S568ZvInDE0X+A96KC0FRubtc/uckQYCzALggM4NO6I4TMtkJ 20 | ZRcPkV0A7g/tr8nBQvjQK81S/d9z1ivjvSinAm2zJY1naQWjLfQU74pjbGLwxA9a 21 | qCPKeDbrkBdwkxcGEBr1OocdN0gdUZQ= 22 | -----END CERTIFICATE----- 23 | -------------------------------------------------------------------------------- /verifier/truststore/errors.go: -------------------------------------------------------------------------------- 1 | // Copyright The Notary Project Authors. 2 | // Licensed under the Apache License, Version 2.0 (the "License"); 3 | // you may not use this file except in compliance with the License. 4 | // You may obtain a copy of the License at 5 | // 6 | // http://www.apache.org/licenses/LICENSE-2.0 7 | // 8 | // Unless required by applicable law or agreed to in writing, software 9 | // distributed under the License is distributed on an "AS IS" BASIS, 10 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 11 | // See the License for the specific language governing permissions and 12 | // limitations under the License. 13 | 14 | package truststore 15 | 16 | // TrustStoreError is used when accessing specified trust store failed 17 | type TrustStoreError struct { 18 | Msg string 19 | InnerError error 20 | } 21 | 22 | func (e TrustStoreError) Error() string { 23 | if e.Msg != "" { 24 | return e.Msg 25 | } 26 | if e.InnerError != nil { 27 | return e.InnerError.Error() 28 | } 29 | return "unable to access the trust store" 30 | } 31 | 32 | func (e TrustStoreError) Unwrap() error { 33 | return e.InnerError 34 | } 35 | 36 | // CertificateError is used when reading a certificate failed 37 | type CertificateError struct { 38 | Msg string 39 | InnerError error 40 | } 41 | 42 | func (e CertificateError) Error() string { 43 | if e.Msg != "" { 44 | return e.Msg 45 | } 46 | if e.InnerError != nil { 47 | return e.InnerError.Error() 48 | } 49 | return "unable to read the certificate" 50 | } 51 | 52 | func (e CertificateError) Unwrap() error { 53 | return e.InnerError 54 | } 55 | --------------------------------------------------------------------------------