From 2ad4edb8afdbbcb7c3db742e4ad2130c44e7f492 Mon Sep 17 00:00:00 2001 From: Cody Soyland Date: Fri, 30 Aug 2024 15:57:22 -0400 Subject: [PATCH] Regenerate test data and add support for custom trusted root target path Signed-off-by: Cody Soyland --- hack/gentestdata/gentestdata.go | 9 ++ pkg/reconciler/testing/v1alpha1/trustroot.go | 9 +- .../trustroot/testdata/ctfeLogID.txt | 2 +- .../trustroot/testdata/ctfePublicKey.pem | 4 +- .../trustroot/testdata/fulcioCertChain.pem | 28 +++--- .../trustroot/testdata/marshalledEntry.json | 86 ++++++++--------- .../testdata/marshalledEntryFromMirrorFS.json | 50 +++++----- .../trustroot/testdata/rekorLogID.txt | 2 +- .../trustroot/testdata/rekorPublicKey.pem | 4 +- pkg/reconciler/trustroot/testdata/root.json | 30 +++--- .../rootWithCustomTrustedRootJSON.json | 87 ++++++++++++++++++ .../testdata/rootWithTrustedRootJSON.json | 30 +++--- .../trustroot/testdata/tsaCertChain.pem | 26 +++--- pkg/reconciler/trustroot/testdata/tufRepo.tar | Bin 2835 -> 2837 bytes .../tufRepoWithCustomTrustedRootJSON.tar | Bin 0 -> 3410 bytes .../testdata/tufRepoWithTrustedRootJSON.tar | Bin 3425 -> 3411 bytes pkg/reconciler/trustroot/trustroot_test.go | 43 +++++++-- 17 files changed, 269 insertions(+), 141 deletions(-) create mode 100644 pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json create mode 100644 pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar diff --git a/hack/gentestdata/gentestdata.go b/hack/gentestdata/gentestdata.go index 4390023dc..de2943032 100644 --- a/hack/gentestdata/gentestdata.go +++ b/hack/gentestdata/gentestdata.go @@ -93,6 +93,13 @@ func main() { log.Fatal(err) } + tufRepoWithCustomTrustedRootJSON, rootJSONWithCustomTrustedRootJSON, err := genTUFRepo(map[string][]byte{ + "custom_trusted_root.json": marshalledEntry, + }) + if err != nil { + log.Fatal(err) + } + marshalledEntryFromMirrorFS, err := genTrustedRoot(sigstoreKeysMap) if err != nil { log.Fatal(err) @@ -110,6 +117,8 @@ func main() { mustWriteFile("root.json", rootJSON) mustWriteFile("tufRepoWithTrustedRootJSON.tar", tufRepoWithTrustedRootJSON) mustWriteFile("rootWithTrustedRootJSON.json", rootJSONWithTrustedRootJSON) + mustWriteFile("tufRepoWithCustomTrustedRootJSON.tar", tufRepoWithCustomTrustedRootJSON) + mustWriteFile("rootWithCustomTrustedRootJSON.json", rootJSONWithCustomTrustedRootJSON) } func mustWriteFile(path string, data []byte) { diff --git a/pkg/reconciler/testing/v1alpha1/trustroot.go b/pkg/reconciler/testing/v1alpha1/trustroot.go index 23f5591c8..79162b189 100644 --- a/pkg/reconciler/testing/v1alpha1/trustroot.go +++ b/pkg/reconciler/testing/v1alpha1/trustroot.go @@ -104,12 +104,13 @@ func WithSigstoreKeys(sk map[string]string) TrustRootOption { // WithRepository constructs a TrustRootOption which is suitable // for reconciler table driven testing. -func WithRepository(targets string, root, repository []byte) TrustRootOption { +func WithRepository(targets string, root, repository []byte, trustedRootTarget string) TrustRootOption { return func(tr *v1alpha1.TrustRoot) { tr.Spec.Repository = &v1alpha1.Repository{ - Root: root, - Targets: targets, - MirrorFS: repository, + Root: root, + MirrorFS: repository, + Targets: targets, + TrustedRootTarget: trustedRootTarget, } } } diff --git a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt index 6e92256ba..75786d927 100644 --- a/pkg/reconciler/trustroot/testdata/ctfeLogID.txt +++ b/pkg/reconciler/trustroot/testdata/ctfeLogID.txt @@ -1 +1 @@ -1710e23da0651aaa8194bc9652cd00a97c1fda9c76fce12f14eb635e42036954 \ No newline at end of file +df8dc4f435a63e8cd48d2557c3c228e9558e04dca899fab5612a6d60d515e8f0 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem index ea57536c7..5dd59bc31 100644 --- a/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/ctfePublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMj -ld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHsk +ImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem index 4b10e30d0..92966d0a0 100644 --- a/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/fulcioCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/5 -5rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1Ud -DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggq -hkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64C -IHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT +MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAM +CwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1Ud +DwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggq +hkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIg +cjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz -9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3 -eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55 -FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1 +WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9W +SHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHD +djL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw== -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntry.json b/pkg/reconciler/trustroot/testdata/marshalledEntry.json index e9fc1f2e3..8d1d30abb 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntry.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntry.json @@ -1,78 +1,78 @@ { - "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", - "tlogs": [ + "mediaType": "application/vnd.dev.sigstore.trustedroot+json;version=0.1", + "tlogs": [ { - "baseUrl": "https://rekor.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://rekor.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY85qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" + "logId": { + "keyId": "Yzk5MjkxODU0M2MxNmIwZGY2Y2NkMGQ4ODE2NjVkNDljZGQxZWYzZjM4M2IxNmY5YzRkNjRiODhjZWRmZTAxMA==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "subject": { - "organization": "fulcio-organization", - "commonName": "fulcio-common-name" + "subject": { + "organization": "fulcio-organization", + "commonName": "fulcio-common-name" }, - "uri": "https://fulcio.example.com", - "certChain": { - "certificates": [ + "uri": "https://fulcio.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAMCwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggqhkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIgcjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4=" }, { - "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9WSHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHDdjL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "baseUrl": "https://ctfe.example.com", - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "baseUrl": "https://ctfe.example.com", + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHskImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" + "logId": { + "keyId": "ZGY4ZGM0ZjQzNWE2M2U4Y2Q0OGQyNTU3YzNjMjI4ZTk1NThlMDRkY2E4OTlmYWI1NjEyYTZkNjBkNTE1ZThmMA==" } } ], - "timestampAuthorities": [ + "timestampAuthorities": [ { - "subject": { - "organization": "tsa-organization", - "commonName": "tsa-common-name" + "subject": { + "organization": "tsa-organization", + "commonName": "tsa-common-name" }, - "uri": "https://tsa.example.com", - "certChain": { - "certificates": [ + "uri": "https://tsa.example.com", + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggqhkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIhAO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU" + "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABFRMP78f6+Bm7cYAIcANQphYMj0YJHD620uGHPNck0Ei1IKqDCRPCGQDAHprk3y/sBIcLPZU8Hxig5xV0w28qAKjMzAxMA4GA1UdDwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRB+eA8vn2NROBb/iTfLHyr/c1BmDAKBggqhkjOPQQDAgNIADBFAiEA7r8SEfLto3dQDZIqf/0qQy5+q8hiRNbZ3R4JPxPJtugCIFfiAfFrpzUYp6XuJSuOHfgFP2378zn2jl9kUoQYCjNs" }, { - "rawBytes": "MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/hTGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftBkxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsfSKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ=" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASrdvjuuS7ZO/piTX2pxT56yBKhwq+SHeXt8MsaNYPBG84m5G/3m3uLB5YxCRq4o6vhKM0HEU4UcQ3LdKL92Axao0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQfngPL59jUTgW/4k3yx8q/3NQZgwCgYIKoZIzj0EAwIDSAAwRQIgXeSyRZXqJZPSba7S56k9fce1xLppSN4m9MtfTw7MdpoCIQD3L40eRQUu2YV+74MWm1nGbma5IVfp9tgZxaAw80brWg==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ] diff --git a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json index a3774db90..475621623 100644 --- a/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json +++ b/pkg/reconciler/trustroot/testdata/marshalledEntryFromMirrorFS.json @@ -1,48 +1,48 @@ { - "tlogs": [ + "tlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro89r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY85qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "YWRjNTE1MWY5OTExZWUxZjAwMWVkYzc0Y2Q3MWNkNThmOGExMWE0ODRhOGM5NzA5NDkwYjRkOTY2NDcxZjQxMQ==" + "logId": { + "keyId": "Yzk5MjkxODU0M2MxNmIwZGY2Y2NkMGQ4ODE2NjVkNDljZGQxZWYzZjM4M2IxNmY5YzRkNjRiODhjZWRmZTAxMA==" } } ], - "certificateAuthorities": [ + "certificateAuthorities": [ { - "certChain": { - "certificates": [ + "certChain": { + "certificates": [ { - "rawBytes": "MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABNr99Dzn4PLhw3a9dP8YLwZaPnm3hpF3vt/55rMc7N194IPRB+qCDQIKIsyFMQ937IA+ylxdYvwYPB30kw/nie+jMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBSgpcC8Rht4JttKz/d6pqb87A+f+zAKBggqhkjOPQQDAgNIADBFAiEAtuSOJ8LaCp6OrUIo8eKz7iYFEeOMI5d3aBEUSUp8y64CIHnTyu87fhXigrwrrhx0mEluHBfqeBpJilenwWjcUzYT" + "rawBytes": "MIIBPDCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABAJCeHCU8sFwES7vmf4dAABk7HC2hclCwgAMCwPbdJAXRyA9wWFQhWM8osvic/LMq5m0AfVi4y1hjhFkrLjfbHejMzAxMA4GA1UdDwEB/wQEAwIGwDAfBgNVHSMEGDAWgBRQn62BEmrPPx7tr1ZIcgrTbMrj8DAKBggqhkjOPQQDAgNHADBEAiAS77lBrjWbbYKGBJ/i5ag/Rmsml+oECQ/GMmxdEZ/MzAIgcjfmUGYXufT/lX2VXsvkFzfVQH1fG0g5i03NWSFYDB4=" }, { - "rawBytes": "MIIBSTCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATpp0ZNVPLAIzjTPkYzluuwuJxo4kmCLQRmznmz9GE89huCeLhyLbgj6xLgLrlZPwEnlGRKdiba+pLxUzKVKTPAo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUoKXAvEYbeCbbSs/3eqam/OwPn/swCgYIKoZIzj0EAwIDRwAwRAIgPpFwR+kjxrG75XPEQCiKPwF1Zg55FZVT7PlNJKyIPYACIFMMqZ4//ncJoBxMtvTsr3++2d91SPpyis2cLiDcr3kW" + "rawBytes": "MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR3h5jys9TUi2KTcvbxjCpkC+qoHcVikiWRdkp1WAMg1fJAQvqPX8kB8OSXc2v8pTBKmzMteEvZJW+9kkybobtKo0IwQDAOBgNVHQ8BAf8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUJ+tgRJqzz8e7a9WSHIK02zK4/AwCgYIKoZIzj0EAwIDSAAwRQIgUVBM1Lkvf7DVjG6hygMVTK2cWkHDdjL4MW8wCFaKV9YCIQC2DtPtWvu/VgaI0QGI+v7iGNnPf7USY0qlJwWWGvAaWw==" } ] }, - "validFor": { - "start": "1970-01-01T00:00:00Z" + "validFor": { + "start": "1970-01-01T00:00:00Z" } } ], - "ctlogs": [ + "ctlogs": [ { - "hashAlgorithm": "SHA2_256", - "publicKey": { - "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBQY7A479x/VleGrvxp1gQAykOZMjld4J6VWVLnN0WLiqOesr9QkSBVnBkYKw0pr6Bgr8Qjg6NA3x470DLPxrDQ==", - "keyDetails": "PKIX_ECDSA_P256_SHA_256", - "validFor": { - "start": "1970-01-01T00:00:00Z" + "hashAlgorithm": "SHA2_256", + "publicKey": { + "rawBytes": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEklvaOetNsPoZt+BHsE0bbHybxHskImD/Swu8QyDZONn2hnJNxEImaz6Xzv7+/bzns9y0/b9NadWbeDht3KGBBg==", + "keyDetails": "PKIX_ECDSA_P256_SHA_256", + "validFor": { + "start": "1970-01-01T00:00:00Z" } }, - "logId": { - "keyId": "MTcxMGUyM2RhMDY1MWFhYTgxOTRiYzk2NTJjZDAwYTk3YzFmZGE5Yzc2ZmNlMTJmMTRlYjYzNWU0MjAzNjk1NA==" + "logId": { + "keyId": "ZGY4ZGM0ZjQzNWE2M2U4Y2Q0OGQyNTU3YzNjMjI4ZTk1NThlMDRkY2E4OTlmYWI1NjEyYTZkNjBkNTE1ZThmMA==" } } ] diff --git a/pkg/reconciler/trustroot/testdata/rekorLogID.txt b/pkg/reconciler/trustroot/testdata/rekorLogID.txt index e96bd223a..726c683c2 100644 --- a/pkg/reconciler/trustroot/testdata/rekorLogID.txt +++ b/pkg/reconciler/trustroot/testdata/rekorLogID.txt @@ -1 +1 @@ -adc5151f9911ee1f001edc74cd71cd58f8a11a484a8c9709490b4d966471f411 \ No newline at end of file +c992918543c16b0df6ccd0d881665d49cdd1ef3f383b16f9c4d64b88cedfe010 \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem index 585733724..c200420be 100644 --- a/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem +++ b/pkg/reconciler/trustroot/testdata/rekorPublicKey.pem @@ -1,4 +1,4 @@ -----BEGIN PUBLIC KEY----- -MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE1Vobk4rjNzYrf/uqDwEd/HDfCro8 -9r63DaHCTRYQJaf/JHdJj/nxBl1e3ZCo0B7kB/uU+e7d56A9gPdelFc51g== +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEoM/qB3YtDs6+rXvxfxZNXH0dfXY8 +5qgGuiJJezpzXjCm6jbiUp15VpzNcdJGzExHNZYZj7l+ma1Fjer68+1+tA== -----END PUBLIC KEY----- diff --git a/pkg/reconciler/trustroot/testdata/root.json b/pkg/reconciler/trustroot/testdata/root.json index f7bae914c..47f61dfcd 100644 --- a/pkg/reconciler/trustroot/testdata/root.json +++ b/pkg/reconciler/trustroot/testdata/root.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2024-09-22T16:47:39-04:00", + "expires": "2025-03-02T14:57:39-05:00", "keys": { - "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9": { + "4f582b75693f91cad069ae575ffd9903f520f646a74ba85513b8a0f130f7da83": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "06ba72d6fe28cc6d1d85ca8f933f7e855875af2cabb97dd075074f5d1c188249" + "public": "23237e06e0576311c798074b04b4b02ba305fd21675c8d3a1090943693de6083" } }, - "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd": { + "5aa0cc3e4d630d733e5b9c7be589357164ee676fe5b300b7a328008be25c667a": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "97c5f9488951eb67f16ea9328c9537c2ade4485a0b924ec0486a236f50e80f96" + "public": "eee8a9d75bbe2b7caaaea199cac99fc21eee9d54929bb5454e2113e5a9bd6d87" } }, - "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d": { + "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "4b92888524b5cd2de6cad461f83fb86b3f5590792c037b416132811ba71e1e8b" + "public": "f33d2aae405e597113e473568d0120e850952c184fb4b2a631f93be2bb8b8824" } }, - "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264": { + "a93ec7e1ab7f6f3c29b5723613e450905ef00e9640abd46a42c771bd860a4202": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "6f98dc24fc1df15ed2888658f711dbe59433aa7b0a62334080100fa52a483716" + "public": "64dca5d45b16d535154d17817061bc121534175da74ec9f2984ccbbc6dad9cd7" } } }, "roles": { "root": { "keyids": [ - "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d" + "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11" ], "threshold": 1 }, "snapshot": { "keyids": [ - "b2cf295def74b86b6a50211bfcf3ab3839a2bdbed936d95cfacce1f4c31deedd" + "5aa0cc3e4d630d733e5b9c7be589357164ee676fe5b300b7a328008be25c667a" ], "threshold": 1 }, "targets": { "keyids": [ - "fcf4d6c6bfa6fccb41df570cc60e6ef63cfe45baed10c0ead716de97f4a25264" + "4f582b75693f91cad069ae575ffd9903f520f646a74ba85513b8a0f130f7da83" ], "threshold": 1 }, "timestamp": { "keyids": [ - "0c5ee15a0b35012b32989697c15e22f199d8534863a80197bea385adb908d0c9" + "a93ec7e1ab7f6f3c29b5723613e450905ef00e9640abd46a42c771bd860a4202" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "d4177b1e89bf7eb02c44285e9f7907eb089ff7951199179d6fd68280dbb4d69d", - "sig": "0eca8e52cd9d8e18dc02593925bde4c44f2eac3e173199ff30a8a875391636f419914563fafe171d5b4b22917b8a6604ad77af5ea9f88166b3f8ca6c15332201" + "keyid": "83418a374fa1334254d6b11f6ae0b8d0f98a078d45a1d8d3294b20c35868bf11", + "sig": "a9806043d6f4d74b9e768bbc136d8d0a498c5d5143b5d921bcc0cd8d9a8c4ab4c8fba5b908303e316d373555fd0a252436806aad85437140acd93cf1ef2d910d" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json new file mode 100644 index 000000000..81ce50f95 --- /dev/null +++ b/pkg/reconciler/trustroot/testdata/rootWithCustomTrustedRootJSON.json @@ -0,0 +1,87 @@ +{ + "signed": { + "_type": "root", + "spec_version": "1.0", + "version": 1, + "expires": "2025-03-02T14:57:39-05:00", + "keys": { + "6d0c5c6a4092584f429e5903cc2aeedba98267c00bb8142ad844baf1fe99ea7a": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "f3b45c131fe1b501e0d4f1f060af335b402d825fff36d8ab8fa0aaf440b4edd9" + } + }, + "ee875cbd2580aa1dbaef624d27911936452522904b7051d0f24abdb06411fb26": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "db299b1d9cfb2439071be85344ac2c121de40fba21bfca50e8b62a67e30f70c1" + } + }, + "eef068fb0f89eb76ea31e95cf3fadee2bd866be74b38a6e05f83c87ddc4dfc52": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "d63cb0d9c2dda81520e2fb3e280eea619efa2ce5f2c541ccf8f78e4b4839a23a" + } + }, + "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40": { + "keytype": "ed25519", + "scheme": "ed25519", + "keyid_hash_algorithms": [ + "sha256", + "sha512" + ], + "keyval": { + "public": "5f413fd7e49e2ab9a994d3a671eac3c9f11ef09337f05719fc875a797c2ffc5a" + } + } + }, + "roles": { + "root": { + "keyids": [ + "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40" + ], + "threshold": 1 + }, + "snapshot": { + "keyids": [ + "ee875cbd2580aa1dbaef624d27911936452522904b7051d0f24abdb06411fb26" + ], + "threshold": 1 + }, + "targets": { + "keyids": [ + "6d0c5c6a4092584f429e5903cc2aeedba98267c00bb8142ad844baf1fe99ea7a" + ], + "threshold": 1 + }, + "timestamp": { + "keyids": [ + "eef068fb0f89eb76ea31e95cf3fadee2bd866be74b38a6e05f83c87ddc4dfc52" + ], + "threshold": 1 + } + }, + "consistent_snapshot": false + }, + "signatures": [ + { + "keyid": "f572a1ca4289c8413f60e465e65eb1a791029ab0c5a7eb2622746a343b82cd40", + "sig": "2947ef497b0f170fb220981e2662381836ef7877fd3f2ce6cfc78ac8d8deafd2d328f6c103c0c4aa0f6a266563fd0f0d5d466d963b071ec1499c91fc9a869101" + } + ] +} \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json index cc9bb5cf2..82831084f 100644 --- a/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json +++ b/pkg/reconciler/trustroot/testdata/rootWithTrustedRootJSON.json @@ -3,9 +3,9 @@ "_type": "root", "spec_version": "1.0", "version": 1, - "expires": "2024-09-22T16:47:40-04:00", + "expires": "2025-03-02T14:57:39-05:00", "keys": { - "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505": { + "48723caecd108101bd2847922c975305c222179b0854bde71ee6868923a6fdcc": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -13,10 +13,10 @@ "sha512" ], "keyval": { - "public": "3bfd19c0931a80cd3279322fc22b04b90831b1804f5dbc72c31676ca2ac82f97" + "public": "479eeba3d3d60e533e1e0060865dd5f028ea647c0a3dbd4055e535582e191556" } }, - "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43": { + "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -24,10 +24,10 @@ "sha512" ], "keyval": { - "public": "d64a13987f3b0ccfcbfab8c5631acff1b69dda70e40c1aae0cb1f0f9575716cb" + "public": "04ab76b15f5866d1a65e33a302d550557b3e7ad1cce32f487c9603dc77e076b2" } }, - "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d": { + "a2b995701776156f6cda1a2edcf24567b28f4893d811b8b2251004f65d441a5c": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -35,10 +35,10 @@ "sha512" ], "keyval": { - "public": "ecf8b527a4a4ce34718286dc9a67a5969060053bf1750e2dc74e065c9ab30ec1" + "public": "b81a31302ecfa238f23aed56779e03e647e2c945a9e43b2ba8de8679f08c27fd" } }, - "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc": { + "c3a50a82562c34628d11059f0e5dd92c553f40e9d1c23dc548b4a370e1c4d82f": { "keytype": "ed25519", "scheme": "ed25519", "keyid_hash_algorithms": [ @@ -46,32 +46,32 @@ "sha512" ], "keyval": { - "public": "e7f35e9f47b6e2f38e62b184d9f9a54f085843c57bb102cab0fe684dabe1e0bd" + "public": "062f012307eae1f50819a6c8e2e144881b10d9ebf549496b042b534174b0a2bc" } } }, "roles": { "root": { "keyids": [ - "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505" + "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c" ], "threshold": 1 }, "snapshot": { "keyids": [ - "8b635809713e0b6ae3370afeb6fa83d7aae2039b355e56d1211049246c3d1a4d" + "48723caecd108101bd2847922c975305c222179b0854bde71ee6868923a6fdcc" ], "threshold": 1 }, "targets": { "keyids": [ - "5dd6940e523073d10a6252f38a4dc2ebf33e23641c103682e43cb351a5672f43" + "c3a50a82562c34628d11059f0e5dd92c553f40e9d1c23dc548b4a370e1c4d82f" ], "threshold": 1 }, "timestamp": { "keyids": [ - "d263be84f7043dd0b4636fb797cfd1c9b455b9168f282cad8f48ff0ca47465fc" + "a2b995701776156f6cda1a2edcf24567b28f4893d811b8b2251004f65d441a5c" ], "threshold": 1 } @@ -80,8 +80,8 @@ }, "signatures": [ { - "keyid": "1742f6a1f846f4042382403b907864f125c2fca7bd70d6c157a40ac8e6f7d505", - "sig": "1050176114e44eec30b0661a9016b0a1ce607b4168d8e84ab1d4c15d73c3bdb051f0c0b21b67f03c77d4a98ea7dabc5fd1404bbef2eaac605ddfa2a6145d0709" + "keyid": "81153179ec44eea8b20a09592ab85d7bcb68ccdd4ca1a0c8f9c2f732a25d0c8c", + "sig": "7f8130295314c363f8800f14206e93fa0b612c63e0ba6aa7188e931b99e93567b46fce3857b5afce4015303628296969bcbc04df1785c4b61f20e731b3f8610a" } ] } \ No newline at end of file diff --git a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem index 0c657654b..de08755b3 100644 --- a/pkg/reconciler/trustroot/testdata/tsaCertChain.pem +++ b/pkg/reconciler/trustroot/testdata/tsaCertChain.pem @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- MIIBPTCB5KADAgECAgECMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDzENMAsGA1UEAxMEbGVhZjBZMBMG -ByqGSM49AgEGCCqGSM49AwEHA0IABDgjsTzgbEsFFuBFCp1LIRv4SwYLCLL1fxtq -95tbtGj/wHQUmrKLxMLMxaxIzdJs54lIDP+LoKeK25+HBPftwtCjMzAxMA4GA1Ud -DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRRiPL3dEhG22Qh+0GTFJ/G1SW1yDAKBggq -hkjOPQQDAgNIADBFAiABNvVUla7gqF/135UkA55FQ57M6r84IArwk43Zy2aPPgIh -AO8/F8k9VB5+I1FSiQL1qsM8yO6SUpVF9E+hNJ9n/6zU +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDzENMAsGA1UEAxMEbGVhZjBZMBMG +ByqGSM49AgEGCCqGSM49AwEHA0IABFRMP78f6+Bm7cYAIcANQphYMj0YJHD620uG +HPNck0Ei1IKqDCRPCGQDAHprk3y/sBIcLPZU8Hxig5xV0w28qAKjMzAxMA4GA1Ud +DwEB/wQEAwIEEDAfBgNVHSMEGDAWgBRB+eA8vn2NROBb/iTfLHyr/c1BmDAKBggq +hkjOPQQDAgNIADBFAiEA7r8SEfLto3dQDZIqf/0qQy5+q8hiRNbZ3R4JPxPJtugC +IFfiAfFrpzUYp6XuJSuOHfgFP2378zn2jl9kUoQYCjNs -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- -MIIBSzCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 -MDMyMjIwNDczOVoXDTM0MDMyMjIwNDczOVowDTELMAkGA1UEAxMCY2EwWTATBgcq -hkjOPQIBBggqhkjOPQMBBwNCAARjUhxtm6QXaB2bkGKHenCToVRPhVf0PTkuS7/h -TGjHhELoMrD8r3nbqyceFEl4FUTzEMDfrj/YhefX7ZbeesSho0IwQDAOBgNVHQ8B -Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUUYjy93RIRttkIftB -kxSfxtUltcgwCgYIKoZIzj0EAwIDSQAwRgIhAJgRO/ig4ZBrlYjuNYpC/kqUIVsf -SKLpS9c4/lkcTGBPAiEAq+euZ8zkevab16uWx7ZaEcElKYY3xzhTr5yQYeJPOcQ= +MIIBSjCB8aADAgECAgEBMAoGCCqGSM49BAMCMA0xCzAJBgNVBAMTAmNhMB4XDTI0 +MDgzMDE4NTczOFoXDTM0MDgzMDE4NTczOFowDTELMAkGA1UEAxMCY2EwWTATBgcq +hkjOPQIBBggqhkjOPQMBBwNCAASrdvjuuS7ZO/piTX2pxT56yBKhwq+SHeXt8Msa +NYPBG84m5G/3m3uLB5YxCRq4o6vhKM0HEU4UcQ3LdKL92Axao0IwQDAOBgNVHQ8B +Af8EBAMCAgQwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUQfngPL59jUTgW/4k +3yx8q/3NQZgwCgYIKoZIzj0EAwIDSAAwRQIgXeSyRZXqJZPSba7S56k9fce1xLpp +SN4m9MtfTw7MdpoCIQD3L40eRQUu2YV+74MWm1nGbma5IVfp9tgZxaAw80brWg== -----END CERTIFICATE----- diff --git a/pkg/reconciler/trustroot/testdata/tufRepo.tar b/pkg/reconciler/trustroot/testdata/tufRepo.tar index 53f2a8d18d2f854686dd869a530e06b820fda527..a9759cd5f5e35c40053b61481c9a5d8200ecf677 100644 GIT binary patch literal 2837 zcmV+w3+nVAiwFP!00000|Ll8dQyWS0w_od15WMA?A+zps#JuR1gb-L5fjFPoa8%Zz z3n7q%1lpMI{*M-?kHy{rvz}dLgxykCt19c4S((4CEJpESIPOk{qnmd>O#lG2l($!P zdj%$Lueb6Jg;GKw2f^O~axTQX75Vd2dX%g2#Esqo_+fY!g7L(q^i2ExMDDMD6M3}% zI{rQy4ky3&#>4a19izZQ3GuJ&FBs@A>@S7j?^fOf#Q$;o|Fg8RI_|d5V_1E^^3T%B z%Ic@d%|%>&zp`3*!|MMlZjCRZ|1^!Gad&uLwBYY>+wgb~7vJOcMRyd(#WM_;{0;bT zz*;EYOZ}eP-$1^HyI=O>&G>G_l~s|XVWg$9JX!QEfU+)1EmI2C0#A}bQbIW`$Qdb- zlW~xcL(;(+e&5le+k5q6U{a!83|Gv-cjDk%4gGl24WBx0-1+3r+QU(I(is%0{r^St z%Idh|m{fO9FTP4-tBY^{cGcE1NIApr9|*f1|bPmkX)h^0kuI53dtiw$pvZ|oEFjB z#Hi0c*+sm;8Up z|CjuK$^V!9e<^PwPx$}6OTPL$z<2mRqWqHoD^$4T|8F7B@c)Mp^|Rgq266JhM(-2G z!ucL!^;tY`PdY{4T*F;}EjYqs-hJc(?^jkO>L3#$hybL87YuX6uswOaD?bQ zQ`%}|2|;>9DFbmsL94(V1M&nS8caGcA5&l^DQ!tIVUi_H&xjLRt_1Zek&&T!#*2(U;a73}v znegpep11$_qqNYWx>NZ|t^YJ)|6THp^`EZJe0TVY5#W3LUkmlc`q!YB>;FyU$@(u> z_geLhdO2%V?*c%*p6^!5x!lewS-V;;{xz~;tz5pW?KgzYvqrg*!F73_ZRPEq!#r!W zvcXQLk&EL>s}7|`r9E#{s$!?*=N~tQ$CXwCzPLB5%&R+%Y+TFmpqgDbs#H7doc8k5 zM&78E@|)X{vUc@h)NEGW%%Gm-*;YAjmJiH$V^-bQ(?Jp;%ksY7EVGV3E6>_lqg0;l zQrOCl_ii#fJKAV=jv8h-o_78EhsLEGK$Z@>;s!gt&PIRqp_gbg_8Rl-x{--Oqfn~M zs`>h?S9DzpsRnJ?1-^5%zj0E@#gnM{l`+3(=>1+f zH}1jE`Rg0HRsGP&`uBz|pRnresFk(yw!cTIo)?haes1LXY^R)Md%PoiH)Gp6=(6pW zpVD=&e9VYlBs+6(;)EFEQyHm0qtIlbIHHvQau+&}hgYA#y&_F&$a#Om~P z>uAmP`!_VC$@UQHvt}jxxUgr_Wzggb~Hs2QO*{s}tNR@@>RQ9uMw%4q;4-WGNe&|n= zt{nDis&mtB9JaQZKk9E*N}=~bG>*)yyy3PF?Mb=bEVIgFcXBknT0d;NIy7tbwW;pb zcFuQ`KG;8j%d@T7(NS%hxue-1&l&$;um5kv|55A@N3Tf${{sKhY`OpQCh|i5H*Bn5 z=KN$*8LPF?@$@=fpY9xQLP*CarX(-hwX5#dR-9kVk9*~T>QVRL0_EYwe8-2a+Pr$b zxpR7Q+S6xi1BV;EI8tT}*CyGL|Gkxbz5ZYS2*`KVKa>2+^)IzvuKzcYXZC;ZOL#wP z`}d0y;p+Xq!?$*SwfX+$ZwSUJ!$d&AltYYBFa!e9AdK@?31>AXbS9XXgwuZUhX#SG zUiQNR|^O;Kj}{6W6Ra3Tim`K>b4&JSqcB~ z-R&DFTKfYiaxO?oODJ4&F=`FovY5DF0klyOjB!!`8V^nZKoGzK8VW+IXhlp8wGhlk zA)G?wkeK8;LNL+m;GL%=lu{NTkkZEZV0FUa7()V5@+By4EN1^2I6iQozv_$xT$3?? z;F1ueVnWWPu#^b6bINi{0=-G60$sle5yv14S`PzeUe-`D;YSXs8kVFor!`ldCrJ2n}RGtMWUFz z*BliFp;Kfs2mo(9D1lrfDUq1gN-W5O7t*38dbI-Zi_au|78SLQB!jia2_$cow4OvX zf~=D$C701sFv9qljP}LrcQlEkb|4(nnuy48V##`)kjY3&IL!c&2t@D*$}5jT5$DlG nGC`pf)+7&#m;?B`Ma88oWhqPf@0b4z00960zLUSS073u&hOW6U literal 2835 zcmV+u3+(hCiwFP!00000|Lj^@QzFZ!`>c;N?!Z1Dw!DQ-EdgA)sMDC7%5qa=` z8Gj!ShtuCrC&R((>L~C~Li~UJ7Yy__{+B}GyOlQq@o(<`f0b5NC%w*q;_CaAf0b5N zRzFRzN3{BWWwnTg)&D7mCL;=;KGS&88xD#q_&eNOco@UQIbDr(viLr#%MkBc}iaP^nwI|1o zbkSQd5rVyY(BiRo=2K)+qFtyf<`BAc{-X7U**_m1@!9q7tyozdUHX166v{w(r&&~qm0pR0fbSGag`*H zfn?S9U`2sidn99h(&T{!A()Y5leSO{7@Lx|646@JHmVerVFsf2A}aeUgC)FW#u&+j zmm#u9D!3>VCc{$^7d%O6L0cApYcEhCX9m$bjf72tffU zN{WX>LV8CLApp6kQAM&k3CAQ;;ui)>C2L|}A_a^ICB*_dB~8+Z(UY`-bLX@Nrx@n~ z3?M*qk~v|x#;+o)bPL$(c-W_hB(_MGj}hp_$M(NC62F@2v^%Crci1li6d$>8GH|0w z_en!uoIn1MAyYT*&~);I9WRcyKW0booF-FuK6=8E7nh%BEV&PuFdR&JlPL|RpB_0X zx&DMoi(3|@*iA2QYG`5KO>8YpF5>vbQFI$7z0RUIQE-MN3(-bHXkq{+Ew@biNFoT4 z7`ea+HAibx;^2%kT5^kut0W2~LMonIBGeeA7oIVT+8d`72p6?>Ns_b47*s`0GQp{U zl5@rY3*f$#R{mM~@}H(be_MIP|9=wu|5N;*Gq&XaZy`(mzvTbF3|LG4zvTZ*{=ek^ zOa8y)|4VrjdBp$kLh{w$0iNOii1J(huTbkH|9=a4g8$#AsGs!?a86TqUp{XO#v=G0 za&?~uooTmtHrH^QU<;1$P-3X`#bBwiem1MkjyJc5C-wO$RI=7_{q}b?YlUj7lhyLpvCf3HSLLHVZHzx(jj+?o zuFv*P8mFax6kF=(!_m%Q7e4ItF7{|Lwym>+{AiG$9dFNIG*)?MY+9!swVUxPp`p6d zyc${gGN^QSg zU$0lPcI`F+)a!Y(UCHHkR?RxKO7X9e4L2&4i;aVZuzA*~G%~oV%(Jb$vwM_hjdpgv z+im3HW3^p}Qlr|qZk*OMuvyA?5a`o8%N!f)BL27 zH#SQ7^^K;iQ@hui&1#z&)U$kdY;AQu5Y3(Lj5`~f=6Gjz;+lhV-W{#;&(pFj$#Em- zU9_U!+|So8D%DnfyFR&IZ?r7e^=$3Be-)2E&yJfphqGCE(4)1}#yq=fWTLPrma4N_ zUY@mT*{r@Xt7fT~=jK79wo%PKbn=7FC{)aTcPh4~)9raVs?mivI$KL?^K3isbS_HW zv(vq1t5wZ9yY;M^uV=klHoZL9+cG<@GE#fv!}`$B_FVUl*K4%bsLRM*UOPNE9GPn+ zDy917pnZL5bn1TWb;h&txO)ZXwf^O1o-QaKZT0#zn0+`6hx6n1L)QGxna?@;pk2w0 zyLWW{`i^ebb{g5)ouezqtTy}5&f0k=+@Vy@3&?JMH}ZV8TgkHaXapy_N6nqAK0j?Y z&yMH)%gfp2*40p)omX~R`{(n)`MhK|YQ}aiE40(S-tnDNb+yyk8TU_`v)Z7)vA-RA z-mQ&xt`6thN89aYHiY`DRn7Jm{%o1NlqFLu=9zU`v+C@)dbAJithHIrv%^_d1i?Iu zH#dvgdZ%?b-2Rw-t{r=-cz-Y{^AcUS^YY%TIVewNmCk*sEF!16Kg(wOS-sO7t@U`c5}9lCmktE>nBHT-R$pfZC}@$$62Mm-e_E$h;n%lwubptWBR#0 z8S}L@7A+n$N7uax3p>4P81u6aPdNVR_5XwXKc=(c_%#XOpWuI*FZX}mL|(}M@M!4I z#Q1b~emqX)%Zuu)7R#H}R2dIV$&MATy3I;^|G2f~Qh94LZk?6~S9u?apHzmB>$ALk zdALS8N|o78Gg5y&NbD^6-&@J|>;LsX0eNQqGs(YO{{YMN|0eRp{_kB2?`LiQe$ygc zz1w&A(eAG{&u{)ZABabeR-&*{Kw>tdVXUS~2L zj_F}&W%Y96It#2T?e*GSZ+m5RGIi6-1%z3c_CC|YmCJFj7`{<;(~thTg@6C<_5&2H z70;t+QV{5@=Sc&XOa&GgNS2~SCs~qUnUO{s=0ZTNB5H`9ORbzEhe*jdOd%vk44sMS zI2Vdh2#zCZ9|=|Bks=9`B*laj90iiWNr}?fm!P=5nEh+uc+Y|UY%mJ&=mkpUB;yja z(#dJBP+D!ABAL)4D8*!Af})Xuu|U>FZ2)}a5xi!>S{pD1h?blb3KTP(a}N--(<}xu zA{vx{NqYqp3?p!e2JDN1ale@S%TW9`S{*O`4&bX+2Xl#gP*IWz(nOVlg&@&;4H{8G zRF+hbkpXEbBrzA65{V3ubH&297CdrfT%$6IbI&-5WEJDwDkGy!(d*y?Xk@^HVU98q@0hzSlMSZ0m$go?D+!CDE@ zfi*TbVXYHV6C*8nB5RYgN=6ervrZNz$qGgklMgAR2q=*yfm~o9P*Hn^N;?UX8RfNO lh9DUO)@fxR{nfJKQkJrmrTq8H{{;X5|NkC#1WN!y006(PmJt8| diff --git a/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar b/pkg/reconciler/trustroot/testdata/tufRepoWithCustomTrustedRootJSON.tar new file mode 100644 index 0000000000000000000000000000000000000000..432162ebdc889fb0c33c345b09f1c0b521ba54eb GIT binary patch literal 3410 zcmV-Y4XyGYiwFP!00000|Ll5Ma~eywwV(Yf6uhc!avuD}d8h&eNGc=*2*DR86gd{f zEUFkg{NHZ?8f_ojedVKe-)4u+P?c2f+@}Gwv zXOl_xv7b)HzqXHUJQyK=m4AW&|04gC5d7}wO@jDep8tQoKgy*^Ja#ts>FA&DkB)M; z*?Q`7pN?|dYRLU#dnuhdbGvY}G?|RIci=~`zwvYp?!LR#G?}?{+XewdKLGpzpe7`r zDF1}z2S7i8`(F;+I=%1lD90=?)G$SWL{tz@kaSc6Yz$J)S*@f%j2i&77LXui1tD5_ z=$({KarN+^-D4lzcNS3!<*vK!7);NNzI9{Z)``9CskC>ihVf*UWWCYWwg11neUwXk z3Q>07diRw=l-qs#^XU-_HGK5qC^wz!VPdwOd8`RF5JT^vrT{u%iH9CApghJ@6M(Eh z)O(Ma6-o=QfKr|ipoz0q?mPOtef_-aE$5uz)M$&S07^ltmGcY{i@1bPVn!&U2uVOR z2NYW15mDM|zzBq1Bla5y%W5R0hE^J{5y290sGXpg5M_{o2wF#g*9t-HjiSH_&5&Z; zVcZml8K8;XACU@>eo zu+kuFm4FlhhrGrP3E-S!P&%)WanvJ22{gtF&xIqJ2rL!C>g!;6%8`Ob5hSD$1Y*yC zBaAvmora1_2#{177^=9_h#|xYQa$kq#*>m6XI{#W-}zU?V+* z&I5@t_keOJy%C%$F1bP88~P$x@9zVan@xu93B-1A`8)!NeeVCOgZpBrS#Rdj-ekB% zZTKvO=~zwE-gg~&HGce*Bbl1TE=#}T$E!jA=ln=UF3r?v`rU}U5+r`$$z#Eo$v92Y z%#E|#XNmG^n7a47COaxt*?iBTTmSa8wR3q#C$Fud`!Y%59Y;&TohOoO;2{TIBLt*? z4l#zXfC4k;x!~Me?2&QIc*BJK11UtO`{Ql_A_n-gWGU&h7p6UO;N&Ww?^gjmVp#R^(4*LI~|9_ic z9rXV}{~z@KLH{50|3UvB>`m;M{(mURUp@!;f&Pb(vM=;MgA5$>|6AC1^#3D7{atf_ zk;@*X`vYO@ith=lhi)8az1*iGj@doFZY9DK?LJ9?Pe(c6pu`Ayt}s@F3&tR(*jb>g z^Uga!0Z`lmNwq`-YX*@7*m@_pC(2k)xkE--ZLGJ9Ga#uogzYpa&=PWjIK#$z1PJp; z363C_91`S}kcix?gnLJy1?G_keiG(i&CxGlUUG}MA%s)sAfg^1$rZE^C=4~?)Nu*6 zD9yRC0%3qLrQUiCA=g`p2?<6Na1J46luHCXaYzB96%>qXhM;ql0>>4xlp{`ww-6#h zh{sd_bb$Ha*Ph}3{a@g(@8e(J|EB=b!~XwU*w^{bn|Yc|Mz`5)o@UP8zJ6Ko2mH@5 z`eOYLA&B^a|KGy?xhGr&a1&v+d+O*UPeL`YE5Exxr-i(XG^II&>e+Wb`n( z-*bHMunMsKO`{T^+h_Cthq?WkTR$m*-7H)!!*#ZoAJNHRSz2}~XOnJq(+7p1-l^Vy zE(Uc|tj9rV66Nng+{ub5JD%MvR({p3-Bf_}HyuIm;_^H>J$0Mu=B8g5vA#}PQ%J9; zo0_qw8576wI1B#xo=j#hhPLJNOwF>L_>vra0Pq8VO#nXa{&jPYEkECX`urHI;Uuow zmw_6%_3l!xvl-B+KUiH9TOdNwsy3=FyX6k*pxPiR*U3e(glhfkL9ICKcgyuvx82!v z`w@vybyXX6XlHXZsP(Usi(;?eZC{PL&0rO6Bk=yYH`~`g_mf~Z%M!n>Fc-|T-ZsaH z`$om2bKQ3)d+GIL7OQcx*;VImK0F_qWb)y~hJq-Q}fh)ad-|0tN03x&IK zBO)>kqCymaRbdmHhH>pW45DT*s`a9f+!UKt5EbK1R4kEN(`+tICO5@q^yRf>aZ{>A zL0S%As}!uFk}hBOy8W;lg;6kgY$qxGaVFWxW(EtL0@e@Y^v~8d0fS4BBycRUb1HmPWJ7%N5UNuv<0ptf`|} zUlfD0FplqfgZ{;3y%~pcW znr5L_{laumIKG=y%ylwI+E;ckh3z1Up+61ki@VDkF$l#)eFd69y^;@u)-u@UeiPVzTT(iS z>#f%5aTZ^l-fcF*aV6W0O7#q&%^ArD%R>B!EHiBSzRjo9`ngN5hC>wcN_ z)^T**JVT~Es1$AgoJ4K0ES#vbYuPDO>jhNIF0=Mxp1+P&71Ybs;{{L3weh9rtwsmj z4NsTtc6kw~_VSOHIe+~8=U4dgP3ZnP;Qk6If1XNB=H0)WNe9D)x^P)7y_|Hjhy&0!+4f0ynlx=HQ>}B|@ z9ES0K5|ehz9nvjFpxdu+YV8t=P>Xa>9bA;_>sqsgJDXZR>Q_m(Ie@ihZx|J?1|3u) z7tP_Q)2_l=zqIZ&yMtOk9Mqa6*lqSk-(%9pwe8pQXqKvB)%!M0xPR_}Zs+|}3g_)heatD5fOD{^|dx;)M1aiMzRlfa+Mrkhr0 z%5LVTjrm2z$0wHvbFmqt{!k8DlX|DnuciOD=(91ii~fAx;N6S-G-=+T>8eTDIy~zw z?~WT4caw=IRkhA#SQcbN%XvJ)^Yf5)R)woOGGU9}Sp+Jj7HOF}KDTG*5(O*uTKcT} zaeR4BWxv&o+j%m;>y^06<66BN|0R9ixW@XbdvkZ%y=-X382=GjMSJBd+zA{qS`a8%gs|2?}FbN55|+_lMdTr zU^d@{H85GSaJer9*F6q?{^F#{PwqIq`ZUIi9VcN3q67&iC{kJ>FNxuZ5Wyg@Qd!Oj zbl5{hfF>GXZMYzwAx1G56j8x6=L|>)m?Ts)0WCA!A@3M+LO^L0CYTFIHK33oZ!JMy zI;xlw9*Dz^)6d#-{C}8E{AvdH;r>7S68{;7hxPwAvG3vkifI4AKyx@!&Ee$uESWL9@ z99z$naMCkwh&Dho$}snUST4AP#_k@>9CVUc`wLG1yz)%i7YDt72U>Z+lmZYM!nq~F z0cD(*LT?GsSZJv5iVJ|D^nxR&Fvf)Lk3C2aC?!%lk o3ps#Z01l8q+BqXI00%ri*uf5Vu;0!8CjbEd{|qL8~9lw+AESU-_RPz(4apB?P}YdKDx7m;3*pZ;uLT5>K5id^q~&+oPkx z$80-yg%3xCJQ@oB$eYr+GapxOktVZgeh0n>cQ>Be;Qq7Q%#(#n^F9b5`VQcC0JS0c zK=}tO-vRmo+<$ZAw(0$dM+G7{!bUk`ArKHiZIK{cB4i||7*K-{f?R4KDACq&=o}MF zNQ4#h)|iI}?H~J~zO#r@DEGtVb1(xp`Pz+<+a~toK&69^Y8=lNNj8||s{Q}{?W00E zP>8bo-usUfqQd^upHGiisqv#0M}_%PkCR-j0^!m*t+2(G0Y@=*&;h`JVANXb0TNCz z!VOT^YD)m6j$%p$a!^7_+1)^&^4CxM(Fy`WiXoTI5aOH?8UY0)l}KqpE!RdfVT`rJ zD5!uDUK->%Mha02jQE|61&Gp|X-GX4j9I7{br>rQkfjt*$~AUeS!j&I$P>YhWB^;k zxdWVO^rf*B(o#|mAmMYPPFiRXwuTa+iNYK>XowZa|Hj4w40!+%2HYtJJp}?v#f)&sK|+Lp z8Uibw_LN8>nFa)DiV5UI1BJACZmhTW1}iLPWA_ANd$@dVfy6%7|EGVpFQ%Fe7A_sk z#yM)kXD&>qYMu_hsmM=*?GGuEsYUFv^c#BobhQ1L9?8U|nVQVMp~+8!#CJ4#3>Y(; zrb(K)Y4-7%qr4iY?(M$Io{CkryyMVZzq{DltDML2Pe;*xm?UxjH10(XAd+H83})C1 z0f2`D0p=w33TOtAVb}q!m{J@H;UtDyN+)q{7{a`9SWvF1^2QMWDF&D!fh3bmYNHJx z);;2B<%aw8_UO;IpZ?ux(0{Ew%m4qT?Ein2|6@Q7`TuLkA^$(* z|G$l~4*CBf|3Bpahy4GL{~z-IgS?77%l{uj@|UjxzLWn$NZDukKZ6V$^8eS6Z{+`v z5cPMh0VXa}kMwy@82jLR!s@Y`#@V3o;fN!7kFR-(@I<>$slbP$g4EPFiy$GCKuM|e zkU;>r(nbJ|HNuV=FEI5$Nbil1&_TecmW(lE2o(-mqqT*cTTH#sR2Zeav;Yd`9rxTA zBdPPw6G{Zu0!xjZQou^+9;mN9Y1IPs@!9(SVQqirwojSBeig3P;WoQVKcbV-y0Y%o&Sw4kZU{<2vsb@= zUk;k4+>C?DEGpiHxR;evcD%S*ZTzO+xTyi_Z+e2>#?@tVdg^xb-OaExVMCpC=8#^` zcMW4ttGmjk*68>8Lq0y9D0nh-3nq@?aTfgX$D^Wmv|e_ZO2&JwF3;*WA1kGDEBJVc zDEru|1utfnXAWwd*pu1f#nf^>&(tE@Cts3-cL2TvunoY6{a?TE*z?od+nwMj0@71S7Bj~eCiuwQL%`rY2H zKa5C(>YK)-M|-=gQDbAv$_)yUm0AGmK^UBtT&>g*>B+j%;;V@#HVDEI zua(fij7#e{h)U~AZBK)nt8F0H-IL~^8;M!EN=)%Qx}_5k`0Iph;b1s887|0T~LqB&`&zm-p$gti{l$~eUq+6Cp&-LtU+G|F--t&bXzCAa!CFtJaglxfBd+A zTfT5B@FnP-We12kkI6_x7oWPqvD}aNQ^c!4)3R;Wm}+PJ+(b zW~Dd7(tK1pzMa*~buvo2S9Uaq-5`pgKMk6z+shj<3dKe1#-Np$x5Kl^F3MbG)j#bX z%h717XF5BZf%>{x4lee7Y>F`OqLR-sh@0#3x>vrw0_~t#D~3U59pt{>1@^8lshq^k zPUrMEi?2>^cRS&@lHFFVeg@F)j1+@)DSpK9JYLGJAXr~D>v88gjNtib<$3vfSY?B4 z99_51km-(UWjj14QCF->C+h54_Dc0;36-a{zYSo2Gi5Vrc$4%9lP1B_;FG1rm5V5qLvM1yV{ip89u9q zVf>%Or2T4-^s5o*51YG2w}K+nAwARt7uDvr(eB{ht}%>;b<%H-V52=4N9C(g4^_xT zdpzlN>##AbYWy6d>C4u#`+j8mZvQ%xBgW7yC!rNjR z*3J24zawg!B&M5dutwrGIQv)hS*d(UpW(3!#A=EfR~Ml!CT)LS+b)U*hLbPpvmTVg zlOU-Cd?8vDf1b^-ZI=7>TVDjX%`H8?6@%oeq5JrXoL+7&PqSrQs-O5I@F$D;uG5>d zo8@V1c~SH6$tA*E?51cqmZQ$B*((hj>HjVIY%T0+xLme)|Drfg+BayvX;Zch&j#z; z<5tbxWFkscqjwor1)0!l5l`^)Jfyu%>FSou*lKVVfm)?QI;M%w?b*3R!AAWoeK!3x zzC5RL*lEYzA{pWBM%)&0quG!DC4Jtw*7mA@b9>sqY-zBCB!pa047?L?Uo&zDL8855&?={q=MD+3rGeZ)NDP+{}0QFU(EpDt^c#n>pu)be!&0NkZ`4IhAPiZ4*SY_qmb~N z3XKG@nnGkO(S%{?9I=+>$Yh-|lmL$qCjx2k>rMdt^qI7m2fZ|a)LSf|1JY|i7{S^I z>j(t^agPZ%z-Ub&byx|HB&JYEiiBiNU}z|2m@5mcQ<^|+wb9lB3z5x%-792?W!e$% pfc4NgMI<$nL5UQC03BfYAO|_fL4G&+p8x;=|Nk+FPCfuc0018KwaEYg literal 3425 zcmV-n4W9BJiwFP!00000|Lj^>a~jFA_OpM5f>#}z+85vOLpPg{Xv8WRZcI38Wna|Y zsDTOp_ZxtAdu-3K$JZwg8MYd#i>|E9?C;B}tk^9V$tYdKn^*ss0001|^l)W|D?sFM zJ;*CaDCd}QNXaVzF=pu13H|3(dX!a?s`wQEW?{c-f+SVmf93xDMDDNuA@b<|JbW83 z7U|n@vY7weF?RM~g#4BN2?G3u|0!Yc)yXe0;(xjS|9pLtOGbmav$=OCf4)9B$$d;W zOP70hlG{Z??q9p6Wa-SuTNfvz#e8=Mz6FOHk8N=O-L03S*d@C@2q5wX$TtXeAbUsn zI|AMS@($ena^g10-H0bS$O-aHK`#jN1Q3J;A^>X%xM0LXL=Eyracw!U%s|Q&0m=x+ zJhv3k`v>hGd#}E;h*Bu`!|mo^hHmzy8xyw~*^fh&3_q&rU=fef;cTbc|L$*}2-f29!R_TT<^e8jDqK4@{0TdwqUWOjpL?JblBNDP$##$v=JM#vk4G$2|6fuV*1 z5KpZ(92pE5XGS4q1oDy}2Ku!7`)NN~j#|qk0gfUJIJOWdhA8q_C}ItA+GFexW&|1t zFcZiTY&51&QO1!c_%}9|Wkf+N1@~A3W4zH`X<;bCP#N!`X3|>4fg`{`r5rFCdf+AH zltX6p=f)D6VJd*+5Idlmau{=fsEGZIjpd9N znj)@Z;(<$(ujui^IQD&djAkxL)ol3{O@27;zoE%Pz?j86 z86~Nkryrj<%ByMOUhli?saU0}1BdSPJH*yr zfH9~ffJ_4gjbngo0-3PF38FN##6W5}HdtE?DD=Ppji6@S18g|AL`mTkw@Mr8EhKqop#NHVlK=lh+5f+l|6_!X`TwtwWBz~4 z|9=}}9rOQV{(sE>kNN*G|3BvcNBJf4B>%q;$)COk_(uK@A!RS}e+D@_=KsG!zLNhx zK-53A2AH{2J<#VJVeEtN5v!+eK1heTcPAXlJAB=x2#>V;m~mL5Qy(WPB2LoQP@kyBo~ScWUK)YNz9BgQej}AMTj$K8P|$fhK(hh zP>PV&-Xo8&;{ZddFv1!LDDJX^J4K%u=79#j6Xt)Iqo2V%W0U{|ov?VPJKh04B1SvI zi3Ju|$DIaJO3VZi5*h2DVN_Y8xMNsp$p8|LB7}{@5DQHq&{9f>0CtpU0=zaBQectO zia|sv5mY(~DAK?mVgC1(C-{H&2LAjp{(k+R0*sIK|6d`W`#+z?t0Z;y<4@ZU{09GX z%wO<70+jM2|Njd4^FYLQq&f%MKgp@(ayl|99WCbh+qr#f-R;|CG)U4#?B3o5$1XNb zcd_w5cP#fFyoCo=Pp6B)j@Is$S9dIZlG7@2-FUhmVwk4O(*+voVvGW zF}q*iA80IS5MdYN0129@n?M*ymR_#jIrWXGLF#7edAi7u8vz)9N+PmCv7_ z+4FIJz7D6*;eKHOLOu!etL~}ema;$&8rDtAhQh)7_YbNb$i3)NHJTpOYFt!5d@L1; z?cierQTDNY7Cf8WE`do2T<^Lyu6If>y6(}-PHEl0?ymdeAd9ZACcUizJ=Da}b$wFr3}=^> z(mJ{>fy-iRcv*>PeH+kvagz1Mt;uDlhw4SM?vI=6sQLc=y+)rNc2WK~tcP8kj{Gjx zT(C-qJ7167mtrSb>9I5E3&j`lK+Q+neWdR7_p7NHE#5q9e_~Iwn9UaRx|+GCy$`K# z=DX(4?6rzV&jR-Fn=eP~ZZ?IX8qHs*`DB()=5~;$Zv8B9tJSd4DTMSQC-BqfIofX7!@kUS2Ie6g$z& zwyd}<)uSM(1h88Q)=^1Uu7>?_*pI@f5^fIT1cTDUm_b%L3qUmp>#>x@?VL1f!wf5F z8=_as`l>OX;o-83Z__-bab$QMN>XjK!qb~Vv01&SCYy59l$ck8)6H~kd$(Dy5n?dO z^7D~99Y@<>9R*~kk1b}UFrPI`K~}9~#lY|8c-D?em11x`2-}0DDTvlECFf~+vCUhy zywQROr~Y&sT!e$c&2TclY&4t2U{J3H#jqTVN0U5X7Oh3eV7vsnr5haX0RIE&-q8q7-5)mi9oT(~?RP2D`Z9-HpA*U3Hc zLiYR+>*M ztqVKS>U3FKcefW;7oA410M)En3@-PMY>F`OqO_Z1Flc7QtXI5hflkmo%ZEWX3wF-m z2KLaGl*)r%=1ZB7(Af*E?|nSEXZ0xb_-AWn)={OqiBM}86?-tcE)RR1!TPe(8uhjlRPUUR`^6yZbtbsCEzkOu z676jb>d)%asB=DxI<0AM+}qZ#yC50|+xmC{>%m`B>%+eHPa)PcQQym|yRLtWQqx2o z`7|sJ#z|*8(50kYUWMht64t7%Thh*YwL+~1{W`soG}UQkoX^gh-C2B5TSv8Mt=848 zJx?f^R*Q|(+Ty}pAbNThHhh|;g}>s{Qt2~3ZM8;?8n&fj1)=8f6jVCp^Lz!iui>Wn zS9}_T_1mlNRPn)0IS(=IP6A5HP0Aw{3sMc@Y(j8g`@@Z?_9j?p>+ zc;!K(Gg-BHe%Psu&xWPiB8rP5#&dnMF|J&il5)4REk#8ikMq5u^B;I$JD0SFKgy@w z-gqN%tJ+G_N!6#}WZm}bv^!1B;4?mLH-oITbK?1+b(tRxNI#6Hz45BvTNd(@n{M?g z@$HM+vMmkCPba2R2^+hF>*mz0`eHkAw@O2{x?c0XDw)#sqSwRg?XVNmO|$3D8<(c} z{#SGAaX<1)`#(Sb2-vskKN!Q8^&bH6asTI6$XDt=_a*#)s{Hffh(PYMeaA19fv~{h z+jSt$A(xyuEIqaeNQ1cslzAwy6I^@bwV@m-D-gEIa3qc6Q~|9RHcSgZnbOc(Cbf{t z35~R(R7=H_;#^@syaPr8M5I>KL4YOHPGPAr6I#;ebs)1!(#7nlqIa8Vk4-1JRiXxa zt9R#<`67GFuy(MPuJ-l}Ogg%CxfhvK?he^Ly*Q%sou#H9K8EqE)Z~o zUSp#;K#p1ov_@6~rvhbkgwtY!_lc< zasc4j@slq=KSSu-$j=NE1S7>cvw}#Zu^|u(386)fN=&W9P8Y*Y4rI2Hy0P&C*A_;VuaQf3u0Q~TowC4xC z5J7?|kNgg0rI*S>B?+M3S!bEY&NAk)A>27Yq1KpCYmvoNYrz