diff --git a/README.md b/README.md index bc3b2a7..c082db7 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,8 @@ $ go run . --help expected source repository that should have produced the binary, e.g. github.com/some/repo -tag string [optional] expected tag the binary was compiled from + -versioned-tag string + [optional] expected version the binary was compiled from. Uses semantic version to match the tag ``` ### Example diff --git a/main.go b/main.go index 9bd8d2d..76e6651 100644 --- a/main.go +++ b/main.go @@ -37,7 +37,7 @@ var ( var defaultRekorAddr = "https://rekor.sigstore.dev" func verify(ctx context.Context, - provenancePath, artifactHash, source, branch string, + provenance []byte, artifactHash, source, branch string, tag, versiontag *string, ) error { rClient, err := rekor.NewClient(defaultRekorAddr) @@ -51,11 +51,6 @@ func verify(ctx context.Context, return err } - provenance, err := os.ReadFile(provenancePath) - if err != nil { - return fmt.Errorf("os.ReadFile: %w", err) - } - env, err := pkg.EnvelopeFromBytes(provenance) if err != nil { return err @@ -117,7 +112,7 @@ func main() { flag.StringVar(&source, "source", "", "expected source repository that should have produced the binary, e.g. github.com/some/repo") flag.StringVar(&branch, "branch", "main", "expected branch the binary was compiled from") flag.StringVar(&tag, "tag", "", "[optional] expected tag the binary was compiled from") - // flag.StringVar(&versiontag, "versioned-tag", "", "[optional] expected version the binary was compiled from. Uses semantic version to match the tag") + flag.StringVar(&versiontag, "versioned-tag", "", "[optional] expected version the binary was compiled from. Uses semantic version to match the tag") flag.Parse() if provenancePath == "" || binaryPath == "" || source == "" { @@ -139,21 +134,7 @@ func main() { os.Exit(1) } - f, err := os.Open(binaryPath) - if err != nil { - log.Fatal(err) - } - defer f.Close() - - h := sha256.New() - if _, err := io.Copy(h, f); err != nil { - log.Fatal(err) - } - - ctx := context.Background() - if err := verify(ctx, provenancePath, - hex.EncodeToString(h.Sum(nil)), - source, branch, + if err := runVerify(binaryPath, provenancePath, source, branch, ptag, pversiontag); err != nil { log.Fatal(err) } @@ -170,3 +151,29 @@ func isFlagPassed(name string) bool { }) return found } + +func runVerify(binaryPath, provenancePath, source, branch string, + ptag, pversiontag *string, +) error { + f, err := os.Open(binaryPath) + if err != nil { + log.Fatal(err) + } + defer f.Close() + + provenance, err := os.ReadFile(provenancePath) + if err != nil { + return err + } + + h := sha256.New() + if _, err := io.Copy(h, f); err != nil { + log.Fatal(err) + } + + ctx := context.Background() + return verify(ctx, provenance, + hex.EncodeToString(h.Sum(nil)), + source, branch, + ptag, pversiontag) +} diff --git a/main_test.go b/main_test.go new file mode 100644 index 0000000..bf64c8c --- /dev/null +++ b/main_test.go @@ -0,0 +1,311 @@ +package main + +import ( + "errors" + "fmt" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + pkg "github.com/slsa-framework/slsa-verifier/pkg" +) + +func errCmp(e1, e2 error) bool { + return errors.Is(e1, e2) || errors.Is(e2, e1) +} + +func pString(s string) *string { + return &s +} + +func Test_runVerify(t *testing.T) { + t.Parallel() + tests := []struct { + name string + artifact string + source string + branch string + ptag *string + pversiontag *string + err error + }{ + { + name: "valid main branch default", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-test", + }, + { + name: "valid main branch set", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-test", + branch: "main", + }, + { + name: "wrong branch master", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-test", + branch: "master", + err: pkg.ErrorMismatchBranch, + }, + { + name: "wrong source append A", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-testA", + err: pkg.ErrorMismatchRepository, + }, + { + name: "wrong source prepend A", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "Agithub.com/laurentsimon/slsa-on-github-test", + err: pkg.ErrorMismatchRepository, + }, + { + name: "wrong source middle A", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/Alaurentsimon/slsa-on-github-test", + err: pkg.ErrorMismatchRepository, + }, + { + name: "tag no match empty tag workflow_dispatch", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-test", + ptag: pString("v1.2.3"), + err: pkg.ErrorMismatchTag, + }, + { + name: "versioned tag no match empty tag workflow_dispatch", + artifact: "./testdata/binary-linux-amd64-workflow_dispatch", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1"), + err: pkg.ErrorInvalidSemver, + }, + { + name: "tag v1.2.3 no match v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + ptag: pString("v1.2.3"), + err: pkg.ErrorMismatchTag, + }, + { + name: "tag v1.2 no match v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + ptag: pString("v1.2"), + err: pkg.ErrorMismatchTag, + }, + { + name: "tag v1 no match v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + ptag: pString("v1"), + err: pkg.ErrorMismatchTag, + }, + // Provenance contains tag = v1.2.4. + { + name: "versioned v1.2.4 match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.2.4"), + }, + { + name: "versioned v1.2 match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.2"), + }, + { + name: "versioned v1 match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1"), + }, + { + name: "versioned v2 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v0 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v0"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1.3 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1.1 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1.2.3 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.2.3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1.2.5 no match push-v1.2.4", + artifact: "./testdata/binary-linux-amd64-push-v1.2.4", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.2.5"), + err: pkg.ErrorMismatchVersionedTag, + }, + // Provenance contains tag = v2. + { + name: "versioned v2 match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2"), + }, + { + name: "versioned v2.0 match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.0"), + }, + { + name: "versioned v2.1 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v3 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1.2 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1.2"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v3 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v0 no match push-v2", + artifact: "./testdata/binary-linux-amd64-push-v2", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v0"), + err: pkg.ErrorMismatchVersionedTag, + }, + // Provenance contains tag = v2.5. + { + name: "versioned v2.5 match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.5"), + }, + { + name: "versioned v2.5.1 match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.5.1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v2.5.3 match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.5.3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v2 match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2"), + }, + { + name: "versioned v2.4 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.4"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v2.4.1 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.4.1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v2.4.5 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v2.4.5"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v1 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v1"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v3 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v3"), + err: pkg.ErrorMismatchVersionedTag, + }, + { + name: "versioned v3.1 no match push-v2.5", + artifact: "./testdata/binary-linux-amd64-push-v2.5", + source: "github.com/laurentsimon/slsa-on-github-test", + pversiontag: pString("v3.1"), + err: pkg.ErrorMismatchVersionedTag, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + branch := tt.branch + if branch == "" { + branch = "main" + } + + err := runVerify(tt.artifact, + tt.artifact+".intoto.jsonl", + tt.source, branch, + tt.ptag, tt.pversiontag) + + fmt.Println("err:", err) + fmt.Println("tt.err:", tt.err) + if !errCmp(err, tt.err) { + t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors())) + } + }) + } +} diff --git a/pkg/provenance.go b/pkg/provenance.go index fdc4a34..60a9ddc 100644 --- a/pkg/provenance.go +++ b/pkg/provenance.go @@ -47,13 +47,14 @@ const ( ) var ( - errorInvalidDssePayload = errors.New("invalid DSSE envelope payload") + ErrorInvalidDssePayload = errors.New("invalid DSSE envelope payload") errorRekorSearch = errors.New("error searching rekor entries") errorMismatchHash = errors.New("binary artifact hash does not match provenance subject") - errorMismatchBranch = errors.New("branch used to generate the binary does not match provenance") - errorMismatchTag = errors.New("tag used to generate the binary does not match provenance") - errorMismatchVersionedTag = errors.New("tag used to generate the binary does not match provenance") - errorInvalidSemver = errors.New("invalid semantic version") + ErrorMismatchBranch = errors.New("branch used to generate the binary does not match provenance") + ErrorMismatchRepository = errors.New("repository used to generate the binary does not match provenance") + ErrorMismatchTag = errors.New("tag used to generate the binary does not match provenance") + ErrorMismatchVersionedTag = errors.New("tag used to generate the binary does not match provenance") + ErrorInvalidSemver = errors.New("invalid semantic version") errorInvalidVersion = errors.New("invalid version") ) @@ -67,19 +68,19 @@ func EnvelopeFromBytes(payload []byte) (env *dsselib.Envelope, err error) { func getSha256Digest(env *dsselib.Envelope) (string, error) { pyld, err := base64.StdEncoding.DecodeString(env.Payload) if err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "decoding payload") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "decoding payload") } prov := &intoto.ProvenanceStatement{} if err := json.Unmarshal([]byte(pyld), prov); err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "unmarshalling json") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "unmarshalling json") } if len(prov.Subject) == 0 { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "no subjects") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "no subjects") } digestSet := prov.Subject[0].Digest hash, exists := digestSet["sha256"] if !exists { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "no sha256 subject digest") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "no sha256 subject digest") } return hash, nil } @@ -387,7 +388,7 @@ func VerifyWorkflowIdentity(id *WorkflowIdentity, source string) error { // The caller repository in the x509 extension is not fully qualified. It only contains // {org}/{repository}. if !strings.EqualFold(id.CallerRepository, strings.TrimPrefix(source, "github.com/")) { - return fmt.Errorf("unexpected caller repository, got '%s'", id.CallerRepository) + return fmt.Errorf("%w: '%s'", ErrorMismatchRepository, id.CallerRepository) } return nil @@ -413,7 +414,7 @@ func VerifyBranch(env *dsselib.Envelope, expectedBranch string) error { } if !strings.EqualFold(branch, "refs/heads/"+expectedBranch) { - return fmt.Errorf("branch '%s': %w", branch, errorMismatchBranch) + return fmt.Errorf("branch '%s': %w", branch, ErrorMismatchBranch) } return nil @@ -426,7 +427,7 @@ func VerifyTag(env *dsselib.Envelope, expectedTag string) error { } if !strings.EqualFold(tag, "refs/tags/"+expectedTag) { - return fmt.Errorf("tag '%s': %w", tag, errorMismatchTag) + return fmt.Errorf("tag '%s': %w", tag, ErrorMismatchTag) } return nil @@ -434,7 +435,7 @@ func VerifyTag(env *dsselib.Envelope, expectedTag string) error { func VerifyVersionedTag(env *dsselib.Envelope, expectedTag string) error { if !semver.IsValid(expectedTag) { - return fmt.Errorf("%s: %w", expectedTag, errorInvalidSemver) + return fmt.Errorf("%s: %w", expectedTag, ErrorInvalidSemver) } tag, err := getTag(env) @@ -442,29 +443,72 @@ func VerifyVersionedTag(env *dsselib.Envelope, expectedTag string) error { return err } - semTag := strings.TrimPrefix(tag, "refs/tags/") + semTag := semver.Canonical(strings.TrimPrefix(tag, "refs/tags/")) if !semver.IsValid(semTag) { - return fmt.Errorf("%s: %w", expectedTag, errorInvalidSemver) + return fmt.Errorf("%s: %w", expectedTag, ErrorInvalidSemver) } - if semver.Compare(semTag, expectedTag) < 0 { - return errorMismatchVersionedTag + // Major should always be the same. + if semver.Major(semTag) != semver.Major(expectedTag) { + return fmt.Errorf("%w: major version", ErrorMismatchVersionedTag) + } + + expectedMinor, err := minorVersion(expectedTag) + if err == nil { + // A minor version was provided by the user. + minor, err := minorVersion(semTag) + if err != nil { + return err + } + + if minor != expectedMinor { + return ErrorMismatchVersionedTag + } + } + + expectedPatch, err := patchVersion(expectedTag) + if err == nil { + // A patch version was provided by the user. + patch, err := patchVersion(semTag) + if err != nil { + return err + } + + if patch != expectedPatch { + return ErrorMismatchVersionedTag + } } // Match. return nil } +func minorVersion(v string) (string, error) { + return extractFromVersion(v, 1) +} + +func patchVersion(v string) (string, error) { + return extractFromVersion(v, 2) +} + +func extractFromVersion(v string, i int) (string, error) { + parts := strings.Split(v, ".") + if len(parts) <= i { + return "", fmt.Errorf("%s: %w", v, ErrorInvalidSemver) + } + return parts[i], nil +} + func getAsInt(parameters map[string]interface{}, field string) (int, error) { value, ok := parameters[field] if !ok { - return -1, fmt.Errorf("%w: %s", errorInvalidDssePayload, + return -1, fmt.Errorf("%w: %s", ErrorInvalidDssePayload, fmt.Sprintf("parameters type for %s", field)) } i, ok := value.(float64) if !ok { - return -1, fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type float64") + return -1, fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type float64") } return int(i), nil } @@ -472,13 +516,13 @@ func getAsInt(parameters map[string]interface{}, field string) (int, error) { func getAsString(parameters map[string]interface{}, field string) (string, error) { value, ok := parameters[field] if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, fmt.Sprintf("parameters type for %s", field)) } i, ok := value.(string) if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type string") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type string") } return i, nil } @@ -508,12 +552,12 @@ func getBaseRef(parameters map[string]interface{}) (string, error) { eventPayload, ok := parameters["event_payload"] if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type event payload") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type event payload") } payload, ok := eventPayload.(map[string]interface{}) if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type payload") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type payload") } return getAsString(payload, "base_ref") @@ -523,17 +567,17 @@ func getBaseRef(parameters map[string]interface{}) (string, error) { func getTag(env *dsselib.Envelope) (string, error) { pyld, err := base64.StdEncoding.DecodeString(env.Payload) if err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "decoding payload") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "decoding payload") } var prov intoto.ProvenanceStatement if err := json.Unmarshal([]byte(pyld), &prov); err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "unmarshalling json") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "unmarshalling json") } parameters, ok := prov.Predicate.Invocation.Parameters.(map[string]interface{}) if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type") } // Validate version. @@ -552,7 +596,7 @@ func getTag(env *dsselib.Envelope) (string, error) { case "tag": return getAsString(parameters, "ref") default: - return "", fmt.Errorf("%w: %s %s", errorInvalidDssePayload, + return "", fmt.Errorf("%w: %s %s", ErrorInvalidDssePayload, "unknown ref type", refType) } } @@ -561,17 +605,17 @@ func getTag(env *dsselib.Envelope) (string, error) { func getBranch(env *dsselib.Envelope) (string, error) { pyld, err := base64.StdEncoding.DecodeString(env.Payload) if err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "decoding payload") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "decoding payload") } var prov intoto.ProvenanceStatement if err := json.Unmarshal([]byte(pyld), &prov); err != nil { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "unmarshalling json") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "unmarshalling json") } parameters, ok := prov.Predicate.Invocation.Parameters.(map[string]interface{}) if !ok { - return "", fmt.Errorf("%w: %s", errorInvalidDssePayload, "parameters type") + return "", fmt.Errorf("%w: %s", ErrorInvalidDssePayload, "parameters type") } // Validate version. @@ -590,7 +634,7 @@ func getBranch(env *dsselib.Envelope) (string, error) { case "tag": return getBaseRef(parameters) default: - return "", fmt.Errorf("%w: %s %s", errorInvalidDssePayload, + return "", fmt.Errorf("%w: %s %s", ErrorInvalidDssePayload, "unknown ref type", refType) } } diff --git a/pkg/provenance_test.go b/pkg/provenance_test.go index 96fc083..7914980 100644 --- a/pkg/provenance_test.go +++ b/pkg/provenance_test.go @@ -107,19 +107,19 @@ func Test_VerifyProvenance(t *testing.T) { name: "invalid dsse: not SLSA predicate", path: "./testdata/dsse-not-slsa.intoto.jsonl", artifactHash: "0ae7e4fa71686538440012ee36a2634dbaa19df2dd16a466f52411fb348bbc4e", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, }, { name: "invalid dsse: nil subject", path: "./testdata/dsse-no-subject.intoto.jsonl", artifactHash: "0ae7e4fa71686538440012ee36a2634dbaa19df2dd16a466f52411fb348bbc4e", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, }, { name: "invalid dsse: no sha256 subject digest", path: "./testdata/dsse-no-subject-hash.intoto.jsonl", artifactHash: "0ae7e4fa71686538440012ee36a2634dbaa19df2dd16a466f52411fb348bbc4e", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, }, { name: "mismatched artifact hash with env", @@ -270,7 +270,7 @@ func Test_VerifyBranch(t *testing.T) { { name: "invalid ref type", path: "./testdata/dsse-invalid-ref-type.intoto.jsonl", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, }, { name: "invalid version", @@ -316,17 +316,17 @@ func Test_VerifyTag(t *testing.T) { { name: "ref main", path: "./testdata/dsse-main-ref.intoto.jsonl", - expected: errorMismatchTag, + expected: ErrorMismatchTag, }, { name: "ref branch3", path: "./testdata/dsse-branch3-ref.intoto.jsonl", - expected: errorMismatchTag, + expected: ErrorMismatchTag, }, { name: "invalid ref type", path: "./testdata/dsse-invalid-ref-type.intoto.jsonl", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, }, { name: "invalid version", @@ -372,26 +372,25 @@ func Test_VerifyVersionedTag(t *testing.T) { { name: "ref main", path: "./testdata/dsse-main-ref.intoto.jsonl", - expected: errorInvalidSemver, + expected: ErrorInvalidSemver, tag: "v1.2.3", }, { name: "ref branch3", path: "./testdata/dsse-branch3-ref.intoto.jsonl", - expected: errorInvalidSemver, + expected: ErrorInvalidSemver, tag: "v1.2.3", }, { name: "tag v1.2 invalid versioning", path: "./testdata/dsse-v1.2-tag.intoto.jsonl", tag: "1.2", - expected: errorInvalidSemver, + expected: ErrorInvalidSemver, }, - { name: "invalid ref", path: "./testdata/dsse-invalid-ref-type.intoto.jsonl", - expected: errorInvalidDssePayload, + expected: ErrorInvalidDssePayload, tag: "v1.2.3", }, { @@ -404,13 +403,13 @@ func Test_VerifyVersionedTag(t *testing.T) { name: "tag vslsa1 invalid", path: "./testdata/dsse-vslsa1-tag.intoto.jsonl", tag: "vslsa1", - expected: errorInvalidSemver, + expected: ErrorInvalidSemver, }, { name: "tag vslsa1 invalid semver", path: "./testdata/dsse-vslsa1-tag.intoto.jsonl", tag: "v1.2.3", - expected: errorInvalidSemver, + expected: ErrorInvalidSemver, }, { name: "tag v1.2.3 exact match", @@ -431,19 +430,25 @@ func Test_VerifyVersionedTag(t *testing.T) { name: "tag v1.2.3 no match v2", path: "./testdata/dsse-v1.2.3-tag.intoto.jsonl", tag: "v2", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1.2.3 no match v1.3", path: "./testdata/dsse-v1.2.3-tag.intoto.jsonl", tag: "v1.3", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1.2.3 no match v1.2.4", path: "./testdata/dsse-v1.2.3-tag.intoto.jsonl", tag: "v1.2.4", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, + }, + { + name: "tag v1.2.3 no match v1.2.2", + path: "./testdata/dsse-v1.2.3-tag.intoto.jsonl", + tag: "v1.2.2", + expected: ErrorMismatchVersionedTag, }, { name: "tag v1.2 exact v1.2", @@ -455,17 +460,29 @@ func Test_VerifyVersionedTag(t *testing.T) { path: "./testdata/dsse-v1.2-tag.intoto.jsonl", tag: "v1", }, + { + name: "tag v1.1 no match v1.3", + path: "./testdata/dsse-v1.2-tag.intoto.jsonl", + tag: "v1.1", + expected: ErrorMismatchVersionedTag, + }, + { + name: "tag v0 no match v1.3", + path: "./testdata/dsse-v1.2-tag.intoto.jsonl", + tag: "v0", + expected: ErrorMismatchVersionedTag, + }, { name: "tag v1.2 no match v1.3", path: "./testdata/dsse-v1.2-tag.intoto.jsonl", tag: "v1.3", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1.2 no match v1.2.3", path: "./testdata/dsse-v1.2-tag.intoto.jsonl", tag: "v1.2.3", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1.2 match v1.2.0", @@ -476,7 +493,7 @@ func Test_VerifyVersionedTag(t *testing.T) { name: "tag v1.2 no match v2", path: "./testdata/dsse-v1.2-tag.intoto.jsonl", tag: "v2", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1 exact match", @@ -487,19 +504,25 @@ func Test_VerifyVersionedTag(t *testing.T) { name: "tag v1 no match v2", path: "./testdata/dsse-v1-tag.intoto.jsonl", tag: "v2", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1 no match v1.2", path: "./testdata/dsse-v1-tag.intoto.jsonl", tag: "v1.2", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, + }, + { + name: "tag v1 no match v0", + path: "./testdata/dsse-v1-tag.intoto.jsonl", + tag: "v0", + expected: ErrorMismatchVersionedTag, }, { name: "tag v1 no match v1.2.3", path: "./testdata/dsse-v1-tag.intoto.jsonl", tag: "v1.2.3", - expected: errorMismatchVersionedTag, + expected: ErrorMismatchVersionedTag, }, { name: "tag v1 match v1.0", diff --git a/testdata/binary-linux-amd64-push-v1.2.4 b/testdata/binary-linux-amd64-push-v1.2.4 new file mode 100644 index 0000000..c7f3ef0 Binary files /dev/null and b/testdata/binary-linux-amd64-push-v1.2.4 differ diff --git a/testdata/binary-linux-amd64-push-v1.2.4.intoto.jsonl b/testdata/binary-linux-amd64-push-v1.2.4.intoto.jsonl new file mode 100644 index 0000000..412e082 --- /dev/null +++ b/testdata/binary-linux-amd64-push-v1.2.4.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJiaW5hcnktbGludXgtYW1kNjQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYzJhYzE2YWFjNWZhMzhjMjQ3MTg0OGM4NmFhMWY5NzNlYmJhNmEzYjRjMzk4MTk0Y2E2Mjg3Y2U3NThlZTFkZCJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nby8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyLnltbEByZWZzL2hlYWRzL21haW4ifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb21sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdEByZWZzL3RhZ3MvdjEuMi40LmdpdCIsImRpZ2VzdCI6eyJzaGExIjoiYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSJ9LCJlbnRyeVBvaW50IjoiU0xTQSBSZWxlYXNlIn0sInBhcmFtZXRlcnMiOnsidmVyc2lvbiI6MSwiZXZlbnRfbmFtZSI6InB1c2giLCJldmVudF9wYXlsb2FkIjp7ImFmdGVyIjoiYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSIsImJhc2VfcmVmIjoicmVmcy9oZWFkcy9tYWluIiwiYmVmb3JlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsImNvbW1pdHMiOltdLCJjb21wYXJlIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbXBhcmUvdjEuMi40IiwiY3JlYXRlZCI6dHJ1ZSwiZGVsZXRlZCI6ZmFsc2UsImZvcmNlZCI6ZmFsc2UsImhlYWRfY29tbWl0Ijp7ImF1dGhvciI6eyJlbWFpbCI6IjY0NTA1MDk5K2xhdXJlbnRzaW1vbkB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20iLCJuYW1lIjoibGF1cmVudHNpbW9uIiwidXNlcm5hbWUiOiJsYXVyZW50c2ltb24ifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSIsIm1lc3NhZ2UiOiJVcGRhdGUgYnVpbGRlci10ZXN0LnlhbWwiLCJ0aW1lc3RhbXAiOiIyMDIyLTA0LTA0VDA5OjMxOjIzLTA3OjAwIiwidHJlZV9pZCI6IjEyZDk3M2Q1NjlkMzA4MmNjYmIxMmYxM2U1MGM1ZTFmZTEzYmIxNTUiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tbWl0L2IzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEifSwicHVzaGVyIjp7ImVtYWlsIjoiNjQ1MDUwOTkrbGF1cmVudHNpbW9uQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbSIsIm5hbWUiOiJsYXVyZW50c2ltb24ifSwicmVmIjoicmVmcy90YWdzL3YxLjIuNCIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjQ0MDIzNDQ2LCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOiJUZXN0IGZvciBTTFNBIiwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjEsImZvcmtzX2NvdW50IjoxLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2ZvcmtzIiwiZnVsbF9uYW1lIjoibGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0IiwiaWQiOjQ1NTc0MzM5NiwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiR28iLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2Etb24tZ2l0aHViLXRlc3QiLCJub2RlX2lkIjoiUl9rZ0RPR3lvWHBBIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjowLCJvcGVuX2lzc3Vlc19jb3VudCI6MCwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJlbWFpbCI6IjY0NTA1MDk5K2xhdXJlbnRzaW1vbkB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20iLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5hbWUiOiJsYXVyZW50c2ltb24iLCJub2RlX2lkIjoiTURRNlZYTmxjalkwTlRBMU1EazUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbiJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY0OTA4OTkwOSwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6MTM5LCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206bGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0Iiwic3RhcmdhemVycyI6MCwic3RhcmdhemVyc19jb3VudCI6MCwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIyLTAyLTA1VDAxOjI1OjI4WiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjB9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqWTBOVEExTURrNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uIn19LCJyZWZfdHlwZSI6InRhZyIsInJlZiI6InJlZnMvdGFncy92MS4yLjQiLCJiYXNlX3JlZiI6IiIsImhlYWRfcmVmIjoiIiwiYWN0b3IiOiJsYXVyZW50c2ltb24iLCJzaGExIjoiYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSJ9LCJlbnZpcm9ubWVudCI6eyJhcmNoIjoiYW1kNjQiLCJnaXRodWJfZXZlbnRfbmFtZSI6InB1c2giLCJnaXRodWJfcnVuX2F0dGVtcHQiOiIxIiwiZ2l0aHViX3J1bl9pZCI6IjIwOTEyMTU0MjkiLCJnaXRodWJfcnVuX251bWJlciI6IjE5Iiwib3MiOiJ1YnVudHUifX0sImJ1aWxkQ29uZmlnIjp7InZlcnNpb24iOjEsInN0ZXBzIjpbeyJjb21tYW5kIjpbIi9vcHQvaG9zdGVkdG9vbGNhY2hlL2dvLzEuMTcuOC94NjQvYmluL2dvIiwiYnVpbGQiLCItbW9kPXZlbmRvciIsIi10cmltcGF0aCIsIi10YWdzPW5ldGdvIiwiLW8iLCJiaW5hcnktbGludXgtYW1kNjQiXSwiZW52IjpbIkdPT1M9bGludXgiLCJHT0FSQ0g9YW1kNjQiLCJDR09fRU5BQkxFRD0wIiwiR08xMTFNT0RVTEU9b24iXX1dfSwibWF0ZXJpYWxzIjpbeyJ1cmkiOiJnaXQrbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0IiwiZGlnZXN0Ijp7InNoYTEiOiJiMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIn19XX19","signatures":[{"keyid":"","sig":"MEQCIHIPyyn0YUkY6ViDn2UNduMPTZKdFoHknpZtxhXg+nZ0AiB725MNU872ccLtG2enwM3VzCv4Il9U9KOlDa7h5vvFdA=="}]} \ No newline at end of file diff --git a/testdata/binary-linux-amd64-push-v2 b/testdata/binary-linux-amd64-push-v2 new file mode 100644 index 0000000..c7f3ef0 Binary files /dev/null and b/testdata/binary-linux-amd64-push-v2 differ diff --git a/testdata/binary-linux-amd64-push-v2.5 b/testdata/binary-linux-amd64-push-v2.5 new file mode 100644 index 0000000..c7f3ef0 Binary files /dev/null and b/testdata/binary-linux-amd64-push-v2.5 differ diff --git a/testdata/binary-linux-amd64-push-v2.5.intoto.jsonl b/testdata/binary-linux-amd64-push-v2.5.intoto.jsonl new file mode 100644 index 0000000..e7b3a2e --- /dev/null +++ b/testdata/binary-linux-amd64-push-v2.5.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJiaW5hcnktbGludXgtYW1kNjQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYzJhYzE2YWFjNWZhMzhjMjQ3MTg0OGM4NmFhMWY5NzNlYmJhNmEzYjRjMzk4MTk0Y2E2Mjg3Y2U3NThlZTFkZCJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nby8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyLnltbEByZWZzL2hlYWRzL21haW4ifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb21sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdEByZWZzL3RhZ3MvdjIuNS5naXQiLCJkaWdlc3QiOnsic2hhMSI6ImIzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEifSwiZW50cnlQb2ludCI6IlNMU0EgUmVsZWFzZSJ9LCJwYXJhbWV0ZXJzIjp7InZlcnNpb24iOjEsImV2ZW50X25hbWUiOiJwdXNoIiwiZXZlbnRfcGF5bG9hZCI6eyJhZnRlciI6ImIzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb21wYXJlL3YyLjUiLCJjcmVhdGVkIjp0cnVlLCJkZWxldGVkIjpmYWxzZSwiZm9yY2VkIjpmYWxzZSwiaGVhZF9jb21taXQiOnsiYXV0aG9yIjp7ImVtYWlsIjoiNjQ1MDUwOTkrbGF1cmVudHNpbW9uQHVzZXJzLm5vcmVwbHkuZ2l0aHViLmNvbSIsIm5hbWUiOiJsYXVyZW50c2ltb24iLCJ1c2VybmFtZSI6ImxhdXJlbnRzaW1vbiJ9LCJjb21taXR0ZXIiOnsiZW1haWwiOiJub3JlcGx5QGdpdGh1Yi5jb20iLCJuYW1lIjoiR2l0SHViIiwidXNlcm5hbWUiOiJ3ZWItZmxvdyJ9LCJkaXN0aW5jdCI6dHJ1ZSwiaWQiOiJiMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIiwibWVzc2FnZSI6IlVwZGF0ZSBidWlsZGVyLXRlc3QueWFtbCIsInRpbWVzdGFtcCI6IjIwMjItMDQtMDRUMDk6MzE6MjMtMDc6MDAiLCJ0cmVlX2lkIjoiMTJkOTczZDU2OWQzMDgyY2NiYjEyZjEzZTUwYzVlMWZlMTNiYjE1NSIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb21taXQvYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSJ9LCJwdXNoZXIiOnsiZW1haWwiOiI2NDUwNTA5OStsYXVyZW50c2ltb25AdXNlcnMubm9yZXBseS5naXRodWIuY29tIiwibmFtZSI6ImxhdXJlbnRzaW1vbiJ9LCJyZWYiOiJyZWZzL3RhZ3MvdjIuNSIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjQ0MDIzNDQ2LCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOiJUZXN0IGZvciBTTFNBIiwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjEsImZvcmtzX2NvdW50IjoxLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2ZvcmtzIiwiZnVsbF9uYW1lIjoibGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0IiwiaWQiOjQ1NTc0MzM5NiwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiR28iLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2Etb24tZ2l0aHViLXRlc3QiLCJub2RlX2lkIjoiUl9rZ0RPR3lvWHBBIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjowLCJvcGVuX2lzc3Vlc19jb3VudCI6MCwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJlbWFpbCI6IjY0NTA1MDk5K2xhdXJlbnRzaW1vbkB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20iLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5hbWUiOiJsYXVyZW50c2ltb24iLCJub2RlX2lkIjoiTURRNlZYTmxjalkwTlRBMU1EazUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbiJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY0OTEwMjAzNCwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6MTQxLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206bGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0Iiwic3RhcmdhemVycyI6MCwic3RhcmdhemVyc19jb3VudCI6MCwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIyLTAyLTA1VDAxOjI1OjI4WiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjB9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqWTBOVEExTURrNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uIn19LCJyZWZfdHlwZSI6InRhZyIsInJlZiI6InJlZnMvdGFncy92Mi41IiwiYmFzZV9yZWYiOiIiLCJoZWFkX3JlZiI6IiIsImFjdG9yIjoibGF1cmVudHNpbW9uIiwic2hhMSI6ImIzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEifSwiZW52aXJvbm1lbnQiOnsiYXJjaCI6ImFtZDY0IiwiZ2l0aHViX2V2ZW50X25hbWUiOiJwdXNoIiwiZ2l0aHViX3J1bl9hdHRlbXB0IjoiMSIsImdpdGh1Yl9ydW5faWQiOiIyMDkyMTgzMTA4IiwiZ2l0aHViX3J1bl9udW1iZXIiOiIyMSIsIm9zIjoidWJ1bnR1In19LCJidWlsZENvbmZpZyI6eyJ2ZXJzaW9uIjoxLCJzdGVwcyI6W3siY29tbWFuZCI6WyIvb3B0L2hvc3RlZHRvb2xjYWNoZS9nby8xLjE3LjgveDY0L2Jpbi9nbyIsImJ1aWxkIiwiLW1vZD12ZW5kb3IiLCItdHJpbXBhdGgiLCItdGFncz1uZXRnbyIsIi1vIiwiYmluYXJ5LWxpbnV4LWFtZDY0Il0sImVudiI6WyJHT09TPWxpbnV4IiwiR09BUkNIPWFtZDY0IiwiR08xMTFNT0RVTEU9b24iLCJDR09fRU5BQkxFRD0wIl19XX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0LmdpdCIsImRpZ2VzdCI6eyJzaGExIjoiYjMzY2E5MTg0YjcwNWI5YzYyMjIwMTE2YzI5ZWYyOGNmNzhkMzY5MSJ9fV19fQ==","signatures":[{"keyid":"","sig":"MEUCIG805F8YwwUx+ETmjIYNOEbZZTxJ9sguHbiZtdTRuNZQAiEAoZbnWdZVLzaZwngQTA0T6kEHbNBytudEoDQ0KJIi664="}]} \ No newline at end of file diff --git a/testdata/binary-linux-amd64-push-v2.intoto.jsonl b/testdata/binary-linux-amd64-push-v2.intoto.jsonl new file mode 100644 index 0000000..f4d9488 --- /dev/null +++ b/testdata/binary-linux-amd64-push-v2.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJiaW5hcnktbGludXgtYW1kNjQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYzJhYzE2YWFjNWZhMzhjMjQ3MTg0OGM4NmFhMWY5NzNlYmJhNmEzYjRjMzk4MTk0Y2E2Mjg3Y2U3NThlZTFkZCJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nby8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyLnltbEByZWZzL2hlYWRzL21haW4ifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb21sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdEByZWZzL3RhZ3MvdjIuZ2l0IiwiZGlnZXN0Ijp7InNoYTEiOiJiMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIn0sImVudHJ5UG9pbnQiOiJTTFNBIFJlbGVhc2UifSwicGFyYW1ldGVycyI6eyJ2ZXJzaW9uIjoxLCJldmVudF9uYW1lIjoicHVzaCIsImV2ZW50X3BheWxvYWQiOnsiYWZ0ZXIiOiJiMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIiwiYmFzZV9yZWYiOiJyZWZzL2hlYWRzL21haW4iLCJiZWZvcmUiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiY29tbWl0cyI6W10sImNvbXBhcmUiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tcGFyZS92MiIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiI2NDUwNTA5OStsYXVyZW50c2ltb25AdXNlcnMubm9yZXBseS5naXRodWIuY29tIiwibmFtZSI6ImxhdXJlbnRzaW1vbiIsInVzZXJuYW1lIjoibGF1cmVudHNpbW9uIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6Im5vcmVwbHlAZ2l0aHViLmNvbSIsIm5hbWUiOiJHaXRIdWIiLCJ1c2VybmFtZSI6IndlYi1mbG93In0sImRpc3RpbmN0Ijp0cnVlLCJpZCI6ImIzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEiLCJtZXNzYWdlIjoiVXBkYXRlIGJ1aWxkZXItdGVzdC55YW1sIiwidGltZXN0YW1wIjoiMjAyMi0wNC0wNFQwOTozMToyMy0wNzowMCIsInRyZWVfaWQiOiIxMmQ5NzNkNTY5ZDMwODJjY2JiMTJmMTNlNTBjNWUxZmUxM2JiMTU1IiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1pdC9iMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIn0sInB1c2hlciI6eyJlbWFpbCI6IjY0NTA1MDk5K2xhdXJlbnRzaW1vbkB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20iLCJuYW1lIjoibGF1cmVudHNpbW9uIn0sInJlZiI6InJlZnMvdGFncy92MiIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjQ0MDIzNDQ2LCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOiJUZXN0IGZvciBTTFNBIiwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjEsImZvcmtzX2NvdW50IjoxLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2ZvcmtzIiwiZnVsbF9uYW1lIjoibGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0IiwiaWQiOjQ1NTc0MzM5NiwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiR28iLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2Etb24tZ2l0aHViLXRlc3QiLCJub2RlX2lkIjoiUl9rZ0RPR3lvWHBBIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjowLCJvcGVuX2lzc3Vlc19jb3VudCI6MCwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJlbWFpbCI6IjY0NTA1MDk5K2xhdXJlbnRzaW1vbkB1c2Vycy5ub3JlcGx5LmdpdGh1Yi5jb20iLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5hbWUiOiJsYXVyZW50c2ltb24iLCJub2RlX2lkIjoiTURRNlZYTmxjalkwTlRBMU1EazUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbiJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY0OTEwMTk1MSwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6MTQxLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206bGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QuZ2l0Iiwic3RhcmdhemVycyI6MCwic3RhcmdhemVyc19jb3VudCI6MCwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIyLTAyLTA1VDAxOjI1OjI4WiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjB9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqWTBOVEExTURrNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uIn19LCJyZWZfdHlwZSI6InRhZyIsInJlZiI6InJlZnMvdGFncy92MiIsImJhc2VfcmVmIjoiIiwiaGVhZF9yZWYiOiIiLCJhY3RvciI6ImxhdXJlbnRzaW1vbiIsInNoYTEiOiJiMzNjYTkxODRiNzA1YjljNjIyMjAxMTZjMjllZjI4Y2Y3OGQzNjkxIn0sImVudmlyb25tZW50Ijp7ImFyY2giOiJhbWQ2NCIsImdpdGh1Yl9ldmVudF9uYW1lIjoicHVzaCIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiMjA5MjE3NzY3NSIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiMjAiLCJvcyI6InVidW50dSJ9fSwiYnVpbGRDb25maWciOnsidmVyc2lvbiI6MSwic3RlcHMiOlt7ImNvbW1hbmQiOlsiL29wdC9ob3N0ZWR0b29sY2FjaGUvZ28vMS4xNy44L3g2NC9iaW4vZ28iLCJidWlsZCIsIi1tb2Q9dmVuZG9yIiwiLXRyaW1wYXRoIiwiLXRhZ3M9bmV0Z28iLCItbyIsImJpbmFyeS1saW51eC1hbWQ2NCJdLCJlbnYiOlsiR09PUz1saW51eCIsIkdPQVJDSD1hbWQ2NCIsIkdPMTExTU9EVUxFPW9uIiwiQ0dPX0VOQUJMRUQ9MCJdfV19LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtsYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJkaWdlc3QiOnsic2hhMSI6ImIzM2NhOTE4NGI3MDViOWM2MjIyMDExNmMyOWVmMjhjZjc4ZDM2OTEifX1dfX0=","signatures":[{"keyid":"","sig":"MEUCIFjCm6mhd8zdmmofdCOVgoFkOw45zWyDT/+n2LFnWHnpAiEApC3OrEAnQGDT8Vt4P+67n1TGelvJFDhi8xX/jOdGi6k="}]} \ No newline at end of file diff --git a/testdata/binary-linux-amd64-workflow_dispatch b/testdata/binary-linux-amd64-workflow_dispatch new file mode 100644 index 0000000..c7f3ef0 Binary files /dev/null and b/testdata/binary-linux-amd64-workflow_dispatch differ diff --git a/testdata/binary-linux-amd64-workflow_dispatch.intoto.jsonl b/testdata/binary-linux-amd64-workflow_dispatch.intoto.jsonl new file mode 100644 index 0000000..2f8b784 --- /dev/null +++ b/testdata/binary-linux-amd64-workflow_dispatch.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJiaW5hcnktbGludXgtYW1kNjQiLCJkaWdlc3QiOnsic2hhMjU2IjoiYzJhYzE2YWFjNWZhMzhjMjQ3MTg0OGM4NmFhMWY5NzNlYmJhNmEzYjRjMzk4MTk0Y2E2Mjg3Y2U3NThlZTFkZCJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nby8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyLnltbEByZWZzL2hlYWRzL21haW4ifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci1nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb21sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdEByZWZzL2hlYWRzL21haW4uZ2l0IiwiZGlnZXN0Ijp7InNoYTEiOiJkM2ZkOTQ4MmU2OGQyNzZlNjljMGE4YjNmN2VhYWJiM2I5ZTU2Njk1In0sImVudHJ5UG9pbnQiOiJTTFNBIFJlbGVhc2UifSwicGFyYW1ldGVycyI6eyJ2ZXJzaW9uIjoxLCJldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJldmVudF9wYXlsb2FkIjp7ImlucHV0cyI6bnVsbCwicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3Qve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOiIyMDIyLTAyLTA1VDAxOjEwOjQ2WiIsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6IlRlc3QgZm9yIFNMU0EiLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MSwiZm9ya3NfY291bnQiOjEsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZm9ya3MiLCJmdWxsX25hbWUiOiJsYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0LmdpdCIsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOnRydWUsImhhc19wYWdlcyI6ZmFsc2UsImhhc19wcm9qZWN0cyI6dHJ1ZSwiaGFzX3dpa2kiOnRydWUsImhvbWVwYWdlIjpudWxsLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QiLCJpZCI6NDU1NzQzMzk2LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJHbyIsImxhbmd1YWdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2Etb24tZ2l0aHViLXRlc3QiLCJub2RlX2lkIjoiUl9rZ0RPR3lvWHBBIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjowLCJvcGVuX2lzc3Vlc19jb3VudCI6MCwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqWTBOVEExTURrNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoiMjAyMi0wNC0wNFQxNToyMToyN1oiLCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3JlbGVhc2Vzey9pZH0iLCJzaXplIjoxMzAsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpsYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC5naXQiLCJzdGFyZ2F6ZXJzX2NvdW50IjowLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3Qvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3Qvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0L3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3Qvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdC90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvbGF1cmVudHNpbW9uL3Nsc2Etb24tZ2l0aHViLXRlc3QvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjItMDItMDVUMDE6MjU6MjhaIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9sYXVyZW50c2ltb24vc2xzYS1vbi1naXRodWItdGVzdCIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjB9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS82NDUwNTA5OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uIiwiaWQiOjY0NTA1MDk5LCJsb2dpbiI6ImxhdXJlbnRzaW1vbiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqWTBOVEExTURrNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9sYXVyZW50c2ltb24vb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2xhdXJlbnRzaW1vbi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvbGF1cmVudHNpbW9uIn0sIndvcmtmbG93IjoiLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlci10ZXN0LnlhbWwifSwicmVmX3R5cGUiOiJicmFuY2giLCJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJiYXNlX3JlZiI6IiIsImhlYWRfcmVmIjoiIiwiYWN0b3IiOiJsYXVyZW50c2ltb24iLCJzaGExIjoiZDNmZDk0ODJlNjhkMjc2ZTY5YzBhOGIzZjdlYWFiYjNiOWU1NjY5NSJ9LCJlbnZpcm9ubWVudCI6eyJhcmNoIjoiYW1kNjQiLCJnaXRodWJfZXZlbnRfbmFtZSI6IndvcmtmbG93X2Rpc3BhdGNoIiwiZ2l0aHViX3J1bl9hdHRlbXB0IjoiMSIsImdpdGh1Yl9ydW5faWQiOiIyMDkwODQxMjYzIiwiZ2l0aHViX3J1bl9udW1iZXIiOiIxOCIsIm9zIjoidWJ1bnR1In19LCJidWlsZENvbmZpZyI6eyJ2ZXJzaW9uIjoxLCJzdGVwcyI6W3siY29tbWFuZCI6WyIvb3B0L2hvc3RlZHRvb2xjYWNoZS9nby8xLjE3LjgveDY0L2Jpbi9nbyIsImJ1aWxkIiwiLW1vZD12ZW5kb3IiLCItdHJpbXBhdGgiLCItdGFncz1uZXRnbyIsIi1vIiwiYmluYXJ5LWxpbnV4LWFtZDY0Il0sImVudiI6WyJHT09TPWxpbnV4IiwiR09BUkNIPWFtZDY0IiwiR08xMTFNT0RVTEU9b24iLCJDR09fRU5BQkxFRD0wIl19XX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2xhdXJlbnRzaW1vbi9zbHNhLW9uLWdpdGh1Yi10ZXN0LmdpdCIsImRpZ2VzdCI6eyJzaGExIjoiZDNmZDk0ODJlNjhkMjc2ZTY5YzBhOGIzZjdlYWFiYjNiOWU1NjY5NSJ9fV19fQ==","signatures":[{"keyid":"","sig":"MEQCIF8H982Iw2aJmgPEy+NCXOJVLxnipDSfsBpyvcrwXIE4AiBBtCLwvVYB0sbkFK4QAsX2KzsHq/D3vbo48LayT/vXpg=="}]} \ No newline at end of file