From af3d4d6bc0312fffcca7d65502167e8a855c070d Mon Sep 17 00:00:00 2001 From: cpanato Date: Mon, 2 Oct 2023 10:04:59 -0400 Subject: [PATCH] fix lints Signed-off-by: cpanato --- pkg/config/store.go | 2 +- pkg/webhook/validator_test.go | 40 ++++++++++++++++++++++++++--------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/pkg/config/store.go b/pkg/config/store.go index 32f98ce8c..d083012c1 100644 --- a/pkg/config/store.go +++ b/pkg/config/store.go @@ -28,7 +28,7 @@ type cfgKey struct{} const ( // PolicyControllerConfigName is the name of the configmap used to configure // policy-controller. - PolicyControllerConfigName = "config-policy-controller" + PolicyControllerConfigName = "config-policy-controller" //nolint: gosec // Specifies that if an image is not found to match any policy, it should // be rejected. diff --git a/pkg/webhook/validator_test.go b/pkg/webhook/validator_test.go index 4080c8160..0753903fe 100644 --- a/pkg/webhook/validator_test.go +++ b/pkg/webhook/validator_test.go @@ -20,7 +20,6 @@ import ( "context" "crypto" "crypto/ecdsa" - "crypto/elliptic" "crypto/x509" "encoding/base64" "encoding/json" @@ -208,11 +207,18 @@ func TestValidatePodSpec(t *testing.T) { authorityPublicKeyCVS := func(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) { actualPublicKey, _ := co.SigVerifier.PublicKey() actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey) - actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y) - expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y) + actualPubKey, err := actualECDSAPubkey.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } + + authorityKeyPubKey, err := authorityKeyCosignPub.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } - if bytes.Equal(actualKeyData, expectedKeyData) { + if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) { return pass(ctx, signedImgRef, co) } @@ -1589,11 +1595,18 @@ func TestValidatePolicy(t *testing.T) { } actualPublicKey, _ := co.SigVerifier.PublicKey() actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey) - actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y) - expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y) + actualPubKey, err := actualECDSAPubkey.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } - if bytes.Equal(actualKeyData, expectedKeyData) { + authorityKeyPubKey, err := authorityKeyCosignPub.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } + + if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) { return pass(ctx, signedImgRef, co) } @@ -2022,11 +2035,18 @@ func TestValidatePodSpecNonDefaultNamespace(t *testing.T) { authorityPublicKeyCVS := func(ctx context.Context, signedImgRef name.Reference, co *cosign.CheckOpts) (checkedSignatures []oci.Signature, bundleVerified bool, err error) { actualPublicKey, _ := co.SigVerifier.PublicKey() actualECDSAPubkey := actualPublicKey.(*ecdsa.PublicKey) - actualKeyData := elliptic.Marshal(actualECDSAPubkey, actualECDSAPubkey.X, actualECDSAPubkey.Y) - expectedKeyData := elliptic.Marshal(authorityKeyCosignPub, authorityKeyCosignPub.X, authorityKeyCosignPub.Y) + actualPubKey, err := actualECDSAPubkey.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } + + authorityKeyPubKey, err := authorityKeyCosignPub.ECDH() + if err != nil { + return nil, false, errors.New("failed to get edch pub key") + } - if bytes.Equal(actualKeyData, expectedKeyData) { + if bytes.Equal(actualPubKey.Bytes(), authorityKeyPubKey.Bytes()) { return pass(ctx, signedImgRef, co) }