-
Notifications
You must be signed in to change notification settings - Fork 383
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
policy.json BYOPKI signature verification API
Signed-off-by: Qi Wang <qiwan@redhat.com>
- Loading branch information
Showing
14 changed files
with
925 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","digest":"sha256:84e2abbb0b1347753fa15b585fb2181509ee296e29eed9f4bd3fd7778d027a98","size":348},"layers":[],"annotations":{"org.opencontainers.image.base.digest":"","org.opencontainers.image.base.name":""}} |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIF6zCCA9OgAwIBAgIUFusSFQRPRaYANqcrYEQPijohZ6kwDQYJKoZIhvcNAQEL | ||
BQAwdjELMAkGA1UEBhMCRVMxETAPBgNVBAcMCFZhbGVuY2lhMQswCQYDVQQKDAJJ | ||
VDERMA8GA1UECwwIU2VjdXJpdHkxNDAyBgNVBAMMK0xpbnV4ZXJhIEludGVybWVk | ||
aWF0ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwIBcNMjQxMDAxMTQyODQzWhgPMjA1 | ||
MjAyMTYxNDI4NDNaMGQxCzAJBgNVBAYTAkVTMREwDwYDVQQHDAhWYWxlbmNpYTEL | ||
MAkGA1UECgwCSVQxETAPBgNVBAsMCFNlY3VyaXR5MSIwIAYDVQQDDBlUZWFtIEEg | ||
Q29zaWduIENlcnRpZmljYXRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKC | ||
AgEAtM1skVKUxLP1wibzVoqnC+oxzR8LbuPaV4dxYX4uelpO6NAw6seRkJynchmh | ||
K7KAKO92Y5XrxbeE7ntNbIQeiwGASEJ4tnnHH7uqYje/spzY/wbFIGs2SJIo96Dz | ||
mpZAlXEe+TZlJDjrE9HoBR9hSGNsybNOWL1Z7ZU4wRB2UvT9WS7RDsznjgtwPTWV | ||
S87/BLUcN9srHlHQF5wOtgxPUnlgsQYVLr9lMOTAQMQzoB8G6AejhehI18IgH5Us | ||
yO0NwWN+fRTl1QqEyBQG0NCk+SziCYE6NByYUpjX7DcGLSeL/TFU68dTRrYZuYgg | ||
mr2/XMshl7E68D3kQwLQfgnBRxfQlFFBAbSmOOb70TfcxNmV+t0834uiqAdanO/m | ||
zDNqSeXbZ/LcC9L293IiLfJOIqN+aNyBwa+n5SO0QAWjM+yGmaXN5djeoBQiJMf8 | ||
KxX/S99ht/l5iRoH36+h82VdK4cBDJQ4OJ9Lckzo+qW1P0JxzGQoLjDrsBwOk1My | ||
wmWA8JUQeplLFaLjhcM9cMQBLPtWORStUSoaV4r9qxfvpZ/mVAn4QOV0X3jQK9rl | ||
F5IE7eim3nGjPpnVZQXaGSs7OLcjvVlDcn4zuQd0AVkW6tCGHf3mOwhIAvx0cTKu | ||
O3O1QnHYzOwvpBLpeHn5NYpWsHJtMu4bUU+f47h2RIQqVP0CAwEAAaOBgDB+MB0G | ||
A1UdDgQWBBS/vuVC7xW+tDGYQpsYSM8al4k3vjALBgNVHQ8EBAMCB4AwLwYDVR0R | ||
BCgwJoEQcWl3YW5AcmVkaGF0LmNvbYISbXlob3N0LmV4YW1wbGUuY29tMB8GA1Ud | ||
IwQYMBaAFB1Me+ssjQ8c9g/bmP1Puj9RMKdnMA0GCSqGSIb3DQEBCwUAA4ICAQB5 | ||
ZOZfCxHbZt6dvz4+G5ClZYmv97ZgHWkyO5B8KbX3EeKaTQtGOoOIZuEgdK8BgUFo | ||
MiSBSHXiogASC+6Pb8Us50ekuWHF95x1x+MtnZpxn/cKOr+ijQ7YfPG14Q5tM0Cc | ||
51/uEX0x7p73XFGZasur5DEsVIvDUhmxN1Jn+8I4mCZ4/+Ik5AtaMCpPmVo5PMTq | ||
rJbkdqzBUC8YrkPt7tSZ1ra0AfELVZEowsPTZJCi6eFOhg8qN205WW95cgZH7V6F | ||
59+r7IINE/ybff4W2lKn3vq6cTRI6NOQ5A4WdPegxyjSe3pW1WezU83OIL0e+P6j | ||
srbA1+FUg9+OTfFr7Im2Sdb/xRjglwvk2XzMT8LJT/RBsmNbae2hU54JwmzwfBQs | ||
S4ndpYBht3V/6fjhXxQC3GFO9qScSB4A3Pb+g8tFkcstL0RBaybizMMX2xmW0xZQ | ||
CCoGyC7QlaZ9qXz06Q0F8iqK2fxrgncVodga3fkLs0vqKYoKJvUmP5NdrPX8pqHi | ||
HU4b5fjI7IWeRH6LL/9UKp6Ba1jwxlPk3vfEIjTFjHkSLEB41D07rEVPoXIofiln | ||
LdLEkva6URhyr9xfDrAALkynsSCRevDvPvN/JVHKjab3T01tuYXnesh/qE0/4z4V | ||
KkRmnvWp1U3MUjQVDhZ5R7cD+yCZxBGun5fCyy3HGg== | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,67 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIF1zCCA7+gAwIBAgIUWaGMXpgHpAaZjDIw807QKIZigWcwDQYJKoZIhvcNAQEL | ||
BQAwbjELMAkGA1UEBhMCRVMxETAPBgNVBAcMCFZhbGVuY2lhMQswCQYDVQQKDAJJ | ||
VDERMA8GA1UECwwIU2VjdXJpdHkxLDAqBgNVBAMMI0xpbnV4ZXJhIFJvb3QgQ2Vy | ||
dGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI0MTAwMTE0Mjg0MVoYDzIwNTIwMjE2MTQy | ||
ODQxWjB2MQswCQYDVQQGEwJFUzERMA8GA1UEBwwIVmFsZW5jaWExCzAJBgNVBAoM | ||
AklUMREwDwYDVQQLDAhTZWN1cml0eTE0MDIGA1UEAwwrTGludXhlcmEgSW50ZXJt | ||
ZWRpYXRlIENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD | ||
ggIPADCCAgoCggIBAMCtiALzYoD6dW9kbquYudWOBHToKbFDir1FbuZn3R0KVn/z | ||
5w8W8j1hwEOpd9Lrk10LRxXlITbWwkLvJmfMNCIMJUV8ua0j2P8XZXwYsI2cD+T+ | ||
Sa4qouBQshRYilnehh2U8/HFLKtu3xUsMPMrWABI2i/vXZbqAqT3PzzYVYT+B8Yx | ||
4segCpXUnsJnencneOX6pc8euPkDvVw9RTH8B5ygyhSBMzfhzX9XZTOgiOj+R157 | ||
7ESr+axhojP3ztkMmvNnDyCK2+LibaK8SCZNNvmiqzxLdSV91zy1fYT6WlR+mxJ4 | ||
2BjgI6/npS+k+iIQFdmvexhf5hcolhqbq/wtEr1HL3RFval3zDH1OgXLgAWmuOs0 | ||
odvKnnJkSba1fcwdNQNsDWYkM0zuP14e4WAH3ySO5lrgakH/eTYef1vVZHw1+oZ9 | ||
0DvgpbeV91HJ8PnYArE8VhkaV5MmZzjPzxvERJFrB12tJkdzfEylZRrtJfPBDRn0 | ||
exDiNMn9WoMG0MeknYz7ywM10vZJbilI50hYmPreuWfiBWE1yksT7SzK0tHmBaWz | ||
xc5RnI+q/9L3bklwuhUIMraDwAK7h+gHpOIdvc3yHKh7gvxBeLranSbP7afWtpta | ||
VxLdKsyGcTGpKaf0hulF93WKcruI4gvAG5kfx+Awy6Nr8jDF1Yslgnyjo4AxAgMB | ||
AAGjYzBhMB0GA1UdDgQWBBQdTHvrLI0PHPYP25j9T7o/UTCnZzALBgNVHQ8EBAMC | ||
AgQwEgYDVR0TAQH/BAgwBgEB/wIBAjAfBgNVHSMEGDAWgBRaVw0/crBartJIf4lr | ||
PauMjeO3DzANBgkqhkiG9w0BAQsFAAOCAgEAbZ2Iq6SJlZmJKalhzfaYYFWa88Pe | ||
eu/UhRYdCcJtaGMX4HKIcg29E27mnxbj7iPHrsMqtr51CiR4sl2QEPJ/BVvlRYth | ||
jceGSTI78TTgCD7i0yXRWZAZdCL81oearmfGSz4MkPpCPjE7VGdmKSjU1H572Ta3 | ||
1RoM2l8SMTg5kM5f9W/gG4jfXzwddlOpWbWCHty3plZeqZUahyImSYkXQnqXONxa | ||
9w5SZ95wnH4/IwRp2NpvKtvnxTK3xO9nqJOJb4ML/pzwD8SUDTz2aG89GoAvO4wj | ||
DxjgcYVsdL37WUife0SbdWM8XOmrK9X9hv+NuWnTYODKGdV/FiBl5yAG2ENrfZoE | ||
tSoehqB9gIVsgF8MZPi9xTqOM02qKSryes/4gHy7uZYg1/QDqdyAc6/l88AAiswe | ||
hEII9CFatcFdNL2F3WdGUnLo7sdB6FibOX23G2pvvgJEE0jRPYWGothlu5blFlT0 | ||
0acJf9tLFEw5uw6Du53qHPVNqyJ1hSz3eKbUaPtZXda6xFR2n/WtjN/ASsAjMiWD | ||
YA+pciDIcUY+8q9u1eh/vtdRxnrdAwZl/yVIizXBKX6FOul7CpZ6sKUlQTm3tsRn | ||
aOtswTsKfoapyth9kFIDeRlr7IT2Pv6W1LeuLL28hl50f+DbFeh4Vbk1QRBWjx2j | ||
a+uS+G24eP8F/EA= | ||
-----END CERTIFICATE----- | ||
-----BEGIN CERTIFICATE----- | ||
MIIFvzCCA6egAwIBAgIUXWPK4lTYSzVmuy0Y7qwX8KnjLyQwDQYJKoZIhvcNAQEL | ||
BQAwbjELMAkGA1UEBhMCRVMxETAPBgNVBAcMCFZhbGVuY2lhMQswCQYDVQQKDAJJ | ||
VDERMA8GA1UECwwIU2VjdXJpdHkxLDAqBgNVBAMMI0xpbnV4ZXJhIFJvb3QgQ2Vy | ||
dGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI0MTAwMTE0Mjg0MFoYDzIwNTIwMjE2MTQy | ||
ODQwWjBuMQswCQYDVQQGEwJFUzERMA8GA1UEBwwIVmFsZW5jaWExCzAJBgNVBAoM | ||
AklUMREwDwYDVQQLDAhTZWN1cml0eTEsMCoGA1UEAwwjTGludXhlcmEgUm9vdCBD | ||
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK | ||
AoICAQCn0zNxEO67Fyn78wOMDImkj/7Egll0y0ugUJiaWYos9fScmkeBK/03I44n | ||
4WE3kEHg+qqSXFhw6arDuhKW0Xs9f32BfVkLNLg4HY9B8PV/gYk7effhk8rvHW5v | ||
Z+ZmOCFHrVvCPM3vgVteVjOd44Y3qUQQ5CDv0b9AosSkgjVwCAoigEcZgx5fxB7r | ||
ECTdmHQVRs75yyRWLGMtCpGogvHm7LYyfrphf5nxjLm2pKaqNR7guCr98mtgdgwr | ||
9ZiAPna095Jh1Awoh4a+cyCGV7HCZtbg093M/Iq3ffeaMQENu2rIEdTu6Pn4/a4T | ||
LfnIJHtAv5wwrWHNb7LVDm9oXTTEDgdKRDICcexvetM5PrZKTUgj4Coy/6eVWFdU | ||
1Bezpg7j+mJeU/um/bYpzXGOs0RrdWtOSQPsmM3RHVP12ehNGCqAAVFkUHMHTpNE | ||
eoN+EYqSWfvDt7JRxNXhV4Uc6rHoLyw2fEG0CQjdTn7OukgCRJabIecF7DT9Jv17 | ||
PTx8CPj97TrY8EAivCAfEhJkbH5fUVkAnuOKz8KMXpbvZ8Ttomp4OI1rOR9Rbhnu | ||
nEcm2Xd0MiNBkkn56S+D2otsnW6qFWmboPE+cjGYW5ksg6vMunjTJ4wsYMUhxnM7 | ||
K4dbDgAGU9Cjqn03tRBTTwfQR6gza/l1BBNqlr5wIudNxCCDYQIDAQABo1MwUTAd | ||
BgNVHQ4EFgQUWlcNP3KwWq7SSH+Jaz2rjI3jtw8wHwYDVR0jBBgwFoAUWlcNP3Kw | ||
Wq7SSH+Jaz2rjI3jtw8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC | ||
AgEApzYd62cxGhYwC6B1o2/sxldvk3O6G6HeBDX9RAYShcdNW5MDHI8+I9kU2hjw | ||
2EHORfZ2U5yOfL7Nyj3qjiOjCKwoQYZvB58ot18tazGVvQxIIuIcclTRrDT1zHTr | ||
NfjQednpE0gq4q34ltWFgi4qUX77i5pMtVk9kSYngHthmvI+oICuZswqCCRK7cL1 | ||
bKISWvimFVTKRTjpGuO1uUfrwUz5Vx1vtRIIUDFMldaC5q/UDHi4rwoM68ILnnTq | ||
tmbQPzj80u5f6SIQ4wquBXGUO513iSW6jzP0h6hnBpJbYoXm0JrtDL7/puVGPXEc | ||
Tp4YgmPRhzl0w1vpBe+Lf2DxhL8lBrriEo+VrYxS366hKZob2f7FJLnoVYElrd0H | ||
i9kifgvqdY3DJJsScAcFjSA/J4AYQJvriljKBgjDoe1Qh4AJXDNjD2ZiLb1TOKim | ||
xyK8FKVs8Ww3aCteB5W0XDSQCsOvQWBF7dQR7gGYaAkp+nYGMGOTEaoDS4B2E2Qp | ||
iw/AQ/X7Z5SO81llKgKJw2+7lpAMLs+WgG+AV0KpF5vA7vK5W3bosMxDvcpBHRT2 | ||
3flk1yebUUxDZ/6wEN6XZ8Ve0GfXFpg19eY8Fv2HRGIlNGkqrsAUAdzv2JBLfRYS | ||
aj4kcwBrVtJ1h3Q7VPuigeiDR/9TZUv3QEphm4GgaTM+BK0= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIF1zCCA7+gAwIBAgIUWaGMXpgHpAaZjDIw807QKIZigWcwDQYJKoZIhvcNAQEL | ||
BQAwbjELMAkGA1UEBhMCRVMxETAPBgNVBAcMCFZhbGVuY2lhMQswCQYDVQQKDAJJ | ||
VDERMA8GA1UECwwIU2VjdXJpdHkxLDAqBgNVBAMMI0xpbnV4ZXJhIFJvb3QgQ2Vy | ||
dGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI0MTAwMTE0Mjg0MVoYDzIwNTIwMjE2MTQy | ||
ODQxWjB2MQswCQYDVQQGEwJFUzERMA8GA1UEBwwIVmFsZW5jaWExCzAJBgNVBAoM | ||
AklUMREwDwYDVQQLDAhTZWN1cml0eTE0MDIGA1UEAwwrTGludXhlcmEgSW50ZXJt | ||
ZWRpYXRlIENlcnRpZmljYXRlIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD | ||
ggIPADCCAgoCggIBAMCtiALzYoD6dW9kbquYudWOBHToKbFDir1FbuZn3R0KVn/z | ||
5w8W8j1hwEOpd9Lrk10LRxXlITbWwkLvJmfMNCIMJUV8ua0j2P8XZXwYsI2cD+T+ | ||
Sa4qouBQshRYilnehh2U8/HFLKtu3xUsMPMrWABI2i/vXZbqAqT3PzzYVYT+B8Yx | ||
4segCpXUnsJnencneOX6pc8euPkDvVw9RTH8B5ygyhSBMzfhzX9XZTOgiOj+R157 | ||
7ESr+axhojP3ztkMmvNnDyCK2+LibaK8SCZNNvmiqzxLdSV91zy1fYT6WlR+mxJ4 | ||
2BjgI6/npS+k+iIQFdmvexhf5hcolhqbq/wtEr1HL3RFval3zDH1OgXLgAWmuOs0 | ||
odvKnnJkSba1fcwdNQNsDWYkM0zuP14e4WAH3ySO5lrgakH/eTYef1vVZHw1+oZ9 | ||
0DvgpbeV91HJ8PnYArE8VhkaV5MmZzjPzxvERJFrB12tJkdzfEylZRrtJfPBDRn0 | ||
exDiNMn9WoMG0MeknYz7ywM10vZJbilI50hYmPreuWfiBWE1yksT7SzK0tHmBaWz | ||
xc5RnI+q/9L3bklwuhUIMraDwAK7h+gHpOIdvc3yHKh7gvxBeLranSbP7afWtpta | ||
VxLdKsyGcTGpKaf0hulF93WKcruI4gvAG5kfx+Awy6Nr8jDF1Yslgnyjo4AxAgMB | ||
AAGjYzBhMB0GA1UdDgQWBBQdTHvrLI0PHPYP25j9T7o/UTCnZzALBgNVHQ8EBAMC | ||
AgQwEgYDVR0TAQH/BAgwBgEB/wIBAjAfBgNVHSMEGDAWgBRaVw0/crBartJIf4lr | ||
PauMjeO3DzANBgkqhkiG9w0BAQsFAAOCAgEAbZ2Iq6SJlZmJKalhzfaYYFWa88Pe | ||
eu/UhRYdCcJtaGMX4HKIcg29E27mnxbj7iPHrsMqtr51CiR4sl2QEPJ/BVvlRYth | ||
jceGSTI78TTgCD7i0yXRWZAZdCL81oearmfGSz4MkPpCPjE7VGdmKSjU1H572Ta3 | ||
1RoM2l8SMTg5kM5f9W/gG4jfXzwddlOpWbWCHty3plZeqZUahyImSYkXQnqXONxa | ||
9w5SZ95wnH4/IwRp2NpvKtvnxTK3xO9nqJOJb4ML/pzwD8SUDTz2aG89GoAvO4wj | ||
DxjgcYVsdL37WUife0SbdWM8XOmrK9X9hv+NuWnTYODKGdV/FiBl5yAG2ENrfZoE | ||
tSoehqB9gIVsgF8MZPi9xTqOM02qKSryes/4gHy7uZYg1/QDqdyAc6/l88AAiswe | ||
hEII9CFatcFdNL2F3WdGUnLo7sdB6FibOX23G2pvvgJEE0jRPYWGothlu5blFlT0 | ||
0acJf9tLFEw5uw6Du53qHPVNqyJ1hSz3eKbUaPtZXda6xFR2n/WtjN/ASsAjMiWD | ||
YA+pciDIcUY+8q9u1eh/vtdRxnrdAwZl/yVIizXBKX6FOul7CpZ6sKUlQTm3tsRn | ||
aOtswTsKfoapyth9kFIDeRlr7IT2Pv6W1LeuLL28hl50f+DbFeh4Vbk1QRBWjx2j | ||
a+uS+G24eP8F/EA= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
-----BEGIN CERTIFICATE----- | ||
MIIFvzCCA6egAwIBAgIUXWPK4lTYSzVmuy0Y7qwX8KnjLyQwDQYJKoZIhvcNAQEL | ||
BQAwbjELMAkGA1UEBhMCRVMxETAPBgNVBAcMCFZhbGVuY2lhMQswCQYDVQQKDAJJ | ||
VDERMA8GA1UECwwIU2VjdXJpdHkxLDAqBgNVBAMMI0xpbnV4ZXJhIFJvb3QgQ2Vy | ||
dGlmaWNhdGUgQXV0aG9yaXR5MCAXDTI0MTAwMTE0Mjg0MFoYDzIwNTIwMjE2MTQy | ||
ODQwWjBuMQswCQYDVQQGEwJFUzERMA8GA1UEBwwIVmFsZW5jaWExCzAJBgNVBAoM | ||
AklUMREwDwYDVQQLDAhTZWN1cml0eTEsMCoGA1UEAwwjTGludXhlcmEgUm9vdCBD | ||
ZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIK | ||
AoICAQCn0zNxEO67Fyn78wOMDImkj/7Egll0y0ugUJiaWYos9fScmkeBK/03I44n | ||
4WE3kEHg+qqSXFhw6arDuhKW0Xs9f32BfVkLNLg4HY9B8PV/gYk7effhk8rvHW5v | ||
Z+ZmOCFHrVvCPM3vgVteVjOd44Y3qUQQ5CDv0b9AosSkgjVwCAoigEcZgx5fxB7r | ||
ECTdmHQVRs75yyRWLGMtCpGogvHm7LYyfrphf5nxjLm2pKaqNR7guCr98mtgdgwr | ||
9ZiAPna095Jh1Awoh4a+cyCGV7HCZtbg093M/Iq3ffeaMQENu2rIEdTu6Pn4/a4T | ||
LfnIJHtAv5wwrWHNb7LVDm9oXTTEDgdKRDICcexvetM5PrZKTUgj4Coy/6eVWFdU | ||
1Bezpg7j+mJeU/um/bYpzXGOs0RrdWtOSQPsmM3RHVP12ehNGCqAAVFkUHMHTpNE | ||
eoN+EYqSWfvDt7JRxNXhV4Uc6rHoLyw2fEG0CQjdTn7OukgCRJabIecF7DT9Jv17 | ||
PTx8CPj97TrY8EAivCAfEhJkbH5fUVkAnuOKz8KMXpbvZ8Ttomp4OI1rOR9Rbhnu | ||
nEcm2Xd0MiNBkkn56S+D2otsnW6qFWmboPE+cjGYW5ksg6vMunjTJ4wsYMUhxnM7 | ||
K4dbDgAGU9Cjqn03tRBTTwfQR6gza/l1BBNqlr5wIudNxCCDYQIDAQABo1MwUTAd | ||
BgNVHQ4EFgQUWlcNP3KwWq7SSH+Jaz2rjI3jtw8wHwYDVR0jBBgwFoAUWlcNP3Kw | ||
Wq7SSH+Jaz2rjI3jtw8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOC | ||
AgEApzYd62cxGhYwC6B1o2/sxldvk3O6G6HeBDX9RAYShcdNW5MDHI8+I9kU2hjw | ||
2EHORfZ2U5yOfL7Nyj3qjiOjCKwoQYZvB58ot18tazGVvQxIIuIcclTRrDT1zHTr | ||
NfjQednpE0gq4q34ltWFgi4qUX77i5pMtVk9kSYngHthmvI+oICuZswqCCRK7cL1 | ||
bKISWvimFVTKRTjpGuO1uUfrwUz5Vx1vtRIIUDFMldaC5q/UDHi4rwoM68ILnnTq | ||
tmbQPzj80u5f6SIQ4wquBXGUO513iSW6jzP0h6hnBpJbYoXm0JrtDL7/puVGPXEc | ||
Tp4YgmPRhzl0w1vpBe+Lf2DxhL8lBrriEo+VrYxS366hKZob2f7FJLnoVYElrd0H | ||
i9kifgvqdY3DJJsScAcFjSA/J4AYQJvriljKBgjDoe1Qh4AJXDNjD2ZiLb1TOKim | ||
xyK8FKVs8Ww3aCteB5W0XDSQCsOvQWBF7dQR7gGYaAkp+nYGMGOTEaoDS4B2E2Qp | ||
iw/AQ/X7Z5SO81llKgKJw2+7lpAMLs+WgG+AV0KpF5vA7vK5W3bosMxDvcpBHRT2 | ||
3flk1yebUUxDZ/6wEN6XZ8Ve0GfXFpg19eY8Fv2HRGIlNGkqrsAUAdzv2JBLfRYS | ||
aj4kcwBrVtJ1h3Q7VPuigeiDR/9TZUv3QEphm4GgaTM+BK0= | ||
-----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
package signature | ||
|
||
import ( | ||
"crypto" | ||
"crypto/x509" | ||
"errors" | ||
"fmt" | ||
"slices" | ||
|
||
"github.com/containers/image/v5/signature/internal" | ||
"github.com/sigstore/sigstore/pkg/cryptoutils" | ||
) | ||
|
||
type pkiTrustRoot struct { | ||
caRootsCertificates *x509.CertPool | ||
caIntermediatesCertificates *x509.CertPool | ||
subjectEmail string | ||
subjectHostname string | ||
} | ||
|
||
func (p *pkiTrustRoot) validate() error { | ||
if p.subjectEmail == "" && p.subjectHostname == "" { | ||
return errors.New("Internal inconsistency: PKI use set up without subject email or subject hostname") | ||
} | ||
return nil | ||
} | ||
|
||
func verifyPKI(pkiTrustRoot *pkiTrustRoot, untrustedCertificateBytes []byte, untrustedIntermediateChainBytes []byte) (crypto.PublicKey, error) { | ||
|
||
untrustedLeafCerts, err := cryptoutils.UnmarshalCertificatesFromPEM(untrustedCertificateBytes) | ||
if err != nil { | ||
return nil, internal.NewInvalidSignatureError(fmt.Sprintf("parsing leaf certificate: %v", err)) | ||
} | ||
switch len(untrustedLeafCerts) { | ||
case 0: | ||
return nil, internal.NewInvalidSignatureError("no certificate found in signature certificate data") | ||
case 1: | ||
break // OK | ||
default: | ||
return nil, internal.NewInvalidSignatureError("unexpected multiple certificates present in signature certificate data") | ||
} | ||
untrustedCertificate := untrustedLeafCerts[0] | ||
|
||
if pkiTrustRoot.subjectEmail != "" { | ||
if !slices.Contains(untrustedCertificate.EmailAddresses, pkiTrustRoot.subjectEmail) { | ||
return nil, internal.NewInvalidSignatureError(fmt.Sprintf("Required email %q not found (got %q)", | ||
pkiTrustRoot.subjectEmail, | ||
untrustedCertificate.EmailAddresses)) | ||
} | ||
} | ||
|
||
if pkiTrustRoot.subjectHostname != "" { | ||
if err = untrustedCertificate.VerifyHostname(pkiTrustRoot.subjectHostname); err != nil { | ||
return nil, internal.NewInvalidSignatureError(fmt.Sprintf("Unexpected subject hostname: %v", err)) | ||
} | ||
} | ||
|
||
// FIXME: move this to per-context initialization | ||
untrustedIntermediatePool := x509.NewCertPool() | ||
if pkiTrustRoot.caIntermediatesCertificates != nil { | ||
untrustedIntermediatePool = pkiTrustRoot.caIntermediatesCertificates | ||
} | ||
if len(untrustedIntermediateChainBytes) > 0 { | ||
untrustedIntermediateChain, err := cryptoutils.UnmarshalCertificatesFromPEM(untrustedIntermediateChainBytes) | ||
if err != nil { | ||
return nil, internal.NewInvalidSignatureError(fmt.Sprintf("loading certificate chain: %v", err)) | ||
} | ||
if len(untrustedIntermediateChain) > 1 { | ||
for _, untrustedIntermediateCert := range untrustedIntermediateChain { | ||
untrustedIntermediatePool.AddCert(untrustedIntermediateCert) | ||
} | ||
} | ||
} | ||
|
||
if _, err := untrustedCertificate.Verify(x509.VerifyOptions{ | ||
Intermediates: untrustedIntermediatePool, | ||
Roots: pkiTrustRoot.caRootsCertificates, | ||
KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}, | ||
}); err != nil { | ||
return nil, internal.NewInvalidSignatureError(fmt.Sprintf("veryfing leaf certificate failed: %v", err)) | ||
} | ||
|
||
return untrustedCertificate.PublicKey, nil | ||
} |
Oops, something went wrong.