search

sigstore / sigstore-conformance

Conformance testing for Sigstore clients
https://sigstore.dev
7 stars 10 forks source link

update d.txt bundles w/ cert containing legacy ext #129

Closed bdehamer closed 6 months ago

bdehamer commented 6 months ago

Closes #128

Regenerated all of the d.txt.* bundles with a new signing certificate that includes both OIDC Issuer and OIDC Issuer V2 extensions.

New cert:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 286793732 (0x11182004)
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: CN = sigstore, O = sigstore.mock
        Validity
            Not Before: Feb  1 00:00:00 2023 GMT
            Not After : Feb  1 00:10:00 2023 GMT
        Subject: 
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (256 bit)
                pub:
                    04:77:ae:c5:e5:28:a1:8e:6e:ff:99:d3:cb:00:8e:
                    cd:2d:cb:19:73:49:32:a4:68:54:62:cb:bb:e3:65:
                    a1:4c:45:03:99:ef:a4:0a:c0:61:5e:7c:b9:1e:1b:
                    0b:9a:7d:22:b2:2d:bc:e1:8c:88:21:3a:b5:33:8d:
                    2f:96:14:03:07
                ASN1 OID: prime256v1
                NIST CURVE: P-256
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature
            X509v3 Extended Key Usage: 
                Code Signing
            X509v3 Subject Alternative Name: critical
                URI:https://github.com/sigstore-conformance/extremely-dangerous-public-oidc-beacon/.github/workflows/extremely-dangerous-oidc-beacon.yml@refs/heads/main
            X509v3 Subject Key Identifier: 
                E7:C0:77:81:98:F7:3D:22:B6:66:05:E9:8E:68:7C:B8:97:0B:FB:28
            X509v3 Authority Key Identifier: 
                3F:14:5C:64:EC:55:31:B7:FA:04:F2:50:D9:10:5D:2C:EE:46:AC:B8
            1.3.6.1.4.1.57264.1.8: 
                .+https://token.actions.githubusercontent.com
            1.3.6.1.4.1.57264.1.1: 
                https://token.actions.githubusercontent.com
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : F7:26:CA:A3:41:17:BA:91:65:44:AF:37:34:E9:20:CD:
                                4C:49:2E:F7:5C:E6:22:8F:DC:04:EE:FF:2F:3F:27:DD
                    Timestamp : Feb  1 00:00:00.000 2023 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:44:02:20:39:11:79:D2:16:11:20:59:76:1E:07:34:
                                BC:E2:5F:A4:C8:D4:F2:06:3B:06:D1:9F:CF:4A:19:78:
                                F9:71:1B:88:02:20:39:7A:49:74:1E:D7:EF:7A:10:D5:
                                AA:33:AF:B9:C3:16:C8:52:01:CB:F1:3D:FE:9E:8E:37:
                                73:2B:84:01:EF:8D
    Signature Algorithm: ecdsa-with-SHA384
    Signature Value:
        30:45:02:20:2a:8b:fa:a2:e9:45:b4:cf:5e:7e:91:8b:f5:48:
        77:47:a3:28:13:44:fc:1d:69:9b:dd:6e:3b:27:bf:08:e9:95:
        02:21:00:9e:44:64:d6:7f:df:3f:2f:1c:1a:ce:be:8b:ea:bb:
        6c:c3:25:f9:7d:82:9b:9d:68:74:8a:cc:23:d3:db:8c:cc
woodruffw commented 6 months ago

Thanks @bdehamer!

CC @segiddins could you check this as well, since this originally tripped your WIP implementation?