From fd1a2f1bccc041779cc10388405bf9af2bbd8307 Mon Sep 17 00:00:00 2001 From: Samuel Cochran Date: Tue, 17 Jan 2023 09:52:47 +1100 Subject: [PATCH] GitHub subjects look different to URIs --- pkg/server/grpc_server_test.go | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/pkg/server/grpc_server_test.go b/pkg/server/grpc_server_test.go index 5586e26bd..4452fa3cd 100644 --- a/pkg/server/grpc_server_test.go +++ b/pkg/server/grpc_server_test.go @@ -711,11 +711,11 @@ func TestAPIWithGitHub(t *testing.T) { JobWorkflowRef: "job/workflow/ref", Sha: "sha", Trigger: "trigger", - Repository: "repo", + Repository: "sigstore/fulcio", Workflow: "workflow", - Ref: "ref", + Ref: "refs/heads/main", } - githubSubject := fmt.Sprintf("https://github.com/%s", claims.JobWorkflowRef) + githubSubject := fmt.Sprintf("repo:%s:ref:%s", claims.Repository, claims.Ref) // Create an OIDC token using this issuer's signer. tok, err := jwt.Signed(githubSigner).Claims(jwt.Claims{ @@ -767,12 +767,13 @@ func TestAPIWithGitHub(t *testing.T) { if len(leafCert.URIs) != 1 { t.Fatalf("unexpected length of leaf certificate URIs, expected 1, got %d", len(leafCert.URIs)) } - uSubject, err := url.Parse(githubSubject) + githubUrl := fmt.Sprintf("https://github.com/%s", claims.JobWorkflowRef) + githubUri, err := url.Parse(githubUrl) if err != nil { - t.Fatalf("failed to parse subject URI") + t.Fatalf("failed to parse expected url") } - if *leafCert.URIs[0] != *uSubject { - t.Fatalf("subjects do not match: Expected %v, got %v", uSubject, leafCert.URIs[0]) + if *leafCert.URIs[0] != *githubUri { + t.Fatalf("URIs do not match: Expected %v, got %v", githubUri, leafCert.URIs[0]) } // Verify custom OID values triggerExt, found := findCustomExtension(leafCert, asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 57264, 1, 2})