Skip to content

Commit

Permalink
remove unused certFile param to verifyCertBundle
Browse files Browse the repository at this point in the history
Signed-off-by: Dmitry S <[email protected]>
  • Loading branch information
dmitris committed Jul 1, 2024
1 parent c437f56 commit ec1abdf
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
2 changes: 1 addition & 1 deletion cmd/cosign/cli/verify/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -295,7 +295,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
return err
}
default:
return errors.New("internal error in handling CertChain and RootCerts - default case should never happen")
return errors.New("no certificate chain provided to verify certificate")
}

if c.SCTRef != "" {
Expand Down
10 changes: 5 additions & 5 deletions test/e2e_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -151,7 +151,7 @@ func TestSignVerifyCertBundle(t *testing.T) {

ctx := context.Background()
// Verify should fail at first
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, nil, "", true), t)
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, nil, "", true), t)
// So should download
mustErr(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)

Expand All @@ -170,13 +170,13 @@ func TestSignVerifyCertBundle(t *testing.T) {

// Now verify and download should work!
ignoreTlog := true
must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, nil, "", ignoreTlog), t)
must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, nil, "", ignoreTlog), t)
// verification with certificate chain instead of root/intermediate files should work as well
must(verifyCertChain(pubKeyPath, certChainFile, certFile, imgName, true, nil, "", ignoreTlog), t)
must(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)

// Look for a specific annotation
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)

so.AnnotationOptions = options.AnnotationOptions{
Annotations: []string{"foo=bar"},
Expand All @@ -185,10 +185,10 @@ func TestSignVerifyCertBundle(t *testing.T) {
must(sign.SignCmd(ro, ko, so, []string{imgName}), t)

// It should match this time.
must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)

// But two doesn't work
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar", "baz": "bat"}, "", ignoreTlog), t)
mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar", "baz": "bat"}, "", ignoreTlog), t)
}

func TestSignVerifyClean(t *testing.T) {
Expand Down
4 changes: 2 additions & 2 deletions test/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ var verifyCertChain = func(keyRef, certChain, certFile, imageRef string, checkCl
return cmd.Exec(context.Background(), args)
}

var verifyCertBundle = func(keyRef, caCertFile, caIntermediates, certFile, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string, skipTlogVerify bool) error {
var verifyCertBundle = func(keyRef, caCertFile, caIntermediateCertFile, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string, skipTlogVerify bool) error {
cmd := cliverify.VerifyCommand{
KeyRef: keyRef,
RekorURL: rekorURL,
Expand All @@ -119,7 +119,7 @@ var verifyCertBundle = func(keyRef, caCertFile, caIntermediates, certFile, image
MaxWorkers: 10,
IgnoreTlog: skipTlogVerify,
CertVerifyOptions: options.CertVerifyOptions{
CAIntermediates: caIntermediates,
CAIntermediates: caIntermediateCertFile,
CARoots: caCertFile,
CertOidcIssuerRegexp: ".*",
CertIdentityRegexp: ".*",
Expand Down

0 comments on commit ec1abdf

Please sign in to comment.