fix lints

Signed-off-by: cpanato <[email protected]>
sigstore · Oct 2, 2023 · af3d4d6 · af3d4d6
1 parent 9d729f0
commit af3d4d6
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 11 deletions.
diff --git a/pkg/config/store.go b/pkg/config/store.go
@@ -28,7 +28,7 @@ type cfgKey struct{}
 const (
 	// PolicyControllerConfigName is the name of the configmap used to configure
 	// policy-controller.
-	PolicyControllerConfigName = "config-policy-controller"
+	PolicyControllerConfigName = "config-policy-controller" //nolint: gosec
 
 	// Specifies that if an image is not found to match any policy, it should
 	// be rejected.

diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"crypto"
 	"crypto/ecdsa"
-	"crypto/elliptic"
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/json"
@@ -208,11 +207,18 @@ func TestValidatePodSpec(t *testing.T) {
 	authorityPublicKeyCVS := func(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
 		actualPublicKey, _ := co.SigVerifier.PublicKey()
 		actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey)
-		actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y)
 
-		expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y)
+		actualPubKey, err := actualECDSAPubkey.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
+
+		authorityKeyPubKey, err := authorityKeyCosignPub.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
 
-		if bytes.Equal(actualKeyData, expectedKeyData) {
+		if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) {
 			return pass(ctx, signedImgRef, co)
 		}
 
@@ -1589,11 +1595,18 @@ func TestValidatePolicy(t *testing.T) {
 		}
 		actualPublicKey, _ := co.SigVerifier.PublicKey()
 		actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey)
-		actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y)
 
-		expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y)
+		actualPubKey, err := actualECDSAPubkey.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
 
-		if bytes.Equal(actualKeyData, expectedKeyData) {
+		authorityKeyPubKey, err := authorityKeyCosignPub.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
+
+		if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) {
 			return pass(ctx, signedImgRef, co)
 		}
 
@@ -2022,11 +2035,18 @@ func TestValidatePodSpecNonDefaultNamespace(t *testing.T) {
 	authorityPublicKeyCVS := func(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) {
 		actualPublicKey, _ := co.SigVerifier.PublicKey()
 		actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey)
-		actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y)
 
-		expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y)
+		actualPubKey, err := actualECDSAPubkey.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
+
+		authorityKeyPubKey, err := authorityKeyCosignPub.ECDH()
+		if err != nil {
+			return nil, false, errors.New("failed to get edch pub key")
+		}
 
-		if bytes.Equal(actualKeyData, expectedKeyData) {
+		if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) {
 			return pass(ctx, signedImgRef, co)
 		}