diff --git a/hack/gentestdata/gentestdata.go b/hack/gentestdata/gentestdata.go index 4390023dc..de2943032 100644 --- a/hack/gentestdata/gentestdata.go +++ b/hack/gentestdata/gentestdata.go @@ -93,6 +93,13 @@ func main() { log.Fatal(err) } + tufRepoWithCustomTrustedRootJSON, rootJSONWithCustomTrustedRootJSON, err := genTUFRepo(map[string][]byte{ + "custom_trusted_root.json": marshalledEntry, + }) + if err != nil { + log.Fatal(err) + } + marshalledEntryFromMirrorFS, err := genTrustedRoot(sigstoreKeysMap) if err != nil { log.Fatal(err) @@ -110,6 +117,8 @@ func main() { mustWriteFile("root.json", rootJSON) mustWriteFile("tufRepoWithTrustedRootJSON.tar", tufRepoWithTrustedRootJSON) mustWriteFile("rootWithTrustedRootJSON.json", rootJSONWithTrustedRootJSON) + mustWriteFile("tufRepoWithCustomTrustedRootJSON.tar", tufRepoWithCustomTrustedRootJSON) + mustWriteFile("rootWithCustomTrustedRootJSON.json", rootJSONWithCustomTrustedRootJSON) } func mustWriteFile(path string, data []byte) { diff --git a/pkg/reconciler/testing/v1alpha1/trustroot.go b/pkg/reconciler/testing/v1alpha1/trustroot.go index 23f5591c8..79162b189 100644 --- a/pkg/reconciler/testing/v1alpha1/trustroot.go +++ b/pkg/reconciler/testing/v1alpha1/trustroot.go @@ -104,12 +104,13 @@ func WithSigstoreKeys(sk map[string]string) TrustRootOption { // WithRepository constructs a TrustRootOption which is suitable // for reconciler table driven testing. -func WithRepository(targets string, root, repository []byte) TrustRootOption { +func WithRepository(targets string, root, repository []byte, trustedRootTarget string) TrustRootOption { return func(tr *v1alpha1.TrustRoot) { tr.Spec.Repository = &v1alpha1.Repository{ - Root: root, - Targets: targets, - MirrorFS: repository, + Root: root, + MirrorFS: repository, + Targets: targets, + TrustedRootTarget: trustedRootTarget, } } } diff --git a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt index 6e92256ba..75786d927 100644 --- a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt +++ b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt @@ -1 +1 @@ -1710e23da0651aaa8194bc9652cd00a97c1fda9c76fce12f14eb635e42036954 \ No newline at end of file +df8dc4f435a63e8cd48d2557c3c228e9558e04dca899fab5612a6d60d515e8f0 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem index ea57536c7..5dd59bc31 100644 --- a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMj -ld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHsk +ImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem index 4b10e30d0..92966d0a0 100644 --- a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/5 -5rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1Ud -DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggq -hkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64C -IHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT +MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAM +CwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1Ud +DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggq +hkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIg +cjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz -9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3 -eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55 -FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1 +WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9W +SHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHD +djL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw== -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntry.json b/pkg/reconciler/trustroot/testdata/marshalledEntry.json index e9fc1f2e3..8d1d30abb 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntry.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntry.json @@ -1,78 +1,78 @@ { - "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", - "tlogs": [ + "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", + "tlogs": [ { - "baseUrl": "https://rekor.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://rekor.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY85qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" + "logId": { + "keyId": "Yzk5MjkxODU0M2MxNmIwZGY2Y2NkMGQ4ODE2NjVkNDljZGQxZWYzZjM4M2IxNmY5YzRkNjRiODhjZWRmZTAxMA==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "subject": { - "organization": "fulcio-organization", - "commonName": "fulcio-common-name" + "subject": { + "organization": "fulcio-organization", + "commonName": "fulcio-common-name" }, - "uri": "https://fulcio.example.com", - "certChain": { - "certificates": [ + "uri": "https://fulcio.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAMCwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggqhkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIgcjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4=" }, { - "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9WSHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHDdjL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "baseUrl": "https://ctfe.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://ctfe.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHskImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" + "logId": { + "keyId": "ZGY4ZGM0ZjQzNWE2M2U4Y2Q0OGQyNTU3YzNjMjI4ZTk1NThlMDRkY2E4OTlmYWI1NjEyYTZkNjBkNTE1ZThmMA==" } } ], - "timestampAuthorities": [ + "timestampAuthorities": [ { - "subject": { - "organization": "tsa-organization", - "commonName": "tsa-common-name" + "subject": { + "organization": "tsa-organization", + "commonName": "tsa-common-name" }, - "uri": "https://tsa.example.com", - "certChain": { - "certificates": [ + "uri": "https://tsa.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggqhkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIhAO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU" + "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFRMP78f6+Bm7cYAIcANQphYMj0YJHD620uGHPNck0Ei1IKqDCRPCGQDAHprk3y/sBIcLPZU8Hxig5xV0w28qAKjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRB+eA8vn2NROBb/iTfLHyr/c1BmDAKBggqhkjOPQQDAgNIADBFAiEA7r8SEfLto3dQDZIqf/0qQy5+q8hiRNbZ3R4JPxPJtugCIFfiAfFrpzUYp6XuJSuOHfgFP2378zn2jl9kUoQYCjNs" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/hTGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftBkxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsfSKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ=" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrdvjuuS7ZO/piTX2pxT56yBKhwq+SHeXt8MsaNYPBG84m5G/3m3uLB5YxCRq4o6vhKM0HEU4UcQ3LdKL92Axao0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQfngPL59jUTgW/4k3yx8q/3NQZgwCgYIKoZIzj0EAwIDSAAwRQIgXeSyRZXqJZPSba7S56k9fce1xLppSN4m9MtfTw7MdpoCIQD3L40eRQUu2YV+74MWm1nGbma5IVfp9tgZxaAw80brWg==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ] diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json index a3774db90..475621623 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json @@ -1,48 +1,48 @@ { - "tlogs": [ + "tlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY85qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" + "logId": { + "keyId": "Yzk5MjkxODU0M2MxNmIwZGY2Y2NkMGQ4ODE2NjVkNDljZGQxZWYzZjM4M2IxNmY5YzRkNjRiODhjZWRmZTAxMA==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "certChain": { - "certificates": [ + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAMCwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggqhkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIgcjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4=" }, { - "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9WSHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHDdjL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHskImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" + "logId": { + "keyId": "ZGY4ZGM0ZjQzNWE2M2U4Y2Q0OGQyNTU3YzNjMjI4ZTk1NThlMDRkY2E4OTlmYWI1NjEyYTZkNjBkNTE1ZThmMA==" } } ] diff --git a/pkg/reconciler/trustroot/testdata/rekorLogID.txt b/pkg/reconciler/trustroot/testdata/rekorLogID.txt index e96bd223a..726c683c2 100644 --- a/pkg/reconciler/trustroot/testdata/rekorLogID.txt +++ b/pkg/reconciler/trustroot/testdata/rekorLogID.txt @@ -1 +1 @@ -adc5151f9911ee1f001edc74cd71cd58f8a11a484a8c9709490b4d966471f411 \ No newline at end of file +c992918543c16b0df6ccd0d881665d49cdd1ef3f383b16f9c4d64b88cedfe010 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem index 585733724..c200420be 100644 --- a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro8 -9r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY8 +5qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/root.json b/pkg/reconciler/trustroot/testdata/root.json index f7bae914c..47f61dfcd 100644 --- a/pkg/reconciler/trustroot/testdata/root.json +++ b/pkg/reconciler/trustroot/testdata/root.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2024-09-22T16:47:39-04:00", + "expires": "2025-03-02T14:57:39-05:00", "keys": { - "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9": { + "4f582b75693f91cad069ae575ffd9903f520f646a74ba85513b8a0f130f7da83": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "06ba72d6fe28cc6d1d85ca8f933f7e855875af2cabb97dd075074f5d1c188249" + "public": "23237e06e0576311c798074b04b4b02ba305fd21675c8d3a1090943693de6083" } }, - "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd": { + "5aa0cc3e4d630d733e5b9c7be589357164ee676fe5b300b7a328008be25c667a": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "97c5f9488951eb67f16ea9328c9537c2ade4485a0b924ec0486a236f50e80f96" + "public": "eee8a9d75bbe2b7caaaea199cac99fc21eee9d54929bb5454e2113e5a9bd6d87" } }, - "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d": { + "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "4b92888524b5cd2de6cad461f83fb86b3f5590792c037b416132811ba71e1e8b" + "public": "f33d2aae405e597113e473568d0120e850952c184fb4b2a631f93be2bb8b8824" } }, - "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264": { + "a93ec7e1ab7f6f3c29b5723613e450905ef00e9640abd46a42c771bd860a4202": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "6f98dc24fc1df15ed2888658f711dbe59433aa7b0a62334080100fa52a483716" + "public": "64dca5d45b16d535154d17817061bc121534175da74ec9f2984ccbbc6dad9cd7" } } }, "roles": { "root": { "keyids": [ - "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d" + "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11" ], "threshold": 1 }, "snapshot": { "keyids": [ - "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd" + "5aa0cc3e4d630d733e5b9c7be589357164ee676fe5b300b7a328008be25c667a" ], "threshold": 1 }, "targets": { "keyids": [ - "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264" + "4f582b75693f91cad069ae575ffd9903f520f646a74ba85513b8a0f130f7da83" ], "threshold": 1 }, "timestamp": { "keyids": [ - "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9" + "a93ec7e1ab7f6f3c29b5723613e450905ef00e9640abd46a42c771bd860a4202" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d", - "sig": "0eca8e52cd9d8e18dc02593925bde4c44f2eac3e173199ff30a8a875391636f419914563fafe171d5b4b22917b8a6604ad77af5ea9f88166b3f8ca6c15332201" + "keyid": "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11", + "sig": "a9806043d6f4d74b9e768bbc136d8d0a498c5d5143b5d921bcc0cd8d9a8c4ab4c8fba5b908303e316d373555fd0a252436806aad85437140acd93cf1ef2d910d" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json new file mode 100644 index 000000000..81ce50f95 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json @@ -0,0 +1,87 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 1, + "expires": "2025-03-02T14:57:39-05:00", + "keys": { + "6d0c5c6a4092584f429e5903cc2aeedba98267c00bb8142ad844baf1fe99ea7a": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "f3b45c131fe1b501e0d4f1f060af335b402d825fff36d8ab8fa0aaf440b4edd9" + } + }, + "ee875cbd2580aa1dbaef624d27911936452522904b7051d0f24abdb06411fb26": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "db299b1d9cfb2439071be85344ac2c121de40fba21bfca50e8b62a67e30f70c1" + } + }, + "eef068fb0f89eb76ea31e95cf3fadee2bd866be74b38a6e05f83c87ddc4dfc52": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "d63cb0d9c2dda81520e2fb3e280eea619efa2ce5f2c541ccf8f78e4b4839a23a" + } + }, + "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "5f413fd7e49e2ab9a994d3a671eac3c9f11ef09337f05719fc875a797c2ffc5a" + } + } + }, + "roles": { + "root": { + "keyids": [ + "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "ee875cbd2580aa1dbaef624d27911936452522904b7051d0f24abdb06411fb26" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "6d0c5c6a4092584f429e5903cc2aeedba98267c00bb8142ad844baf1fe99ea7a" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "eef068fb0f89eb76ea31e95cf3fadee2bd866be74b38a6e05f83c87ddc4dfc52" + ], + "threshold": 1 + } + }, + "consistent_snapshot": false + }, + "signatures": [ + { + "keyid": "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40", + "sig": "2947ef497b0f170fb220981e2662381836ef7877fd3f2ce6cfc78ac8d8deafd2d328f6c103c0c4aa0f6a266563fd0f0d5d466d963b071ec1499c91fc9a869101" + } + ] +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json index cc9bb5cf2..82831084f 100644 --- a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json +++ b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2024-09-22T16:47:40-04:00", + "expires": "2025-03-02T14:57:39-05:00", "keys": { - "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505": { + "48723caecd108101bd2847922c975305c222179b0854bde71ee6868923a6fdcc": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "3bfd19c0931a80cd3279322fc22b04b90831b1804f5dbc72c31676ca2ac82f97" + "public": "479eeba3d3d60e533e1e0060865dd5f028ea647c0a3dbd4055e535582e191556" } }, - "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43": { + "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "d64a13987f3b0ccfcbfab8c5631acff1b69dda70e40c1aae0cb1f0f9575716cb" + "public": "04ab76b15f5866d1a65e33a302d550557b3e7ad1cce32f487c9603dc77e076b2" } }, - "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d": { + "a2b995701776156f6cda1a2edcf24567b28f4893d811b8b2251004f65d441a5c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "ecf8b527a4a4ce34718286dc9a67a5969060053bf1750e2dc74e065c9ab30ec1" + "public": "b81a31302ecfa238f23aed56779e03e647e2c945a9e43b2ba8de8679f08c27fd" } }, - "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc": { + "c3a50a82562c34628d11059f0e5dd92c553f40e9d1c23dc548b4a370e1c4d82f": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "e7f35e9f47b6e2f38e62b184d9f9a54f085843c57bb102cab0fe684dabe1e0bd" + "public": "062f012307eae1f50819a6c8e2e144881b10d9ebf549496b042b534174b0a2bc" } } }, "roles": { "root": { "keyids": [ - "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505" + "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c" ], "threshold": 1 }, "snapshot": { "keyids": [ - "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d" + "48723caecd108101bd2847922c975305c222179b0854bde71ee6868923a6fdcc" ], "threshold": 1 }, "targets": { "keyids": [ - "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43" + "c3a50a82562c34628d11059f0e5dd92c553f40e9d1c23dc548b4a370e1c4d82f" ], "threshold": 1 }, "timestamp": { "keyids": [ - "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc" + "a2b995701776156f6cda1a2edcf24567b28f4893d811b8b2251004f65d441a5c" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505", - "sig": "1050176114e44eec30b0661a9016b0a1ce607b4168d8e84ab1d4c15d73c3bdb051f0c0b21b67f03c77d4a98ea7dabc5fd1404bbef2eaac605ddfa2a6145d0709" + "keyid": "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c", + "sig": "7f8130295314c363f8800f14206e93fa0b612c63e0ba6aa7188e931b99e93567b46fce3857b5afce4015303628296969bcbc04df1785c4b61f20e731b3f8610a" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem index 0c657654b..de08755b3 100644 --- a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq -95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1Ud -DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggq -hkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIh -AO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABFRMP78f6+Bm7cYAIcANQphYMj0YJHD620uG +HPNck0Ei1IKqDCRPCGQDAHprk3y/sBIcLPZU8Hxig5xV0w28qAKjMzAxMA4GA1Ud +DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRB+eA8vn2NROBb/iTfLHyr/c1BmDAKBggq +hkjOPQQDAgNIADBFAiEA7r8SEfLto3dQDZIqf/0qQy5+q8hiRNbZ3R4JPxPJtugC +IFfiAfFrpzUYp6XuJSuOHfgFP2378zn2jl9kUoQYCjNs -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/h -TGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftB -kxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsf -SKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ= +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAASrdvjuuS7ZO/piTX2pxT56yBKhwq+SHeXt8Msa +NYPBG84m5G/3m3uLB5YxCRq4o6vhKM0HEU4UcQ3LdKL92Axao0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQfngPL59jUTgW/4k +3yx8q/3NQZgwCgYIKoZIzj0EAwIDSAAwRQIgXeSyRZXqJZPSba7S56k9fce1xLpp +SN4m9MtfTw7MdpoCIQD3L40eRQUu2YV+74MWm1nGbma5IVfp9tgZxaAw80brWg== -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/tufRepo.tar b/pkg/reconciler/trustroot/testdata/tufRepo.tar index 53f2a8d18..a9759cd5f 100644 Binary files a/pkg/reconciler/trustroot/testdata/tufRepo.tar and b/pkg/reconciler/trustroot/testdata/tufRepo.tar differ diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar new file mode 100644 index 000000000..432162ebd Binary files /dev/null and b/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar differ diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar index da8106fdd..29b7e4d60 100644 Binary files a/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar and b/pkg/reconciler/trustroot/testdata/tufRepoWithTrustedRootJSON.tar differ diff --git a/pkg/reconciler/trustroot/trustroot_test.go b/pkg/reconciler/trustroot/trustroot_test.go index 20d694d6c..4f404efe8 100644 --- a/pkg/reconciler/trustroot/trustroot_test.go +++ b/pkg/reconciler/trustroot/trustroot_test.go @@ -164,7 +164,7 @@ var ctfeLogID = string(testdata.Get("ctfeLogID.txt")) // TUF repository. var validRepository = testdata.Get("tufRepo.tar") -// IMPORTANT: The next expiration is on 2024-09-21 +// IMPORTANT: The next expiration is on 2025-03-02 // rootJSON is a valid root.json for above TUF repository. var rootJSON = testdata.Get("root.json") @@ -172,10 +172,17 @@ var rootJSON = testdata.Get("root.json") // an air-gap TUF repository containing trusted_root.json. var validRepositoryWithTrustedRootJSON = testdata.Get("tufRepoWithTrustedRootJSON.tar") -// IMPORTANT: The next expiration is on 2024-09-21 +// IMPORTANT: The next expiration is on 2025-03-02 // rootJSON is a valid root.json for above TUF repository. var rootWithTrustedRootJSON = testdata.Get("rootWithTrustedRootJSON.json") +// validRepositoryWithCustomTrustedRootJSON is a valid tarred repository representing +// an air-gap TUF repository containing custom_trusted_root.json. +var validRepositoryWithCustomTrustedRootJSON = testdata.Get("tufRepoWithCustomTrustedRootJSON.tar") + +// rootWithCustomTrustedRootJSON is a valid root.json for above TUF repository. +var rootWithCustomTrustedRootJSON = testdata.Get("rootWithCustomTrustedRootJSON.json") + func TestReconcile(t *testing.T) { table := TableTest{{ Name: "bad workqueue key", @@ -345,7 +352,7 @@ func TestReconcile(t *testing.T) { NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootJSON, validRepository), + WithRepository("targets", rootJSON, validRepository, ""), WithTrustRootFinalizer, ), }, @@ -356,7 +363,7 @@ func TestReconcile(t *testing.T) { Object: NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootJSON, validRepository), + WithRepository("targets", rootJSON, validRepository, ""), WithTrustRootFinalizer, MarkReadyTrustRoot, )}}, @@ -369,7 +376,31 @@ func TestReconcile(t *testing.T) { NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON), + WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON, ""), + WithTrustRootFinalizer, + ), + }, + WantCreates: []runtime.Object{ + makeConfigMapWithMirrorFS(marshalledEntry), + }, + WantStatusUpdates: []clientgotesting.UpdateActionImpl{{ + Object: NewTrustRoot(trName, + WithTrustRootUID(uid), + WithTrustRootResourceVersion(resourceVersion), + WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON, ""), + WithTrustRootFinalizer, + MarkReadyTrustRoot, + )}}, + }, { + Name: "With repository containing custom_trusted_root.json", + Key: testKey, + + SkipNamespaceValidation: true, // Cluster scoped + Objects: []runtime.Object{ + NewTrustRoot(trName, + WithTrustRootUID(uid), + WithTrustRootResourceVersion(resourceVersion), + WithRepository("targets", rootWithCustomTrustedRootJSON, validRepositoryWithCustomTrustedRootJSON, "custom_trusted_root.json"), WithTrustRootFinalizer, ), }, @@ -380,7 +411,7 @@ func TestReconcile(t *testing.T) { Object: NewTrustRoot(trName, WithTrustRootUID(uid), WithTrustRootResourceVersion(resourceVersion), - WithRepository("targets", rootWithTrustedRootJSON, validRepositoryWithTrustedRootJSON), + WithRepository("targets", rootWithCustomTrustedRootJSON, validRepositoryWithCustomTrustedRootJSON, "custom_trusted_root.json"), WithTrustRootFinalizer, MarkReadyTrustRoot, )}},