mirror of
https://github.com/project-zot/zot.git
synced 2024-12-16 21:56:37 -05:00
5a3fac40db
- using secrets manager for storing public keys and certificates
- adding a default truststore for notation verification and upload all certificates to this default truststore
- removig `truststoreName` query param from notation api for uploading certificates
(cherry picked from commit eafcc1a213)
Signed-off-by: Andreea-Lupu <andreealupu1470@yahoo.com>
69 lines
1.6 KiB
Go
69 lines
1.6 KiB
Go
//go:build !imagetrust
|
|
|
|
package imagetrust_test
|
|
|
|
import (
|
|
"encoding/json"
|
|
"os"
|
|
"path"
|
|
"testing"
|
|
|
|
. "github.com/smartystreets/goconvey/convey"
|
|
|
|
"zotregistry.io/zot/pkg/extensions/imagetrust"
|
|
"zotregistry.io/zot/pkg/test"
|
|
)
|
|
|
|
func TestImageTrust(t *testing.T) {
|
|
Convey("binary doesn't include imagetrust", t, func() {
|
|
rootDir := t.TempDir()
|
|
|
|
cosignDir := path.Join(rootDir, "_cosign")
|
|
_, err := os.Stat(cosignDir)
|
|
So(os.IsNotExist(err), ShouldBeTrue)
|
|
|
|
notationDir := path.Join(rootDir, "_notation")
|
|
_, err = os.Stat(notationDir)
|
|
So(os.IsNotExist(err), ShouldBeTrue)
|
|
|
|
repo := "repo"
|
|
|
|
image, err := test.GetRandomImage() //nolint:staticcheck
|
|
So(err, ShouldBeNil)
|
|
|
|
manifestContent, err := json.Marshal(image.Manifest)
|
|
So(err, ShouldBeNil)
|
|
|
|
manifestDigest := image.Digest()
|
|
|
|
localImgTrustStore, err := imagetrust.NewLocalImageTrustStore(rootDir)
|
|
So(err, ShouldBeNil)
|
|
|
|
author, expTime, ok, err := localImgTrustStore.VerifySignature("cosign",
|
|
[]byte(""), "", manifestDigest, manifestContent, repo,
|
|
)
|
|
So(author, ShouldBeEmpty)
|
|
So(expTime, ShouldBeZeroValue)
|
|
So(ok, ShouldBeFalse)
|
|
So(err, ShouldBeNil)
|
|
|
|
_, err = os.Stat(cosignDir)
|
|
So(os.IsNotExist(err), ShouldBeTrue)
|
|
|
|
_, err = os.Stat(notationDir)
|
|
So(os.IsNotExist(err), ShouldBeTrue)
|
|
|
|
cloudImgTrustStore, err := imagetrust.NewAWSImageTrustStore("region",
|
|
"endpoint",
|
|
)
|
|
So(err, ShouldBeNil)
|
|
|
|
author, expTime, ok, err = cloudImgTrustStore.VerifySignature("cosign",
|
|
[]byte(""), "", manifestDigest, manifestContent, repo,
|
|
)
|
|
So(author, ShouldBeEmpty)
|
|
So(expTime, ShouldBeZeroValue)
|
|
So(ok, ShouldBeFalse)
|
|
So(err, ShouldBeNil)
|
|
})
|
|
}
|