diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6273d9536..224cae3fb 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -44,7 +44,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4 + uses: github/codeql-action/init@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -55,7 +55,7 @@ jobs: # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild - uses: github/codeql-action/autobuild@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4 + uses: github/codeql-action/autobuild@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 # Command-line programs to run using the OS shell. # šŸ“š https://git.io/JvXDl @@ -68,4 +68,4 @@ jobs: # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4 + uses: github/codeql-action/analyze@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 diff --git a/.github/workflows/depsreview.yml b/.github/workflows/depsreview.yml index 625c2f461..b314bd48a 100644 --- a/.github/workflows/depsreview.yml +++ b/.github/workflows/depsreview.yml @@ -11,4 +11,4 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: 'Dependency Review' - uses: actions/dependency-review-action@1360a344ccb0ab6e9475edef90ad2f46bf8003b1 # v3.0.6 + uses: actions/dependency-review-action@7d90b4f05fea31dde1c4a1fb3fa787e197ea93ab # v3.0.7 diff --git a/.github/workflows/pr-title.yml b/.github/workflows/pr-title.yml index 0f6c41cab..05c7a663b 100644 --- a/.github/workflows/pr-title.yml +++ b/.github/workflows/pr-title.yml @@ -4,6 +4,8 @@ on: pull_request: types: [opened, edited, reopened, synchronize] +permissions: read-all + jobs: validate: runs-on: ubuntu-latest diff --git a/.github/workflows/pre-submit.actions.yml b/.github/workflows/pre-submit.actions.yml index 9ace5c42f..fb4c518c7 100644 --- a/.github/workflows/pre-submit.actions.yml +++ b/.github/workflows/pre-submit.actions.yml @@ -14,7 +14,7 @@ jobs: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: Set Node.js 16 - uses: actions/setup-node@e33196f7422957bea03ed53f6fbb155025ffc7b8 # v3.7.0 + uses: actions/setup-node@bea5baf987ba7aa777a8a0b4ace377a21c45c381 # v3.8.0 with: node-version: 16 diff --git a/.github/workflows/pre-submit.cli.yml b/.github/workflows/pre-submit.cli.yml index 947c552b1..04d5c1df8 100644 --- a/.github/workflows/pre-submit.cli.yml +++ b/.github/workflows/pre-submit.cli.yml @@ -18,7 +18,7 @@ jobs: uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - name: setup-go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: "go.mod" diff --git a/.github/workflows/pre-submit.e2e.yml b/.github/workflows/pre-submit.e2e.yml index 7d06584d6..9551b25c1 100644 --- a/.github/workflows/pre-submit.e2e.yml +++ b/.github/workflows/pre-submit.e2e.yml @@ -16,7 +16,7 @@ jobs: path: __THIS_REPO__ - name: setup-go - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: "__THIS_REPO__/go.mod" diff --git a/.github/workflows/pre-submit.lint.yml b/.github/workflows/pre-submit.lint.yml index 0a2a7bd70..da06ab044 100644 --- a/.github/workflows/pre-submit.lint.yml +++ b/.github/workflows/pre-submit.lint.yml @@ -11,7 +11,7 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3 - - uses: actions/setup-go@fac708d6674e30b6ba41289acaab6d4b75aa0753 # v4.0.1 + - uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 with: go-version-file: "go.mod" - env: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 8465483f7..50935d037 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -49,7 +49,7 @@ jobs: actions: read # For the detection of GitHub Actions environment. id-token: write # For signing. contents: write # For asset uploads. - uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.7.0 + uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.8.0 with: go-version-file: "go.mod" config-file: .slsa-goreleaser/${{matrix.os}}-${{matrix.arch}}.yml diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index fd1b08593..9d4501345 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -57,6 +57,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@489225d82a57396c6f426a40e66d461b16b3461d # v2.20.4 + uses: github/codeql-action/upload-sarif@a09933a12a80f87b87005513f0abb1494c27a716 # v2.21.4 with: sarif_file: results.sarif diff --git a/cli/experimental/service/Dockerfile b/cli/experimental/service/Dockerfile index c6526c8ad..bfa2c383a 100644 --- a/cli/experimental/service/Dockerfile +++ b/cli/experimental/service/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.19@sha256:83f9f840072d05ad4d90ce4ac7cb2427632d6b89d5ffc558f18f9577ec8188c0 AS base +FROM golang:1.21@sha256:ec457a2fcd235259273428a24e09900c496d0c52207266f96a330062a01e3622 AS base WORKDIR /src ENV CGO_ENABLED=0 COPY . ./ diff --git a/cli/slsa-verifier/main_regression_test.go b/cli/slsa-verifier/main_regression_test.go index 8209807c6..cc498bfdd 100644 --- a/cli/slsa-verifier/main_regression_test.go +++ b/cli/slsa-verifier/main_regression_test.go @@ -9,7 +9,6 @@ import ( "fmt" "io/ioutil" "os" - "path" "path/filepath" "strings" "testing" @@ -546,7 +545,7 @@ func Test_runVerifyGHAArtifactPath(t *testing.T) { } // TODO(#258): invalid builder ref. - sv := path.Base(v) + sv := filepath.Base(v) // For each test, we run 4 sub-tests: // 1. With the the full builderID including the semver in short form. // 2. With the the full builderID including the semver in long form. @@ -773,7 +772,7 @@ func Test_runVerifyGHAArtifactImage(t *testing.T) { for _, v := range checkVersions { image := filepath.Clean(filepath.Join(TEST_DIR, v, tt.artifact)) // TODO(#258): test for tagged builder. - sv := path.Base(v) + sv := filepath.Base(v) // For each test, we run 2 sub-tests: // 1. With the the full builderID including the semver in short form. // 2. With the the full builderID including the semver in long form. @@ -1220,7 +1219,7 @@ func Test_runVerifyGCBArtifactImage(t *testing.T) { } for _, v := range checkVersions { - semver := path.Base(v) + semver := filepath.Base(v) // For each test, we run 2 sub-tests: // 1. With the the full builderID including the semver. // 2. With only the name of the builder. @@ -1383,7 +1382,13 @@ func Test_runVerifyGHAContainerBased(t *testing.T) { for _, v := range checkVersions { testPath := filepath.Clean(filepath.Join(TEST_DIR, v, tt.artifacts[0])) - provenancePath := fmt.Sprintf("%s.intoto.sigstore", testPath) + sv := filepath.Base(v) + var provenancePath string + if semver.Compare(sv, "v1.8.0") >= 0 { + provenancePath = fmt.Sprintf("%s.intoto.build.slsa", testPath) + } else { + provenancePath = fmt.Sprintf("%s.intoto.sigstore", testPath) + } artifacts := make([]string, len(tt.artifacts)) for i, artifact := range tt.artifacts { @@ -1395,7 +1400,6 @@ func Test_runVerifyGHAContainerBased(t *testing.T) { // 2. With the the full builderID including the semver in long form. // 3. With only the name of the builder. // 4. With no builder ID. - sv := path.Base(v) builder := "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/builder_container-based_slsa3.yml" refName := "@refs/tags/" diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v13.0.30 b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v13.0.30 new file mode 100644 index 000000000..e69de29bb diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl new file mode 100644 index 000000000..b49fc2ce0 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIHqjCCBzCgAwIBAgIUI/ltz0hgoDUBjTy2azKWC/+EJn8wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwODA0MDUyODQ2WhcNMjMwODA0MDUzODQ2WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEPbqyAG+E134Ce+ioudRF9O2N10BFNm02eTomoOq0qsVur5jP+8uIMOQtqG2uWQg8cFkQzbgCIdUTKwzPdf6E46OCBk8wggZLMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUFKxyS4Ijl1HRmCoUbHv/OYuqz+gwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgYsGA1UdEQEB/wSBgDB+hnxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZTAgBgorBgEEAYO/MAEGBBJyZWZzL3RhZ3MvdjEzLjAuMzAwOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMIGMBgorBgEEAYO/MAEJBH4MfGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9jb250YWluZXItYmFzZWRfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOAYKKwYBBAGDvzABCgQqDChjZGViM2E5MTY2MTBiYzAwYWY1ZGVlODNkMWFjZGQzYzcwNzk5MjNhMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBBBgorBgEEAYO/MAEMBDMMMWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UwOAYKKwYBBAGDvzABDQQqDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMCIGCisGAQQBg78wAQ4EFAwScmVmcy90YWdzL3YxMy4wLjMwMBkGCisGAQQBg78wAQ8ECwwJNDg2MzI1ODA5MDEGCisGAQQBg78wARAEIwwhaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrMBgGCisGAQQBg78wAREECgwIODA0MzExODcwgZ4GCisGAQQBg78wARIEgY8MgYxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sQHJlZnMvdGFncy92MTMuMC4zMDA4BgorBgEEAYO/MAETBCoMKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwFAYKKwYBBAGDvzABFAQGDARwdXNoMGQGCisGAQQBg78wARUEVgxUaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3NjM3NC9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGJvwUNoAAABAMARzBFAiA2TgIqvuD/yjM5uoX3GxdN1nmKSivaoLdUdUimxS53aAIhAP2kPVjYCKbFZ/1jt6U9EIkLCxrPlsusOx9xViKg1ULEMAoGCCqGSM49BAMDA2gAMGUCMQDrN/UJtRhVpmGPko51jxN33lZupJNNB7pilVmXhCjP4EZqoZU5jF0IriDLqCrOGfkCMGIfm3To0um2bgU5du4J3En+r78nJ5py0Q+eXokb/OqQsk0JtBCd0rff/g8agS64Vg=="}]},"tlogEntries":[{"logIndex":"30024065","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1691126926","inclusionPromise":{"signedEntryTimestamp":"MEQCIER8VWRsrch3n4e73uvBmP8By6ISMr2U4R8bfUyYYjdKAiBWC+yJMXbiVeA8fMWmIwLn9hzY8mfTcN75/2ULU4CKUA=="},"inclusionProof":{"logIndex":"25860634","rootHash":"e54C/BV+14gjzZ5tLDPl+++CvikJxDi38qf9pbM07Vw=","treeSize":"25860635","hashes":["aCMXm1nf6iKwn1sspm4B2R2XQPBTDb96Eo0YNXlvWKs=","2htkAxv5uUnH62SjinQWEGNO1rdpUk1Pk66Ur3ZMnw4=","hoBL56InEVLUC01gmowUko9kxXLjtM+BpCooEYIRSH8=","zkMkcaz92DGYlPkfYG87KQOrZjeCThBd++C4EgE4AzE=","TiA9mXMnQv2D9PmLW4+HrgsnhvNm0RwWo2nEGz7qlK4=","4ENBAkPwIE0fRgfk7/cJ0UCi16+Mun0+v3oT1goXFP4=","s4UVWi4muWt57a8kMQJ/vfgrWqOS+8JHI0y+HqLsMXs=","WdPKsG/7yNZXY/lUooBBNtBAjB8V43stbKtAr++E4XI=","YrnwfrgpkX9pEYgc/bhY7qN7YEXpx5kVtTu1Qk0ZHms=","jRUq4D8O+FI47Wbw96s7yHCu4qzWUxpIVfxQEeprDmc=","rXEsmEJN4PEoTU8US4qVtdIsGB1MCiRlGOepoiC99kM="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n25860635\ne54C/BV+14gjzZ5tLDPl+++CvikJxDi38qf9pbM07Vw=\nTimestamp: 1691126927048328765\n\nā€” rekor.sigstore.dev wNI9ajBEAiBPhRM65XNwea6dhUQxPA7v4wUOS38PosVnG2Bunna1RgIgWJM3YJ9U9kZZUrUYg4eo52izphpZmFQq/vA/OcrQDiU=\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWh4YWtORFFucERaMEYzU1VKQlowbFZTUzlzZEhvd2FHZHZSRlZDYWxSNU1tRjZTMWRETHl0RlNtNDRkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDA5RVFUQk5SRlY1VDBSUk1sZG9ZMDVOYWsxM1QwUkJNRTFFVlhwUFJGRXlWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWUVluRjVRVWNyUlRFek5FTmxLMmx2ZFdSU1JqbFBNazR4TUVKR1RtMHdNbVZVYjIwS2IwOXhNSEZ6Vm5WeU5XcFFLemgxU1UxUFVYUnhSekoxVjFGbk9HTkdhMUY2WW1kRFNXUlZWRXQzZWxCa1pqWkZORFpQUTBKck9IZG5aMXBNVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWR1MzaDVDbE0wU1dwc01VaFNiVU52VldKSWRpOVBXWFZ4ZWl0bmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQyZFpjMGRCTVZWa1JWRkZRaTkzVTBKblJFSXJhRzU0YjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15ZUhwWlV6RnRZMjFHZEFwYVdHUjJZMjF6ZG1NeWVIcFpVekZ1WVZoU2IyUlhTWFJhTWxaMVdsaEthR1JIT1hsTWVUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTWtveENtRlhlR3RhV0VwbVdUSTVkV1JIUm5CaWJWWjVURmRLYUdNeVZtdFlNMDV6WXpKRmVreHViSFJpUlVKNVdsZGFla3d6VW1oYU0wMTJaR3BGZFU5RE5IY0tUVVJyUjBOcGMwZEJVVkZDWnpjNGQwRlJSVVZMTW1nd1pFaENlazlwT0haa1J6bHlXbGMwZFZsWFRqQmhWemwxWTNrMWJtRllVbTlrVjBveFl6SldlUXBaTWpsMVpFZFdkV1JETldwaU1qQjNSV2RaUzB0M1dVSkNRVWRFZG5wQlFrRm5VVVZqU0ZaNllVUkJNa0puYjNKQ1owVkZRVmxQTDAxQlJVUkNRMmN5Q2xreVdUSk9la1p0VGtSa2JVMTZZekZOYlZrMVRqSkpOVnBxVm1sYWJWa3hUVlJHYkUxNlpHbFBWRTAwV20xVmVFMUhVWGxOUmxWSFEybHpSMEZSVVVJS1p6YzRkMEZSVVVWU2VUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTTFwc1kyMXNiV0ZYVm5sTVYxVjVXbE0xYUdKSGQzVmtNamw1WVRKYWN3cGlNMlJtV2tkc2VtTkhSakJaTW1kMVlsZEdjR0pwTldoaVIzZDFZeko0ZWxsVVRYVmxWekZ6VFVOM1IwTnBjMGRCVVZGQ1p6YzRkMEZSVlVWSWJrNXpDbU15UlhSYWJrcG9ZbGRXTTJJelNuSk1NbFkwV1ZjeGQySkhWWFJqUjBacVlUSkdibHBVUVdkQ1oyOXlRbWRGUlVGWlR5OU5RVVZIUWtKS2VWcFhXbm9LVEROU2FGb3pUWFprYWtWNlRHcEJkVTE2UVhkUGQxbExTM2RaUWtKQlIwUjJla0ZDUTBGUmRFUkRkRzlrU0ZKM1kzcHZka3d6VW5aaE1sWjFURzFHYWdwa1IyeDJZbTVOZFZveWJEQmhTRlpwWkZoT2JHTnRUblppYmxKc1ltNVJkVmt5T1hSTlNVZE5RbWR2Y2tKblJVVkJXVTh2VFVGRlNrSklORTFtUjJnd0NtUklRbnBQYVRoMldqSnNNR0ZJVm1sTWJVNTJZbE01ZW1KSVRtaE1WMXA1V1ZjeGJHUXlPWGxoZVRsNllraE9hRXhYWkhCa1IyZ3hXV2t4YmxwWE5Xd0tZMjFHTUdJelNYWk1iV1J3WkVkb01WbHBPVE5pTTBweVdtMTRkbVF6VFhaWmJsWndZa2RTYkdOc09XcGlNalV3V1Zkc2RWcFlTWFJaYlVaNldsZFNaZ3BqTW5oNldWUk5kV1ZYTVhOUlNFcHNXbTVOZG1SSFJtNWplVGt5VFZNME5FeHFRWGRQUVZsTFMzZFpRa0pCUjBSMmVrRkNRMmRSY1VSRGFHcGFSMVpwQ2sweVJUVk5WRmt5VFZSQ2FWbDZRWGRaVjFreFdrZFdiRTlFVG10TlYwWnFXa2RSZWxsNlkzZE9lbXMxVFdwT2FFMUNNRWREYVhOSFFWRlJRbWMzT0hjS1FWRnpSVVIzZDA1YU1td3dZVWhXYVV4WGFIWmpNMUpzV2tSQ1FrSm5iM0pDWjBWRlFWbFBMMDFCUlUxQ1JFMU5UVmRvTUdSSVFucFBhVGgyV2pKc01BcGhTRlpwVEcxT2RtSlRPWHBpU0U1b1RGZGFlVmxYTVd4a01qbDVZWGs1YkdWSFJuUmpSM2hzVEZoQ2FGa3lkR2hhTWxWM1QwRlpTMHQzV1VKQ1FVZEVDblo2UVVKRVVWRnhSRU5uTWxreVdUSk9la1p0VGtSa2JVMTZZekZOYlZrMVRqSkpOVnBxVm1sYWJWa3hUVlJHYkUxNlpHbFBWRTAwV20xVmVFMUhVWGtLVFVOSlIwTnBjMGRCVVZGQ1p6YzRkMEZSTkVWR1FYZFRZMjFXYldONU9UQlpWMlI2VEROWmVFMTVOSGRNYWsxM1RVSnJSME5wYzBkQlVWRkNaemM0ZHdwQlVUaEZRM2QzU2s1RVp6Sk5la2t4VDBSQk5VMUVSVWREYVhOSFFWRlJRbWMzT0hkQlVrRkZTWGQzYUdGSVVqQmpTRTAyVEhrNWJtRllVbTlrVjBsMUNsa3lPWFJNTTA1ell6SkZkRnB1U21oaVYxWXpZak5LY2sxQ1owZERhWE5IUVZGUlFtYzNPSGRCVWtWRlEyZDNTVTlFUVRCTmVrVjRUMFJqZDJkYU5FY0tRMmx6UjBGUlVVSm5OemgzUVZKSlJXZFpPRTFuV1hodlpFaFNkMk42YjNaTU1tUndaRWRvTVZscE5XcGlNakIyWXpKNGVsbFRNVzFqYlVaMFdsaGtkZ3BqYlhOMldsaG9hR0pZUW5OYVV6RjNXVmRPY2xsWFpHeE1lVFZ1WVZoU2IyUlhTWFprTWpsNVlUSmFjMkl6WkhwTU0xcHNZMjFzYldGWFZubE1WMVY1Q2xwVE5XaGlSM2QxWkRJNWVXRXlXbk5pTTJSbVdrZHNlbU5IUmpCWk1tZDFZbGRHY0dKcE5XaGlSM2QxWXpKNGVsbFVUWFZsVnpGelVVaEtiRnB1VFhZS1pFZEdibU41T1RKTlZFMTFUVU0wZWsxRVFUUkNaMjl5UW1kRlJVRlpUeTlOUVVWVVFrTnZUVXRFV21wYWFsa3pUVmRaTUU0eVdYcE9lbFY1V21wck13cFphbXh0VGxkS2JWcHFWWGhOVjFWNlRqSkpOVTE2YUcxYVZFVjNXa1JKZDBaQldVdExkMWxDUWtGSFJIWjZRVUpHUVZGSFJFRlNkMlJZVG05TlIxRkhDa05wYzBkQlVWRkNaemM0ZDBGU1ZVVldaM2hWWVVoU01HTklUVFpNZVRsdVlWaFNiMlJYU1hWWk1qbDBURE5PYzJNeVJYUmFia3BvWWxkV00ySXpTbklLVERKV05GbFhNWGRpUjFWMFkwZEdhbUV5Um01YVV6bG9XVE5TY0dJeU5YcE1NMG94WW01TmRrNVVZekZQUkdNelRtcE5NMDVET1doa1NGSnNZbGhDTUFwamVUaDRUVUpaUjBOcGMwZEJVVkZDWnpjNGQwRlNXVVZEUVhkSFkwaFdhV0pIYkdwTlNVZExRbWR2Y2tKblJVVkJaRm8xUVdkUlEwSklkMFZsWjBJMENrRklXVUV6VkRCM1lYTmlTRVZVU21wSFVqUmpiVmRqTTBGeFNrdFljbXBsVUVzekwyZzBjSGxuUXpod04yODBRVUZCUjBwMmQxVk9iMEZCUVVKQlRVRUtVbnBDUmtGcFFUSlVaMGx4ZG5WRUwzbHFUVFYxYjFnelIzaGtUakZ1YlV0VGFYWmhiMHhrVldSVmFXMTRVelV6WVVGSmFFRlFNbXRRVm1wWlEwdGlSZ3BhTHpGcWREWlZPVVZKYTB4RGVISlFiSE4xYzA5NE9YaFdhVXRuTVZWTVJVMUJiMGREUTNGSFUwMDBPVUpCVFVSQk1tZEJUVWRWUTAxUlJISk9MMVZLQ25SU2FGWndiVWRRYTI4MU1XcDRUak16YkZwMWNFcE9Ua0kzY0dsc1ZtMVlhRU5xVURSRlduRnZXbFUxYWtZd1NYSnBSRXh4UTNKUFIyWnJRMDFIU1dZS2JUTlViekIxYlRKaVoxVTFaSFUwU2pORmJpdHlOemh1U2pWd2VUQlJLMlZZYjJ0aUwwOXhVWE5yTUVwMFFrTmtNSEptWmk5bk9HRm5VelkwVm1jOVBRb3RMUzB0TFVWT1JDQkRSVkpVU1VaSlEwRlVSUzB0TFMwdCIsInNpZyI6IlRVVlZRMGxSUTBsMk56RnRSbVF4V0daRGFHVkxORXRXZHpjM1MyNUZkQ3RyWnpOa1VWTjVNWEp3ZFVsTUwyRXdja0ZKWjFaU2NEbHRTWGhJTWxOa00ySnFiM1Z5Vm1obkx6Um1OVFpDZFZJeWIwdE5SMU5FTDJ4TFdWTnZhakE5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6IjhkNWE3YWNiZDI5MDJjOGIxYjVmY2M1ZjI3MzY3YzQwNTE1MmEyNTU1ZGVkNTIzMzJiYzg1ODEzM2E0ZTAwMjUifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI0NzZkYTExYTIwMDVmN2U0NWMwNzlmMzE5Zjg1ZGU2ZWRmYWExYmNkYjg4YTU0ZjVjOGQ0ODIxYmNkMTU1ZjBlIn19fX0="}]},"dsseEnvelope":{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTMuMC4zMCIsImRpZ2VzdCI6eyJzaGEyNTYiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1In19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MSIsInByZWRpY2F0ZSI6eyJidWlsZERlZmluaXRpb24iOnsiYnVpbGRUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9jb250YWluZXItYmFzZWQtYnVpbGQvdjAuMT9kcmFmdCIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJzb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy90YWdzL3YxMy4wLjMwIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19LCJidWlsZGVySW1hZ2UiOnsidXJpIjoiYmFzaEBzaGEyNTY6OWUyYmE1MjQ4N2Q5NDU1MDRkMjUwZGUxODZjYjRmZTJlM2JhMDIzZWQyOTIxZGQ2YWM4Yjk3ZWQ0M2U3NmFmOSIsImRpZ2VzdCI6eyJzaGEyNTYiOiI5ZTJiYTUyNDg3ZDk0NTUwNGQyNTBkZTE4NmNiNGZlMmUzYmEwMjNlZDI5MjFkZDZhYzhiOTdlZDQzZTc2YWY5In19LCJjb25maWdQYXRoIjoiLmdpdGh1Yi9jb25maWdzLWRvY2tlci9jb25maWctdGFnLXYxMy4wLjMwLnRvbWwiLCJidWlsZENvbmZpZyI6eyJBcnRpZmFjdFBhdGgiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTMuMC4zMCIsIkNvbW1hbmQiOlsidG91Y2giLCJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTMuMC4zMCJdfX0sInJlc29sdmVkRGVwZW5kZW5jaWVzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjEzLjAuMzAiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0seyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvckByZWZzL3RhZ3MvdjEuOC4wIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImQxNGUwMDY4YjJlYmZjYzIyYTI4M2Q3YjYzOTg0ZTJjNTdjOWQ4NDY5M2Y0M2YwYWZkYWI5NTYwYTY4ZDZjMTEifX1dLCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiR0lUSFVCX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfRVZFTlRfTkFNRSI6InB1c2giLCJHSVRIVUJfUkVGIjoicmVmcy90YWdzL3YxMy4wLjMwIiwiR0lUSFVCX1JFRl9UWVBFIjoidGFnIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJHSVRIVUJfUkVQT1NJVE9SWV9JRCI6IjQ4NjMyNTgwOSIsIkdJVEhVQl9SRVBPU0lUT1JZX09XTkVSX0lEIjoiODA0MzExODciLCJHSVRIVUJfUlVOX0FUVEVNUFQiOiIxIiwiR0lUSFVCX1JVTl9JRCI6NTc1ODc3NjM3NCwiR0lUSFVCX1JVTl9OVU1CRVIiOjcwLCJHSVRIVUJfU0hBIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIkdJVEhVQl9UUklHR0VSSU5HX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfV09SS0ZMT1ciOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCIsIkdJVEhVQl9XT1JLRkxPV19SRUYiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy90YWdzL3YxMy4wLjMwIiwiR0lUSFVCX1dPUktGTE9XX1NIQSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJHSVRIVUJfQkFTRV9SRUYiOiIiLCJHSVRIVUJfRVZFTlRfUEFZTE9BRCI6eyJhZnRlciI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS92MTMuMC4zMCIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIDxpYW5sZXdpc0Bnb29nbGUuY29tPiIsInRpbWVzdGFtcCI6IjIwMjMtMDgtMDRUMTQ6MjY6MDgrMDk6MDAiLCJ0cmVlX2lkIjoiODIwMmE5YTcwNzUxN2EyZWUzZTI1ZWMzNGJkYzM4Yzg2YTNlZGRiNiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0LzZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwib3JnYW5pemF0aW9uIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZGVzY3JpcHRpb24iOiJTdXBwbHktY2hhaW4gTGV2ZWxzIGZvciBTb2Z0d2FyZSBBcnRpZmFjdHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50cyIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ob29rcyIsImlkIjo4MDQzMTE4NywiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9pc3N1ZXMiLCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvbWVtYmVyc3svbWVtYmVyfSIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsInB1YmxpY19tZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9wdWJsaWNfbWVtYmVyc3svbWVtYmVyfSIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yayJ9LCJwdXNoZXIiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6Imlhbmxld2lzIn0sInJlZiI6InJlZnMvdGFncy92MTMuMC4zMCIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS97YXJjaGl2ZV9mb3JtYXR9ey9yZWZ9IiwiYXJjaGl2ZWQiOmZhbHNlLCJhc3NpZ25lZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2JyYW5jaGVzey9icmFuY2h9IiwiY2xvbmVfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21tZW50c3svbnVtYmVyfSIsImNvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250ZW50cy97K3BhdGh9IiwiY29udHJpYnV0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOjE2NTEwODc4NDMsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOm51bGwsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjIwLCJmb3Jrc19jb3VudCI6MjAsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2ZvcmtzIiwiZnVsbF9uYW1lIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOnRydWUsImhhc19wYWdlcyI6ZmFsc2UsImhhc19wcm9qZWN0cyI6dHJ1ZSwiaGFzX3dpa2kiOnRydWUsImhvbWVwYWdlIjpudWxsLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImlkIjo0ODYzMjU4MDksImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiVHlwZVNjcmlwdCIsImxhbmd1YWdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiZXhhbXBsZS1wYWNrYWdlIiwibm9kZV9pZCI6IlJfa2dET0hQeS1NUSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjQxLCJvcGVuX2lzc3Vlc19jb3VudCI6NDEsIm9yZ2FuaXphdGlvbiI6InNsc2EtZnJhbWV3b3JrIiwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJlbWFpbCI6bnVsbCwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsiLCJpZCI6ODA0MzExODcsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJuYW1lIjoic2xzYS1mcmFtZXdvcmsiLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJPcmdhbml6YXRpb24iLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY5MTEyNjgwNSwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcmVsZWFzZXN7L2lkfSIsInNpemUiOjYzMjMsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0Iiwic3RhcmdhemVycyI6MTEsInN0YXJnYXplcnNfY291bnQiOjExLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMy0wOC0wMlQyMDowOTo0M1oiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoxMSwid2F0Y2hlcnNfY291bnQiOjExLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOnRydWV9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS80OTI4OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9pYW5sZXdpcyIsImlkIjo0OTI4OSwibG9naW4iOiJpYW5sZXdpcyIsIm5vZGVfaWQiOiJNRFE2VlhObGNqUTVNamc1Iiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMifX19fSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyX2NvbnRhaW5lci1iYXNlZF9zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVucy81NzU4Nzc2Mzc0L2F0dGVtcHRzLzEifX19fQ==","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEUCIQCIv71mFd1XfCheK4KVw77KnEt+kg3dQSy1rpuIL/a0rAIgVRp9mIxH2Sd3bjourVhg/4f56BuR2oKMGSD/lKYSoj0=","keyid":""}]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14 b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14 new file mode 100644 index 000000000..e69de29bb diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.2 b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.2 new file mode 100644 index 000000000..e69de29bb diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl new file mode 100644 index 000000000..a3fd26d22 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIHoTCCByegAwIBAgIUfNxAWYgPR4lajTspSmjDg4QvpWgwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwODA0MDUyODM1WhcNMjMwODA0MDUzODM1WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEu4cXh3yIDy/FUt6IKQjTecUbIKzrGOVopu9gXBREWj4zYOJwtPE0XwbKgEcIsJQun70UvKQFnAi13ANshc9Pt6OCBkYwggZCMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU6eHNJ1piB+FNmnan84BnxhtzkcgwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgYsGA1UdEQEB/wSBgDB+hnxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZTAdBgorBgEEAYO/MAEGBA9yZWZzL3RhZ3MvdjE0LjIwOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMIGMBgorBgEEAYO/MAEJBH4MfGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9jb250YWluZXItYmFzZWRfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOAYKKwYBBAGDvzABCgQqDChjZGViM2E5MTY2MTBiYzAwYWY1ZGVlODNkMWFjZGQzYzcwNzk5MjNhMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3RlZDBBBgorBgEEAYO/MAEMBDMMMWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UwOAYKKwYBBAGDvzABDQQqDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMB8GCisGAQQBg78wAQ4EEQwPcmVmcy90YWdzL3YxNC4yMBkGCisGAQQBg78wAQ8ECwwJNDg2MzI1ODA5MDEGCisGAQQBg78wARAEIwwhaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrMBgGCisGAQQBg78wAREECgwIODA0MzExODcwgZsGCisGAQQBg78wARIEgYwMgYlodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sQHJlZnMvdGFncy92MTQuMjA4BgorBgEEAYO/MAETBCoMKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwFAYKKwYBBAGDvzABFAQGDARwdXNoMGQGCisGAQQBg78wARUEVgxUaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3NjMwNC9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGJvwTisgAABAMARzBFAiEA+sx4CcpYZ38CYjXF/ET5tA+9fYw28ZSse4a7LvHyXSgCIB6dk1F1+VK1Hk2TpfmqxGXBqPZIQ1gTvGMah+GMviCGMAoGCCqGSM49BAMDA2gAMGUCMQDYSk06dfdfzveHq3p8v/Mfq/Xw+ijbNgqua25mZZYmvDb0I5mSVa3HMgSvQq0cXlsCMHJoTCGFxtTOWsZCHm1DLi/4qu3uazqv+aVvQR/a62CczEl/uO3rZZ7IAWSjqmSlyg=="}]},"tlogEntries":[{"logIndex":"30024054","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1691126916","inclusionPromise":{"signedEntryTimestamp":"MEUCIQDvU0EliJPTE7sFDgdt/QsjU+DhvLE0WB0rICQcoVmb8wIgRUTJHWqb557lfkILzp0h1vwT5Rs/CW6edj9rr0QhT8s="},"inclusionProof":{"logIndex":"25860623","rootHash":"8B5Ewp/Yds+8AxqsAB+LOosB4LZ58TxJpMWUvl8Wiiw=","treeSize":"25860624","hashes":["vqz9ZcjkdEIWVPW1L9a3O3aBK537d6mFDvwKNwwv9Fg=","em21YjmA5oYmfoEB2FsTUJBoxkC1+2/byxeATW+I2G4=","6OwxLM4Q/eh2XZ/dW3XAygVnkFcJC6Lq0gXAkNiw73A=","ZJlmrx4FFFICsk2ATygXK4wCmS/dAyRGRWhAnPJa5jI=","zkMkcaz92DGYlPkfYG87KQOrZjeCThBd++C4EgE4AzE=","TiA9mXMnQv2D9PmLW4+HrgsnhvNm0RwWo2nEGz7qlK4=","4ENBAkPwIE0fRgfk7/cJ0UCi16+Mun0+v3oT1goXFP4=","s4UVWi4muWt57a8kMQJ/vfgrWqOS+8JHI0y+HqLsMXs=","WdPKsG/7yNZXY/lUooBBNtBAjB8V43stbKtAr++E4XI=","YrnwfrgpkX9pEYgc/bhY7qN7YEXpx5kVtTu1Qk0ZHms=","jRUq4D8O+FI47Wbw96s7yHCu4qzWUxpIVfxQEeprDmc=","rXEsmEJN4PEoTU8US4qVtdIsGB1MCiRlGOepoiC99kM="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n25860624\n8B5Ewp/Yds+8AxqsAB+LOosB4LZ58TxJpMWUvl8Wiiw=\nTimestamp: 1691126916267964478\n\nā€” rekor.sigstore.dev wNI9ajBFAiAvTGSScpplvQbIacZHxooa81W2VF3k0YlwDumLi5Xf/gIhAKUSuyrdYxZeOTXwrdJMXAe+2Dltf29WYP59bWDBRI+N\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWh2VkVORFFubGxaMEYzU1VKQlowbFZaazU0UVZkWloxQlNOR3hoYWxSemNGTnRha1JuTkZGMmNGZG5kME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDA5RVFUQk5SRlY1VDBSTk1WZG9ZMDVOYWsxM1QwUkJNRTFFVlhwUFJFMHhWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWMU5HTllhRE41U1VSNUwwWlZkRFpKUzFGcVZHVmpWV0pKUzNweVIwOVdiM0IxT1djS1dFSlNSVmRxTkhwWlQwcDNkRkJGTUZoM1lrdG5SV05KYzBwUmRXNDNNRlYyUzFGR2JrRnBNVE5CVG5Ob1l6bFFkRFpQUTBKcldYZG5aMXBEVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZVMlpVaE9Da294Y0dsQ0swWk9iVzVoYmpnMFFtNTRhSFI2YTJObmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQyZFpjMGRCTVZWa1JWRkZRaTkzVTBKblJFSXJhRzU0YjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15ZUhwWlV6RnRZMjFHZEFwYVdHUjJZMjF6ZG1NeWVIcFpVekZ1WVZoU2IyUlhTWFJhTWxaMVdsaEthR1JIT1hsTWVUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTWtveENtRlhlR3RhV0VwbVdUSTVkV1JIUm5CaWJWWjVURmRLYUdNeVZtdFlNMDV6WXpKRmVreHViSFJpUlVKNVdsZGFla3d6VW1oYU0wMTJaR3BGZFU5RE5IY0tUVVJyUjBOcGMwZEJVVkZDWnpjNGQwRlJSVVZMTW1nd1pFaENlazlwT0haa1J6bHlXbGMwZFZsWFRqQmhWemwxWTNrMWJtRllVbTlrVjBveFl6SldlUXBaTWpsMVpFZFdkV1JETldwaU1qQjNSV2RaUzB0M1dVSkNRVWRFZG5wQlFrRm5VVVZqU0ZaNllVUkJNa0puYjNKQ1owVkZRVmxQTDAxQlJVUkNRMmN5Q2xreVdUSk9la1p0VGtSa2JVMTZZekZOYlZrMVRqSkpOVnBxVm1sYWJWa3hUVlJHYkUxNlpHbFBWRTAwV20xVmVFMUhVWGxOUmxWSFEybHpSMEZSVVVJS1p6YzRkMEZSVVVWU2VUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTTFwc1kyMXNiV0ZYVm5sTVYxVjVXbE0xYUdKSGQzVmtNamw1WVRKYWN3cGlNMlJtV2tkc2VtTkhSakJaTW1kMVlsZEdjR0pwTldoaVIzZDFZeko0ZWxsVVRYVmxWekZ6VFVOM1IwTnBjMGRCVVZGQ1p6YzRkMEZSVlVWSWJrNXpDbU15UlhSYWJrcG9ZbGRXTTJJelNuSk1NbFkwV1ZjeGQySkhWWFJqUjBacVlUSkdibHBVUVdSQ1oyOXlRbWRGUlVGWlR5OU5RVVZIUWtFNWVWcFhXbm9LVEROU2FGb3pUWFprYWtVd1RHcEpkMDkzV1V0TGQxbENRa0ZIUkhaNlFVSkRRVkYwUkVOMGIyUklVbmRqZW05MlRETlNkbUV5Vm5WTWJVWnFaRWRzZGdwaWJrMTFXakpzTUdGSVZtbGtXRTVzWTIxT2RtSnVVbXhpYmxGMVdUSTVkRTFKUjAxQ1oyOXlRbWRGUlVGWlR5OU5RVVZLUWtnMFRXWkhhREJrU0VKNkNrOXBPSFphTW13d1lVaFdhVXh0VG5aaVV6bDZZa2hPYUV4WFdubFpWekZzWkRJNWVXRjVPWHBpU0U1b1RGZGtjR1JIYURGWmFURnVXbGMxYkdOdFJqQUtZak5KZGt4dFpIQmtSMmd4V1drNU0ySXpTbkphYlhoMlpETk5kbGx1Vm5CaVIxSnNZMnc1YW1JeU5UQlpWMngxV2xoSmRGbHRSbnBhVjFKbVl6SjRlZ3BaVkUxMVpWY3hjMUZJU214YWJrMTJaRWRHYm1ONU9USk5VelEwVEdwQmQwOUJXVXRMZDFsQ1FrRkhSSFo2UVVKRFoxRnhSRU5vYWxwSFZtbE5Na1UxQ2sxVVdUSk5WRUpwV1hwQmQxbFhXVEZhUjFac1QwUk9hMDFYUm1wYVIxRjZXWHBqZDA1NmF6Vk5hazVvVFVJd1IwTnBjMGRCVVZGQ1p6YzRkMEZSYzBVS1JIZDNUbG95YkRCaFNGWnBURmRvZG1NelVteGFSRUpDUW1kdmNrSm5SVVZCV1U4dlRVRkZUVUpFVFUxTlYyZ3daRWhDZWs5cE9IWmFNbXd3WVVoV2FRcE1iVTUyWWxNNWVtSklUbWhNVjFwNVdWY3hiR1F5T1hsaGVUbHNaVWRHZEdOSGVHeE1XRUpvV1RKMGFGb3lWWGRQUVZsTFMzZFpRa0pCUjBSMmVrRkNDa1JSVVhGRVEyY3lXVEpaTWs1NlJtMU9SR1J0VFhwak1VMXRXVFZPTWtrMVdtcFdhVnB0V1RGTlZFWnNUWHBrYVU5VVRUUmFiVlY0VFVkUmVVMUNPRWNLUTJselIwRlJVVUpuTnpoM1FWRTBSVVZSZDFCamJWWnRZM2s1TUZsWFpIcE1NMWw0VGtNMGVVMUNhMGREYVhOSFFWRlJRbWMzT0hkQlVUaEZRM2QzU2dwT1JHY3lUWHBKTVU5RVFUVk5SRVZIUTJselIwRlJVVUpuTnpoM1FWSkJSVWwzZDJoaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1ekNtTXlSWFJhYmtwb1lsZFdNMkl6U25KTlFtZEhRMmx6UjBGUlVVSm5OemgzUVZKRlJVTm5kMGxQUkVFd1RYcEZlRTlFWTNkblduTkhRMmx6UjBGUlVVSUtaemM0ZDBGU1NVVm5XWGROWjFsc2IyUklVbmRqZW05MlRESmtjR1JIYURGWmFUVnFZakl3ZG1NeWVIcFpVekZ0WTIxR2RGcFlaSFpqYlhOMldsaG9hQXBpV0VKeldsTXhkMWxYVG5KWlYyUnNUSGsxYm1GWVVtOWtWMGwyWkRJNWVXRXlXbk5pTTJSNlRETmFiR050YkcxaFYxWjVURmRWZVZwVE5XaGlSM2QxQ21ReU9YbGhNbHB6WWpOa1pscEhiSHBqUjBZd1dUSm5kV0pYUm5CaWFUVm9Za2QzZFdNeWVIcFpWRTExWlZjeGMxRklTbXhhYmsxMlpFZEdibU41T1RJS1RWUlJkVTFxUVRSQ1oyOXlRbWRGUlVGWlR5OU5RVVZVUWtOdlRVdEVXbXBhYWxrelRWZFpNRTR5V1hwT2VsVjVXbXByTTFscWJHMU9WMHB0V21wVmVBcE5WMVY2VGpKSk5VMTZhRzFhVkVWM1drUkpkMFpCV1V0TGQxbENRa0ZIUkhaNlFVSkdRVkZIUkVGU2QyUllUbTlOUjFGSFEybHpSMEZSVVVKbk56aDNDa0ZTVlVWV1ozaFZZVWhTTUdOSVRUWk1lVGx1WVZoU2IyUlhTWFZaTWpsMFRETk9jMk15UlhSYWJrcG9ZbGRXTTJJelNuSk1NbFkwV1ZjeGQySkhWWFFLWTBkR2FtRXlSbTVhVXpsb1dUTlNjR0l5TlhwTU0wb3hZbTVOZGs1VVl6RlBSR016VG1wTmQwNURPV2hrU0ZKc1lsaENNR041T0hoTlFsbEhRMmx6UndwQlVWRkNaemM0ZDBGU1dVVkRRWGRIWTBoV2FXSkhiR3BOU1VkTFFtZHZja0puUlVWQlpGbzFRV2RSUTBKSWQwVmxaMEkwUVVoWlFUTlVNSGRoYzJKSUNrVlVTbXBIVWpSamJWZGpNMEZ4U2t0WWNtcGxVRXN6TDJnMGNIbG5Remh3TjI4MFFVRkJSMHAyZDFScGMyZEJRVUpCVFVGU2VrSkdRV2xGUVN0emVEUUtRMk53V1Zvek9FTlphbGhHTDBWVU5YUkJLemxtV1hjeU9GcFRjMlUwWVRkTWRraDVXRk5uUTBsQ05tUnJNVVl4SzFaTE1VaHJNbFJ3Wm0xeGVFZFlRZ3B4VUZwSlVURm5WSFpIVFdGb0swZE5kbWxEUjAxQmIwZERRM0ZIVTAwME9VSkJUVVJCTW1kQlRVZFZRMDFSUkZsVGF6QTJaR1prWm5wMlpVaHhNM0E0Q25ZdlRXWnhMMWgzSzJscVlrNW5jWFZoTWpWdFdscFpiWFpFWWpCSk5XMVRWbUV6U0UxblUzWlJjVEJqV0d4elEwMUlTbTlVUTBkR2VIUlVUMWR6V2tNS1NHMHhSRXhwTHpSeGRUTjFZWHB4ZGl0aFZuWlJVaTloTmpKRFkzcEZiQzkxVHpOeVdsbzNTVUZYVTJweGJWTnNlV2M5UFFvdExTMHRMVVZPUkNCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Iiwic2lnIjoiVFVWWlEwbFJRelZWYlVoVFRrOU9aa2t4TmxBMlZqRkhlbmROTlc1NmJXbFNUakl5UlV0VlFUbE1aVzlUWTNsTWExRkphRUZNWmxkUGNUbFhTRVZwWTFCNFYydDVUWGhhWWpZNFNFNUNNSG8yT0hsMk0xUXpWMEV2UlM5bU9YWlUifV19LCJoYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiMTg2YzYwYjRmN2ZhMWE5ZmM5NjJiZGRiOGNlOTIxZmM5YjEzYWNmY2MxODE2ODhlODNkNTU2YmM4MmFhZWJjOCJ9LCJwYXlsb2FkSGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImY1MDU0OWQyOTEzYWQ4ZDczMWMzMDllNDk5OTQ4NzI3MmI1NjZkZmRmYTUxMTQ5YWIxYzI0M2VmMzViMzIyYTEifX19fQ=="}]},"dsseEnvelope":{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTQuMiIsImRpZ2VzdCI6eyJzaGEyNTYiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1In19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MSIsInByZWRpY2F0ZSI6eyJidWlsZERlZmluaXRpb24iOnsiYnVpbGRUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9jb250YWluZXItYmFzZWQtYnVpbGQvdjAuMT9kcmFmdCIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJzb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy90YWdzL3YxNC4yIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19LCJidWlsZGVySW1hZ2UiOnsidXJpIjoiYmFzaEBzaGEyNTY6OWUyYmE1MjQ4N2Q5NDU1MDRkMjUwZGUxODZjYjRmZTJlM2JhMDIzZWQyOTIxZGQ2YWM4Yjk3ZWQ0M2U3NmFmOSIsImRpZ2VzdCI6eyJzaGEyNTYiOiI5ZTJiYTUyNDg3ZDk0NTUwNGQyNTBkZTE4NmNiNGZlMmUzYmEwMjNlZDI5MjFkZDZhYzhiOTdlZDQzZTc2YWY5In19LCJjb25maWdQYXRoIjoiLmdpdGh1Yi9jb25maWdzLWRvY2tlci9jb25maWctdGFnLXYxNC4yLnRvbWwiLCJidWlsZENvbmZpZyI6eyJBcnRpZmFjdFBhdGgiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTQuMiIsIkNvbW1hbmQiOlsidG91Y2giLCJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTQuMiJdfX0sInJlc29sdmVkRGVwZW5kZW5jaWVzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjE0LjIiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0seyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvckByZWZzL3RhZ3MvdjEuOC4wIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImQxNGUwMDY4YjJlYmZjYzIyYTI4M2Q3YjYzOTg0ZTJjNTdjOWQ4NDY5M2Y0M2YwYWZkYWI5NTYwYTY4ZDZjMTEifX1dLCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiR0lUSFVCX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfRVZFTlRfTkFNRSI6InB1c2giLCJHSVRIVUJfUkVGIjoicmVmcy90YWdzL3YxNC4yIiwiR0lUSFVCX1JFRl9UWVBFIjoidGFnIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJHSVRIVUJfUkVQT1NJVE9SWV9JRCI6IjQ4NjMyNTgwOSIsIkdJVEhVQl9SRVBPU0lUT1JZX09XTkVSX0lEIjoiODA0MzExODciLCJHSVRIVUJfUlVOX0FUVEVNUFQiOiIxIiwiR0lUSFVCX1JVTl9JRCI6NTc1ODc3NjMwNCwiR0lUSFVCX1JVTl9OVU1CRVIiOjY5LCJHSVRIVUJfU0hBIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIkdJVEhVQl9UUklHR0VSSU5HX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfV09SS0ZMT1ciOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCIsIkdJVEhVQl9XT1JLRkxPV19SRUYiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy90YWdzL3YxNC4yIiwiR0lUSFVCX1dPUktGTE9XX1NIQSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJHSVRIVUJfQkFTRV9SRUYiOiIiLCJHSVRIVUJfRVZFTlRfUEFZTE9BRCI6eyJhZnRlciI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS92MTQuMiIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIDxpYW5sZXdpc0Bnb29nbGUuY29tPiIsInRpbWVzdGFtcCI6IjIwMjMtMDgtMDRUMTQ6MjY6MDgrMDk6MDAiLCJ0cmVlX2lkIjoiODIwMmE5YTcwNzUxN2EyZWUzZTI1ZWMzNGJkYzM4Yzg2YTNlZGRiNiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0LzZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwib3JnYW5pemF0aW9uIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZGVzY3JpcHRpb24iOiJTdXBwbHktY2hhaW4gTGV2ZWxzIGZvciBTb2Z0d2FyZSBBcnRpZmFjdHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50cyIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ob29rcyIsImlkIjo4MDQzMTE4NywiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9pc3N1ZXMiLCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvbWVtYmVyc3svbWVtYmVyfSIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsInB1YmxpY19tZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9wdWJsaWNfbWVtYmVyc3svbWVtYmVyfSIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yayJ9LCJwdXNoZXIiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6Imlhbmxld2lzIn0sInJlZiI6InJlZnMvdGFncy92MTQuMiIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS97YXJjaGl2ZV9mb3JtYXR9ey9yZWZ9IiwiYXJjaGl2ZWQiOmZhbHNlLCJhc3NpZ25lZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2JyYW5jaGVzey9icmFuY2h9IiwiY2xvbmVfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21tZW50c3svbnVtYmVyfSIsImNvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250ZW50cy97K3BhdGh9IiwiY29udHJpYnV0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOjE2NTEwODc4NDMsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOm51bGwsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjIwLCJmb3Jrc19jb3VudCI6MjAsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2ZvcmtzIiwiZnVsbF9uYW1lIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOnRydWUsImhhc19wYWdlcyI6ZmFsc2UsImhhc19wcm9qZWN0cyI6dHJ1ZSwiaGFzX3dpa2kiOnRydWUsImhvbWVwYWdlIjpudWxsLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImlkIjo0ODYzMjU4MDksImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiVHlwZVNjcmlwdCIsImxhbmd1YWdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiZXhhbXBsZS1wYWNrYWdlIiwibm9kZV9pZCI6IlJfa2dET0hQeS1NUSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjQxLCJvcGVuX2lzc3Vlc19jb3VudCI6NDEsIm9yZ2FuaXphdGlvbiI6InNsc2EtZnJhbWV3b3JrIiwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJlbWFpbCI6bnVsbCwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsiLCJpZCI6ODA0MzExODcsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJuYW1lIjoic2xzYS1mcmFtZXdvcmsiLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJPcmdhbml6YXRpb24iLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY5MTEyNjgwNSwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcmVsZWFzZXN7L2lkfSIsInNpemUiOjYzMjMsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0Iiwic3RhcmdhemVycyI6MTEsInN0YXJnYXplcnNfY291bnQiOjExLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMy0wOC0wMlQyMDowOTo0M1oiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoxMSwid2F0Y2hlcnNfY291bnQiOjExLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOnRydWV9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS80OTI4OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9pYW5sZXdpcyIsImlkIjo0OTI4OSwibG9naW4iOiJpYW5sZXdpcyIsIm5vZGVfaWQiOiJNRFE2VlhObGNqUTVNamc1Iiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMifX19fSwicnVuRGV0YWlscyI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWlsZGVyX2NvbnRhaW5lci1iYXNlZF9zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJtZXRhZGF0YSI6eyJpbnZvY2F0aW9uSWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVucy81NzU4Nzc2MzA0L2F0dGVtcHRzLzEifX19fQ==","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEYCIQC5UmHSNONfI16P6V1GzwM5nzmiRN22EKUA9LeoScyLkQIhALfWOq9WHEicPxWkyMxZb68HNB0z68yv3T3WA/E/f9vT","keyid":""}]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.intoto.build.slsa b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.intoto.build.slsa new file mode 100644 index 000000000..18fe684a3 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-push-v14.intoto.build.slsa @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIHmzCCByGgAwIBAgIUB9pYQHGb03rtGW9/0VvUf/f1COQwCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwODA0MDUyODM2WhcNMjMwODA0MDUzODM2WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEcvJhhA3125iGXpSMzE4PwRQb4D5VCY+u8mpOXB+/qS0hk8alnTWAfbRIsl6z+0g5fBWVj1gweSFv71pl1iOAzKOCBkAwggY8MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU7Q+skuNoKDNc2z56Vg9CyCLIRNEwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgYsGA1UdEQEB/wSBgDB+hnxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYKKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZTAbBgorBgEEAYO/MAEGBA1yZWZzL3RhZ3MvdjE0MDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBjAYKKwYBBAGDvzABCQR+DHxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDgGCisGAQQBg78wAQoEKgwoY2RlYjNhOTE2NjEwYmMwMGFmNWRlZTgzZDFhY2RkM2M3MDc5OTIzYTAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGDvzABDAQzDDFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMDgGCisGAQQBg78wAQ0EKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjAdBgorBgEEAYO/MAEOBA8MDXJlZnMvdGFncy92MTQwGQYKKwYBBAGDvzABDwQLDAk0ODYzMjU4MDkwMQYKKwYBBAGDvzABEAQjDCFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmswGAYKKwYBBAGDvzABEQQKDAg4MDQzMTE4NzCBmQYKKwYBBAGDvzABEgSBigyBh2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy90YWdzL3YxNDA4BgorBgEEAYO/MAETBCoMKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwFAYKKwYBBAGDvzABFAQGDARwdXNoMGQGCisGAQQBg78wARUEVgxUaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3NjMwMy9hdHRlbXB0cy8xMBYGCisGAQQBg78wARYECAwGcHVibGljMIGKBgorBgEEAdZ5AgQCBHwEegB4AHYA3T0wasbHETJjGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGJvwTldwAABAMARzBFAiEAq+ZmSUpe5+kBe2Qog9PWDNJEFoFgDvWoHNopmUCdzhoCIBjz7ZAZabXbcMVtievhs9Yrr7bf3EABZsrI/MR4p/MTMAoGCCqGSM49BAMDA2gAMGUCMQDRunwWCVJFTutu75cGWXw5F8OBr8vVTbrrGfGTczr+ONjjk8SVfBnZ5ErWQ1cVDV4CMA8hqqyU5NgZu7Xvk2Mkwlj56A8DyYEaKjkTrTqsbYrYmTNUzuNWa4E1k3/xELs2BQ=="}]},"tlogEntries":[{"logIndex":"30024055","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1691126916","inclusionPromise":{"signedEntryTimestamp":"MEUCICSKkAkdU2NtSKkQHcjifKRVoCXrVvu49i/aBDFyIy2NAiEAvYn1IFNv7go9RxLdWXceeG9hIKBrMV5LOojoW11rhrI="},"inclusionProof":{"logIndex":"25860624","rootHash":"EMhP/yK52R9Ee9ZAWkRtquoNlrJWH1dOESkAoPSZUTE=","treeSize":"25860625","hashes":["hoBL56InEVLUC01gmowUko9kxXLjtM+BpCooEYIRSH8=","zkMkcaz92DGYlPkfYG87KQOrZjeCThBd++C4EgE4AzE=","TiA9mXMnQv2D9PmLW4+HrgsnhvNm0RwWo2nEGz7qlK4=","4ENBAkPwIE0fRgfk7/cJ0UCi16+Mun0+v3oT1goXFP4=","s4UVWi4muWt57a8kMQJ/vfgrWqOS+8JHI0y+HqLsMXs=","WdPKsG/7yNZXY/lUooBBNtBAjB8V43stbKtAr++E4XI=","YrnwfrgpkX9pEYgc/bhY7qN7YEXpx5kVtTu1Qk0ZHms=","jRUq4D8O+FI47Wbw96s7yHCu4qzWUxpIVfxQEeprDmc=","rXEsmEJN4PEoTU8US4qVtdIsGB1MCiRlGOepoiC99kM="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n25860625\nEMhP/yK52R9Ee9ZAWkRtquoNlrJWH1dOESkAoPSZUTE=\nTimestamp: 1691126916906740671\n\nā€” rekor.sigstore.dev wNI9ajBFAiB9U0MlxfszORMfCwSpola4ewyR+Nfy6MZJW3gz9qqrlAIhAPfUzCb9jVjXqoGGbXXTKUQ+YxOactPtHtG+aJ9o1lSO\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWh0ZWtORFFubEhaMEYzU1VKQlowbFZRamx3V1ZGSVIySXdNM0owUjFjNUx6QldkbFZtTDJZeFEwOVJkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDA5RVFUQk5SRlY1VDBSTk1sZG9ZMDVOYWsxM1QwUkJNRTFFVlhwUFJFMHlWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVWamRrcG9hRUV6TVRJMWFVZFljRk5OZWtVMFVIZFNVV0kwUkRWV1Exa3JkVGh0Y0U4S1dFSXJMM0ZUTUdock9HRnNibFJYUVdaaVVrbHpiRFo2S3pCbk5XWkNWMVpxTVdkM1pWTkdkamN4Y0d3eGFVOUJla3RQUTBKclFYZG5aMWs0VFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZVM1VTdHpDbXQxVG05TFJFNWpNbm8xTmxabk9VTjVRMHhKVWs1RmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQyZFpjMGRCTVZWa1JWRkZRaTkzVTBKblJFSXJhRzU0YjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15ZUhwWlV6RnRZMjFHZEFwYVdHUjJZMjF6ZG1NeWVIcFpVekZ1WVZoU2IyUlhTWFJhTWxaMVdsaEthR1JIT1hsTWVUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTWtveENtRlhlR3RhV0VwbVdUSTVkV1JIUm5CaWJWWjVURmRLYUdNeVZtdFlNMDV6WXpKRmVreHViSFJpUlVKNVdsZGFla3d6VW1oYU0wMTJaR3BGZFU5RE5IY0tUVVJyUjBOcGMwZEJVVkZDWnpjNGQwRlJSVVZMTW1nd1pFaENlazlwT0haa1J6bHlXbGMwZFZsWFRqQmhWemwxWTNrMWJtRllVbTlrVjBveFl6SldlUXBaTWpsMVpFZFdkV1JETldwaU1qQjNSV2RaUzB0M1dVSkNRVWRFZG5wQlFrRm5VVVZqU0ZaNllVUkJNa0puYjNKQ1owVkZRVmxQTDAxQlJVUkNRMmN5Q2xreVdUSk9la1p0VGtSa2JVMTZZekZOYlZrMVRqSkpOVnBxVm1sYWJWa3hUVlJHYkUxNlpHbFBWRTAwV20xVmVFMUhVWGxOUmxWSFEybHpSMEZSVVVJS1p6YzRkMEZSVVVWU2VUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTTFwc1kyMXNiV0ZYVm5sTVYxVjVXbE0xYUdKSGQzVmtNamw1WVRKYWN3cGlNMlJtV2tkc2VtTkhSakJaTW1kMVlsZEdjR0pwTldoaVIzZDFZeko0ZWxsVVRYVmxWekZ6VFVOM1IwTnBjMGRCVVZGQ1p6YzRkMEZSVlVWSWJrNXpDbU15UlhSYWJrcG9ZbGRXTTJJelNuSk1NbFkwV1ZjeGQySkhWWFJqUjBacVlUSkdibHBVUVdKQ1oyOXlRbWRGUlVGWlR5OU5RVVZIUWtFeGVWcFhXbm9LVEROU2FGb3pUWFprYWtVd1RVUnpSME5wYzBkQlVWRkNaemM0ZDBGUlowVk1VWGR5WVVoU01HTklUVFpNZVRrd1lqSjBiR0pwTldoWk0xSndZakkxZWdwTWJXUndaRWRvTVZsdVZucGFXRXBxWWpJMU1GcFhOVEJNYlU1MllsUkRRbXBCV1V0TGQxbENRa0ZIUkhaNlFVSkRVVklyUkVoNGIyUklVbmRqZW05MkNrd3laSEJrUjJneFdXazFhbUl5TUhaak1uaDZXVk14YldOdFJuUmFXR1IyWTIxemRtTXllSHBaVXpGdVlWaFNiMlJYU1hSYU1sWjFXbGhLYUdSSE9Ya0tUSGsxYm1GWVVtOWtWMGwyWkRJNWVXRXlXbk5pTTJSNlRESktNV0ZYZUd0YVdFcG1XVEk1ZFdSSFJuQmliVlo1VEZkS2FHTXlWbXRZTTA1ell6SkZlZ3BNYm14MFlrVkNlVnBYV25wTU0xSm9Xak5OZG1ScVJYVlBRelIzVFVSblIwTnBjMGRCVVZGQ1p6YzRkMEZSYjBWTFozZHZXVEpTYkZscVRtaFBWRVV5Q2s1cVJYZFpiVTEzVFVkR2JVNVhVbXhhVkdkNldrUkdhRmt5VW10Tk1rMHpUVVJqTlU5VVNYcFpWRUZrUW1kdmNrSm5SVVZCV1U4dlRVRkZURUpCT0UwS1JGZGtjR1JIYURGWmFURnZZak5PTUZwWFVYZFJVVmxMUzNkWlFrSkJSMFIyZWtGQ1JFRlJla1JFUm05a1NGSjNZM3B2ZGt3eVpIQmtSMmd4V1drMWFncGlNakIyWXpKNGVsbFRNVzFqYlVaMFdsaGtkbU50YzNaYVdHaG9ZbGhDYzFwVE1YZFpWMDV5V1Zka2JFMUVaMGREYVhOSFFWRlJRbWMzT0hkQlVUQkZDa3RuZDI5T2JVNXRUbXBqZUZwcVVUTmFhazB6VGxSS2JVOVVaR2xQVjFreFdXMWFiVTVVUlhoYVZFMHpXV3ByZWs5SFdteE5WRUpyVFdwQlpFSm5iM0lLUW1kRlJVRlpUeTlOUVVWUFFrRTRUVVJZU214YWJrMTJaRWRHYm1ONU9USk5WRkYzUjFGWlMwdDNXVUpDUVVkRWRucEJRa1IzVVV4RVFXc3dUMFJaZWdwTmFsVTBUVVJyZDAxUldVdExkMWxDUWtGSFJIWjZRVUpGUVZGcVJFTkdiMlJJVW5kamVtOTJUREprY0dSSGFERlphVFZxWWpJd2RtTXllSHBaVXpGdENtTnRSblJhV0dSMlkyMXpkMGRCV1V0TGQxbENRa0ZIUkhaNlFVSkZVVkZMUkVGbk5FMUVVWHBOVkVVMFRucERRbTFSV1V0TGQxbENRa0ZIUkhaNlFVSUtSV2RUUW1sbmVVSm9NbWd3WkVoQ2VrOXBPSFphTW13d1lVaFdhVXh0VG5aaVV6bDZZa2hPYUV4WFdubFpWekZzWkRJNWVXRjVPV3hsUjBaMFkwZDRiQXBNV0VKb1dUSjBhRm95VlhaTWJXUndaRWRvTVZscE9UTmlNMHB5V20xNGRtUXpUWFprYlZaNVlWZGFjRnBZU1hSYVZFcHNURzFHYzJKRE5UTmlNMHB5Q2xwdGVIWmtNVGxyWVZoT2QxbFlVbXBoUXpWMFdWZHNkVXh0Um5OaVF6VjZZa2hPYUUxNU5UVmlWM2hCWTIxV2JXTjVPVEJaVjJSNlRETlplRTVFUVRRS1FtZHZja0puUlVWQldVOHZUVUZGVkVKRGIwMUxSRnBxV21wWk0wMVhXVEJPTWxsNlRucFZlVnBxYXpOWmFteHRUbGRLYlZwcVZYaE5WMVY2VGpKSk5RcE5lbWh0V2xSRmQxcEVTWGRHUVZsTFMzZFpRa0pCUjBSMmVrRkNSa0ZSUjBSQlVuZGtXRTV2VFVkUlIwTnBjMGRCVVZGQ1p6YzRkMEZTVlVWV1ozaFZDbUZJVWpCalNFMDJUSGs1Ym1GWVVtOWtWMGwxV1RJNWRFd3pUbk5qTWtWMFdtNUthR0pYVmpOaU0wcHlUREpXTkZsWE1YZGlSMVYwWTBkR2FtRXlSbTRLV2xNNWFGa3pVbkJpTWpWNlRETktNV0p1VFhaT1ZHTXhUMFJqTTA1cVRYZE5lVGxvWkVoU2JHSllRakJqZVRoNFRVSlpSME5wYzBkQlVWRkNaemM0ZHdwQlVsbEZRMEYzUjJOSVZtbGlSMnhxVFVsSFMwSm5iM0pDWjBWRlFXUmFOVUZuVVVOQ1NIZEZaV2RDTkVGSVdVRXpWREIzWVhOaVNFVlVTbXBIVWpSakNtMVhZek5CY1VwTFdISnFaVkJMTXk5b05IQjVaME00Y0Rkdk5FRkJRVWRLZG5kVWJHUjNRVUZDUVUxQlVucENSa0ZwUlVGeEsxcHRVMVZ3WlRVcmEwSUtaVEpSYjJjNVVGZEVUa3BGUm05R1owUjJWMjlJVG05d2JWVkRaSHBvYjBOSlFtcDZOMXBCV21GaVdHSmpUVlowYVdWMmFITTVXWEp5TjJKbU0wVkJRZ3BhYzNKSkwwMVNOSEF2VFZSTlFXOUhRME54UjFOTk5EbENRVTFFUVRKblFVMUhWVU5OVVVSU2RXNTNWME5XU2taVWRYUjFOelZqUjFkWWR6VkdPRTlDQ25JNGRsWlVZbkp5UjJaSFZHTjZjaXRQVG1wcWF6aFRWbVpDYmxvMVJYSlhVVEZqVmtSV05FTk5RVGhvY1hGNVZUVk9aMXAxTjFoMmF6Sk5hM2RzYWpVS05rRTRSSGxaUldGTGFtdFVjbFJ4YzJKWmNsbHRWRTVWZW5WT1YyRTBSVEZyTXk5NFJVeHpNa0pSUFQwS0xTMHRMUzFGVGtRZ1EwVlNWRWxHU1VOQlZFVXRMUzB0TFE9PSIsInNpZyI6IlRVVlJRMGxJWjFGUU5XeFpVR1ZRVWxaSk1sRnNXVXM1VkRjd2VHaHVMMmR2Yld4UE9UWm9ja0YyV2sxR2JXbHVRV2xCYTFKeFNtcFhhbmh4YzFKWVNEbG1kMWsyY0cxTFZXVmhhVXh5VGpSUmRXbDFXbWhtVWpSWFRVWmtkejA5In1dfSwiaGFzaCI6eyJhbGdvcml0aG0iOiJzaGEyNTYiLCJ2YWx1ZSI6ImI3MGFkYzE3MmE1MThmZTAwNWMxYjQ5N2VmODJjNmE2ZjBjMzI5OWQ4MjM2ODM4MjkzMTAzZjNmYTRmOWFiN2MifSwicGF5bG9hZEhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiI5ZmFiNjU3OWY2ZTVlMDQyMjVjNGM0M2M3YTRhMTIwYTE0MTI1Mzk5NGZiMzk5MWFmNDkxMGQ5ODdiNmE0ZDNhIn19fX0="}]},"dsseEnvelope":{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTQiLCJkaWdlc3QiOnsic2hhMjU2IjoiZTNiMGM0NDI5OGZjMWMxNDlhZmJmNGM4OTk2ZmI5MjQyN2FlNDFlNDY0OWI5MzRjYTQ5NTk5MWI3ODUyYjg1NSJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvY29udGFpbmVyLWJhc2VkLWJ1aWxkL3YwLjE/ZHJhZnQiLCJleHRlcm5hbFBhcmFtZXRlcnMiOnsic291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0sImJ1aWxkZXJJbWFnZSI6eyJ1cmkiOiJiYXNoQHNoYTI1Njo5ZTJiYTUyNDg3ZDk0NTUwNGQyNTBkZTE4NmNiNGZlMmUzYmEwMjNlZDI5MjFkZDZhYzhiOTdlZDQzZTc2YWY5IiwiZGlnZXN0Ijp7InNoYTI1NiI6IjllMmJhNTI0ODdkOTQ1NTA0ZDI1MGRlMTg2Y2I0ZmUyZTNiYTAyM2VkMjkyMWRkNmFjOGI5N2VkNDNlNzZhZjkifX0sImNvbmZpZ1BhdGgiOiIuZ2l0aHViL2NvbmZpZ3MtZG9ja2VyL2NvbmZpZy10YWctdjE0LnRvbWwiLCJidWlsZENvbmZpZyI6eyJBcnRpZmFjdFBhdGgiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC12MTQiLCJDb21tYW5kIjpbInRvdWNoIiwiZ2hhX2NvbnRhaW5lci1iYXNlZC1iaW5hcnktbGludXgtYW1kNjQtdjE0Il19fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0seyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvckByZWZzL3RhZ3MvdjEuOC4wIiwiZGlnZXN0Ijp7InNoYTI1NiI6ImQxNGUwMDY4YjJlYmZjYzIyYTI4M2Q3YjYzOTg0ZTJjNTdjOWQ4NDY5M2Y0M2YwYWZkYWI5NTYwYTY4ZDZjMTEifX1dLCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiR0lUSFVCX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfRVZFTlRfTkFNRSI6InB1c2giLCJHSVRIVUJfUkVGIjoicmVmcy90YWdzL3YxNCIsIkdJVEhVQl9SRUZfVFlQRSI6InRhZyIsIkdJVEhVQl9SRVBPU0lUT1JZIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiR0lUSFVCX1JFUE9TSVRPUllfSUQiOiI0ODYzMjU4MDkiLCJHSVRIVUJfUkVQT1NJVE9SWV9PV05FUl9JRCI6IjgwNDMxMTg3IiwiR0lUSFVCX1JVTl9BVFRFTVBUIjoiMSIsIkdJVEhVQl9SVU5fSUQiOjU3NTg3NzYzMDMsIkdJVEhVQl9SVU5fTlVNQkVSIjo2OCwiR0lUSFVCX1NIQSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJHSVRIVUJfVFJJR0dFUklOR19BQ1RPUl9JRCI6IjQ5Mjg5IiwiR0lUSFVCX1dPUktGTE9XIjoiLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWwiLCJHSVRIVUJfV09SS0ZMT1dfUkVGIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sQHJlZnMvdGFncy92MTQiLCJHSVRIVUJfV09SS0ZMT1dfU0hBIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIkdJVEhVQl9CQVNFX1JFRiI6IiIsIkdJVEhVQl9FVkVOVF9QQVlMT0FEIjp7ImFmdGVyIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsImJhc2VfcmVmIjoicmVmcy9oZWFkcy9tYWluIiwiYmVmb3JlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsImNvbW1pdHMiOltdLCJjb21wYXJlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3YxNCIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIDxpYW5sZXdpc0Bnb29nbGUuY29tPiIsInRpbWVzdGFtcCI6IjIwMjMtMDgtMDRUMTQ6MjY6MDgrMDk6MDAiLCJ0cmVlX2lkIjoiODIwMmE5YTcwNzUxN2EyZWUzZTI1ZWMzNGJkYzM4Yzg2YTNlZGRiNiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0LzZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwib3JnYW5pemF0aW9uIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZGVzY3JpcHRpb24iOiJTdXBwbHktY2hhaW4gTGV2ZWxzIGZvciBTb2Z0d2FyZSBBcnRpZmFjdHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50cyIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ob29rcyIsImlkIjo4MDQzMTE4NywiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9pc3N1ZXMiLCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvbWVtYmVyc3svbWVtYmVyfSIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsInB1YmxpY19tZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9wdWJsaWNfbWVtYmVyc3svbWVtYmVyfSIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yayJ9LCJwdXNoZXIiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6Imlhbmxld2lzIn0sInJlZiI6InJlZnMvdGFncy92MTQiLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjUxMDg3ODQzLCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjpudWxsLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZXZlbnRzIiwiZm9yayI6ZmFsc2UsImZvcmtzIjoyMCwiZm9ya3NfY291bnQiOjIwLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9mb3JrcyIsImZ1bGxfbmFtZSI6InNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJoYXNfZGlzY3Vzc2lvbnMiOmZhbHNlLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaG9va3MiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJpZCI6NDg2MzI1ODA5LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9ldmVudHN7L251bWJlcn0iLCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhYmVsc3svbmFtZX0iLCJsYW5ndWFnZSI6IlR5cGVTY3JpcHQiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFuZ3VhZ2VzIiwibGljZW5zZSI6eyJrZXkiOiJhcGFjaGUtMi4wIiwibmFtZSI6IkFwYWNoZSBMaWNlbnNlIDIuMCIsIm5vZGVfaWQiOiJNRGM2VEdsalpXNXpaVEk9Iiwic3BkeF9pZCI6IkFwYWNoZS0yLjAiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL2xpY2Vuc2VzL2FwYWNoZS0yLjAifSwibWFzdGVyX2JyYW5jaCI6Im1haW4iLCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWVyZ2VzIiwibWlsZXN0b25lc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6ImV4YW1wbGUtcGFja2FnZSIsIm5vZGVfaWQiOiJSX2tnRE9IUHktTVEiLCJub3RpZmljYXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjo0MSwib3Blbl9pc3N1ZXNfY291bnQiOjQxLCJvcmdhbml6YXRpb24iOiJzbHNhLWZyYW1ld29yayIsIm93bmVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZW1haWwiOm51bGwsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrIiwiaWQiOjgwNDMxMTg3LCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibmFtZSI6InNsc2EtZnJhbWV3b3JrIiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiT3JnYW5pemF0aW9uIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yayJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOjE2OTExMjY4MDUsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3JlbGVhc2Vzey9pZH0iLCJzaXplIjo2MzIzLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206c2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsInN0YXJnYXplcnMiOjExLCJzdGFyZ2F6ZXJzX2NvdW50IjoxMSwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGFyZ2F6ZXJzIiwic3RhdHVzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpcHRpb24iLCJzdm5fdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RlYW1zIiwidG9waWNzIjpbXSwidHJlZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjMtMDgtMDJUMjA6MDk6NDNaIiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MTEsIndhdGNoZXJzX2NvdW50IjoxMSwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjp0cnVlfSwic2VuZGVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvNDkyODk/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaWFubGV3aXMiLCJpZCI6NDkyODksImxvZ2luIjoiaWFubGV3aXMiLCJub2RlX2lkIjoiTURRNlZYTmxjalE1TWpnNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzIn19fX0sInJ1bkRldGFpbHMiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9jb250YWluZXItYmFzZWRfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3NjMwMy9hdHRlbXB0cy8xIn19fX0=","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEQCIHgQP5lYPePRVI2QlYK9T70xhn/gomlO96hrAvZMFminAiAkRqJjWjxqsRXH9fwY6pmKUeaiLrN4QuiuZhfR4WMFdw==","keyid":""}]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-workflow_dispatch b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-workflow_dispatch new file mode 100644 index 000000000..e69de29bb diff --git a/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.build.slsa b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.build.slsa new file mode 100644 index 000000000..cf33aa08c --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_container-based/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.build.slsa @@ -0,0 +1 @@ +{"mediaType":"application/vnd.dev.sigstore.bundle+json;version=0.1","verificationMaterial":{"x509CertificateChain":{"certificates":[{"rawBytes":"MIIHujCCB0CgAwIBAgIURkDwFWcdKXrdrYEyLZQviygSUy0wCgYIKoZIzj0EAwMwNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRlcm1lZGlhdGUwHhcNMjMwODA0MDUyNzU3WhcNMjMwODA0MDUzNzU3WjAAMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+ePOcnHyGx1z0SuXuzNsM5iRmLoAP144P/mA5H/ddRQMx2+uQZH1ioLCA4qLklih43VXkB2ME8u1tSJ/5tEJvqOCBl8wggZbMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUGIzAa8UAASBsSfpBpSlCZX0VLKIwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4YZD8wgYsGA1UdEQEB/wSBgDB+hnxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEEK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wHwYKKwYBBAGDvzABAgQRd29ya2Zsb3dfZGlzcGF0Y2gwNgYKKwYBBAGDvzABAwQoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjBVBgorBgEEAYO/MAEEBEcuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbDAsBgorBgEEAYO/MAEFBB5zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UwHQYKKwYBBAGDvzABBgQPcmVmcy9oZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50LmNvbTCBjAYKKwYBBAGDvzABCQR+DHxodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfY29udGFpbmVyLWJhc2VkX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDgGCisGAQQBg78wAQoEKgwoY2RlYjNhOTE2NjEwYmMwMGFmNWRlZTgzZDFhY2RkM2M3MDc5OTIzYTAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGDvzABDAQzDDFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMDgGCisGAQQBg78wAQ0EKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjAfBgorBgEEAYO/MAEOBBEMD3JlZnMvaGVhZHMvbWFpbjAZBgorBgEEAYO/MAEPBAsMCTQ4NjMyNTgwOTAxBgorBgEEAYO/MAEQBCMMIWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yazAYBgorBgEEAYO/MAERBAoMCDgwNDMxMTg3MIGbBgorBgEEAYO/MAESBIGMDIGJaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS8uZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbEByZWZzL2hlYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMCEGCisGAQQBg78wARQEEwwRd29ya2Zsb3dfZGlzcGF0Y2gwZAYKKwYBBAGDvzABFQRWDFRodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVucy81NzU4NzcyNzM5L2F0dGVtcHRzLzEwFgYKKwYBBAGDvzABFgQIDAZwdWJsaWMwgYkGCisGAQQB1nkCBAIEewR5AHcAdQDdPTBqxscRMmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYm/BExMAAAEAwBGMEQCIFVmmIB04p8tlaWCyG981FA05XXJt1o+fGaZBYITogI0AiAB1R0DpHpTPElqVzGNwKO89cPJJjPYP7VUdNvvnzIT5DAKBggqhkjOPQQDAwNoADBlAjEA81A3NtMqWTLIiRj6pCYErC8DGsQT3hJrgHqOUo0x3JropOT4PYIPGlYBy6WEyqoxAjArEAEGzZBEAbiVRpq6tHQ6+PyEvb7GYHX7HisqjB2zqKuxJTnkZ545CkzO9dRoz6Y="}]},"tlogEntries":[{"logIndex":"30024004","logId":{"keyId":"wNI9atQGlz+VWfO6LRygH4QUfY/8W4RFwiT5i5WRgB0="},"kindVersion":{"kind":"intoto","version":"0.0.2"},"integratedTime":"1691126877","inclusionPromise":{"signedEntryTimestamp":"MEUCIAiDhqH336zS8alVLSxuTXU4iqCn66DMit3i6gBt7GCGAiEArf9xr74GfGZlmmmWPQh0MFPlBAGRj2iCmtR4ttB27NY="},"inclusionProof":{"logIndex":"25860573","rootHash":"ywMkCHLsnqLb9E5pyPfbuV0K5MNuLd2CmfJj4z8Uem8=","treeSize":"25860574","hashes":["02xm5a6EXzG7Ev+cftyHtDcjuGomh0IL8ShSfqAprD0=","fIe1Z8m0OL5lM3zxBoJd6FWxvm6UHBndtHCgt5nlxlE=","+hoAjfCtL5gxjjQTPbQLy/TCz0gLJqyX1VCsk5pIDqU=","LC9JvlE48pARHYTCTo8Fibm/P0S0UqGmr+HJznSMHvU=","t3LmtIoUNCMScPF7Dkajl075tN/ApsEAOjgx/Wfkl3Q=","GVL7+KqjpSYkJuND+KDtqN4vjAf8h5PPSk23Iu1aiV4=","XlEMSuxiWikSyRoxgJxNzj0lVriGwQ41BjMJliwgDME=","TiA9mXMnQv2D9PmLW4+HrgsnhvNm0RwWo2nEGz7qlK4=","4ENBAkPwIE0fRgfk7/cJ0UCi16+Mun0+v3oT1goXFP4=","s4UVWi4muWt57a8kMQJ/vfgrWqOS+8JHI0y+HqLsMXs=","WdPKsG/7yNZXY/lUooBBNtBAjB8V43stbKtAr++E4XI=","YrnwfrgpkX9pEYgc/bhY7qN7YEXpx5kVtTu1Qk0ZHms=","jRUq4D8O+FI47Wbw96s7yHCu4qzWUxpIVfxQEeprDmc=","rXEsmEJN4PEoTU8US4qVtdIsGB1MCiRlGOepoiC99kM="],"checkpoint":{"envelope":"rekor.sigstore.dev - 2605736670972794746\n25860574\nywMkCHLsnqLb9E5pyPfbuV0K5MNuLd2CmfJj4z8Uem8=\nTimestamp: 1691126877791524148\n\nā€” rekor.sigstore.dev wNI9ajBFAiAtlPGV9B+re7kAP0OPmXm5PK5nMOirosrBNpDXStoN7wIhALIIq4MZfz5bxdIGcxk81wvrpyhC2IHEoNXbiILbdN0y\n"}},"canonicalizedBody":"eyJhcGlWZXJzaW9uIjoiMC4wLjIiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7ImVudmVsb3BlIjp7InBheWxvYWRUeXBlIjoiYXBwbGljYXRpb24vdm5kLmluLXRvdG8ranNvbiIsInNpZ25hdHVyZXMiOlt7InB1YmxpY0tleSI6IkxTMHRMUzFDUlVkSlRpQkRSVkpVU1VaSlEwRlVSUzB0TFMwdENrMUpTVWgxYWtORFFqQkRaMEYzU1VKQlowbFZVbXRFZDBaWFkyUkxXSEprY2xsRmVVeGFVWFpwZVdkVFZYa3dkME5uV1VsTGIxcEplbW93UlVGM1RYY0tUbnBGVmsxQ1RVZEJNVlZGUTJoTlRXTXliRzVqTTFKMlkyMVZkVnBIVmpKTlVqUjNTRUZaUkZaUlVVUkZlRlo2WVZka2VtUkhPWGxhVXpGd1ltNVNiQXBqYlRGc1drZHNhR1JIVlhkSWFHTk9UV3BOZDA5RVFUQk5SRlY1VG5wVk0xZG9ZMDVOYWsxM1QwUkJNRTFFVlhwT2VsVXpWMnBCUVUxR2EzZEZkMWxJQ2t0dldrbDZhakJEUVZGWlNVdHZXa2w2YWpCRVFWRmpSRkZuUVVVclpWQlBZMjVJZVVkNE1Yb3dVM1ZZZFhwT2MwMDFhVkp0VEc5QlVERTBORkF2YlVFS05VZ3ZaR1JTVVUxNE1pdDFVVnBJTVdsdlRFTkJOSEZNYTJ4cGFEUXpWbGhyUWpKTlJUaDFNWFJUU2k4MWRFVktkbkZQUTBKc09IZG5aMXBpVFVFMFJ3cEJNVlZrUkhkRlFpOTNVVVZCZDBsSVowUkJWRUpuVGxaSVUxVkZSRVJCUzBKblozSkNaMFZHUWxGalJFRjZRV1JDWjA1V1NGRTBSVVpuVVZWSFNYcEJDbUU0VlVGQlUwSnpVMlp3UW5CVGJFTmFXREJXVEV0SmQwaDNXVVJXVWpCcVFrSm5kMFp2UVZVek9WQndlakZaYTBWYVlqVnhUbXB3UzBaWGFYaHBORmtLV2tRNGQyZFpjMGRCTVZWa1JWRkZRaTkzVTBKblJFSXJhRzU0YjJSSVVuZGplbTkyVERKa2NHUkhhREZaYVRWcVlqSXdkbU15ZUhwWlV6RnRZMjFHZEFwYVdHUjJZMjF6ZG1NeWVIcFpVekZ1WVZoU2IyUlhTWFJhTWxaMVdsaEthR1JIT1hsTWVUVnVZVmhTYjJSWFNYWmtNamw1WVRKYWMySXpaSHBNTWtveENtRlhlR3RhV0VwbVdUSTVkV1JIUm5CaWJWWjVURmRLYUdNeVZtdFlNMDV6WXpKRmVreHViSFJpUlVKNVdsZGFla3d6VW1oYU0wMTJaR3BGZFU5RE5IY0tUVVJyUjBOcGMwZEJVVkZDWnpjNGQwRlJSVVZMTW1nd1pFaENlazlwT0haa1J6bHlXbGMwZFZsWFRqQmhWemwxWTNrMWJtRllVbTlrVjBveFl6SldlUXBaTWpsMVpFZFdkV1JETldwaU1qQjNTSGRaUzB0M1dVSkNRVWRFZG5wQlFrRm5VVkprTWpsNVlUSmFjMkl6WkdaYVIyeDZZMGRHTUZreVozZE9aMWxMQ2t0M1dVSkNRVWRFZG5wQlFrRjNVVzlPYlU1dFRtcGplRnBxVVROYWFrMHpUbFJLYlU5VVpHbFBWMWt4V1cxYWJVNVVSWGhhVkUweldXcHJlazlIV213S1RWUkNhMDFxUWxaQ1oyOXlRbWRGUlVGWlR5OU5RVVZGUWtWamRWb3liREJoU0ZacFRETmtkbU50ZEcxaVJ6a3pZM2s1TWxwWVNuQmFiV3hzWTJreGJBcE5iVlYxV1ZkNGMweHVaSFpqYlhSdFlrYzVNMWd5VW5Cak0wSm9aRWRPYjB4dE1XaGhWelIxV1ZkNGMweHVUbk5qTWtWNlRHNXNkR0pFUVhOQ1oyOXlDa0puUlVWQldVOHZUVUZGUmtKQ05YcGlTRTVvVEZkYWVWbFhNV3hrTWpsNVlYazViR1ZIUm5SalIzaHNURmhDYUZreWRHaGFNbFYzU0ZGWlMwdDNXVUlLUWtGSFJIWjZRVUpDWjFGUVkyMVdiV041T1c5YVYwWnJZM2s1ZEZsWGJIVk5SSE5IUTJselIwRlJVVUpuTnpoM1FWRm5SVXhSZDNKaFNGSXdZMGhOTmdwTWVUa3dZakowYkdKcE5XaFpNMUp3WWpJMWVreHRaSEJrUjJneFdXNVdlbHBZU21waU1qVXdXbGMxTUV4dFRuWmlWRU5DYWtGWlMwdDNXVUpDUVVkRUNuWjZRVUpEVVZJclJFaDRiMlJJVW5kamVtOTJUREprY0dSSGFERlphVFZxWWpJd2RtTXllSHBaVXpGdFkyMUdkRnBZWkhaamJYTjJZeko0ZWxsVE1XNEtZVmhTYjJSWFNYUmFNbFoxV2xoS2FHUkhPWGxNZVRWdVlWaFNiMlJYU1haa01qbDVZVEphYzJJelpIcE1Na294WVZkNGExcFlTbVpaTWpsMVpFZEdjQXBpYlZaNVRGZEthR015Vm10WU0wNXpZekpGZWt4dWJIUmlSVUo1V2xkYWVrd3pVbWhhTTAxMlpHcEZkVTlETkhkTlJHZEhRMmx6UjBGUlVVSm5OemgzQ2tGUmIwVkxaM2R2V1RKU2JGbHFUbWhQVkVVeVRtcEZkMWx0VFhkTlIwWnRUbGRTYkZwVVozcGFSRVpvV1RKU2EwMHlUVE5OUkdNMVQxUkplbGxVUVdRS1FtZHZja0puUlVWQldVOHZUVUZGVEVKQk9FMUVWMlJ3WkVkb01WbHBNVzlpTTA0d1dsZFJkMUZSV1V0TGQxbENRa0ZIUkhaNlFVSkVRVkY2UkVSR2J3cGtTRkozWTNwdmRrd3laSEJrUjJneFdXazFhbUl5TUhaak1uaDZXVk14YldOdFJuUmFXR1IyWTIxemRscFlhR2hpV0VKeldsTXhkMWxYVG5KWlYyUnNDazFFWjBkRGFYTkhRVkZSUW1jM09IZEJVVEJGUzJkM2IwNXRUbTFPYW1ONFdtcFJNMXBxVFROT1ZFcHRUMVJrYVU5WFdURlpiVnB0VGxSRmVGcFVUVE1LV1dwcmVrOUhXbXhOVkVKclRXcEJaa0puYjNKQ1owVkZRVmxQTDAxQlJVOUNRa1ZOUkROS2JGcHVUWFpoUjFab1draE5kbUpYUm5CaWFrRmFRbWR2Y2dwQ1owVkZRVmxQTDAxQlJWQkNRWE5OUTFSUk5FNXFUWGxPVkdkM1QxUkJlRUpuYjNKQ1owVkZRVmxQTDAxQlJWRkNRMDFOU1Zkb01HUklRbnBQYVRoMkNsb3liREJoU0ZacFRHMU9kbUpUT1hwaVNFNW9URmRhZVZsWE1XeGtNamw1WVhwQldVSm5iM0pDWjBWRlFWbFBMMDFCUlZKQ1FXOU5RMFJuZDA1RVRYZ0tUVlJuTTAxSlIySkNaMjl5UW1kRlJVRlpUeTlOUVVWVFFrbEhUVVJKUjBwaFNGSXdZMGhOTmt4NU9XNWhXRkp2WkZkSmRWa3lPWFJNTTA1ell6SkZkQXBhYmtwb1lsZFdNMkl6U25KTU1sWTBXVmN4ZDJKSFZYUmpSMFpxWVRKR2JscFRPSFZhTW13d1lVaFdhVXd6WkhaamJYUnRZa2M1TTJONU9USmFXRXB3Q2xwdGJHeGphVEZzVFcxVmRWbFhlSE5NYm1SMlkyMTBiV0pIT1ROWU1sSndZek5DYUdSSFRtOU1iVEZvWVZjMGRWbFhlSE5NYms1ell6SkZla3h1YkhRS1lrVkNlVnBYV25wTU1taHNXVmRTZWt3eU1XaGhWelIzVDBGWlMwdDNXVUpDUVVkRWRucEJRa1YzVVhGRVEyY3lXVEpaTWs1NlJtMU9SR1J0VFhwak1RcE5iVmsxVGpKSk5WcHFWbWxhYlZreFRWUkdiRTE2WkdsUFZFMDBXbTFWZUUxSFVYbE5RMFZIUTJselIwRlJVVUpuTnpoM1FWSlJSVVYzZDFKa01qbDVDbUV5V25OaU0yUm1Xa2RzZW1OSFJqQlpNbWQzV2tGWlMwdDNXVUpDUVVkRWRucEJRa1pSVWxkRVJsSnZaRWhTZDJONmIzWk1NbVJ3WkVkb01WbHBOV29LWWpJd2RtTXllSHBaVXpGdFkyMUdkRnBZWkhaamJYTjJXbGhvYUdKWVFuTmFVekYzV1ZkT2NsbFhaR3hNTWtacVpFZHNkbUp1VFhaamJsWjFZM2s0TVFwT2VsVTBUbnBqZVU1NlRUVk1Na1l3WkVkV2RHTklVbnBNZWtWM1JtZFpTMHQzV1VKQ1FVZEVkbnBCUWtablVVbEVRVnAzWkZkS2MyRlhUWGRuV1d0SENrTnBjMGRCVVZGQ01XNXJRMEpCU1VWbGQxSTFRVWhqUVdSUlJHUlFWRUp4ZUhOalVrMXRUVnBJYUhsYVducGpRMjlyY0dWMVRqUTRjbVlyU0dsdVMwRUtUSGx1ZFdwblFVRkJXVzB2UWtWNFRVRkJRVVZCZDBKSFRVVlJRMGxHVm0xdFNVSXdOSEE0ZEd4aFYwTjVSems0TVVaQk1EVllXRXAwTVc4clprZGhXZ3BDV1VsVWIyZEpNRUZwUVVJeFVqQkVjRWh3VkZCRmJIRldla2RPZDB0UE9EbGpVRXBLYWxCWlVEZFdWV1JPZG5adWVrbFVOVVJCUzBKblozRm9hMnBQQ2xCUlVVUkJkMDV2UVVSQ2JFRnFSVUU0TVVFelRuUk5jVmRVVEVscFVtbzJjRU5aUlhKRE9FUkhjMUZVTTJoS2NtZEljVTlWYnpCNE0wcHliM0JQVkRRS1VGbEpVRWRzV1VKNU5sZEZlWEZ2ZUVGcVFYSkZRVVZIZWxwQ1JVRmlhVlpTY0hFMmRFaFJOaXRRZVVWMllqZEhXVWhZTjBocGMzRnFRako2Y1V0MWVBcEtWRzVyV2pVME5VTnJlazg1WkZKdmVqWlpQUW90TFMwdExVVk9SQ0JEUlZKVVNVWkpRMEZVUlMwdExTMHQiLCJzaWciOiJUVVZSUTBsSGFIRXhOemx0VkRnek4zaGFPVGM0WkdrMFMwVTNWRlZMZDAwdlNsUjVWR3h6ZFVNeWVVeHJSbEZIUVdsQ0syVjFiVUZOWkRKUU0zWmFSVmh1YUN0VVRXSkVObVpwYzJONVZtcDRhM0pXTkU1NEsyTnVSV0Z0UVQwOSJ9XX0sImhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiJjMGZiM2FiMTEyMmFiYTVlYWFmNTRlMDJkMDY0YTcwYzI1ODdkNjAxMDcxYjZiMTRiNWY4MjJhMzA4ZDEwZTlmIn0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiOWUwMmNkMjM0ODM2ZTEwZTg5MjY2YjIzY2FlNjhiY2UzYzY2ZDA1N2JiYzE3MjgyZjdlMDNmYmZmOWMzOGFhNiJ9fX19"}]},"dsseEnvelope":{"payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfY29udGFpbmVyLWJhc2VkLWJpbmFyeS1saW51eC1hbWQ2NC13b3JrZmxvd19kaXNwYXRjaCIsImRpZ2VzdCI6eyJzaGEyNTYiOiJlM2IwYzQ0Mjk4ZmMxYzE0OWFmYmY0Yzg5OTZmYjkyNDI3YWU0MWU0NjQ5YjkzNGNhNDk1OTkxYjc4NTJiODU1In19XSwicHJlZGljYXRlVHlwZSI6Imh0dHBzOi8vc2xzYS5kZXYvcHJvdmVuYW5jZS92MSIsInByZWRpY2F0ZSI6eyJidWlsZERlZmluaXRpb24iOnsiYnVpbGRUeXBlIjoiaHR0cHM6Ly9zbHNhLmRldi9jb250YWluZXItYmFzZWQtYnVpbGQvdjAuMT9kcmFmdCIsImV4dGVybmFsUGFyYW1ldGVycyI6eyJzb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19LCJidWlsZGVySW1hZ2UiOnsidXJpIjoiYmFzaEBzaGEyNTY6OWUyYmE1MjQ4N2Q5NDU1MDRkMjUwZGUxODZjYjRmZTJlM2JhMDIzZWQyOTIxZGQ2YWM4Yjk3ZWQ0M2U3NmFmOSIsImRpZ2VzdCI6eyJzaGEyNTYiOiI5ZTJiYTUyNDg3ZDk0NTUwNGQyNTBkZTE4NmNiNGZlMmUzYmEwMjNlZDI5MjFkZDZhYzhiOTdlZDQzZTc2YWY5In19LCJjb25maWdQYXRoIjoiLmdpdGh1Yi9jb25maWdzLWRvY2tlci9jb25maWctd29ya2Zsb3dfZGlzcGF0Y2gudG9tbCIsImJ1aWxkQ29uZmlnIjp7IkFydGlmYWN0UGF0aCI6ImdoYV9jb250YWluZXItYmFzZWQtYmluYXJ5LWxpbnV4LWFtZDY0LXdvcmtmbG93X2Rpc3BhdGNoIiwiQ29tbWFuZCI6WyJ0b3VjaCIsImdoYV9jb250YWluZXItYmFzZWQtYmluYXJ5LWxpbnV4LWFtZDY0LXdvcmtmbG93X2Rpc3BhdGNoIl19fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9fSx7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yQHJlZnMvdGFncy92MS44LjAiLCJkaWdlc3QiOnsic2hhMjU2IjoiZDE0ZTAwNjhiMmViZmNjMjJhMjgzZDdiNjM5ODRlMmM1N2M5ZDg0NjkzZjQzZjBhZmRhYjk1NjBhNjhkNmMxMSJ9fV0sImludGVybmFsUGFyYW1ldGVycyI6eyJHSVRIVUJfQUNUT1JfSUQiOiI0OTI4OSIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJHSVRIVUJfUkVQT1NJVE9SWV9JRCI6IjQ4NjMyNTgwOSIsIkdJVEhVQl9SRVBPU0lUT1JZX09XTkVSX0lEIjoiODA0MzExODciLCJHSVRIVUJfUlVOX0FUVEVNUFQiOiIxIiwiR0lUSFVCX1JVTl9JRCI6NTc1ODc3MjczOSwiR0lUSFVCX1JVTl9OVU1CRVIiOjY3LCJHSVRIVUJfU0hBIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIkdJVEhVQl9UUklHR0VSSU5HX0FDVE9SX0lEIjoiNDkyODkiLCJHSVRIVUJfV09SS0ZMT1ciOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCIsIkdJVEhVQl9XT1JLRkxPV19SRUYiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1dPUktGTE9XX1NIQSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJHSVRIVUJfQkFTRV9SRUYiOiIiLCJHSVRIVUJfRVZFTlRfUEFZTE9BRCI6eyJpbnB1dHMiOm51bGwsIm9yZ2FuaXphdGlvbiI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImRlc2NyaXB0aW9uIjoiU3VwcGx5LWNoYWluIExldmVscyBmb3IgU29mdHdhcmUgQXJ0aWZhY3RzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ldmVudHMiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaG9va3MiLCJpZCI6ODA0MzExODcsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaXNzdWVzIiwibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm1lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL21lbWJlcnN7L21lbWJlcn0iLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJwdWJsaWNfbWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcHVibGljX21lbWJlcnN7L21lbWJlcn0iLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsifSwicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6IjIwMjItMDQtMjdUMTk6MzA6NDNaIiwiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6bnVsbCwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MjAsImZvcmtzX2NvdW50IjoyMCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZm9ya3MiLCJmdWxsX25hbWUiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6dHJ1ZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiaWQiOjQ4NjMyNTgwOSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJUeXBlU2NyaXB0IiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiZXhhbXBsZS1wYWNrYWdlIiwibm9kZV9pZCI6IlJfa2dET0hQeS1NUSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjQxLCJvcGVuX2lzc3Vlc19jb3VudCI6NDEsIm93bmVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsiLCJpZCI6ODA0MzExODcsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJPcmdhbml6YXRpb24iLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6IjIwMjMtMDgtMDRUMDU6MjY6MDhaIiwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcmVsZWFzZXN7L2lkfSIsInNpemUiOjYzMjMsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0Iiwic3RhcmdhemVyc19jb3VudCI6MTEsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA4LTAyVDIwOjA5OjQzWiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoxMSwid2F0Y2hlcnNfY291bnQiOjExLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOnRydWV9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS80OTI4OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9pYW5sZXdpcyIsImlkIjo0OTI4OSwibG9naW4iOiJpYW5sZXdpcyIsIm5vZGVfaWQiOiJNRFE2VlhObGNqUTVNamc1Iiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMifSwid29ya2Zsb3ciOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9fX0sInJ1bkRldGFpbHMiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9jb250YWluZXItYmFzZWRfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3MjczOS9hdHRlbXB0cy8xIn19fX0=","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEQCIGhq179mT837xZ978di4KE7TUKwM/JTyTlsuC2yLkFQGAiB+eumAMd2P3vZEXnh+TMbD6fiscyVjxkrV4Nx+cnEamA==","keyid":""}]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30 b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30 new file mode 100644 index 000000000..652d9fd2f Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30 differ diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl new file mode 100644 index 000000000..872265ef7 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ2VuZXJpYy1iaW5hcnktbGludXgtYW1kNjQtdjEzLjAuMzAiLCJkaWdlc3QiOnsic2hhMjU2IjoiMjVkMzViNzgxYmVmMWZjZjhjMmQ4NjNmYTIxZGNlYmRhMDg3NDg5NTViM2FmZjcxZDRmNWZjY2JiZGVmZTQxYSJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfZ2VuZXJpY19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dlbmVyaWNAdjEiLCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjEzLjAuMzAiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwiZW50cnlQb2ludCI6Ii5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJnaXRodWJfYWN0b3IiOiJpYW5sZXdpcyIsImdpdGh1Yl9hY3Rvcl9pZCI6IjQ5Mjg5IiwiZ2l0aHViX2Jhc2VfcmVmIjoiIiwiZ2l0aHViX2V2ZW50X25hbWUiOiJwdXNoIiwiZ2l0aHViX2V2ZW50X3BheWxvYWQiOnsiYWZ0ZXIiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIiwiYmFzZV9yZWYiOiJyZWZzL2hlYWRzL21haW4iLCJiZWZvcmUiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiY29tbWl0cyI6W10sImNvbXBhcmUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUvdjEzLjAuMzAiLCJjcmVhdGVkIjp0cnVlLCJkZWxldGVkIjpmYWxzZSwiZm9yY2VkIjpmYWxzZSwiaGVhZF9jb21taXQiOnsiYXV0aG9yIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJJYW4gTGV3aXMiLCJ1c2VybmFtZSI6Imlhbmxld2lzIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6Im5vcmVwbHlAZ2l0aHViLmNvbSIsIm5hbWUiOiJHaXRIdWIiLCJ1c2VybmFtZSI6IndlYi1mbG93In0sImRpc3RpbmN0Ijp0cnVlLCJpZCI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJtZXNzYWdlIjoiVXBkYXRlIHZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sXG5cblNpZ25lZC1vZmYtYnk6IElhbiBMZXdpcyBcdTAwM2NpYW5sZXdpc0Bnb29nbGUuY29tXHUwMDNlIiwidGltZXN0YW1wIjoiMjAyMy0wOC0wNFQxNDoyNjowOCswOTowMCIsInRyZWVfaWQiOiI4MjAyYTlhNzA3NTE3YTJlZTNlMjVlYzM0YmRjMzhjODZhM2VkZGI2IiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXQvNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9LCJvcmdhbml6YXRpb24iOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJkZXNjcmlwdGlvbiI6IlN1cHBseS1jaGFpbiBMZXZlbHMgZm9yIFNvZnR3YXJlIEFydGlmYWN0cyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvZXZlbnRzIiwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2hvb2tzIiwiaWQiOjgwNDMxMTg3LCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2lzc3VlcyIsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJtZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9tZW1iZXJzey9tZW1iZXJ9Iiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwicHVibGljX21lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3B1YmxpY19tZW1iZXJzey9tZW1iZXJ9IiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrIn0sInB1c2hlciI6eyJlbWFpbCI6Imlhbmxld2lzQGdvb2dsZS5jb20iLCJuYW1lIjoiaWFubGV3aXMifSwicmVmIjoicmVmcy90YWdzL3YxMy4wLjMwIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6MTY1MTA4Nzg0MywiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6bnVsbCwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MjAsImZvcmtzX2NvdW50IjoyMCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZm9ya3MiLCJmdWxsX25hbWUiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6dHJ1ZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiaWQiOjQ4NjMyNTgwOSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJUeXBlU2NyaXB0IiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1hc3Rlcl9icmFuY2giOiJtYWluIiwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWlsZXN0b25lc3svbnVtYmVyfSIsIm1pcnJvcl91cmwiOm51bGwsIm5hbWUiOiJleGFtcGxlLXBhY2thZ2UiLCJub2RlX2lkIjoiUl9rZ0RPSFB5LU1RIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ub3RpZmljYXRpb25zez9zaW5jZSxhbGwscGFydGljaXBhdGluZ30iLCJvcGVuX2lzc3VlcyI6NDEsIm9wZW5faXNzdWVzX2NvdW50Ijo0MSwib3JnYW5pemF0aW9uIjoic2xzYS1mcmFtZXdvcmsiLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImVtYWlsIjpudWxsLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yayIsImlkIjo4MDQzMTE4NywibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm5hbWUiOiJzbHNhLWZyYW1ld29yayIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdWJzY3JpcHRpb25zIiwidHlwZSI6Ik9yZ2FuaXphdGlvbiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsifSwicHJpdmF0ZSI6ZmFsc2UsInB1bGxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoxNjkxMTI2ODA1LCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6NjMyMywic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJzdGFyZ2F6ZXJzIjoxMSwic3RhcmdhemVyc19jb3VudCI6MTEsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA4LTAyVDIwOjA5OjQzWiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ2aXNpYmlsaXR5IjoicHVibGljIiwid2F0Y2hlcnMiOjExLCJ3YXRjaGVyc19jb3VudCI6MTEsIndlYl9jb21taXRfc2lnbm9mZl9yZXF1aXJlZCI6dHJ1ZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzQ5Mjg5P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2lhbmxld2lzIiwiaWQiOjQ5Mjg5LCJsb2dpbiI6Imlhbmxld2lzIiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pRNU1qZzUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcyJ9fSwiZ2l0aHViX2hlYWRfcmVmIjoiIiwiZ2l0aHViX3JlZiI6InJlZnMvdGFncy92MTMuMC4zMCIsImdpdGh1Yl9yZWZfdHlwZSI6InRhZyIsImdpdGh1Yl9yZXBvc2l0b3J5X2lkIjoiNDg2MzI1ODA5IiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXIiOiJzbHNhLWZyYW1ld29yayIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyX2lkIjoiODA0MzExODciLCJnaXRodWJfcnVuX2F0dGVtcHQiOiIxIiwiZ2l0aHViX3J1bl9pZCI6IjU3NTg3NzYzNzQiLCJnaXRodWJfcnVuX251bWJlciI6IjcwIiwiZ2l0aHViX3NoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JRCI6IjU3NTg3NzYzNzQtMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjp0cnVlLCJlbnZpcm9ubWVudCI6ZmFsc2UsIm1hdGVyaWFscyI6ZmFsc2V9LCJyZXByb2R1Y2libGUiOmZhbHNlfSwibWF0ZXJpYWxzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjEzLjAuMzAiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX1dfX0=","signatures":[{"keyid":"","sig":"MEQCIGMjYhCXBSkEIQ5Ad/pf9dMwu/VJ1mqTrGoClSxBWCFFAiB7R6HnXjQFhqXI7R0+Zfp3zTJS7QCtMSq3cA4YSIxKKQ==","cert":"-----BEGIN CERTIFICATE-----\nMIIHnTCCByOgAwIBAgIUa0MQf4DuXN5QpjLZXgGLM/C98SowCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTIzWhcNMjMwODA0MDUzOTIzWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAESNzo3dz8ppBZiPX1V7ASwFbpMO8p38eetjj2\n30SW6XGCzpA7yQSjdGBpW7eSakIU5Jbe5QEsuPBm00uq3NNn1KOCBkIwggY+MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUMGw4\nKpdfxECSNkBHKO/QZMLLqWwwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTASBgorBgEEAYO/MAECBARwdXNoMDYGCisGAQQBg78wAQMEKDZjZjY3MWY0\nN2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwVQYKKwYBBAGDvzABBARH\nLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNw\nYXRjaC5tYWluLmFsbC5zbHNhMy55bWwwLAYKKwYBBAGDvzABBQQec2xzYS1mcmFt\nZXdvcmsvZXhhbXBsZS1wYWNrYWdlMCAGCisGAQQBg78wAQYEEnJlZnMvdGFncy92\nMTMuMC4zMDA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5n\naXRodWJ1c2VyY29udGVudC5jb20wgYYGCisGAQQBg78wAQkEeAx2aHR0cHM6Ly9n\naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8u\nZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfZ2VuZXJpY19zbHNhMy55bWxAcmVm\ncy90YWdzL3YxLjguMDA4BgorBgEEAYO/MAEKBCoMKGNkZWIzYTkxNjYxMGJjMDBh\nZjVkZWU4M2QxYWNkZDNjNzA3OTkyM2EwHQYKKwYBBAGDvzABCwQPDA1naXRodWIt\naG9zdGVkMEEGCisGAQQBg78wAQwEMwwxaHR0cHM6Ly9naXRodWIuY29tL3Nsc2Et\nZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZTA4BgorBgEEAYO/MAENBCoMKDZjZjY3\nMWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwIgYKKwYBBAGDvzAB\nDgQUDBJyZWZzL3RhZ3MvdjEzLjAuMzAwGQYKKwYBBAGDvzABDwQLDAk0ODYzMjU4\nMDkwMQYKKwYBBAGDvzABEAQjDCFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFt\nZXdvcmswGAYKKwYBBAGDvzABEQQKDAg4MDQzMTE4NzCBngYKKwYBBAGDvzABEgSB\njwyBjGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBh\nY2thZ2UvLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxv\nd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy90YWdzL3YxMy4wLjMw\nMDgGCisGAQQBg78wARMEKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3\nYjkzOGZlMTBkMjAUBgorBgEEAYO/MAEUBAYMBHB1c2gwZAYKKwYBBAGDvzABFQRW\nDFRodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNr\nYWdlL2FjdGlvbnMvcnVucy81NzU4Nzc2Mzc0L2F0dGVtcHRzLzEwFgYKKwYBBAGD\nvzABFgQIDAZwdWJsaWMwgYoGCisGAQQB1nkCBAIEfAR6AHgAdgDdPTBqxscRMmMZ\nHhyZZzcCokpeuN48rf+HinKALynujgAAAYm/BZ2ZAAAEAwBHMEUCIQDKTWfzWtxk\ntPPoMtFfziFSpE0lhtXF413fl5TMTsPBLAIgSk2hruZ+KmfaEG0i0W89WXOkLOO6\nFasBi3NJO9kRcCkwCgYIKoZIzj0EAwMDaAAwZQIxAJmC4xl7T2cSSUWNwtVY5s4o\nx3lrwlDB8ojBekJutT0yM9hwwRdrxzcJifrB7FAhBAIwWTRx4Zwrwj6v93sGXgA+\nMuRIZyC4LZIuyqRXntNoNRxWKk6ITmfD9gkxGF4xl0Ws\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14 b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14 new file mode 100644 index 000000000..652d9fd2f Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14 differ diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2 b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2 new file mode 100644 index 000000000..652d9fd2f Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2 differ diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl new file mode 100644 index 000000000..30f157645 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ2VuZXJpYy1iaW5hcnktbGludXgtYW1kNjQtdjE0LjIiLCJkaWdlc3QiOnsic2hhMjU2IjoiMjVkMzViNzgxYmVmMWZjZjhjMmQ4NjNmYTIxZGNlYmRhMDg3NDg5NTViM2FmZjcxZDRmNWZjY2JiZGVmZTQxYSJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfZ2VuZXJpY19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dlbmVyaWNAdjEiLCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjE0LjIiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwiZW50cnlQb2ludCI6Ii5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJnaXRodWJfYWN0b3IiOiJpYW5sZXdpcyIsImdpdGh1Yl9hY3Rvcl9pZCI6IjQ5Mjg5IiwiZ2l0aHViX2Jhc2VfcmVmIjoiIiwiZ2l0aHViX2V2ZW50X25hbWUiOiJwdXNoIiwiZ2l0aHViX2V2ZW50X3BheWxvYWQiOnsiYWZ0ZXIiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIiwiYmFzZV9yZWYiOiJyZWZzL2hlYWRzL21haW4iLCJiZWZvcmUiOiIwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwIiwiY29tbWl0cyI6W10sImNvbXBhcmUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUvdjE0LjIiLCJjcmVhdGVkIjp0cnVlLCJkZWxldGVkIjpmYWxzZSwiZm9yY2VkIjpmYWxzZSwiaGVhZF9jb21taXQiOnsiYXV0aG9yIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJJYW4gTGV3aXMiLCJ1c2VybmFtZSI6Imlhbmxld2lzIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6Im5vcmVwbHlAZ2l0aHViLmNvbSIsIm5hbWUiOiJHaXRIdWIiLCJ1c2VybmFtZSI6IndlYi1mbG93In0sImRpc3RpbmN0Ijp0cnVlLCJpZCI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJtZXNzYWdlIjoiVXBkYXRlIHZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sXG5cblNpZ25lZC1vZmYtYnk6IElhbiBMZXdpcyBcdTAwM2NpYW5sZXdpc0Bnb29nbGUuY29tXHUwMDNlIiwidGltZXN0YW1wIjoiMjAyMy0wOC0wNFQxNDoyNjowOCswOTowMCIsInRyZWVfaWQiOiI4MjAyYTlhNzA3NTE3YTJlZTNlMjVlYzM0YmRjMzhjODZhM2VkZGI2IiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXQvNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9LCJvcmdhbml6YXRpb24iOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJkZXNjcmlwdGlvbiI6IlN1cHBseS1jaGFpbiBMZXZlbHMgZm9yIFNvZnR3YXJlIEFydGlmYWN0cyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvZXZlbnRzIiwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2hvb2tzIiwiaWQiOjgwNDMxMTg3LCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2lzc3VlcyIsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJtZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9tZW1iZXJzey9tZW1iZXJ9Iiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwicHVibGljX21lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3B1YmxpY19tZW1iZXJzey9tZW1iZXJ9IiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrIn0sInB1c2hlciI6eyJlbWFpbCI6Imlhbmxld2lzQGdvb2dsZS5jb20iLCJuYW1lIjoiaWFubGV3aXMifSwicmVmIjoicmVmcy90YWdzL3YxNC4yIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6MTY1MTA4Nzg0MywiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6bnVsbCwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MjAsImZvcmtzX2NvdW50IjoyMCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZm9ya3MiLCJmdWxsX25hbWUiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6dHJ1ZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiaWQiOjQ4NjMyNTgwOSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJUeXBlU2NyaXB0IiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1hc3Rlcl9icmFuY2giOiJtYWluIiwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWlsZXN0b25lc3svbnVtYmVyfSIsIm1pcnJvcl91cmwiOm51bGwsIm5hbWUiOiJleGFtcGxlLXBhY2thZ2UiLCJub2RlX2lkIjoiUl9rZ0RPSFB5LU1RIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ub3RpZmljYXRpb25zez9zaW5jZSxhbGwscGFydGljaXBhdGluZ30iLCJvcGVuX2lzc3VlcyI6NDEsIm9wZW5faXNzdWVzX2NvdW50Ijo0MSwib3JnYW5pemF0aW9uIjoic2xzYS1mcmFtZXdvcmsiLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImVtYWlsIjpudWxsLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yayIsImlkIjo4MDQzMTE4NywibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm5hbWUiOiJzbHNhLWZyYW1ld29yayIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdWJzY3JpcHRpb25zIiwidHlwZSI6Ik9yZ2FuaXphdGlvbiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsifSwicHJpdmF0ZSI6ZmFsc2UsInB1bGxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoxNjkxMTI2ODA1LCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6NjMyMywic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJzdGFyZ2F6ZXJzIjoxMSwic3RhcmdhemVyc19jb3VudCI6MTEsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA4LTAyVDIwOjA5OjQzWiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ2aXNpYmlsaXR5IjoicHVibGljIiwid2F0Y2hlcnMiOjExLCJ3YXRjaGVyc19jb3VudCI6MTEsIndlYl9jb21taXRfc2lnbm9mZl9yZXF1aXJlZCI6dHJ1ZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzQ5Mjg5P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2lhbmxld2lzIiwiaWQiOjQ5Mjg5LCJsb2dpbiI6Imlhbmxld2lzIiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pRNU1qZzUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcyJ9fSwiZ2l0aHViX2hlYWRfcmVmIjoiIiwiZ2l0aHViX3JlZiI6InJlZnMvdGFncy92MTQuMiIsImdpdGh1Yl9yZWZfdHlwZSI6InRhZyIsImdpdGh1Yl9yZXBvc2l0b3J5X2lkIjoiNDg2MzI1ODA5IiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXIiOiJzbHNhLWZyYW1ld29yayIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyX2lkIjoiODA0MzExODciLCJnaXRodWJfcnVuX2F0dGVtcHQiOiIxIiwiZ2l0aHViX3J1bl9pZCI6IjU3NTg3NzYzMDQiLCJnaXRodWJfcnVuX251bWJlciI6IjY5IiwiZ2l0aHViX3NoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JRCI6IjU3NTg3NzYzMDQtMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjp0cnVlLCJlbnZpcm9ubWVudCI6ZmFsc2UsIm1hdGVyaWFscyI6ZmFsc2V9LCJyZXByb2R1Y2libGUiOmZhbHNlfSwibWF0ZXJpYWxzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL3RhZ3MvdjE0LjIiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX1dfX0=","signatures":[{"keyid":"","sig":"MEUCIEfpE1p+72g8xYenJEXsdyHTppAJMsrYjGXJB4131RjLAiEA96ZP5TgL3f8jldf93MA+g+sThgRH53SWzY9GSziSM5Y=","cert":"-----BEGIN CERTIFICATE-----\nMIIHkzCCBxmgAwIBAgIUffblinR7cT8m4a9uJKEKtmmDpqMwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTI1WhcNMjMwODA0MDUzOTI1WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE/ZX8IPvgVy85cwfcuN6e5ZBk64s4zC196+FT\n/7Dscwd9+BkogNzfoZliaE4vQ5b4RmkD2ruKvB3QmfpIQCsZRKOCBjgwggY0MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUC3ey\n1STBXXaTei2kD9YbJof9x7kwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTASBgorBgEEAYO/MAECBARwdXNoMDYGCisGAQQBg78wAQMEKDZjZjY3MWY0\nN2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwVQYKKwYBBAGDvzABBARH\nLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNw\nYXRjaC5tYWluLmFsbC5zbHNhMy55bWwwLAYKKwYBBAGDvzABBQQec2xzYS1mcmFt\nZXdvcmsvZXhhbXBsZS1wYWNrYWdlMB0GCisGAQQBg78wAQYED3JlZnMvdGFncy92\nMTQuMjA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRo\ndWJ1c2VyY29udGVudC5jb20wgYYGCisGAQQBg78wAQkEeAx2aHR0cHM6Ly9naXRo\ndWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0\naHViL3dvcmtmbG93cy9nZW5lcmF0b3JfZ2VuZXJpY19zbHNhMy55bWxAcmVmcy90\nYWdzL3YxLjguMDA4BgorBgEEAYO/MAEKBCoMKGNkZWIzYTkxNjYxMGJjMDBhZjVk\nZWU4M2QxYWNkZDNjNzA3OTkyM2EwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9z\ndGVkMEEGCisGAQQBg78wAQwEMwwxaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJh\nbWV3b3JrL2V4YW1wbGUtcGFja2FnZTA4BgorBgEEAYO/MAENBCoMKDZjZjY3MWY0\nN2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwHwYKKwYBBAGDvzABDgQR\nDA9yZWZzL3RhZ3MvdjE0LjIwGQYKKwYBBAGDvzABDwQLDAk0ODYzMjU4MDkwMQYK\nKwYBBAGDvzABEAQjDCFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsw\nGAYKKwYBBAGDvzABEQQKDAg4MDQzMTE4NzCBmwYKKwYBBAGDvzABEgSBjAyBiWh0\ndHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uv\nLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNw\nYXRjaC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy90YWdzL3YxNC4yMDgGCisGAQQB\ng78wARMEKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBk\nMjAUBgorBgEEAYO/MAEUBAYMBHB1c2gwZAYKKwYBBAGDvzABFQRWDFRodHRwczov\nL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlv\nbnMvcnVucy81NzU4Nzc2MzA0L2F0dGVtcHRzLzEwFgYKKwYBBAGDvzABFgQIDAZw\ndWJsaWMwgYkGCisGAQQB1nkCBAIEewR5AHcAdQDdPTBqxscRMmMZHhyZZzcCokpe\nuN48rf+HinKALynujgAAAYm/BaTWAAAEAwBGMEQCIB9PdlzkJjEQJowA8Hf166ap\ng3AC26R+1zSzuxo/SMi0AiBYPQSsPoGOEsnLuDzabY8y23uh38wnlBgsB5Z9TpTg\nUDAKBggqhkjOPQQDAwNoADBlAjAoBq2VT+LM/H15GBuGJGusFuvVQnr81A3akC9e\nCbrtRr0crijYwyGhkC6jLwQUHM0CMQDpA67dICfnh94ads2+3QaZXkES+FKOHD/H\ncwWfOBpfGQ+4aTmz6srpXIHYlAafacs=\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl new file mode 100644 index 000000000..62c8496a1 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ2VuZXJpYy1iaW5hcnktbGludXgtYW1kNjQtdjE0IiwiZGlnZXN0Ijp7InNoYTI1NiI6IjI1ZDM1Yjc4MWJlZjFmY2Y4YzJkODYzZmEyMWRjZWJkYTA4NzQ4OTU1YjNhZmY3MWQ0ZjVmY2NiYmRlZmU0MWEifX1dLCJwcmVkaWNhdGUiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2VuZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci9nZW5lcmljQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy90YWdzL3YxNCIsImRpZ2VzdCI6eyJzaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9LCJlbnRyeVBvaW50IjoiLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWwifSwicGFyYW1ldGVycyI6e30sImVudmlyb25tZW50Ijp7ImdpdGh1Yl9hY3RvciI6Imlhbmxld2lzIiwiZ2l0aHViX2FjdG9yX2lkIjoiNDkyODkiLCJnaXRodWJfYmFzZV9yZWYiOiIiLCJnaXRodWJfZXZlbnRfbmFtZSI6InB1c2giLCJnaXRodWJfZXZlbnRfcGF5bG9hZCI6eyJhZnRlciI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS92MTQiLCJjcmVhdGVkIjp0cnVlLCJkZWxldGVkIjpmYWxzZSwiZm9yY2VkIjpmYWxzZSwiaGVhZF9jb21taXQiOnsiYXV0aG9yIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJJYW4gTGV3aXMiLCJ1c2VybmFtZSI6Imlhbmxld2lzIn0sImNvbW1pdHRlciI6eyJlbWFpbCI6Im5vcmVwbHlAZ2l0aHViLmNvbSIsIm5hbWUiOiJHaXRIdWIiLCJ1c2VybmFtZSI6IndlYi1mbG93In0sImRpc3RpbmN0Ijp0cnVlLCJpZCI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJtZXNzYWdlIjoiVXBkYXRlIHZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sXG5cblNpZ25lZC1vZmYtYnk6IElhbiBMZXdpcyBcdTAwM2NpYW5sZXdpc0Bnb29nbGUuY29tXHUwMDNlIiwidGltZXN0YW1wIjoiMjAyMy0wOC0wNFQxNDoyNjowOCswOTowMCIsInRyZWVfaWQiOiI4MjAyYTlhNzA3NTE3YTJlZTNlMjVlYzM0YmRjMzhjODZhM2VkZGI2IiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXQvNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9LCJvcmdhbml6YXRpb24iOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJkZXNjcmlwdGlvbiI6IlN1cHBseS1jaGFpbiBMZXZlbHMgZm9yIFNvZnR3YXJlIEFydGlmYWN0cyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvZXZlbnRzIiwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2hvb2tzIiwiaWQiOjgwNDMxMTg3LCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2lzc3VlcyIsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJtZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9tZW1iZXJzey9tZW1iZXJ9Iiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwicHVibGljX21lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3B1YmxpY19tZW1iZXJzey9tZW1iZXJ9IiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrIn0sInB1c2hlciI6eyJlbWFpbCI6Imlhbmxld2lzQGdvb2dsZS5jb20iLCJuYW1lIjoiaWFubGV3aXMifSwicmVmIjoicmVmcy90YWdzL3YxNCIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS97YXJjaGl2ZV9mb3JtYXR9ey9yZWZ9IiwiYXJjaGl2ZWQiOmZhbHNlLCJhc3NpZ25lZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2JyYW5jaGVzey9icmFuY2h9IiwiY2xvbmVfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21tZW50c3svbnVtYmVyfSIsImNvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250ZW50cy97K3BhdGh9IiwiY29udHJpYnV0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOjE2NTEwODc4NDMsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOm51bGwsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjIwLCJmb3Jrc19jb3VudCI6MjAsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2ZvcmtzIiwiZnVsbF9uYW1lIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOnRydWUsImhhc19wYWdlcyI6ZmFsc2UsImhhc19wcm9qZWN0cyI6dHJ1ZSwiaGFzX3dpa2kiOnRydWUsImhvbWVwYWdlIjpudWxsLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImlkIjo0ODYzMjU4MDksImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiVHlwZVNjcmlwdCIsImxhbmd1YWdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtYXN0ZXJfYnJhbmNoIjoibWFpbiIsIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiZXhhbXBsZS1wYWNrYWdlIiwibm9kZV9pZCI6IlJfa2dET0hQeS1NUSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjQxLCJvcGVuX2lzc3Vlc19jb3VudCI6NDEsIm9yZ2FuaXphdGlvbiI6InNsc2EtZnJhbWV3b3JrIiwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJlbWFpbCI6bnVsbCwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsiLCJpZCI6ODA0MzExODcsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJuYW1lIjoic2xzYS1mcmFtZXdvcmsiLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJPcmdhbml6YXRpb24iLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6MTY5MTEyNjgwNSwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcmVsZWFzZXN7L2lkfSIsInNpemUiOjYzMjMsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0Iiwic3RhcmdhemVycyI6MTEsInN0YXJnYXplcnNfY291bnQiOjExLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMy0wOC0wMlQyMDowOTo0M1oiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoxMSwid2F0Y2hlcnNfY291bnQiOjExLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOnRydWV9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS80OTI4OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9pYW5sZXdpcyIsImlkIjo0OTI4OSwibG9naW4iOiJpYW5sZXdpcyIsIm5vZGVfaWQiOiJNRFE2VlhObGNqUTVNamc1Iiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMifX0sImdpdGh1Yl9oZWFkX3JlZiI6IiIsImdpdGh1Yl9yZWYiOiJyZWZzL3RhZ3MvdjE0IiwiZ2l0aHViX3JlZl90eXBlIjoidGFnIiwiZ2l0aHViX3JlcG9zaXRvcnlfaWQiOiI0ODYzMjU4MDkiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lciI6InNsc2EtZnJhbWV3b3JrIiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXJfaWQiOiI4MDQzMTE4NyIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiNTc1ODc3NjMwMyIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiNjgiLCJnaXRodWJfc2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiNTc1ODc3NjMwMy0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX1dfX0=","signatures":[{"keyid":"","sig":"MEYCIQDPcNUO9PoUNChvp2ECV8JSWrSfJ4ltcSt2fs164sgbFQIhALNput12zT7M386o5MZE4NX06WBAUtpl9D1Y5PZub79D","cert":"-----BEGIN CERTIFICATE-----\nMIIHkDCCBxWgAwIBAgIUDhz+Bb/AUfs9EnVnICDA+G5UMf4wCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTIyWhcNMjMwODA0MDUzOTIyWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE9Jivjz0IFphAXTlu7S3XBPoH1AaN5RjjtPtr\nxsIItBWVhxv8LmU+QbsogItNnN1etSmK7AJWXpQ3Zt7zOxxXQ6OCBjQwggYwMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUamJY\nkl3Qc3SX/ILaMSoFkswEFCYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTASBgorBgEEAYO/MAECBARwdXNoMDYGCisGAQQBg78wAQMEKDZjZjY3MWY0\nN2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwVQYKKwYBBAGDvzABBARH\nLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNw\nYXRjaC5tYWluLmFsbC5zbHNhMy55bWwwLAYKKwYBBAGDvzABBQQec2xzYS1mcmFt\nZXdvcmsvZXhhbXBsZS1wYWNrYWdlMBsGCisGAQQBg78wAQYEDXJlZnMvdGFncy92\nMTQwOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVi\ndXNlcmNvbnRlbnQuY29tMIGGBgorBgEEAYO/MAEJBHgMdmh0dHBzOi8vZ2l0aHVi\nLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1\nYi93b3JrZmxvd3MvZ2VuZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFn\ncy92MS44LjAwOAYKKwYBBAGDvzABCgQqDChjZGViM2E5MTY2MTBiYzAwYWY1ZGVl\nODNkMWFjZGQzYzcwNzk5MjNhMB0GCisGAQQBg78wAQsEDwwNZ2l0aHViLWhvc3Rl\nZDBBBgorBgEEAYO/MAEMBDMMMWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9leGFtcGxlLXBhY2thZ2UwOAYKKwYBBAGDvzABDQQqDCg2Y2Y2NzFmNDdm\nMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMB0GCisGAQQBg78wAQ4EDwwN\ncmVmcy90YWdzL3YxNDAZBgorBgEEAYO/MAEPBAsMCTQ4NjMyNTgwOTAxBgorBgEE\nAYO/MAEQBCMMIWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yazAYBgor\nBgEEAYO/MAERBAoMCDgwNDMxMTg3MIGZBgorBgEEAYO/MAESBIGKDIGHaHR0cHM6\nLy9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS8uZ2l0\naHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNo\nLm1haW4uYWxsLnNsc2EzLnltbEByZWZzL3RhZ3MvdjE0MDgGCisGAQQBg78wARME\nKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjAUBgor\nBgEEAYO/MAEUBAYMBHB1c2gwZAYKKwYBBAGDvzABFQRWDFRodHRwczovL2dpdGh1\nYi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVu\ncy81NzU4Nzc2MzAzL2F0dGVtcHRzLzEwFgYKKwYBBAGDvzABFgQIDAZwdWJsaWMw\ngYsGCisGAQQB1nkCBAIEfQR7AHkAdwDdPTBqxscRMmMZHhyZZzcCokpeuN48rf+H\ninKALynujgAAAYm/BZjVAAAEAwBIMEYCIQC2NVGPsB0rDJLtkOXWjNLzQzKyt1Ka\nNmRdJcmvpzok/wIhAJg0uz2mywgl14h7svWsJ8IkKo/7OIzHzH/TjvxRPAJfMAoG\nCCqGSM49BAMDA2kAMGYCMQDec0quaeAvzICXIuUZMjwY4XaOD8MgPpx1KeYlWx84\nm78eYImI7DPZHng+Y6YLGG4CMQD8j6OKAjhYoJwbwg5DBgchu+ggMcVyRI1Vo15Y\nq6F65aoBQpsAvWqTpGdPQ/cmemQ=\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch new file mode 100644 index 000000000..652d9fd2f Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch differ diff --git a/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl new file mode 100644 index 000000000..730841ca5 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ2VuZXJpYy1iaW5hcnktbGludXgtYW1kNjQtd29ya2Zsb3dfZGlzcGF0Y2giLCJkaWdlc3QiOnsic2hhMjU2IjoiMjVkMzViNzgxYmVmMWZjZjhjMmQ4NjNmYTIxZGNlYmRhMDg3NDg5NTViM2FmZjcxZDRmNWZjY2JiZGVmZTQxYSJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfZ2VuZXJpY19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dlbmVyaWNAdjEiLCJpbnZvY2F0aW9uIjp7ImNvbmZpZ1NvdXJjZSI6eyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwiZW50cnlQb2ludCI6Ii5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJnaXRodWJfYWN0b3IiOiJpYW5sZXdpcyIsImdpdGh1Yl9hY3Rvcl9pZCI6IjQ5Mjg5IiwiZ2l0aHViX2Jhc2VfcmVmIjoiIiwiZ2l0aHViX2V2ZW50X25hbWUiOiJ3b3JrZmxvd19kaXNwYXRjaCIsImdpdGh1Yl9ldmVudF9wYXlsb2FkIjp7ImlucHV0cyI6bnVsbCwib3JnYW5pemF0aW9uIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZGVzY3JpcHRpb24iOiJTdXBwbHktY2hhaW4gTGV2ZWxzIGZvciBTb2Z0d2FyZSBBcnRpZmFjdHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50cyIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ob29rcyIsImlkIjo4MDQzMTE4NywiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9pc3N1ZXMiLCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvbWVtYmVyc3svbWVtYmVyfSIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsInB1YmxpY19tZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9wdWJsaWNfbWVtYmVyc3svbWVtYmVyfSIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yayJ9LCJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoiMjAyMi0wNC0yN1QxOTozMDo0M1oiLCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjpudWxsLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZXZlbnRzIiwiZm9yayI6ZmFsc2UsImZvcmtzIjoyMCwiZm9ya3NfY291bnQiOjIwLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9mb3JrcyIsImZ1bGxfbmFtZSI6InNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJoYXNfZGlzY3Vzc2lvbnMiOmZhbHNlLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaG9va3MiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJpZCI6NDg2MzI1ODA5LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9ldmVudHN7L251bWJlcn0iLCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhYmVsc3svbmFtZX0iLCJsYW5ndWFnZSI6IlR5cGVTY3JpcHQiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFuZ3VhZ2VzIiwibGljZW5zZSI6eyJrZXkiOiJhcGFjaGUtMi4wIiwibmFtZSI6IkFwYWNoZSBMaWNlbnNlIDIuMCIsIm5vZGVfaWQiOiJNRGM2VEdsalpXNXpaVEk9Iiwic3BkeF9pZCI6IkFwYWNoZS0yLjAiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL2xpY2Vuc2VzL2FwYWNoZS0yLjAifSwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWlsZXN0b25lc3svbnVtYmVyfSIsIm1pcnJvcl91cmwiOm51bGwsIm5hbWUiOiJleGFtcGxlLXBhY2thZ2UiLCJub2RlX2lkIjoiUl9rZ0RPSFB5LU1RIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ub3RpZmljYXRpb25zez9zaW5jZSxhbGwscGFydGljaXBhdGluZ30iLCJvcGVuX2lzc3VlcyI6NDEsIm9wZW5faXNzdWVzX2NvdW50Ijo0MSwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yayIsImlkIjo4MDQzMTE4NywibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdWJzY3JpcHRpb25zIiwidHlwZSI6Ik9yZ2FuaXphdGlvbiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsifSwicHJpdmF0ZSI6ZmFsc2UsInB1bGxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoiMjAyMy0wOC0wNFQwNToyNjowOFoiLCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6NjMyMywic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJzdGFyZ2F6ZXJzX2NvdW50IjoxMSwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGFyZ2F6ZXJzIiwic3RhdHVzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpcHRpb24iLCJzdm5fdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RlYW1zIiwidG9waWNzIjpbXSwidHJlZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjMtMDgtMDJUMjA6MDk6NDNaIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ2aXNpYmlsaXR5IjoicHVibGljIiwid2F0Y2hlcnMiOjExLCJ3YXRjaGVyc19jb3VudCI6MTEsIndlYl9jb21taXRfc2lnbm9mZl9yZXF1aXJlZCI6dHJ1ZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzQ5Mjg5P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2lhbmxld2lzIiwiaWQiOjQ5Mjg5LCJsb2dpbiI6Imlhbmxld2lzIiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pRNU1qZzUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcyJ9LCJ3b3JrZmxvdyI6Ii5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sIn0sImdpdGh1Yl9oZWFkX3JlZiI6IiIsImdpdGh1Yl9yZWYiOiJyZWZzL2hlYWRzL21haW4iLCJnaXRodWJfcmVmX3R5cGUiOiJicmFuY2giLCJnaXRodWJfcmVwb3NpdG9yeV9pZCI6IjQ4NjMyNTgwOSIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyIjoic2xzYS1mcmFtZXdvcmsiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lcl9pZCI6IjgwNDMxMTg3IiwiZ2l0aHViX3J1bl9hdHRlbXB0IjoiMSIsImdpdGh1Yl9ydW5faWQiOiI1NzU4NzcyNzM5IiwiZ2l0aHViX3J1bl9udW1iZXIiOiI2NyIsImdpdGh1Yl9zaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9fSwibWV0YWRhdGEiOnsiYnVpbGRJbnZvY2F0aW9uSUQiOiI1NzU4NzcyNzM5LTEiLCJjb21wbGV0ZW5lc3MiOnsicGFyYW1ldGVycyI6dHJ1ZSwiZW52aXJvbm1lbnQiOmZhbHNlLCJtYXRlcmlhbHMiOmZhbHNlfSwicmVwcm9kdWNpYmxlIjpmYWxzZX0sIm1hdGVyaWFscyI6W3sidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn19XX19","signatures":[{"keyid":"","sig":"MEUCIQDx0zP3XwJxhgotVTvLMDKNIo9n3dO6xO0gqbFlthaPJQIgc+r1ZHio5EhwPoPkN5r5vvVMW6qdsUvErcRg9fi47YM=","cert":"-----BEGIN CERTIFICATE-----\nMIIHrDCCBzOgAwIBAgIUHhkQMUboJCVwiGtgUuy2Ls7qjwgwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyODUwWhcNMjMwODA0MDUzODUwWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEnryjz65cl+Lb2smYJB0xgvzFmnqdR0G7R70e\nEeebchvEDN5qqbxeMsnLD8xtH6/B46i80CHzo0xj2hk+26UvMaOCBlIwggZOMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUSX9o\ng5OZtJvFoId/pRm3MZxGhjMwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYQGA1UdEQEB/wR6MHiGdmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2dlbmVyaWNfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAwOQYKKwYB\nBAGDvzABAQQraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250ZW50\nLmNvbTAfBgorBgEEAYO/MAECBBF3b3JrZmxvd19kaXNwYXRjaDA2BgorBgEEAYO/\nMAEDBCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUG\nCisGAQQBg78wAQQERy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwu\nd29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78w\nAQUEHnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZTAdBgorBgEEAYO/MAEG\nBA9yZWZzL2hlYWRzL21haW4wOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2Vu\nLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tMIGGBgorBgEEAYO/MAEJBHgM\ndmh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1n\nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2VuZXJhdG9yX2dlbmVyaWNfc2xz\nYTMueW1sQHJlZnMvdGFncy92MS44LjAwOAYKKwYBBAGDvzABCgQqDChjZGViM2E5\nMTY2MTBiYzAwYWY1ZGVlODNkMWFjZGQzYzcwNzk5MjNhMB0GCisGAQQBg78wAQsE\nDwwNZ2l0aHViLWhvc3RlZDBBBgorBgEEAYO/MAEMBDMMMWh0dHBzOi8vZ2l0aHVi\nLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UwOAYKKwYBBAGDvzAB\nDQQqDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMB8G\nCisGAQQBg78wAQ4EEQwPcmVmcy9oZWFkcy9tYWluMBkGCisGAQQBg78wAQ8ECwwJ\nNDg2MzI1ODA5MDEGCisGAQQBg78wARAEIwwhaHR0cHM6Ly9naXRodWIuY29tL3Ns\nc2EtZnJhbWV3b3JrMBgGCisGAQQBg78wAREECgwIODA0MzExODcwgZsGCisGAQQB\ng78wARIEgYwMgYlodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhh\nbXBsZS1wYWNrYWdlLy5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwu\nd29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sQHJlZnMvaGVhZHMv\nbWFpbjA4BgorBgEEAYO/MAETBCoMKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUx\nMWUzN2I5MzhmZTEwZDIwIQYKKwYBBAGDvzABFAQTDBF3b3JrZmxvd19kaXNwYXRj\naDBkBgorBgEEAYO/MAEVBFYMVGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9leGFtcGxlLXBhY2thZ2UvYWN0aW9ucy9ydW5zLzU3NTg3NzI3MzkvYXR0\nZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiQYKKwYBBAHWeQIEAgR7\nBHkAdwB1AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABib8FGnsA\nAAQDAEYwRAIgHk43kcE+9EG6XN6Y8UDO/ORzgPH2jcZVWPZSvatjO4oCIFh50/yL\nvjRnF9eo+nzqKGlJeNGpb5Z+dN8jPHd7JVpHMAoGCCqGSM49BAMDA2cAMGQCMBGF\nNhhsFhN7xgoMZfDVhy7nYpsHRP60YX1ridgskGvhQfWOMnT87fBYWf0e7Gl7RQIw\nGiymy7dGNubtXG7bcghwPMfeyU0RHVszxuq/yJK57zCLEfGlogRQ6qhXLo6mY9c7\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch.digest b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch.digest new file mode 100644 index 000000000..a6e186641 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch.digest @@ -0,0 +1 @@ +sha256:038d72307b94cd27dffbfb458b695758929980cebec68ca892061a280636952b \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/038d72307b94cd27dffbfb458b695758929980cebec68ca892061a280636952b b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/038d72307b94cd27dffbfb458b695758929980cebec68ca892061a280636952b new file mode 100755 index 000000000..0f9b5cc8e --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/038d72307b94cd27dffbfb458b695758929980cebec68ca892061a280636952b @@ -0,0 +1,28 @@ +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.index.v1+json", + "manifests": [ + { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "digest": "sha256:5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060", + "size": 2183, + "platform": { + "architecture": "amd64", + "os": "linux" + } + }, + { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "digest": "sha256:085e838ef71453d1911bf61a3b499719b09659a5dd2a7c89e8e359fe342a4ab5", + "size": 567, + "annotations": { + "vnd.docker.reference.digest": "sha256:5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060", + "vnd.docker.reference.type": "attestation-manifest" + }, + "platform": { + "architecture": "unknown", + "os": "unknown" + } + } + ] +} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/085e838ef71453d1911bf61a3b499719b09659a5dd2a7c89e8e359fe342a4ab5 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/085e838ef71453d1911bf61a3b499719b09659a5dd2a7c89e8e359fe342a4ab5 new file mode 100644 index 000000000..5b82cd998 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/085e838ef71453d1911bf61a3b499719b09659a5dd2a7c89e8e359fe342a4ab5 @@ -0,0 +1,19 @@ +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "config": { + "mediaType": "application/vnd.oci.image.config.v1+json", + "digest": "sha256:9482db6a03f933341e26c555d2456e98526cfe8d7fbf7bd1370460b06a5cdd9f", + "size": 167 + }, + "layers": [ + { + "mediaType": "application/vnd.in-toto+json", + "digest": "sha256:b5d5bed7682d285fe850b15e8e5a3df200ff2f202d12f1c72017b03c1aed29d4", + "size": 14044, + "annotations": { + "in-toto.io/predicate-type": "https://slsa.dev/provenance/v0.2" + } + } + ] +} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/195f75fe5d0554704527695e9205c457d3544bd0b078340bebd109a761c57920 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/195f75fe5d0554704527695e9205c457d3544bd0b078340bebd109a761c57920 new file mode 100644 index 000000000..f5e4fd498 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/195f75fe5d0554704527695e9205c457d3544bd0b078340bebd109a761c57920 @@ -0,0 +1 @@ +{"schemaVersion":2,"mediaType":"application/vnd.oci.image.manifest.v1+json","config":{"mediaType":"application/vnd.oci.image.config.v1+json","size":243,"digest":"sha256:66e6ea84946fc865c5b4627520930f4e25ebbc869fe829e7baa2b2da952f3bd6"},"layers":[{"mediaType":"application/vnd.dsse.envelope.v1+json","size":12140,"digest":"sha256:291729ce6264067c1a61f8156f9133f2efcc3f72341d5cd22f2b9ba279ecb25f","annotations":{"dev.cosignproject.cosign/signature":"","dev.sigstore.cosign/bundle":"{\"SignedEntryTimestamp\":\"MEQCIECDOdcNGfGkLow12wGzOmdcIwcYJVaKRQ6vGyjbEzmmAiAM0FMv+tmfFcclfgzk000DK/zK/KP43kgM0bBLBhIo+g==\",\"Payload\":{\"body\":\"eyJhcGlWZXJzaW9uIjoiMC4wLjEiLCJraW5kIjoiaW50b3RvIiwic3BlYyI6eyJjb250ZW50Ijp7Imhhc2giOnsiYWxnb3JpdGhtIjoic2hhMjU2IiwidmFsdWUiOiIyOTE3MjljZTYyNjQwNjdjMWE2MWY4MTU2ZjkxMzNmMmVmY2MzZjcyMzQxZDVjZDIyZjJiOWJhMjc5ZWNiMjVmIn0sInBheWxvYWRIYXNoIjp7ImFsZ29yaXRobSI6InNoYTI1NiIsInZhbHVlIjoiODQ4YWIxM2RlY2M1YjAyNmM4MGVlMDdmNjRiYmRhOGUyNDU4MzljYzUzNGIxOGI3OWUzYjM4NDAxY2U4NThjNCJ9fSwicHVibGljS2V5IjoiTFMwdExTMUNSVWRKVGlCRFJWSlVTVVpKUTBGVVJTMHRMUzB0Q2sxSlNVaHpla05EUW5wcFowRjNTVUpCWjBsVlJEZ3ZLeTlxWTA5M2JHcFBjbFowVVdRMWVHMDFVekZPV1VwRmQwTm5XVWxMYjFwSmVtb3dSVUYzVFhjS1RucEZWazFDVFVkQk1WVkZRMmhOVFdNeWJHNWpNMUoyWTIxVmRWcEhWakpOVWpSM1NFRlpSRlpSVVVSRmVGWjZZVmRrZW1SSE9YbGFVekZ3WW01U2JBcGpiVEZzV2tkc2FHUkhWWGRJYUdOT1RXcE5kMDlFUVRCTlJGVjVUMFJGZUZkb1kwNU5hazEzVDBSQk1FMUVWWHBQUkVWNFYycEJRVTFHYTNkRmQxbElDa3R2V2tsNmFqQkRRVkZaU1V0dldrbDZhakJFUVZGalJGRm5RVVUxVTJveE1XeGxRazVMUVdkelpuQkpOV3RrTldvMFUyWnFVRVl6Tkc4NGVubFBZemdLY0d0TlkwZFNXREpIYUdSNE5WVk1WMjFyVkdSelptVklOVTlaWTJkR1NFWkROMFY0YVhwd1prdEJiVlZZUlhsWVQwdFBRMEpzWTNkbloxcFVUVUUwUndwQk1WVmtSSGRGUWk5M1VVVkJkMGxJWjBSQlZFSm5UbFpJVTFWRlJFUkJTMEpuWjNKQ1owVkdRbEZqUkVGNlFXUkNaMDVXU0ZFMFJVWm5VVlYxV2xwWUNqQXZVVFpNUWt4MlpEZGhUV3ROUzBobU9FWlVjSGhWZDBoM1dVUldVakJxUWtKbmQwWnZRVlV6T1ZCd2VqRlphMFZhWWpWeFRtcHdTMFpYYVhocE5Ga0tXa1E0ZDJkWldVZEJNVlZrUlZGRlFpOTNVamhOU0hGSFpVZG9NR1JJUW5wUGFUaDJXakpzTUdGSVZtbE1iVTUyWWxNNWVtSklUbWhNVjFwNVdWY3hiQXBrTWpsNVlYazVlbUpJVG1oTVYyUndaRWRvTVZscE1XNWFWelZzWTIxR01HSXpTWFpNYldSd1pFZG9NVmxwT1ROaU0wcHlXbTE0ZG1RelRYWmFNbFoxQ2xwWVNtaGtSemw1V0RKT2RtSnVVbWhoVnpWc1kydzVlbUpJVG1oTmVUVTFZbGQ0UVdOdFZtMWplVGt3V1Zka2Vrd3pXWGhNYW1kMVRVUkJOVUpuYjNJS1FtZEZSVUZaVHk5TlFVVkNRa04wYjJSSVVuZGplbTkyVEROU2RtRXlWblZNYlVacVpFZHNkbUp1VFhWYU1td3dZVWhXYVdSWVRteGpiVTUyWW01U2JBcGlibEYxV1RJNWRFMUNPRWREYVhOSFFWRlJRbWMzT0hkQlVVbEZSVmhrZG1OdGRHMWlSemt6V0RKU2NHTXpRbWhrUjA1dlRVUlpSME5wYzBkQlVWRkNDbWMzT0hkQlVVMUZTMFJhYWxwcVdUTk5WMWt3VGpKWmVrNTZWWGxhYW1zeldXcHNiVTVYU20xYWFsVjRUVmRWZWs0eVNUVk5lbWh0V2xSRmQxcEVTWGNLVmxGWlMwdDNXVUpDUVVkRWRucEJRa0pCVWtoTWJXUndaRWRvTVZscE9UTmlNMHB5V20xNGRtUXpUWFprYlZaNVlWZGFjRnBZU1hSYVZFcHNURzFHY3dwaVF6VXpZak5LY2xwdGVIWmtNVGxyWVZoT2QxbFlVbXBoUXpWMFdWZHNkVXh0Um5OaVF6VjZZa2hPYUUxNU5UVmlWM2QzVEVGWlMwdDNXVUpDUVVkRUNuWjZRVUpDVVZGbFl6SjRlbGxUTVcxamJVWjBXbGhrZG1OdGMzWmFXR2hvWWxoQ2MxcFRNWGRaVjA1eVdWZGtiRTFDTUVkRGFYTkhRVkZSUW1jM09IY0tRVkZaUlVRelNteGFiazEyWVVkV2FGcElUWFppVjBad1ltcEJOMEpuYjNKQ1owVkZRVmxQTDAxQlJVbENRekJOU3pKb01HUklRbnBQYVRoMlpFYzVjZ3BhVnpSMVdWZE9NR0ZYT1hWamVUVnVZVmhTYjJSWFNqRmpNbFo1V1RJNWRXUkhWblZrUXpWcVlqSXdkMmRaWjBkRGFYTkhRVkZSUW1jM09IZEJVV3RGQ21WbmVEUmhTRkl3WTBoTk5reDVPVzVoV0ZKdlpGZEpkVmt5T1hSTU0wNXpZekpGZEZwdVNtaGlWMVl6WWpOS2Nrd3pUbk5qTWtWMFdqSnNNR0ZJVm1rS1RGZGtiR0p0Vm5sWldGSjJZMms0ZFZveWJEQmhTRlpwVEROa2RtTnRkRzFpUnprelkzazVibHBYTld4amJVWXdZak5LWmxreU9YVmtSMFp3WW0xV2VRcFlNMDV6WXpKRmVreHViSFJpUlVKNVdsZGFla3d6VW1oYU0wMTJaR3BGZFU5RE5IZE5SR2RIUTJselIwRlJVVUpuTnpoM1FWRnZSVXRuZDI5Wk1sSnNDbGxxVG1oUFZFVXlUbXBGZDFsdFRYZE5SMFp0VGxkU2JGcFVaM3BhUkVab1dUSlNhMDB5VFROTlJHTTFUMVJKZWxsVVFXUkNaMjl5UW1kRlJVRlpUeThLVFVGRlRFSkJPRTFFVjJSd1pFZG9NVmxwTVc5aU0wNHdXbGRSZDFGUldVdExkMWxDUWtGSFJIWjZRVUpFUVZGNlJFUkdiMlJJVW5kamVtOTJUREprY0Fwa1IyZ3hXV2sxYW1JeU1IWmpNbmg2V1ZNeGJXTnRSblJhV0dSMlkyMXpkbHBZYUdoaVdFSnpXbE14ZDFsWFRuSlpWMlJzVFVSblIwTnBjMGRCVVZGQ0NtYzNPSGRCVVRCRlMyZDNiMDV0VG0xT2FtTjRXbXBSTTFwcVRUTk9WRXB0VDFSa2FVOVhXVEZaYlZwdFRsUkZlRnBVVFROWmFtdDZUMGRhYkUxVVFtc0tUV3BCWmtKbmIzSkNaMFZGUVZsUEwwMUJSVTlDUWtWTlJETktiRnB1VFhaaFIxWm9Xa2hOZG1KWFJuQmlha0ZhUW1kdmNrSm5SVVZCV1U4dlRVRkZVQXBDUVhOTlExUlJORTVxVFhsT1ZHZDNUMVJCZUVKbmIzSkNaMFZGUVZsUEwwMUJSVkZDUTAxTlNWZG9NR1JJUW5wUGFUaDJXakpzTUdGSVZtbE1iVTUyQ21KVE9YcGlTRTVvVEZkYWVWbFhNV3hrTWpsNVlYcEJXVUpuYjNKQ1owVkZRVmxQTDAxQlJWSkNRVzlOUTBSbmQwNUVUWGhOVkdjelRVbEhZa0puYjNJS1FtZEZSVUZaVHk5TlFVVlRRa2xIVFVSSlIwcGhTRkl3WTBoTk5reDVPVzVoV0ZKdlpGZEpkVmt5T1hSTU0wNXpZekpGZEZwdVNtaGlWMVl6WWpOS2NncE1NbFkwV1ZjeGQySkhWWFJqUjBacVlUSkdibHBUT0hWYU1td3dZVWhXYVV3elpIWmpiWFJ0WWtjNU0yTjVPVEphV0Vwd1dtMXNiR05wTVd4TmJWVjFDbGxYZUhOTWJtUjJZMjEwYldKSE9UTllNbEp3WXpOQ2FHUkhUbTlNYlRGb1lWYzBkVmxYZUhOTWJrNXpZekpGZWt4dWJIUmlSVUo1V2xkYWVrd3lhR3dLV1ZkU2Vrd3lNV2hoVnpSM1QwRlpTMHQzV1VKQ1FVZEVkbnBCUWtWM1VYRkVRMmN5V1RKWk1rNTZSbTFPUkdSdFRYcGpNVTF0V1RWT01razFXbXBXYVFwYWJWa3hUVlJHYkUxNlpHbFBWRTAwV20xVmVFMUhVWGxOUTBWSFEybHpSMEZSVVVKbk56aDNRVkpSUlVWM2QxSmtNamw1WVRKYWMySXpaR1phUjJ4NkNtTkhSakJaTW1kM1drRlpTMHQzV1VKQ1FVZEVkbnBCUWtaUlVsZEVSbEp2WkVoU2QyTjZiM1pNTW1Sd1pFZG9NVmxwTldwaU1qQjJZeko0ZWxsVE1XMEtZMjFHZEZwWVpIWmpiWE4yV2xob2FHSllRbk5hVXpGM1dWZE9jbGxYWkd4TU1rWnFaRWRzZG1KdVRYWmpibFoxWTNrNE1VNTZWVFJPZW1ONVRucE5OUXBNTWtZd1pFZFdkR05JVW5wTWVrVjNSbWRaUzB0M1dVSkNRVWRFZG5wQlFrWm5VVWxFUVZwM1pGZEtjMkZYVFhkbldXOUhRMmx6UjBGUlVVSXhibXREQ2tKQlNVVm1RVkkyUVVoblFXUm5SR1JRVkVKeGVITmpVazF0VFZwSWFIbGFXbnBqUTI5cmNHVjFUalE0Y21ZclNHbHVTMEZNZVc1MWFtZEJRVUZaYlM4S1FrbExkRUZCUVVWQmQwSklUVVZWUTBsUlEzbDFWRmhRZWpWWlkyOVdNbFJRVEc1eVRtVnFjRXhyVFdwVVJtOVVkREp6YUdSU1prNVNSRk5pYUZGSlp3cElNVGczT0VwRk4zVmpibXRsWlZSTFZteEZabVEwUXpkeVVGaE9iRFpIUzJOQ1IyMTNkMFJVVG5GQmQwTm5XVWxMYjFwSmVtb3dSVUYzVFVSaFVVRjNDbHBuU1hoQlRHTlRNQzgzZDJ4NWFFTlllSEl3ZWpsTVJHdE1abTlEUlZCbU1rRjFVSFZXZWtwT00zUlVhRmh2YkVGNGJFUnlWVGxZTkZaYVduSnNSVElLVGpCaVJrOW5TWGhCVFRoYVRWaHRSa3BQY0c5SWRuSk5OREZQYnl0bWVWaEtOM2wzYjFwSk9WWkpNREpFYlhwMGIyRkRSa3h5WkhwM00zcE5lVmh2V1FwNU5sb3JibUY2YWpaQlBUMEtMUzB0TFMxRlRrUWdRMFZTVkVsR1NVTkJWRVV0TFMwdExRbz0ifX0=\",\"integratedTime\":1691126891,\"logIndex\":30024022,\"logID\":\"c0d23d6ad406973f9559f3ba2d1ca01f84147d8ffc5b8445c224f98b9591801d\"}}","dev.sigstore.cosign/certificate":"-----BEGIN CERTIFICATE-----\nMIIHszCCBzigAwIBAgIUD8/+/jcOwljOrVtQd5xm5S1NYJEwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyODExWhcNMjMwODA0MDUzODExWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE5Sj11leBNKAgsfpI5kd5j4SfjPF34o8zyOc8\npkMcGRX2Ghdx5ULWmkTdsfeH5OYcgFHFC7ExizpfKAmUXEyXOKOCBlcwggZTMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUuZZX\n0/Q6LBLvd7aMkMKHf8FTpxUwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wgYYGA1UdEQEB/wR8MHqGeGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvZ2Vu\nZXJhdG9yX2NvbnRhaW5lcl9zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMDA5Bgor\nBgEEAYO/MAEBBCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNvbnRl\nbnQuY29tMB8GCisGAQQBg78wAQIEEXdvcmtmbG93X2Rpc3BhdGNoMDYGCisGAQQB\ng78wAQMEKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIw\nVQYKKwYBBAGDvzABBARHLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFs\nbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWwwLAYKKwYBBAGD\nvzABBQQec2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMB0GCisGAQQBg78w\nAQYED3JlZnMvaGVhZHMvbWFpbjA7BgorBgEEAYO/MAEIBC0MK2h0dHBzOi8vdG9r\nZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wgYgGCisGAQQBg78wAQkE\negx4aHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHVi\nLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfY29udGFpbmVy\nX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDgGCisGAQQBg78wAQoEKgwoY2Rl\nYjNhOTE2NjEwYmMwMGFmNWRlZTgzZDFhY2RkM2M3MDc5OTIzYTAdBgorBgEEAYO/\nMAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGDvzABDAQzDDFodHRwczovL2dp\ndGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlMDgGCisGAQQB\ng78wAQ0EKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBk\nMjAfBgorBgEEAYO/MAEOBBEMD3JlZnMvaGVhZHMvbWFpbjAZBgorBgEEAYO/MAEP\nBAsMCTQ4NjMyNTgwOTAxBgorBgEEAYO/MAEQBCMMIWh0dHBzOi8vZ2l0aHViLmNv\nbS9zbHNhLWZyYW1ld29yazAYBgorBgEEAYO/MAERBAoMCDgwNDMxMTg3MIGbBgor\nBgEEAYO/MAESBIGMDIGJaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3Jr\nL2V4YW1wbGUtcGFja2FnZS8uZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUu\nYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbEByZWZzL2hl\nYWRzL21haW4wOAYKKwYBBAGDvzABEwQqDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjVi\nZmY1MTFlMzdiOTM4ZmUxMGQyMCEGCisGAQQBg78wARQEEwwRd29ya2Zsb3dfZGlz\ncGF0Y2gwZAYKKwYBBAGDvzABFQRWDFRodHRwczovL2dpdGh1Yi5jb20vc2xzYS1m\ncmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2FjdGlvbnMvcnVucy81NzU4NzcyNzM5\nL2F0dGVtcHRzLzEwFgYKKwYBBAGDvzABFgQIDAZwdWJsaWMwgYoGCisGAQQB1nkC\nBAIEfAR6AHgAdgDdPTBqxscRMmMZHhyZZzcCokpeuN48rf+HinKALynujgAAAYm/\nBIKtAAAEAwBHMEUCIQCyuTXPz5YcoV2TPLnrNejpLkMjTFoTt2shdRfNRDSbhQIg\nH1878JE7ucnkeeTKVlEfd4C7rPXNl6GKcBGmwwDTNqAwCgYIKoZIzj0EAwMDaQAw\nZgIxALcS0/7wlyhCXxr0z9LDkLfoCEPf2AuPuVzJN3tThXolAxlDrU9X4VZZrlE2\nN0bFOgIxAM8ZMXmFJOpoHvrM41Oo+fyXJ7ywoZI9VI02DmztoaCFLrdzw3zMyXoY\ny6Z+nazj6A==\n-----END CERTIFICATE-----\n","dev.sigstore.cosign/chain":"-----BEGIN CERTIFICATE-----\nMIICGjCCAaGgAwIBAgIUALnViVfnU0brJasmRkHrn/UnfaQwCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMjA0MTMyMDA2MTVaFw0zMTEwMDUxMzU2NThaMDcxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjEeMBwGA1UEAxMVc2lnc3RvcmUtaW50ZXJtZWRpYXRlMHYwEAYHKoZIzj0C\nAQYFK4EEACIDYgAE8RVS/ysH+NOvuDZyPIZtilgUF9NlarYpAd9HP1vBBH1U5CV7\n7LSS7s0ZiH4nE7Hv7ptS6LvvR/STk798LVgMzLlJ4HeIfF3tHSaexLcYpSASr1kS\n0N/RgBJz/9jWCiXno3sweTAOBgNVHQ8BAf8EBAMCAQYwEwYDVR0lBAwwCgYIKwYB\nBQUHAwMwEgYDVR0TAQH/BAgwBgEB/wIBADAdBgNVHQ4EFgQU39Ppz1YkEZb5qNjp\nKFWixi4YZD8wHwYDVR0jBBgwFoAUWMAeX5FFpWapesyQoZMi0CrFxfowCgYIKoZI\nzj0EAwMDZwAwZAIwPCsQK4DYiZYDPIaDi5HFKnfxXx6ASSVmERfsynYBiX2X6SJR\nnZU84/9DZdnFvvxmAjBOt6QpBlc4J/0DxvkTCqpclvziL6BCCPnjdlIB3Pu3BxsP\nmygUY7Ii2zbdCdliiow=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIB9zCCAXygAwIBAgIUALZNAPFdxHPwjeDloDwyYChAO/4wCgYIKoZIzj0EAwMw\nKjEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MREwDwYDVQQDEwhzaWdzdG9yZTAeFw0y\nMTEwMDcxMzU2NTlaFw0zMTEwMDUxMzU2NThaMCoxFTATBgNVBAoTDHNpZ3N0b3Jl\nLmRldjERMA8GA1UEAxMIc2lnc3RvcmUwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAT7\nXeFT4rb3PQGwS4IajtLk3/OlnpgangaBclYpsYBr5i+4ynB07ceb3LP0OIOZdxex\nX69c5iVuyJRQ+Hz05yi+UF3uBWAlHpiS5sh0+H2GHE7SXrk1EC5m1Tr19L9gg92j\nYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRY\nwB5fkUWlZql6zJChkyLQKsXF+jAfBgNVHSMEGDAWgBRYwB5fkUWlZql6zJChkyLQ\nKsXF+jAKBggqhkjOPQQDAwNpADBmAjEAj1nHeXZp+13NWBNa+EDsDP8G1WWg1tCM\nWP/WHPqpaVo0jhsweNFZgSs0eE7wYI4qAjEA2WB9ot98sIkoF3vZYdd3/VtWB5b9\nTNMea7Ix/stJ5TfcLLeABLE4BNJOsQ4vnBHJ\n-----END CERTIFICATE-----","predicateType":"https://slsa.dev/provenance/v0.2"}}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c new file mode 100644 index 000000000..b972ff1dd Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/291729ce6264067c1a61f8156f9133f2efcc3f72341d5cd22f2b9ba279ecb25f b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/291729ce6264067c1a61f8156f9133f2efcc3f72341d5cd22f2b9ba279ecb25f new file mode 100644 index 000000000..e16b5e094 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/291729ce6264067c1a61f8156f9133f2efcc3f72341d5cd22f2b9ba279ecb25f @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGNyLmlvL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS52ZXJpZmllci1lMmUuYWxsLnRhZy5tYWluLmRlZmF1bHQuc2xzYTMiLCJkaWdlc3QiOnsic2hhMjU2IjoiMDM4ZDcyMzA3Yjk0Y2QyN2RmZmJmYjQ1OGI2OTU3NTg5Mjk5ODBjZWJlYzY4Y2E4OTIwNjFhMjgwNjM2OTUyYiJ9fV0sInByZWRpY2F0ZSI6eyJidWlsZGVyIjp7ImlkIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9nZW5lcmF0b3JfY29udGFpbmVyX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wIn0sImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvY29udGFpbmVyQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sImVudHJ5UG9pbnQiOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9LCJwYXJhbWV0ZXJzIjp7fSwiZW52aXJvbm1lbnQiOnsiZ2l0aHViX2FjdG9yIjoiaWFubGV3aXMiLCJnaXRodWJfYWN0b3JfaWQiOiI0OTI4OSIsImdpdGh1Yl9iYXNlX3JlZiI6IiIsImdpdGh1Yl9ldmVudF9uYW1lIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJnaXRodWJfZXZlbnRfcGF5bG9hZCI6eyJpbnB1dHMiOm51bGwsIm9yZ2FuaXphdGlvbiI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImRlc2NyaXB0aW9uIjoiU3VwcGx5LWNoYWluIExldmVscyBmb3IgU29mdHdhcmUgQXJ0aWZhY3RzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ldmVudHMiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaG9va3MiLCJpZCI6ODA0MzExODcsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaXNzdWVzIiwibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm1lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL21lbWJlcnN7L21lbWJlcn0iLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJwdWJsaWNfbWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcHVibGljX21lbWJlcnN7L21lbWJlcn0iLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsifSwicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6IjIwMjItMDQtMjdUMTk6MzA6NDNaIiwiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6bnVsbCwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MjAsImZvcmtzX2NvdW50IjoyMCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZm9ya3MiLCJmdWxsX25hbWUiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6dHJ1ZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiaWQiOjQ4NjMyNTgwOSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJUeXBlU2NyaXB0IiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1lcmdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9tZXJnZXMiLCJtaWxlc3RvbmVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21pbGVzdG9uZXN7L251bWJlcn0iLCJtaXJyb3JfdXJsIjpudWxsLCJuYW1lIjoiZXhhbXBsZS1wYWNrYWdlIiwibm9kZV9pZCI6IlJfa2dET0hQeS1NUSIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjQxLCJvcGVuX2lzc3Vlc19jb3VudCI6NDEsIm93bmVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsiLCJpZCI6ODA0MzExODcsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJPcmdhbml6YXRpb24iLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrIn0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6IjIwMjMtMDgtMDRUMDU6MjY6MDhaIiwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcmVsZWFzZXN7L2lkfSIsInNpemUiOjYzMjMsInNzaF91cmwiOiJnaXRAZ2l0aHViLmNvbTpzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0Iiwic3RhcmdhemVyc19jb3VudCI6MTEsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA4LTAyVDIwOjA5OjQzWiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjoxMSwid2F0Y2hlcnNfY291bnQiOjExLCJ3ZWJfY29tbWl0X3NpZ25vZmZfcmVxdWlyZWQiOnRydWV9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS80OTI4OT92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9pYW5sZXdpcyIsImlkIjo0OTI4OSwibG9naW4iOiJpYW5sZXdpcyIsIm5vZGVfaWQiOiJNRFE2VlhObGNqUTVNamc1Iiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMifSwid29ya2Zsb3ciOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9LCJnaXRodWJfaGVhZF9yZWYiOiIiLCJnaXRodWJfcmVmIjoicmVmcy9oZWFkcy9tYWluIiwiZ2l0aHViX3JlZl90eXBlIjoiYnJhbmNoIiwiZ2l0aHViX3JlcG9zaXRvcnlfaWQiOiI0ODYzMjU4MDkiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lciI6InNsc2EtZnJhbWV3b3JrIiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXJfaWQiOiI4MDQzMTE4NyIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiNTc1ODc3MjczOSIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiNjciLCJnaXRodWJfc2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiNTc1ODc3MjczOS0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJzaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9fV19fQ==","signatures":[{"keyid":"","sig":"MEQCIDodhsSypT9YNJhniYuZZTPq/ZV3nuYZ85XbolmRdLJuAiAkSZ86nchhyx4q4KVYJ9ESGexC9/NMRMWVnzRl2aiLpQ=="}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f new file mode 100644 index 000000000..2c6cd5b63 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a new file mode 100644 index 000000000..6dcc4d33a Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060 new file mode 100644 index 000000000..baf841029 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060 @@ -0,0 +1,61 @@ +{ + "schemaVersion": 2, + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "config": { + "mediaType": "application/vnd.oci.image.config.v1+json", + "digest": "sha256:fa05c7ac17c3df1a35c3746f0c023a464bf47fea352b6d9caa320f6dc82c28f1", + "size": 2153 + }, + "layers": [ + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639", + "size": 103732 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58", + "size": 21202 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db", + "size": 716491 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265", + "size": 317 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0", + "size": 198 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c", + "size": 113 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f", + "size": 385 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c", + "size": 355 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a", + "size": 130562 + }, + { + "mediaType": "application/vnd.oci.image.layer.v1.tar+gzip", + "digest": "sha256:ef39a1978fe1d3994ab1e3feff1b9ca573b63f2a287aec44e9c28715bddf727b", + "size": 648811 + } + ] +} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/66e6ea84946fc865c5b4627520930f4e25ebbc869fe829e7baa2b2da952f3bd6 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/66e6ea84946fc865c5b4627520930f4e25ebbc869fe829e7baa2b2da952f3bd6 new file mode 100644 index 000000000..85e410c1b --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/66e6ea84946fc865c5b4627520930f4e25ebbc869fe829e7baa2b2da952f3bd6 @@ -0,0 +1 @@ +{"architecture":"","created":"2023-08-04T05:28:12.189847216Z","history":[{"created":"0001-01-01T00:00:00Z"}],"os":"","rootfs":{"type":"layers","diff_ids":["sha256:291729ce6264067c1a61f8156f9133f2efcc3f72341d5cd22f2b9ba279ecb25f"]},"config":{}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c new file mode 100644 index 000000000..17dec20d0 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/9482db6a03f933341e26c555d2456e98526cfe8d7fbf7bd1370460b06a5cdd9f b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/9482db6a03f933341e26c555d2456e98526cfe8d7fbf7bd1370460b06a5cdd9f new file mode 100644 index 000000000..ec0053c2e --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/9482db6a03f933341e26c555d2456e98526cfe8d7fbf7bd1370460b06a5cdd9f @@ -0,0 +1 @@ +{"architecture":"unknown","os":"unknown","config":{},"rootfs":{"type":"layers","diff_ids":["sha256:b5d5bed7682d285fe850b15e8e5a3df200ff2f202d12f1c72017b03c1aed29d4"]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639 new file mode 100644 index 000000000..2f49092f3 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639 differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db new file mode 100644 index 000000000..0594c669b Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b5d5bed7682d285fe850b15e8e5a3df200ff2f202d12f1c72017b03c1aed29d4 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b5d5bed7682d285fe850b15e8e5a3df200ff2f202d12f1c72017b03c1aed29d4 new file mode 100644 index 000000000..6a2594913 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/b5d5bed7682d285fe850b15e8e5a3df200ff2f202d12f1c72017b03c1aed29d4 @@ -0,0 +1 @@ +{"_type":"https://in-toto.io/Statement/v0.1","predicateType":"https://slsa.dev/provenance/v0.2","subject":[{"name":"pkg:docker/ghcr.io/slsa-framework/example-package.verifier-e2e.all.tag.main.default.slsa3@main?platform=linux%2Famd64","digest":{"sha256":"5c323fdfbf3cbe9d5cc4580f2dcc34a43fdbcf46c25784d68c25fe6909055060"}}],"predicate":{"builder":{"id":"https://github.com/slsa-framework/example-package/actions/runs/5758772739"},"buildType":"https://mobyproject.org/buildkit@v1","materials":[{"uri":"pkg:docker/golang@1.20?digest=sha256:010a0ffe47398a3646993df44906c065c526eabf309d01fb0cbc9a5696024a60\u0026platform=linux%2Famd64","digest":{"sha256":"010a0ffe47398a3646993df44906c065c526eabf309d01fb0cbc9a5696024a60"}},{"uri":"pkg:docker/gcr.io/distroless/static?digest=sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e\u0026platform=linux%2Famd64","digest":{"sha256":"7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e"}},{"uri":"https://github.com/slsa-framework/example-package.git#6cf671f47f3752f97b9f5bff511e37b938fe10d2","digest":{"sha1":"6cf671f47f3752f97b9f5bff511e37b938fe10d2"}}],"invocation":{"configSource":{"uri":"https://github.com/slsa-framework/example-package.git#6cf671f47f3752f97b9f5bff511e37b938fe10d2","digest":{"sha1":"6cf671f47f3752f97b9f5bff511e37b938fe10d2"},"entryPoint":"Dockerfile"},"parameters":{"frontend":"dockerfile.v0","args":{"label:org.opencontainers.image.created":"2023-08-04T05:26:42.155Z","label:org.opencontainers.image.description":"","label:org.opencontainers.image.licenses":"Apache-2.0","label:org.opencontainers.image.revision":"6cf671f47f3752f97b9f5bff511e37b938fe10d2","label:org.opencontainers.image.source":"https://github.com/slsa-framework/example-package","label:org.opencontainers.image.title":"example-package","label:org.opencontainers.image.url":"https://github.com/slsa-framework/example-package","label:org.opencontainers.image.version":"main"},"secrets":[{"id":"GIT_AUTH_HEADER","optional":true},{"id":"GIT_AUTH_TOKEN","optional":true}]},"environment":{"platform":"linux/amd64"}},"buildConfig":{"llbDefinition":[{"id":"step0","op":{"Op":{"source":{"identifier":"docker-image://gcr.io/distroless/static@sha256:7198a357ff3a8ef750b041324873960cf2153c11cc50abb9d8d5f8bb089f6b4e"}},"platform":{"Architecture":"amd64","OS":"linux"},"constraints":{}}},{"id":"step1","op":{"Op":{"source":{"identifier":"docker-image://docker.io/library/golang:1.20@sha256:010a0ffe47398a3646993df44906c065c526eabf309d01fb0cbc9a5696024a60"}},"platform":{"Architecture":"amd64","OS":"linux"},"constraints":{}}},{"id":"step2","op":{"Op":{"file":{"actions":[{"input":0,"secondaryInput":-1,"output":0,"Action":{"mkdir":{"path":"/app","mode":493,"makeParents":true,"timestamp":-1}}}]}},"constraints":{}},"inputs":["step1:0"]},{"id":"step3","op":{"Op":{"source":{"identifier":"git://github.com/slsa-framework/example-package.git#6cf671f47f3752f97b9f5bff511e37b938fe10d2","attrs":{"git.authheadersecret":"GIT_AUTH_HEADER","git.authtokensecret":"GIT_AUTH_TOKEN","git.fullurl":"https://github.com/slsa-framework/example-package.git"}}},"constraints":{}}},{"id":"step4","op":{"Op":{"file":{"actions":[{"input":0,"secondaryInput":1,"output":0,"Action":{"copy":{"src":"/","dest":"/app","mode":-1,"followSymlink":true,"dirCopyContents":true,"createDestPath":true,"allowWildcard":true,"allowEmptyWildcard":true,"timestamp":-1}}}]}},"constraints":{}},"inputs":["step2:0","step3:0"]},{"id":"step5","op":{"Op":{"exec":{"meta":{"args":["/bin/sh","-c","go get -d -v"],"env":["PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","GOLANG_VERSION=1.20.6","GOPATH=/go"],"cwd":"/app","removeMountStubsRecursive":true},"mounts":[{"input":0,"dest":"/","output":0}]}},"platform":{"Architecture":"amd64","OS":"linux"},"constraints":{}},"inputs":["step4:0"]},{"id":"step6","op":{"Op":{"exec":{"meta":{"args":["/bin/sh","-c","CGO_ENABLED=0 go build -ldflags=\"-w -s\" -v -o app ."],"env":["PATH=/go/bin:/usr/local/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","GOLANG_VERSION=1.20.6","GOPATH=/go"],"cwd":"/app","removeMountStubsRecursive":true},"mounts":[{"input":0,"dest":"/","output":0}]}},"platform":{"Architecture":"amd64","OS":"linux"},"constraints":{}},"inputs":["step5:0"]},{"id":"step7","op":{"Op":{"file":{"actions":[{"input":0,"secondaryInput":1,"output":0,"Action":{"copy":{"src":"/app/app","dest":"/app","mode":-1,"followSymlink":true,"dirCopyContents":true,"createDestPath":true,"allowWildcard":true,"allowEmptyWildcard":true,"timestamp":-1}}}]}},"constraints":{}},"inputs":["step0:0","step6:0"]},{"id":"step8","op":{"Op":null},"inputs":["step7:0"]}],"digestMapping":{"sha256:27319d2aeab76fa42518045c6cae19a2541787b29ab97fe2d1393937d7969cb7":"step8","sha256:4510a0ba42b96a3816548a6a5123fe426bf9e51ee30bc7116930a33e44011d48":"step6","sha256:6db9fc981a956f542a8cb60ecdade1bb290f35b27c1f9a58fe97ee5d7a909318":"step7","sha256:8904dd39d6a3aa670960de671ae1bd954e8d6d6527f4cb2d4c8b04aa229bec25":"step2","sha256:8f09375c18dc794fee6a9e4c7247acaa88398d162424c7fd0b56e43a3a7ebb6c":"step0","sha256:94787fc1e74cab3ac551689368adab3be245f50b76271cafa05e49ee5e0bfdeb":"step1","sha256:e74f02e07f5f72c4f87a988afbe9ef498b4552876d2404c319e361601cfbeef3":"step4","sha256:ed89cafeccc65cc13d4cd47d078cd09ac38e2ed22afd7291c89759c7579269fa":"step5","sha256:fe528ca39a3ed89fd4e8ef32db64a90429ef47baa4a1b7b60bb2e0dfc1ad8cea":"step3"}},"metadata":{"buildInvocationID":"jrwgk889mwiwqdnq5hl2lqs3z","buildStartedOn":"2023-08-04T05:26:43.0109763Z","buildFinishedOn":"2023-08-04T05:27:08.993361353Z","completeness":{"parameters":true,"environment":true,"materials":true},"reproducible":false,"https://mobyproject.org/buildkit@v1#metadata":{"source":{"locations":{"step0":{"locations":[{"ranges":[{"start":{"line":13},"end":{"line":13}}]}]},"step1":{"locations":[{"ranges":[{"start":{"line":1},"end":{"line":1}}]}]},"step2":{"locations":[{"ranges":[{"start":{"line":3},"end":{"line":3}}]}]},"step3":{},"step4":{"locations":[{"ranges":[{"start":{"line":4},"end":{"line":4}}]}]},"step5":{"locations":[{"ranges":[{"start":{"line":6},"end":{"line":6}}]}]},"step6":{"locations":[{"ranges":[{"start":{"line":9},"end":{"line":9}}]}]},"step7":{"locations":[{"ranges":[{"start":{"line":15},"end":{"line":15}}]}]}},"infos":[{"filename":"Dockerfile","language":"Dockerfile","data":"RlJPTSBnb2xhbmc6MS4yMEBzaGEyNTY6MDEwYTBmZmU0NzM5OGEzNjQ2OTkzZGY0NDkwNmMwNjVjNTI2ZWFiZjMwOWQwMWZiMGNiYzlhNTY5NjAyNGE2MCBhcyBidWlsZGVyCgpXT1JLRElSIC9hcHAKQ09QWSAuIC9hcHAKClJVTiBnbyBnZXQgLWQgLXYKCiMgU3RhdGljYWxseSBjb21waWxlIG91ciBhcHAgZm9yIHVzZSBpbiBhIGRpc3Ryb2xlc3MgY29udGFpbmVyClJVTiBDR09fRU5BQkxFRD0wIGdvIGJ1aWxkIC1sZGZsYWdzPSItdyAtcyIgLXYgLW8gYXBwIC4KCiMgQSBkaXN0cm9sZXNzIGNvbnRhaW5lciBpbWFnZSB3aXRoIHNvbWUgYmFzaWNzIGxpa2UgU1NMIGNlcnRpZmljYXRlcwojIGh0dHBzOi8vZ2l0aHViLmNvbS9Hb29nbGVDb250YWluZXJUb29scy9kaXN0cm9sZXNzCkZST00gZ2NyLmlvL2Rpc3Ryb2xlc3Mvc3RhdGljQHNoYTI1Njo3MTk4YTM1N2ZmM2E4ZWY3NTBiMDQxMzI0ODczOTYwY2YyMTUzYzExY2M1MGFiYjlkOGQ1ZjhiYjA4OWY2YjRlCgpDT1BZIC0tZnJvbT1idWlsZGVyIC9hcHAvYXBwIC9hcHAKCkVOVFJZUE9JTlQgWyIvYXBwIl0K","llbDefinition":[{"id":"step0","op":{"Op":{"source":{"identifier":"git://github.com/slsa-framework/example-package.git#6cf671f47f3752f97b9f5bff511e37b938fe10d2","attrs":{"git.authheadersecret":"GIT_AUTH_HEADER","git.authtokensecret":"GIT_AUTH_TOKEN","git.fullurl":"https://github.com/slsa-framework/example-package.git"}}},"constraints":{}}},{"id":"step1","op":{"Op":null},"inputs":["step0:0"]}],"digestMapping":{"sha256:0d943e46863e9879fc3599198194e91313a4632a1d3f89df1e274c9512776351":"step1","sha256:fe528ca39a3ed89fd4e8ef32db64a90429ef47baa4a1b7b60bb2e0dfc1ad8cea":"step0"}}]},"layers":{"step0:0":[[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639","size":103732},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58","size":21202},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db","size":716491},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265","size":317},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0","size":198},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c","size":113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f","size":385},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c","size":355},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a","size":130562}],[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639","size":103732},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58","size":21202},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db","size":716491},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265","size":317},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0","size":198},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c","size":113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f","size":385},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c","size":355},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a","size":130562}]],"step1:0":[[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:785ef8b9b236a5f027f33cae77513051704c0538bff455ff5548105c954c3b1c","size":49557354},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:5a6dad8f55ae6c733e986316bd08205c8b2c41640bf8d08ff6e9bbcb6884304f","size":24030539},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:bd36c7bfe5f4bdffcc0bbb74b0fb38feb35c286ea58b5992617fb38b0c933603","size":64112293},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:9e59e6b803ed24f34e9d1001d46221a69fa46b48d7d007de7d32fc07d031a408","size":92267552},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:71bc00cb1b5e594e3c1309344539d42089e20e4de2d4294812306be323c21a5e","size":100216050},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:c39afecc952947cb68ac70bec162f10dd96fbb4e6ed295c6d98ca90050e926a3","size":156}],[{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:785ef8b9b236a5f027f33cae77513051704c0538bff455ff5548105c954c3b1c","size":49557354},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:5a6dad8f55ae6c733e986316bd08205c8b2c41640bf8d08ff6e9bbcb6884304f","size":24030539},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:bd36c7bfe5f4bdffcc0bbb74b0fb38feb35c286ea58b5992617fb38b0c933603","size":64112293},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:9e59e6b803ed24f34e9d1001d46221a69fa46b48d7d007de7d32fc07d031a408","size":92267552},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:71bc00cb1b5e594e3c1309344539d42089e20e4de2d4294812306be323c21a5e","size":100216050},{"mediaType":"application/vnd.docker.image.rootfs.diff.tar.gzip","digest":"sha256:c39afecc952947cb68ac70bec162f10dd96fbb4e6ed295c6d98ca90050e926a3","size":156}]],"step7:0":[[{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:a7ca0d9ba68fdce7e15bc0952d3e898e970548ca24d57698725836c039086639","size":103732},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58","size":21202},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:b02a7525f878e61fc1ef8a7405a2cc17f866e8de222c1c98fd6681aff6e509db","size":716491},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265","size":317},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0","size":198},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:1e3d9b7d145208fa8fa3ee1c9612d0adaac7255f1bbc9ddea7e461e0b317805c","size":113},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:4aa0ea1413d37a58615488592a0b827ea4b2e48fa5a77cf707d0e35f025e613f","size":385},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:7c881f9ab25e0d86562a123b5fb56aebf8aa0ddd7d48ef602faf8d1e7cf43d8c","size":355},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:5627a970d25e752d971a501ec7e35d0d6fdcd4a3ce9e958715a686853024794a","size":130562},{"mediaType":"application/vnd.oci.image.layer.v1.tar+gzip","digest":"sha256:ef39a1978fe1d3994ab1e3feff1b9ca573b63f2a287aec44e9c28715bddf727b","size":648811}]]}}}}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0 new file mode 100644 index 000000000..3dc40828e Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/e8c73c638ae9ec5ad70c49df7e484040d889cca6b4a9af056579c3d058ea93f0 differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/ef39a1978fe1d3994ab1e3feff1b9ca573b63f2a287aec44e9c28715bddf727b b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/ef39a1978fe1d3994ab1e3feff1b9ca573b63f2a287aec44e9c28715bddf727b new file mode 100644 index 000000000..1bc2c326d Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/ef39a1978fe1d3994ab1e3feff1b9ca573b63f2a287aec44e9c28715bddf727b differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fa05c7ac17c3df1a35c3746f0c023a464bf47fea352b6d9caa320f6dc82c28f1 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fa05c7ac17c3df1a35c3746f0c023a464bf47fea352b6d9caa320f6dc82c28f1 new file mode 100644 index 000000000..e04a29223 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fa05c7ac17c3df1a35c3746f0c023a464bf47fea352b6d9caa320f6dc82c28f1 @@ -0,0 +1 @@ +{"architecture":"amd64","config":{"User":"0","Env":["PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin","SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt"],"Entrypoint":["/app"],"WorkingDir":"/","Labels":{"org.opencontainers.image.created":"2023-08-04T05:26:42.155Z","org.opencontainers.image.description":"","org.opencontainers.image.licenses":"Apache-2.0","org.opencontainers.image.revision":"6cf671f47f3752f97b9f5bff511e37b938fe10d2","org.opencontainers.image.source":"https://github.com/slsa-framework/example-package","org.opencontainers.image.title":"example-package","org.opencontainers.image.url":"https://github.com/slsa-framework/example-package","org.opencontainers.image.version":"main"},"OnBuild":null},"created":"2023-08-04T05:27:08.87906323Z","history":[{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"0001-01-01T00:00:00Z"},{"created":"2023-08-04T05:27:08.87906323Z","created_by":"COPY /app/app /app # buildkit","comment":"buildkit.dockerfile.v0"},{"created":"2023-08-04T05:27:08.87906323Z","created_by":"ENTRYPOINT [\"/app\"]","comment":"buildkit.dockerfile.v0","empty_layer":true}],"os":"linux","rootfs":{"type":"layers","diff_ids":["sha256:e023e0e48e6e29e90e519f4dd356d058ff2bffbd16e28b802f3b8f93aa4ccb17","sha256:6fbdf253bbc2490dcfede5bdb58ca0db63ee8aff565f6ea9f918f3bce9e2d5aa","sha256:7bea6b893187b14fc0a759fe5f8972d1292a9c0554c87cbf485f0947c26b8a05","sha256:ff5700ec54186528cbae40f54c24b1a34fb7c01527beaa1232868c16e2353f52","sha256:d52f02c6501c9c4410568f0bf6ff30d30d8290f57794c308fe36ea78393afac2","sha256:e624a5370eca2b8266e74d179326e2a8767d361db14d13edd9fb57e408731784","sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849","sha256:d2d7ec0f6756eb51cf1602c6f8ac4dd811d3d052661142e0110357bf0b581457","sha256:4cb10dd2545bd173858450b80853b850e49608260f1a0789e0d0b39edf12f500","sha256:be25d7896d63e03998411a1ca2f3d2475568fc0c20a0ca5e3a37029e24fe6e68"]}} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265 new file mode 100644 index 000000000..363737e18 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fcb6f6d2c9986d9cd6a2ea3cc2936e5fc613e09f1af9042329011e43057f3265 differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58 b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58 new file mode 100644 index 000000000..0b81632a1 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/blobs/sha256/fe5ca62666f04366c8e7f605aa82997d71320183e99962fa76b3209fdfbb8b58 differ diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/index.json b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/index.json new file mode 100755 index 000000000..4eaa8b148 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/index.json @@ -0,0 +1,21 @@ +{ + "schemaVersion": 2, + "manifests": [ + { + "mediaType": "application/vnd.oci.image.index.v1+json", + "size": 856, + "digest": "sha256:038d72307b94cd27dffbfb458b695758929980cebec68ca892061a280636952b", + "annotations": { + "kind": "dev.cosignproject.cosign/imageIndex" + } + }, + { + "mediaType": "application/vnd.oci.image.manifest.v1+json", + "size": 10470, + "digest": "sha256:195f75fe5d0554704527695e9205c457d3544bd0b078340bebd109a761c57920", + "annotations": { + "kind": "dev.cosignproject.cosign/atts" + } + } + ] +} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/oci-layout b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/oci-layout new file mode 100755 index 000000000..224a86981 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_generic_container/v1.8.0/container_workflow_dispatch/oci-layout @@ -0,0 +1,3 @@ +{ + "imageLayoutVersion": "1.0.0" +} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30 b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30 new file mode 100644 index 000000000..d081d3b05 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30 differ diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl new file mode 100644 index 000000000..a91708fc2 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v13.0.30.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXYxMy4wLjMwIiwiZGlnZXN0Ijp7InNoYTI1NiI6IjEwMzY1MmE1MDhhMDIzNjY2YzMxNWMxMmQxN2U5MWM3OWQxMTdkYTliMDgzMmNjZDFlYmJjZmFhNTliY2UwZTAifX1dLCJwcmVkaWNhdGUiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9nb19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dvQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy90YWdzL3YxMy4wLjMwIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sImVudHJ5UG9pbnQiOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9LCJwYXJhbWV0ZXJzIjp7fSwiZW52aXJvbm1lbnQiOnsiYXJjaCI6Ilg2NCIsImdpdGh1Yl9hY3RvciI6Imlhbmxld2lzIiwiZ2l0aHViX2FjdG9yX2lkIjoiNDkyODkiLCJnaXRodWJfYmFzZV9yZWYiOiIiLCJnaXRodWJfZXZlbnRfbmFtZSI6InB1c2giLCJnaXRodWJfZXZlbnRfcGF5bG9hZCI6eyJhZnRlciI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS92MTMuMC4zMCIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIFx1MDAzY2lhbmxld2lzQGdvb2dsZS5jb21cdTAwM2UiLCJ0aW1lc3RhbXAiOiIyMDIzLTA4LTA0VDE0OjI2OjA4KzA5OjAwIiwidHJlZV9pZCI6IjgyMDJhOWE3MDc1MTdhMmVlM2UyNWVjMzRiZGMzOGM4NmEzZWRkYjYiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdC82Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sIm9yZ2FuaXphdGlvbiI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImRlc2NyaXB0aW9uIjoiU3VwcGx5LWNoYWluIExldmVscyBmb3IgU29mdHdhcmUgQXJ0aWZhY3RzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ldmVudHMiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaG9va3MiLCJpZCI6ODA0MzExODcsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaXNzdWVzIiwibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm1lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL21lbWJlcnN7L21lbWJlcn0iLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJwdWJsaWNfbWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcHVibGljX21lbWJlcnN7L21lbWJlcn0iLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsifSwicHVzaGVyIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJpYW5sZXdpcyJ9LCJyZWYiOiJyZWZzL3RhZ3MvdjEzLjAuMzAiLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjUxMDg3ODQzLCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjpudWxsLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZXZlbnRzIiwiZm9yayI6ZmFsc2UsImZvcmtzIjoyMCwiZm9ya3NfY291bnQiOjIwLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9mb3JrcyIsImZ1bGxfbmFtZSI6InNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJoYXNfZGlzY3Vzc2lvbnMiOmZhbHNlLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaG9va3MiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJpZCI6NDg2MzI1ODA5LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9ldmVudHN7L251bWJlcn0iLCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhYmVsc3svbmFtZX0iLCJsYW5ndWFnZSI6IlR5cGVTY3JpcHQiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFuZ3VhZ2VzIiwibGljZW5zZSI6eyJrZXkiOiJhcGFjaGUtMi4wIiwibmFtZSI6IkFwYWNoZSBMaWNlbnNlIDIuMCIsIm5vZGVfaWQiOiJNRGM2VEdsalpXNXpaVEk9Iiwic3BkeF9pZCI6IkFwYWNoZS0yLjAiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL2xpY2Vuc2VzL2FwYWNoZS0yLjAifSwibWFzdGVyX2JyYW5jaCI6Im1haW4iLCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWVyZ2VzIiwibWlsZXN0b25lc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6ImV4YW1wbGUtcGFja2FnZSIsIm5vZGVfaWQiOiJSX2tnRE9IUHktTVEiLCJub3RpZmljYXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjo0MSwib3Blbl9pc3N1ZXNfY291bnQiOjQxLCJvcmdhbml6YXRpb24iOiJzbHNhLWZyYW1ld29yayIsIm93bmVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZW1haWwiOm51bGwsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrIiwiaWQiOjgwNDMxMTg3LCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibmFtZSI6InNsc2EtZnJhbWV3b3JrIiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiT3JnYW5pemF0aW9uIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yayJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOjE2OTExMjY4MDUsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3JlbGVhc2Vzey9pZH0iLCJzaXplIjo2MzIzLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206c2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsInN0YXJnYXplcnMiOjExLCJzdGFyZ2F6ZXJzX2NvdW50IjoxMSwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGFyZ2F6ZXJzIiwic3RhdHVzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpcHRpb24iLCJzdm5fdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RlYW1zIiwidG9waWNzIjpbXSwidHJlZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjMtMDgtMDJUMjA6MDk6NDNaIiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MTEsIndhdGNoZXJzX2NvdW50IjoxMSwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjp0cnVlfSwic2VuZGVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvNDkyODk/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaWFubGV3aXMiLCJpZCI6NDkyODksImxvZ2luIjoiaWFubGV3aXMiLCJub2RlX2lkIjoiTURRNlZYTmxjalE1TWpnNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzIn19LCJnaXRodWJfaGVhZF9yZWYiOiIiLCJnaXRodWJfcmVmIjoicmVmcy90YWdzL3YxMy4wLjMwIiwiZ2l0aHViX3JlZl90eXBlIjoidGFnIiwiZ2l0aHViX3JlcG9zaXRvcnlfaWQiOiI0ODYzMjU4MDkiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lciI6InNsc2EtZnJhbWV3b3JrIiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXJfaWQiOiI4MDQzMTE4NyIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiNTc1ODc3NjM3NCIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiNzAiLCJnaXRodWJfc2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJvcyI6InVidW50dTIyIn19LCJidWlsZENvbmZpZyI6eyJzdGVwcyI6W3sid29ya2luZ0RpciI6Ii9ob21lL3J1bm5lci93b3JrL2V4YW1wbGUtcGFja2FnZS9leGFtcGxlLXBhY2thZ2UvX19QUk9KRUNUX0NIRUNLT1VUX0RJUl9fIiwiY29tbWFuZCI6WyIvb3B0L2hvc3RlZHRvb2xjYWNoZS9nby8xLjE4LjEwL3g2NC9iaW4vZ28iLCJtb2QiLCJ2ZW5kb3IiXSwiZW52IjpudWxsfSx7IndvcmtpbmdEaXIiOiIvaG9tZS9ydW5uZXIvd29yay9leGFtcGxlLXBhY2thZ2UvZXhhbXBsZS1wYWNrYWdlL19fUFJPSkVDVF9DSEVDS09VVF9ESVJfXyIsImNvbW1hbmQiOlsiL29wdC9ob3N0ZWR0b29sY2FjaGUvZ28vMS4xOC4xMC94NjQvYmluL2dvIiwiYnVpbGQiLCItbW9kPXZlbmRvciIsIi10cmltcGF0aCIsIi10YWdzPW5ldGdvIiwiLW8iLCJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXYxMy4wLjMwIl0sImVudiI6WyJHT09TPWxpbnV4IiwiR09BUkNIPWFtZDY0IiwiR08xMTFNT0RVTEU9b24iLCJDR09fRU5BQkxFRD0wIl19XSwidmVyc2lvbiI6MX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiNTc1ODc3NjM3NC0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTMuMC4zMCIsImRpZ2VzdCI6eyJzaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9fSx7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9hY3Rpb25zL3ZpcnR1YWwtZW52aXJvbm1lbnRzL3JlbGVhc2VzL3RhZy91YnVudHUyMi8yMDIzMDcyOC4zLjAifV19fQ==","signatures":[{"keyid":"","sig":"MEUCIQC0Ql3xuMWHZuOL3w5BQ6Yxi87f/HwTljdLBNoDcoe/MgIgELBBE1/eFwQQB9luJapg9Qis47vxfY9pEo2B9Sds06k=","cert":"-----BEGIN CERTIFICATE-----\nMIIHjjCCBxOgAwIBAgIUDenfDnu9xqvlR1jOB5cTqIVrEWIwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTE5WhcNMjMwODA0MDUzOTE5WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEssT4u+XQSygrfWECo7Nd14oHopmaOHVn5k8z\nx4am07BaSiGXReQ5O96fx4a+tbnZe8jZH7oetKcZaXh671TnSqOCBjIwggYuMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU/mz5\nD9AGJknAXMQiAABrruiewIYwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wfQYDVR0RAQH/BHMwcYZvaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3\nb3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWls\nZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEE\nK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYK\nKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5\nN2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIv\nd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFp\nbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4\nYW1wbGUtcGFja2FnZTAgBgorBgEEAYO/MAEGBBJyZWZzL3RhZ3MvdjEzLjAuMzAw\nOwYKKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNl\ncmNvbnRlbnQuY29tMH8GCisGAQQBg78wAQkEcQxvaHR0cHM6Ly9naXRodWIuY29t\nL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dv\ncmtmbG93cy9idWlsZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDgG\nCisGAQQBg78wAQoEKgwoY2RlYjNhOTE2NjEwYmMwMGFmNWRlZTgzZDFhY2RkM2M3\nMDc5OTIzYTAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGD\nvzABDAQzDDFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBs\nZS1wYWNrYWdlMDgGCisGAQQBg78wAQ0EKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1\nYmZmNTExZTM3YjkzOGZlMTBkMjAiBgorBgEEAYO/MAEOBBQMEnJlZnMvdGFncy92\nMTMuMC4zMDAZBgorBgEEAYO/MAEPBAsMCTQ4NjMyNTgwOTAxBgorBgEEAYO/MAEQ\nBCMMIWh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yazAYBgorBgEEAYO/\nMAERBAoMCDgwNDMxMTg3MIGeBgorBgEEAYO/MAESBIGPDIGMaHR0cHM6Ly9naXRo\ndWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS8uZ2l0aHViL3dv\ncmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4u\nYWxsLnNsc2EzLnltbEByZWZzL3RhZ3MvdjEzLjAuMzAwOAYKKwYBBAGDvzABEwQq\nDCg2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMBQGCisG\nAQQBg78wARQEBgwEcHVzaDBkBgorBgEEAYO/MAEVBFYMVGh0dHBzOi8vZ2l0aHVi\nLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYWN0aW9ucy9ydW5z\nLzU3NTg3NzYzNzQvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCB\nigYKKwYBBAHWeQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eK\ncoAvKe6OAAABib8FjKMAAAQDAEcwRQIhAPiXKr98l6nlO2zMhlcSsMjKOXj+rLra\nr9GWjJhYrdJAAiAd4Or/a0EjMgmfBdvV3Ptjn7hooARAZ2W/KY9u33n4/DAKBggq\nhkjOPQQDAwNpADBmAjEAk/LMF7v6Z57dndZn6WFrfr5ibUW4zL0bSe/tK17VqAYe\nTgH6DydAh8S71dN73ZyfAjEA2JxgEA/Q4ujlen8V3v+xzlI+EBUz6DEbpCULh4vr\nw/0zk6GmYnCOIvTm6hhBcNM/\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14 b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14 new file mode 100644 index 000000000..d081d3b05 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14 differ diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2 b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2 new file mode 100644 index 000000000..d081d3b05 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2 differ diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl new file mode 100644 index 000000000..e81dac82b --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.2.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXYxNC4yIiwiZGlnZXN0Ijp7InNoYTI1NiI6IjEwMzY1MmE1MDhhMDIzNjY2YzMxNWMxMmQxN2U5MWM3OWQxMTdkYTliMDgzMmNjZDFlYmJjZmFhNTliY2UwZTAifX1dLCJwcmVkaWNhdGUiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9nb19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dvQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy90YWdzL3YxNC4yIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sImVudHJ5UG9pbnQiOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9LCJwYXJhbWV0ZXJzIjp7fSwiZW52aXJvbm1lbnQiOnsiYXJjaCI6Ilg2NCIsImdpdGh1Yl9hY3RvciI6Imlhbmxld2lzIiwiZ2l0aHViX2FjdG9yX2lkIjoiNDkyODkiLCJnaXRodWJfYmFzZV9yZWYiOiIiLCJnaXRodWJfZXZlbnRfbmFtZSI6InB1c2giLCJnaXRodWJfZXZlbnRfcGF5bG9hZCI6eyJhZnRlciI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJiYXNlX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImJlZm9yZSI6IjAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAiLCJjb21taXRzIjpbXSwiY29tcGFyZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS92MTQuMiIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIFx1MDAzY2lhbmxld2lzQGdvb2dsZS5jb21cdTAwM2UiLCJ0aW1lc3RhbXAiOiIyMDIzLTA4LTA0VDE0OjI2OjA4KzA5OjAwIiwidHJlZV9pZCI6IjgyMDJhOWE3MDc1MTdhMmVlM2UyNWVjMzRiZGMzOGM4NmEzZWRkYjYiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdC82Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sIm9yZ2FuaXphdGlvbiI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImRlc2NyaXB0aW9uIjoiU3VwcGx5LWNoYWluIExldmVscyBmb3IgU29mdHdhcmUgQXJ0aWZhY3RzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ldmVudHMiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaG9va3MiLCJpZCI6ODA0MzExODcsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaXNzdWVzIiwibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm1lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL21lbWJlcnN7L21lbWJlcn0iLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJwdWJsaWNfbWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcHVibGljX21lbWJlcnN7L21lbWJlcn0iLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsifSwicHVzaGVyIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJpYW5sZXdpcyJ9LCJyZWYiOiJyZWZzL3RhZ3MvdjE0LjIiLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoxNjUxMDg3ODQzLCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjpudWxsLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZXZlbnRzIiwiZm9yayI6ZmFsc2UsImZvcmtzIjoyMCwiZm9ya3NfY291bnQiOjIwLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9mb3JrcyIsImZ1bGxfbmFtZSI6InNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJoYXNfZGlzY3Vzc2lvbnMiOmZhbHNlLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjp0cnVlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6bnVsbCwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaG9va3MiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJpZCI6NDg2MzI1ODA5LCJpc190ZW1wbGF0ZSI6ZmFsc2UsImlzc3VlX2NvbW1lbnRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2NvbW1lbnRzey9udW1iZXJ9IiwiaXNzdWVfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9ldmVudHN7L251bWJlcn0iLCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzey9udW1iZXJ9Iiwia2V5c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9rZXlzey9rZXlfaWR9IiwibGFiZWxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhYmVsc3svbmFtZX0iLCJsYW5ndWFnZSI6IlR5cGVTY3JpcHQiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFuZ3VhZ2VzIiwibGljZW5zZSI6eyJrZXkiOiJhcGFjaGUtMi4wIiwibmFtZSI6IkFwYWNoZSBMaWNlbnNlIDIuMCIsIm5vZGVfaWQiOiJNRGM2VEdsalpXNXpaVEk9Iiwic3BkeF9pZCI6IkFwYWNoZS0yLjAiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL2xpY2Vuc2VzL2FwYWNoZS0yLjAifSwibWFzdGVyX2JyYW5jaCI6Im1haW4iLCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWVyZ2VzIiwibWlsZXN0b25lc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6ImV4YW1wbGUtcGFja2FnZSIsIm5vZGVfaWQiOiJSX2tnRE9IUHktTVEiLCJub3RpZmljYXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjo0MSwib3Blbl9pc3N1ZXNfY291bnQiOjQxLCJvcmdhbml6YXRpb24iOiJzbHNhLWZyYW1ld29yayIsIm93bmVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvODA0MzExODc/dj00IiwiZW1haWwiOm51bGwsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrIiwiaWQiOjgwNDMxMTg3LCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibmFtZSI6InNsc2EtZnJhbWV3b3JrIiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiT3JnYW5pemF0aW9uIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yayJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOjE2OTExMjY4MDUsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3JlbGVhc2Vzey9pZH0iLCJzaXplIjo2MzIzLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206c2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsInN0YXJnYXplcnMiOjExLCJzdGFyZ2F6ZXJzX2NvdW50IjoxMSwic3RhcmdhemVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGFyZ2F6ZXJzIiwic3RhdHVzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhdHVzZXMve3NoYX0iLCJzdWJzY3JpYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpYmVycyIsInN1YnNjcmlwdGlvbl91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdWJzY3JpcHRpb24iLCJzdm5fdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInRhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGFncyIsInRlYW1zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RlYW1zIiwidG9waWNzIjpbXSwidHJlZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RyZWVzey9zaGF9IiwidXBkYXRlZF9hdCI6IjIwMjMtMDgtMDJUMjA6MDk6NDNaIiwidXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MTEsIndhdGNoZXJzX2NvdW50IjoxMSwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjp0cnVlfSwic2VuZGVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvNDkyODk/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaWFubGV3aXMiLCJpZCI6NDkyODksImxvZ2luIjoiaWFubGV3aXMiLCJub2RlX2lkIjoiTURRNlZYTmxjalE1TWpnNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzIn19LCJnaXRodWJfaGVhZF9yZWYiOiIiLCJnaXRodWJfcmVmIjoicmVmcy90YWdzL3YxNC4yIiwiZ2l0aHViX3JlZl90eXBlIjoidGFnIiwiZ2l0aHViX3JlcG9zaXRvcnlfaWQiOiI0ODYzMjU4MDkiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lciI6InNsc2EtZnJhbWV3b3JrIiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXJfaWQiOiI4MDQzMTE4NyIsImdpdGh1Yl9ydW5fYXR0ZW1wdCI6IjEiLCJnaXRodWJfcnVuX2lkIjoiNTc1ODc3NjMwNCIsImdpdGh1Yl9ydW5fbnVtYmVyIjoiNjkiLCJnaXRodWJfc2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIiLCJvcyI6InVidW50dTIyIn19LCJidWlsZENvbmZpZyI6eyJzdGVwcyI6W3sid29ya2luZ0RpciI6Ii9ob21lL3J1bm5lci93b3JrL2V4YW1wbGUtcGFja2FnZS9leGFtcGxlLXBhY2thZ2UvX19QUk9KRUNUX0NIRUNLT1VUX0RJUl9fIiwiY29tbWFuZCI6WyIvb3B0L2hvc3RlZHRvb2xjYWNoZS9nby8xLjE4LjEwL3g2NC9iaW4vZ28iLCJtb2QiLCJ2ZW5kb3IiXSwiZW52IjpudWxsfSx7IndvcmtpbmdEaXIiOiIvaG9tZS9ydW5uZXIvd29yay9leGFtcGxlLXBhY2thZ2UvZXhhbXBsZS1wYWNrYWdlL19fUFJPSkVDVF9DSEVDS09VVF9ESVJfXyIsImNvbW1hbmQiOlsiL29wdC9ob3N0ZWR0b29sY2FjaGUvZ28vMS4xOC4xMC94NjQvYmluL2dvIiwiYnVpbGQiLCItbW9kPXZlbmRvciIsIi10cmltcGF0aCIsIi10YWdzPW5ldGdvIiwiLW8iLCJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXYxNC4yIl0sImVudiI6WyJHT09TPWxpbnV4IiwiR09BUkNIPWFtZDY0IiwiR08xMTFNT0RVTEU9b24iLCJDR09fRU5BQkxFRD0wIl19XSwidmVyc2lvbiI6MX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiNTc1ODc3NjMwNC0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQuMiIsImRpZ2VzdCI6eyJzaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiJ9fSx7InVyaSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9hY3Rpb25zL3ZpcnR1YWwtZW52aXJvbm1lbnRzL3JlbGVhc2VzL3RhZy91YnVudHUyMi8yMDIzMDcyOC4zLjAifV19fQ==","signatures":[{"keyid":"","sig":"MEQCIHGqEXziAjElrJEt8se6dvz/XRKk9FRJ0Tm3/snwUnmUAiAXu0+FHkW+mmgpPyEpn2l70IyrUOn+XXhYIbaIVmllOA==","cert":"-----BEGIN CERTIFICATE-----\nMIIHhTCCBwqgAwIBAgIUYEbN7R+TPrurKt2v0kYIl7nL0YwwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTE0WhcNMjMwODA0MDUzOTE0WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEnB/aGbYBYOEGZ+iULAK5ZGOMIiHyWg3qseXJ\nrQnk1/9a41buCqxWRD5gQ6eMxDho+9VaH9XDfoxlASX9CSNP+KOCBikwggYlMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUMt/0\nD1W4E+PauDIwsn9w/kDEPiswHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wfQYDVR0RAQH/BHMwcYZvaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3\nb3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWls\nZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEE\nK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYK\nKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5\nN2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIv\nd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFp\nbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4\nYW1wbGUtcGFja2FnZTAdBgorBgEEAYO/MAEGBA9yZWZzL3RhZ3MvdjE0LjIwOwYK\nKwYBBAGDvzABCAQtDCtodHRwczovL3Rva2VuLmFjdGlvbnMuZ2l0aHVidXNlcmNv\nbnRlbnQuY29tMH8GCisGAQQBg78wAQkEcQxvaHR0cHM6Ly9naXRodWIuY29tL3Ns\nc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtm\nbG93cy9idWlsZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDgGCisG\nAQQBg78wAQoEKgwoY2RlYjNhOTE2NjEwYmMwMGFmNWRlZTgzZDFhY2RkM2M3MDc5\nOTIzYTAdBgorBgEEAYO/MAELBA8MDWdpdGh1Yi1ob3N0ZWQwQQYKKwYBBAGDvzAB\nDAQzDDFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1w\nYWNrYWdlMDgGCisGAQQBg78wAQ0EKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZm\nNTExZTM3YjkzOGZlMTBkMjAfBgorBgEEAYO/MAEOBBEMD3JlZnMvdGFncy92MTQu\nMjAZBgorBgEEAYO/MAEPBAsMCTQ4NjMyNTgwOTAxBgorBgEEAYO/MAEQBCMMIWh0\ndHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yazAYBgorBgEEAYO/MAERBAoM\nCDgwNDMxMTg3MIGbBgorBgEEAYO/MAESBIGMDIGJaHR0cHM6Ly9naXRodWIuY29t\nL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS8uZ2l0aHViL3dvcmtmbG93\ncy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNs\nc2EzLnltbEByZWZzL3RhZ3MvdjE0LjIwOAYKKwYBBAGDvzABEwQqDCg2Y2Y2NzFm\nNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMBQGCisGAQQBg78wARQE\nBgwEcHVzaDBkBgorBgEEAYO/MAEVBFYMVGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNh\nLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYWN0aW9ucy9ydW5zLzU3NTg3NzYz\nMDQvYXR0ZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBigYKKwYBBAHW\neQIEAgR8BHoAeAB2AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAAB\nib8FetUAAAQDAEcwRQIhAJYEjKW4NdO7veBvWNs1MyY35WaWMQm67H6WLSmDW4Uq\nAiB0V8PKGLZmu2UHT7ZTiTl933DuWWtZ/B/tHjPePa/jODAKBggqhkjOPQQDAwNp\nADBmAjEA9MINOeBCs+CAIs/3NoYM242nJFdgPACBpfYPF8zbxxnk+9gY+mCLoJgI\nA5YsWToaAjEA1DPuwWAappCWlXzn5//oXUilfO8VekVPyiF7p/864Fx1WuUFP+W6\nkUEI2rZt4sUY\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl new file mode 100644 index 000000000..1d09df4ff --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-push-v14.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXYxNCIsImRpZ2VzdCI6eyJzaGEyNTYiOiIxMDM2NTJhNTA4YTAyMzY2NmMzMTVjMTJkMTdlOTFjNzlkMTE3ZGE5YjA4MzJjY2QxZWJiY2ZhYTU5YmNlMGUwIn19XSwicHJlZGljYXRlIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfZ29fc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAifSwiYnVpbGRUeXBlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci9nb0B2MSIsImludm9jYXRpb24iOnsiY29uZmlnU291cmNlIjp7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifSwiZW50cnlQb2ludCI6Ii5naXRodWIvd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMueW1sIn0sInBhcmFtZXRlcnMiOnt9LCJlbnZpcm9ubWVudCI6eyJhcmNoIjoiWDY0IiwiZ2l0aHViX2FjdG9yIjoiaWFubGV3aXMiLCJnaXRodWJfYWN0b3JfaWQiOiI0OTI4OSIsImdpdGh1Yl9iYXNlX3JlZiI6IiIsImdpdGh1Yl9ldmVudF9uYW1lIjoicHVzaCIsImdpdGh1Yl9ldmVudF9wYXlsb2FkIjp7ImFmdGVyIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsImJhc2VfcmVmIjoicmVmcy9oZWFkcy9tYWluIiwiYmVmb3JlIjoiMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMCIsImNvbW1pdHMiOltdLCJjb21wYXJlIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3YxNCIsImNyZWF0ZWQiOnRydWUsImRlbGV0ZWQiOmZhbHNlLCJmb3JjZWQiOmZhbHNlLCJoZWFkX2NvbW1pdCI6eyJhdXRob3IiOnsiZW1haWwiOiJpYW5sZXdpc0Bnb29nbGUuY29tIiwibmFtZSI6IklhbiBMZXdpcyIsInVzZXJuYW1lIjoiaWFubGV3aXMifSwiY29tbWl0dGVyIjp7ImVtYWlsIjoibm9yZXBseUBnaXRodWIuY29tIiwibmFtZSI6IkdpdEh1YiIsInVzZXJuYW1lIjoid2ViLWZsb3cifSwiZGlzdGluY3QiOnRydWUsImlkIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm1lc3NhZ2UiOiJVcGRhdGUgdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWxcblxuU2lnbmVkLW9mZi1ieTogSWFuIExld2lzIFx1MDAzY2lhbmxld2lzQGdvb2dsZS5jb21cdTAwM2UiLCJ0aW1lc3RhbXAiOiIyMDIzLTA4LTA0VDE0OjI2OjA4KzA5OjAwIiwidHJlZV9pZCI6IjgyMDJhOWE3MDc1MTdhMmVlM2UyNWVjMzRiZGMzOGM4NmEzZWRkYjYiLCJ1cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1pdC82Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sIm9yZ2FuaXphdGlvbiI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImRlc2NyaXB0aW9uIjoiU3VwcGx5LWNoYWluIExldmVscyBmb3IgU29mdHdhcmUgQXJ0aWZhY3RzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9ldmVudHMiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaG9va3MiLCJpZCI6ODA0MzExODcsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvaXNzdWVzIiwibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm1lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL21lbWJlcnN7L21lbWJlcn0iLCJub2RlX2lkIjoiTURFeU9rOXlaMkZ1YVhwaGRHbHZiamd3TkRNeE1UZzMiLCJwdWJsaWNfbWVtYmVyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcHVibGljX21lbWJlcnN7L21lbWJlcn0iLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvcmVwb3MiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsifSwicHVzaGVyIjp7ImVtYWlsIjoiaWFubGV3aXNAZ29vZ2xlLmNvbSIsIm5hbWUiOiJpYW5sZXdpcyJ9LCJyZWYiOiJyZWZzL3RhZ3MvdjE0IiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6MTY1MTA4Nzg0MywiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6bnVsbCwiZGlzYWJsZWQiOmZhbHNlLCJkb3dubG9hZHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZG93bmxvYWRzIiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2V2ZW50cyIsImZvcmsiOmZhbHNlLCJmb3JrcyI6MjAsImZvcmtzX2NvdW50IjoyMCwiZm9ya3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZm9ya3MiLCJmdWxsX25hbWUiOiJzbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJnaXRfY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvY29tbWl0c3svc2hhfSIsImdpdF9yZWZzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9yZWZzey9zaGF9IiwiZ2l0X3RhZ3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L3RhZ3N7L3NoYX0iLCJnaXRfdXJsIjoiZ2l0Oi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UuZ2l0IiwiaGFzX2Rpc2N1c3Npb25zIjpmYWxzZSwiaGFzX2Rvd25sb2FkcyI6dHJ1ZSwiaGFzX2lzc3VlcyI6dHJ1ZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOm51bGwsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiaWQiOjQ4NjMyNTgwOSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJUeXBlU2NyaXB0IiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoiYXBhY2hlLTIuMCIsIm5hbWUiOiJBcGFjaGUgTGljZW5zZSAyLjAiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRJPSIsInNwZHhfaWQiOiJBcGFjaGUtMi4wIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9hcGFjaGUtMi4wIn0sIm1hc3Rlcl9icmFuY2giOiJtYWluIiwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWlsZXN0b25lc3svbnVtYmVyfSIsIm1pcnJvcl91cmwiOm51bGwsIm5hbWUiOiJleGFtcGxlLXBhY2thZ2UiLCJub2RlX2lkIjoiUl9rZ0RPSFB5LU1RIiwibm90aWZpY2F0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ub3RpZmljYXRpb25zez9zaW5jZSxhbGwscGFydGljaXBhdGluZ30iLCJvcGVuX2lzc3VlcyI6NDEsIm9wZW5faXNzdWVzX2NvdW50Ijo0MSwib3JnYW5pemF0aW9uIjoic2xzYS1mcmFtZXdvcmsiLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImVtYWlsIjpudWxsLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93ZXJzIiwiZm9sbG93aW5nX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yayIsImlkIjo4MDQzMTE4NywibG9naW4iOiJzbHNhLWZyYW1ld29yayIsIm5hbWUiOiJzbHNhLWZyYW1ld29yayIsIm5vZGVfaWQiOiJNREV5T2s5eVoyRnVhWHBoZEdsdmJqZ3dORE14TVRnMyIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdWJzY3JpcHRpb25zIiwidHlwZSI6Ik9yZ2FuaXphdGlvbiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvc2xzYS1mcmFtZXdvcmsifSwicHJpdmF0ZSI6ZmFsc2UsInB1bGxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoxNjkxMTI2ODA1LCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6NjMyMywic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOnNsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJzdGFyZ2F6ZXJzIjoxMSwic3RhcmdhemVyc19jb3VudCI6MTEsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2Uvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA4LTAyVDIwOjA5OjQzWiIsInVybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UiLCJ2aXNpYmlsaXR5IjoicHVibGljIiwid2F0Y2hlcnMiOjExLCJ3YXRjaGVyc19jb3VudCI6MTEsIndlYl9jb21taXRfc2lnbm9mZl9yZXF1aXJlZCI6dHJ1ZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzQ5Mjg5P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2lhbmxld2lzIiwiaWQiOjQ5Mjg5LCJsb2dpbiI6Imlhbmxld2lzIiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pRNU1qZzUiLCJvcmdhbml6YXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVwb3MiLCJzaXRlX2FkbWluIjpmYWxzZSwic3RhcnJlZF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcyJ9fSwiZ2l0aHViX2hlYWRfcmVmIjoiIiwiZ2l0aHViX3JlZiI6InJlZnMvdGFncy92MTQiLCJnaXRodWJfcmVmX3R5cGUiOiJ0YWciLCJnaXRodWJfcmVwb3NpdG9yeV9pZCI6IjQ4NjMyNTgwOSIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyIjoic2xzYS1mcmFtZXdvcmsiLCJnaXRodWJfcmVwb3NpdG9yeV9vd25lcl9pZCI6IjgwNDMxMTg3IiwiZ2l0aHViX3J1bl9hdHRlbXB0IjoiMSIsImdpdGh1Yl9ydW5faWQiOiI1NzU4Nzc2MzAzIiwiZ2l0aHViX3J1bl9udW1iZXIiOiI2OCIsImdpdGh1Yl9zaGExIjoiNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMiIsIm9zIjoidWJ1bnR1MjIifX0sImJ1aWxkQ29uZmlnIjp7InN0ZXBzIjpbeyJ3b3JraW5nRGlyIjoiL2hvbWUvcnVubmVyL3dvcmsvZXhhbXBsZS1wYWNrYWdlL2V4YW1wbGUtcGFja2FnZS9fX1BST0pFQ1RfQ0hFQ0tPVVRfRElSX18iLCJjb21tYW5kIjpbIi9vcHQvaG9zdGVkdG9vbGNhY2hlL2dvLzEuMTguMTAveDY0L2Jpbi9nbyIsIm1vZCIsInZlbmRvciJdLCJlbnYiOm51bGx9LHsid29ya2luZ0RpciI6Ii9ob21lL3J1bm5lci93b3JrL2V4YW1wbGUtcGFja2FnZS9leGFtcGxlLXBhY2thZ2UvX19QUk9KRUNUX0NIRUNLT1VUX0RJUl9fIiwiY29tbWFuZCI6WyIvb3B0L2hvc3RlZHRvb2xjYWNoZS9nby8xLjE4LjEwL3g2NC9iaW4vZ28iLCJidWlsZCIsIi1tb2Q9dmVuZG9yIiwiLXRyaW1wYXRoIiwiLXRhZ3M9bmV0Z28iLCItbyIsImdoYV9nby1iaW5hcnktbGludXgtYW1kNjQtdjE0Il0sImVudiI6WyJHT09TPWxpbnV4IiwiR09BUkNIPWFtZDY0IiwiQ0dPX0VOQUJMRUQ9MCIsIkdPMTExTU9EVUxFPW9uIl19XSwidmVyc2lvbiI6MX0sIm1ldGFkYXRhIjp7ImJ1aWxkSW52b2NhdGlvbklEIjoiNTc1ODc3NjMwMy0xIiwiY29tcGxldGVuZXNzIjp7InBhcmFtZXRlcnMiOnRydWUsImVudmlyb25tZW50IjpmYWxzZSwibWF0ZXJpYWxzIjpmYWxzZX0sInJlcHJvZHVjaWJsZSI6ZmFsc2V9LCJtYXRlcmlhbHMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlQHJlZnMvdGFncy92MTQiLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0seyJ1cmkiOiJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy92aXJ0dWFsLWVudmlyb25tZW50cy9yZWxlYXNlcy90YWcvdWJ1bnR1MjIvMjAyMzA3MjguMy4wIn1dfX0=","signatures":[{"keyid":"","sig":"MEQCIGdPhzL8A10+dfIAenqBHnatWTOS4CD8WGMS83TSwdamAiA+oyNhNYDTlH3l8U0VEiaZXLSQa85a5rJaW7LKsb4DXQ==","cert":"-----BEGIN CERTIFICATE-----\nMIIHgDCCBwWgAwIBAgIUDMQtKGOCQ6SImQoJs+X2l0CXea8wCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyOTE2WhcNMjMwODA0MDUzOTE2WjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAE/KD9tUFp9n6WEBpxuvP+LKajS4p+flVTYN/U\nhJV3mQ0LnUj4q2fS6d/X3mfj0a/UeV9eXrFdX04e9D0sx/OYvKOCBiQwggYgMA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQU0ayH\nm+qBRFBIVByZZsHjNjGWISIwHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wfQYDVR0RAQH/BHMwcYZvaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3\nb3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWls\nZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEE\nK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wEgYK\nKwYBBAGDvzABAgQEcHVzaDA2BgorBgEEAYO/MAEDBCg2Y2Y2NzFmNDdmMzc1MmY5\nN2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMFUGCisGAQQBg78wAQQERy5naXRodWIv\nd29ya2Zsb3dzL3ZlcmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFp\nbi5hbGwuc2xzYTMueW1sMCwGCisGAQQBg78wAQUEHnNsc2EtZnJhbWV3b3JrL2V4\nYW1wbGUtcGFja2FnZTAbBgorBgEEAYO/MAEGBA1yZWZzL3RhZ3MvdjE0MDsGCisG\nAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25zLmdpdGh1YnVzZXJjb250\nZW50LmNvbTB/BgorBgEEAYO/MAEJBHEMb2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNh\nLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxv\nd3MvYnVpbGRlcl9nb19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMDA4BgorBgEE\nAYO/MAEKBCoMKGNkZWIzYTkxNjYxMGJjMDBhZjVkZWU4M2QxYWNkZDNjNzA3OTky\nM2EwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVkMEEGCisGAQQBg78wAQwE\nMwwxaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFj\na2FnZTA4BgorBgEEAYO/MAENBCoMKDZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUx\nMWUzN2I5MzhmZTEwZDIwHQYKKwYBBAGDvzABDgQPDA1yZWZzL3RhZ3MvdjE0MBkG\nCisGAQQBg78wAQ8ECwwJNDg2MzI1ODA5MDEGCisGAQQBg78wARAEIwwhaHR0cHM6\nLy9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrMBgGCisGAQQBg78wAREECgwIODA0\nMzExODcwgZkGCisGAQQBg78wARIEgYoMgYdodHRwczovL2dpdGh1Yi5jb20vc2xz\nYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLy5naXRodWIvd29ya2Zsb3dzL3Zl\ncmlmaWVyLWUyZS5hbGwud29ya2Zsb3dfZGlzcGF0Y2gubWFpbi5hbGwuc2xzYTMu\neW1sQHJlZnMvdGFncy92MTQwOAYKKwYBBAGDvzABEwQqDCg2Y2Y2NzFmNDdmMzc1\nMmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyMBQGCisGAQQBg78wARQEBgwEcHVz\naDBkBgorBgEEAYO/MAEVBFYMVGh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1l\nd29yay9leGFtcGxlLXBhY2thZ2UvYWN0aW9ucy9ydW5zLzU3NTg3NzYzMDMvYXR0\nZW1wdHMvMTAWBgorBgEEAYO/MAEWBAgMBnB1YmxpYzCBiwYKKwYBBAHWeQIEAgR9\nBHsAeQB3AN09MGrGxxEyYxkeHJlnNwKiSl643jyt/4eKcoAvKe6OAAABib8FgcMA\nAAQDAEgwRgIhAI/LiqHpWFQFZU9sYmjP315jRsaH6Ic2ckY0AUrAitiDAiEA8sXi\ncHci0tJ278nzwawBygEHuBlWjlei/xcMeBVVSl4wCgYIKoZIzj0EAwMDaQAwZgIx\nAJKgsbUXifmSShjReyuE1i7qX7q/J7D50BBhtQVPPNcyzYo5fwohEChpS0Mc3oJ6\n9gIxAPqYO0rorzRihLHPM5TZD7KiKAyaLH7qly5Pp/IX0gNEFHXU7D5nb4GbnUov\nR9IK4w==\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch new file mode 100644 index 000000000..d081d3b05 Binary files /dev/null and b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch differ diff --git a/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl new file mode 100644 index 000000000..d486f1ba4 --- /dev/null +++ b/cli/slsa-verifier/testdata/gha_go/v1.8.0/binary-linux-amd64-workflow_dispatch.intoto.jsonl @@ -0,0 +1 @@ +{"payloadType":"application/vnd.in-toto+json","payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsInN1YmplY3QiOlt7Im5hbWUiOiJnaGFfZ28tYmluYXJ5LWxpbnV4LWFtZDY0LXdvcmtmbG93X2Rpc3BhdGNoIiwiZGlnZXN0Ijp7InNoYTI1NiI6IjEwMzY1MmE1MDhhMDIzNjY2YzMxNWMxMmQxN2U5MWM3OWQxMTdkYTliMDgzMmNjZDFlYmJjZmFhNTliY2UwZTAifX1dLCJwcmVkaWNhdGUiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9nb19zbHNhMy55bWxAcmVmcy90YWdzL3YxLjguMCJ9LCJidWlsZFR5cGUiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yL2dvQHYxIiwiaW52b2NhdGlvbiI6eyJjb25maWdTb3VyY2UiOnsidXJpIjoiZ2l0K2h0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2VAcmVmcy9oZWFkcy9tYWluIiwiZGlnZXN0Ijp7InNoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIn0sImVudHJ5UG9pbnQiOiIuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93X2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbCJ9LCJwYXJhbWV0ZXJzIjp7fSwiZW52aXJvbm1lbnQiOnsiYXJjaCI6Ilg2NCIsImdpdGh1Yl9hY3RvciI6Imlhbmxld2lzIiwiZ2l0aHViX2FjdG9yX2lkIjoiNDkyODkiLCJnaXRodWJfYmFzZV9yZWYiOiIiLCJnaXRodWJfZXZlbnRfbmFtZSI6IndvcmtmbG93X2Rpc3BhdGNoIiwiZ2l0aHViX2V2ZW50X3BheWxvYWQiOnsiaW5wdXRzIjpudWxsLCJvcmdhbml6YXRpb24iOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS84MDQzMTE4Nz92PTQiLCJkZXNjcmlwdGlvbiI6IlN1cHBseS1jaGFpbiBMZXZlbHMgZm9yIFNvZnR3YXJlIEFydGlmYWN0cyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL29yZ3Mvc2xzYS1mcmFtZXdvcmsvZXZlbnRzIiwiaG9va3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2hvb2tzIiwiaWQiOjgwNDMxMTg3LCJpc3N1ZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL2lzc3VlcyIsImxvZ2luIjoic2xzYS1mcmFtZXdvcmsiLCJtZW1iZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vb3Jncy9zbHNhLWZyYW1ld29yay9tZW1iZXJzey9tZW1iZXJ9Iiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwicHVibGljX21lbWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3B1YmxpY19tZW1iZXJzey9tZW1iZXJ9IiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9vcmdzL3Nsc2EtZnJhbWV3b3JrIn0sInJlZiI6InJlZnMvaGVhZHMvbWFpbiIsInJlcG9zaXRvcnkiOnsiYWxsb3dfZm9ya2luZyI6dHJ1ZSwiYXJjaGl2ZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS97YXJjaGl2ZV9mb3JtYXR9ey9yZWZ9IiwiYXJjaGl2ZWQiOmZhbHNlLCJhc3NpZ25lZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvYXNzaWduZWVzey91c2VyfSIsImJsb2JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC9ibG9ic3svc2hhfSIsImJyYW5jaGVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2JyYW5jaGVzey9icmFuY2h9IiwiY2xvbmVfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS5naXQiLCJjb2xsYWJvcmF0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbGxhYm9yYXRvcnN7L2NvbGxhYm9yYXRvcn0iLCJjb21tZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb21tZW50c3svbnVtYmVyfSIsImNvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tbWl0c3svc2hhfSIsImNvbXBhcmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvY29tcGFyZS97YmFzZX0uLi57aGVhZH0iLCJjb250ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9jb250ZW50cy97K3BhdGh9IiwiY29udHJpYnV0b3JzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2NvbnRyaWJ1dG9ycyIsImNyZWF0ZWRfYXQiOiIyMDIyLTA0LTI3VDE5OjMwOjQzWiIsImRlZmF1bHRfYnJhbmNoIjoibWFpbiIsImRlcGxveW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2RlcGxveW1lbnRzIiwiZGVzY3JpcHRpb24iOm51bGwsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ldmVudHMiLCJmb3JrIjpmYWxzZSwiZm9ya3MiOjIwLCJmb3Jrc19jb3VudCI6MjAsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2ZvcmtzIiwiZnVsbF9uYW1lIjoic2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOnRydWUsImhhc19wYWdlcyI6ZmFsc2UsImhhc19wcm9qZWN0cyI6dHJ1ZSwiaGFzX3dpa2kiOnRydWUsImhvbWVwYWdlIjpudWxsLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsImlkIjo0ODYzMjU4MDksImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiVHlwZVNjcmlwdCIsImxhbmd1YWdlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9sYW5ndWFnZXMiLCJsaWNlbnNlIjp7ImtleSI6ImFwYWNoZS0yLjAiLCJuYW1lIjoiQXBhY2hlIExpY2Vuc2UgMi4wIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpUST0iLCJzcGR4X2lkIjoiQXBhY2hlLTIuMCIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vbGljZW5zZXMvYXBhY2hlLTIuMCJ9LCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvbWVyZ2VzIiwibWlsZXN0b25lc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6ImV4YW1wbGUtcGFja2FnZSIsIm5vZGVfaWQiOiJSX2tnRE9IUHktTVEiLCJub3RpZmljYXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjo0MSwib3Blbl9pc3N1ZXNfY291bnQiOjQxLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91LzgwNDMxMTg3P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL2V2ZW50c3svcHJpdmFjeX0iLCJmb2xsb3dlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9naXN0c3svZ2lzdF9pZH0iLCJncmF2YXRhcl9pZCI6IiIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrIiwiaWQiOjgwNDMxMTg3LCJsb2dpbiI6InNsc2EtZnJhbWV3b3JrIiwibm9kZV9pZCI6Ik1ERXlPazl5WjJGdWFYcGhkR2x2Ympnd05ETXhNVGczIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL29yZ3MiLCJyZWNlaXZlZF9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yay9zdGFycmVkey9vd25lcn17L3JlcG99Iiwic3Vic2NyaXB0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL3Nsc2EtZnJhbWV3b3JrL3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiT3JnYW5pemF0aW9uIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9zbHNhLWZyYW1ld29yayJ9LCJwcml2YXRlIjpmYWxzZSwicHVsbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvcHVsbHN7L251bWJlcn0iLCJwdXNoZWRfYXQiOiIyMDIzLTA4LTA0VDA1OjI2OjA4WiIsInJlbGVhc2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3JlbGVhc2Vzey9pZH0iLCJzaXplIjo2MzIzLCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206c2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlLmdpdCIsInN0YXJnYXplcnNfY291bnQiOjExLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3Mvc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvZXhhbXBsZS1wYWNrYWdlIiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZS9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMy0wOC0wMlQyMDowOTo0M1oiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZSIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MTEsIndhdGNoZXJzX2NvdW50IjoxMSwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjp0cnVlfSwic2VuZGVyIjp7ImF2YXRhcl91cmwiOiJodHRwczovL2F2YXRhcnMuZ2l0aHVidXNlcmNvbnRlbnQuY29tL3UvNDkyODk/dj00IiwiZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2ZvbGxvd2luZ3svb3RoZXJfdXNlcn0iLCJnaXN0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzL2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vaWFubGV3aXMiLCJpZCI6NDkyODksImxvZ2luIjoiaWFubGV3aXMiLCJub2RlX2lkIjoiTURRNlZYTmxjalE1TWpnNSIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvcmVjZWl2ZWRfZXZlbnRzIiwicmVwb3NfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvaWFubGV3aXMvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9pYW5sZXdpcy9zdWJzY3JpcHRpb25zIiwidHlwZSI6IlVzZXIiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2lhbmxld2lzIn0sIndvcmtmbG93IjoiLmdpdGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRjaC5tYWluLmFsbC5zbHNhMy55bWwifSwiZ2l0aHViX2hlYWRfcmVmIjoiIiwiZ2l0aHViX3JlZiI6InJlZnMvaGVhZHMvbWFpbiIsImdpdGh1Yl9yZWZfdHlwZSI6ImJyYW5jaCIsImdpdGh1Yl9yZXBvc2l0b3J5X2lkIjoiNDg2MzI1ODA5IiwiZ2l0aHViX3JlcG9zaXRvcnlfb3duZXIiOiJzbHNhLWZyYW1ld29yayIsImdpdGh1Yl9yZXBvc2l0b3J5X293bmVyX2lkIjoiODA0MzExODciLCJnaXRodWJfcnVuX2F0dGVtcHQiOiIxIiwiZ2l0aHViX3J1bl9pZCI6IjU3NTg3NzI3MzkiLCJnaXRodWJfcnVuX251bWJlciI6IjY3IiwiZ2l0aHViX3NoYTEiOiI2Y2Y2NzFmNDdmMzc1MmY5N2I5ZjViZmY1MTFlMzdiOTM4ZmUxMGQyIiwib3MiOiJ1YnVudHUyMiJ9fSwiYnVpbGRDb25maWciOnsic3RlcHMiOlt7IndvcmtpbmdEaXIiOiIvaG9tZS9ydW5uZXIvd29yay9leGFtcGxlLXBhY2thZ2UvZXhhbXBsZS1wYWNrYWdlL19fUFJPSkVDVF9DSEVDS09VVF9ESVJfXyIsImNvbW1hbmQiOlsiL29wdC9ob3N0ZWR0b29sY2FjaGUvZ28vMS4xOC4xMC94NjQvYmluL2dvIiwibW9kIiwidmVuZG9yIl0sImVudiI6bnVsbH0seyJ3b3JraW5nRGlyIjoiL2hvbWUvcnVubmVyL3dvcmsvZXhhbXBsZS1wYWNrYWdlL2V4YW1wbGUtcGFja2FnZS9fX1BST0pFQ1RfQ0hFQ0tPVVRfRElSX18iLCJjb21tYW5kIjpbIi9vcHQvaG9zdGVkdG9vbGNhY2hlL2dvLzEuMTguMTAveDY0L2Jpbi9nbyIsImJ1aWxkIiwiLW1vZD12ZW5kb3IiLCItdHJpbXBhdGgiLCItdGFncz1uZXRnbyIsIi1vIiwiZ2hhX2dvLWJpbmFyeS1saW51eC1hbWQ2NC13b3JrZmxvd19kaXNwYXRjaCJdLCJlbnYiOlsiR09PUz1saW51eCIsIkdPQVJDSD1hbWQ2NCIsIkdPMTExTU9EVUxFPW9uIiwiQ0dPX0VOQUJMRUQ9MCJdfV0sInZlcnNpb24iOjF9LCJtZXRhZGF0YSI6eyJidWlsZEludm9jYXRpb25JRCI6IjU3NTg3NzI3MzktMSIsImNvbXBsZXRlbmVzcyI6eyJwYXJhbWV0ZXJzIjp0cnVlLCJlbnZpcm9ubWVudCI6ZmFsc2UsIm1hdGVyaWFscyI6ZmFsc2V9LCJyZXByb2R1Y2libGUiOmZhbHNlfSwibWF0ZXJpYWxzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFja2FnZUByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsic2hhMSI6IjZjZjY3MWY0N2YzNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIifX0seyJ1cmkiOiJodHRwczovL2dpdGh1Yi5jb20vYWN0aW9ucy92aXJ0dWFsLWVudmlyb25tZW50cy9yZWxlYXNlcy90YWcvdWJ1bnR1MjIvMjAyMzA3MjguMy4wIn1dfX0=","signatures":[{"keyid":"","sig":"MEUCIQD+FvKlvDmpUKD2lEAomZle193yAnn0oIX+7aES3wr0mQIgV2Plbmj0Aqrakx3tsgGBDm+SbMQT6fLREL6vUKVjass=","cert":"-----BEGIN CERTIFICATE-----\nMIIHnjCCByOgAwIBAgIUVBPefHcl/1h0enh+AaSzkvMrgNUwCgYIKoZIzj0EAwMw\nNzEVMBMGA1UEChMMc2lnc3RvcmUuZGV2MR4wHAYDVQQDExVzaWdzdG9yZS1pbnRl\ncm1lZGlhdGUwHhcNMjMwODA0MDUyODQyWhcNMjMwODA0MDUzODQyWjAAMFkwEwYH\nKoZIzj0CAQYIKoZIzj0DAQcDQgAEheO9JUdcMdVeKVkwxHCBbkZPAynm+SX/V64g\nReSb3pgohArTSNbWRwRryIJI+ZdZfdcVMdH+fgdRxPYclZiI1KOCBkIwggY+MA4G\nA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUx7Jt\ncRyrzOGu4vOCZvsQ1u5jIK0wHwYDVR0jBBgwFoAU39Ppz1YkEZb5qNjpKFWixi4Y\nZD8wfQYDVR0RAQH/BHMwcYZvaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3\nb3JrL3Nsc2EtZ2l0aHViLWdlbmVyYXRvci8uZ2l0aHViL3dvcmtmbG93cy9idWls\nZGVyX2dvX3Nsc2EzLnltbEByZWZzL3RhZ3MvdjEuOC4wMDkGCisGAQQBg78wAQEE\nK2h0dHBzOi8vdG9rZW4uYWN0aW9ucy5naXRodWJ1c2VyY29udGVudC5jb20wHwYK\nKwYBBAGDvzABAgQRd29ya2Zsb3dfZGlzcGF0Y2gwNgYKKwYBBAGDvzABAwQoNmNm\nNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjBVBgorBgEEAYO/\nMAEEBEcuZ2l0aHViL3dvcmtmbG93cy92ZXJpZmllci1lMmUuYWxsLndvcmtmbG93\nX2Rpc3BhdGNoLm1haW4uYWxsLnNsc2EzLnltbDAsBgorBgEEAYO/MAEFBB5zbHNh\nLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UwHQYKKwYBBAGDvzABBgQPcmVmcy9o\nZWFkcy9tYWluMDsGCisGAQQBg78wAQgELQwraHR0cHM6Ly90b2tlbi5hY3Rpb25z\nLmdpdGh1YnVzZXJjb250ZW50LmNvbTB/BgorBgEEAYO/MAEJBHEMb2h0dHBzOi8v\nZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3Iv\nLmdpdGh1Yi93b3JrZmxvd3MvYnVpbGRlcl9nb19zbHNhMy55bWxAcmVmcy90YWdz\nL3YxLjguMDA4BgorBgEEAYO/MAEKBCoMKGNkZWIzYTkxNjYxMGJjMDBhZjVkZWU4\nM2QxYWNkZDNjNzA3OTkyM2EwHQYKKwYBBAGDvzABCwQPDA1naXRodWItaG9zdGVk\nMEEGCisGAQQBg78wAQwEMwwxaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3\nb3JrL2V4YW1wbGUtcGFja2FnZTA4BgorBgEEAYO/MAENBCoMKDZjZjY3MWY0N2Yz\nNzUyZjk3YjlmNWJmZjUxMWUzN2I5MzhmZTEwZDIwHwYKKwYBBAGDvzABDgQRDA9y\nZWZzL2hlYWRzL21haW4wGQYKKwYBBAGDvzABDwQLDAk0ODYzMjU4MDkwMQYKKwYB\nBAGDvzABEAQjDCFodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmswGAYK\nKwYBBAGDvzABEQQKDAg4MDQzMTE4NzCBmwYKKwYBBAGDvzABEgSBjAyBiWh0dHBz\nOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9leGFtcGxlLXBhY2thZ2UvLmdp\ndGh1Yi93b3JrZmxvd3MvdmVyaWZpZXItZTJlLmFsbC53b3JrZmxvd19kaXNwYXRj\naC5tYWluLmFsbC5zbHNhMy55bWxAcmVmcy9oZWFkcy9tYWluMDgGCisGAQQBg78w\nARMEKgwoNmNmNjcxZjQ3ZjM3NTJmOTdiOWY1YmZmNTExZTM3YjkzOGZlMTBkMjAh\nBgorBgEEAYO/MAEUBBMMEXdvcmtmbG93X2Rpc3BhdGNoMGQGCisGAQQBg78wARUE\nVgxUaHR0cHM6Ly9naXRodWIuY29tL3Nsc2EtZnJhbWV3b3JrL2V4YW1wbGUtcGFj\na2FnZS9hY3Rpb25zL3J1bnMvNTc1ODc3MjczOS9hdHRlbXB0cy8xMBYGCisGAQQB\ng78wARYECAwGcHVibGljMIGJBgorBgEEAdZ5AgQCBHsEeQB3AHUA3T0wasbHETJj\nGR4cmWc3AqJKXrjePK3/h4pygC8p7o4AAAGJvwT9uQAABAMARjBEAiAQal1k/Ik/\nAQinHtc91tJkFFy8Gz/AeMCZdvbRUjwc+QIgTIEcReNajQdci/1p4DehHuhLcA2G\nl2JhWkSnBYwJI9swCgYIKoZIzj0EAwMDaQAwZgIxAOQhdL4bAs0VN7D8iUiGR4Qz\nPlbdL1xd5nglG/WuHCKZOPLsxwASnRzNePWhjmHu9AIxAOJYw4Zy+lW/lK7lc9y1\nsw4FfTUfSQWEunXaNBD+b/4ZXbtkolQGFWRiPs/jd4hIQw==\n-----END CERTIFICATE-----\n"}]} \ No newline at end of file diff --git a/options/options.go b/options/options.go index 7bc9c46de..11ef9fb4a 100644 --- a/options/options.go +++ b/options/options.go @@ -18,7 +18,7 @@ type ProvenanceOpts struct { // ExpectedSourceURI is the expected source URI in the provenance. ExpectedSourceURI string - // ExpectedBuilderID is the expected builder ID. + // ExpectedBuilderID is the expected builder ID that is passed from user and verified ExpectedBuilderID string // ExpectedWorkflowInputs is a map of key=value inputs. @@ -31,6 +31,6 @@ type ProvenanceOpts struct { // BuildOpts are the options for checking the builder. type BuilderOpts struct { - // ExpectedID is the expected builder ID. + // ExpectedBuilderID is the builderID passed in from the user to be verified ExpectedID *string } diff --git a/verifiers/internal/gcb/intoto.go b/verifiers/internal/gcb/intoto.go deleted file mode 100644 index dccb68d6e..000000000 --- a/verifiers/internal/gcb/intoto.go +++ /dev/null @@ -1,74 +0,0 @@ -package gcb - -// NOTE: Copy of github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1 -// This holds an internal copy of in-toto-golang's structs for -// SLSA predicates to handle GCB's incompatibility with the -// published specification. -// Specifically, GCB provenance currently produces a string for -// ProvenancePredicate.Recipe.DefinedInMaterial rather than the SLSA compliant -// signed integer. Because of this, we comment out the field and do not unmarshal -// this in the Go struct. When comparing the envelope with the human-readable -// content, this field is ignored! -// GCB will later add compliant fields in the signed envelope, but NOT in the -// human-readable component. Either disregard comparison between human-readable -// summary and the signed envelope, or use this struct in comparison. - -import "time" - -const ( - // PredicateSLSAProvenance represents a build provenance for an artifact. - PredicateSLSAProvenance = "https://slsa.dev/provenance/v0.1" -) - -// ProvenancePredicate is the provenance predicate definition. -type ProvenancePredicate struct { - Builder ProvenanceBuilder `json:"builder"` - Recipe ProvenanceRecipe `json:"recipe"` - Metadata *ProvenanceMetadata `json:"metadata,omitempty"` - Materials []ProvenanceMaterial `json:"materials,omitempty"` -} - -// ProvenanceBuilder idenfifies the entity that executed the build steps. -type ProvenanceBuilder struct { - ID string `json:"id"` -} - -// ProvenanceRecipe describes the actions performed by the builder. -type ProvenanceRecipe struct { - Type string `json:"type"` - // DefinedInMaterial can be sent as the null pointer to indicate that - // the value is not present. - // DefinedInMaterial *int `json:"definedInMaterial,omitempty"` - EntryPoint string `json:"entryPoint"` - Arguments interface{} `json:"arguments,omitempty"` - Environment interface{} `json:"environment,omitempty"` -} - -// ProvenanceMetadata contains metadata for the built artifact. -type ProvenanceMetadata struct { - // Use pointer to make sure that the abscense of a time is not - // encoded as the Epoch time. - BuildStartedOn *time.Time `json:"buildStartedOn,omitempty"` - BuildFinishedOn *time.Time `json:"buildFinishedOn,omitempty"` - Completeness ProvenanceComplete `json:"completeness"` - Reproducible bool `json:"reproducible"` -} - -// ProvenanceMaterial defines the materials used to build an artifact. -type ProvenanceMaterial struct { - URI string `json:"uri"` - Digest DigestSet `json:"digest,omitempty"` -} - -// ProvenanceComplete indicates whether the claims in build/recipe are complete. -// For in depth information refer to the specifictaion: -// https://github.com/in-toto/attestation/blob/v0.1.0/spec/predicates/provenance.md -type ProvenanceComplete struct { - Arguments bool `json:"arguments"` - Environment bool `json:"environment"` - Materials bool `json:"materials"` -} - -// DigestSet contains a set of digests. It is represented as a map from -// algorithm name to lowercase hex-encoded value. -type DigestSet map[string]string diff --git a/verifiers/internal/gcb/provenance.go b/verifiers/internal/gcb/provenance.go index 38feb2911..ae6b08663 100644 --- a/verifiers/internal/gcb/provenance.go +++ b/verifiers/internal/gcb/provenance.go @@ -3,7 +3,6 @@ package gcb import ( "crypto/sha256" "encoding/json" - "errors" "fmt" "os" "reflect" @@ -11,13 +10,15 @@ import ( "strings" "github.com/google/go-cmp/cmp" - intoto "github.com/in-toto/in-toto-golang/in_toto" dsselib "github.com/secure-systems-lab/go-securesystemslib/dsse" serrors "github.com/slsa-framework/slsa-verifier/v2/errors" "github.com/slsa-framework/slsa-verifier/v2/options" "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/keys" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/common" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/iface" + v01 "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/v0.1" "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) @@ -28,25 +29,9 @@ var GCBBuilderIDs = []string{ var regionalKeyRegex = regexp.MustCompile(`^projects\/verified-builder\/locations\/(.*)\/keyRings\/attestor\/cryptoKeys\/builtByGCB\/cryptoKeyVersions\/1$`) -var errorSubstitutionError = errors.New("GCB substitution variable error") - -type v01IntotoStatement struct { - intoto.StatementHeader - Predicate ProvenancePredicate `json:"predicate"` -} - -// The GCB provenance contains a human-readable version of the intoto -// statement, but it is not compliant with the standard. It uses `slsaProvenance` -// instead of `predicate`. For backward compatibility, this has not been fixed -// by the GCB team. -type v01GCBIntotoStatement struct { - intoto.StatementHeader - SlsaProvenance ProvenancePredicate `json:"slsaProvenance"` -} - type provenance struct { Build struct { - UnverifiedTextIntotoStatement v01GCBIntotoStatement `json:"intotoStatement"` + UnverifiedTextIntotoStatementV01 v01.GCBIntotoTextStatement `json:"intotoStatement"` } `json:"build"` Kind string `json:"kind"` ResourceURI string `json:"resourceUri"` @@ -66,9 +51,9 @@ type gloudProvenance struct { } type Provenance struct { - gcloudProv *gloudProvenance - verifiedProvenance *provenance - verifiedIntotoStatement *v01IntotoStatement + gcloudProv *gloudProvenance + verifiedProvenance *provenance + verifiedStatement iface.Provenance } func ProvenanceFromBytes(payload []byte) (*Provenance, error) { @@ -85,8 +70,7 @@ func ProvenanceFromBytes(payload []byte) (*Provenance, error) { func (p *Provenance) isVerified() error { // Check that the signature is verified. - if p.verifiedIntotoStatement == nil || - p.verifiedProvenance == nil { + if p.verifiedStatement == nil || p.verifiedProvenance == nil { return serrors.ErrorNoValidSignature } return nil @@ -96,7 +80,7 @@ func (p *Provenance) GetVerifiedIntotoStatement() ([]byte, error) { if err := p.isVerified(); err != nil { return nil, err } - d, err := json.Marshal(p.verifiedIntotoStatement) + d, err := json.Marshal(p.verifiedStatement) if err != nil { return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) } @@ -166,43 +150,32 @@ func (p *Provenance) VerifyTextProvenance() error { return err } - // Note: there is an additional field `metadata.buildInvocationId` which - // is not part of the specs but is present. This field is currently ignored during comparison. - unverifiedTextIntotoStatement := v01IntotoStatement{ - StatementHeader: p.verifiedProvenance.Build.UnverifiedTextIntotoStatement.StatementHeader, - Predicate: p.verifiedProvenance.Build.UnverifiedTextIntotoStatement.SlsaProvenance, + statement := p.verifiedStatement + predicateType, err := statement.PredicateType() + if err != nil { + return err + } + + var unverifiedTextIntotoStatement interface{} + switch predicateType { + case v01.PredicateSLSAProvenance: + // NOTE: there is an additional field `metadata.buildInvocationId` which + // is not part of the specs but is present. This field is currently ignored during comparison. + unverifiedTextIntotoStatement = &v01.Provenance{ + StatementHeader: p.verifiedProvenance.Build.UnverifiedTextIntotoStatementV01.StatementHeader, + Pred: p.verifiedProvenance.Build.UnverifiedTextIntotoStatementV01.SlsaProvenance, + } + default: + return fmt.Errorf("%w: unknown %v type", serrors.ErrorInvalidFormat, predicateType) } // Note: DeepEqual() has problem with time comparisons: https://github.com/onsi/gomega/issues/264 // but this should not affect us since both times are supposed to have the same string and // they are both taken from a string representation. // We do not use cmp.Equal() because it *can* panic and is intended for unit tests only. - if !reflect.DeepEqual(unverifiedTextIntotoStatement, *p.verifiedIntotoStatement) { + if !reflect.DeepEqual(unverifiedTextIntotoStatement, p.verifiedStatement) { return fmt.Errorf("%w: diff '%s'", serrors.ErrorMismatchIntoto, - cmp.Diff(unverifiedTextIntotoStatement, *p.verifiedIntotoStatement)) - } - - return nil -} - -// VerifyIntotoHeaders verifies the headers are intoto format and the expected -// slsa predicate. -func (p *Provenance) VerifyIntotoHeaders() error { - if err := p.isVerified(); err != nil { - return err - } - - statement := p.verifiedIntotoStatement - // https://in-toto.io/Statement/v0.1 - if statement.StatementHeader.Type != intoto.StatementInTotoV01 { - return fmt.Errorf("%w: expected statement header type '%s', got '%s'", - serrors.ErrorInvalidDssePayload, intoto.StatementInTotoV01, statement.StatementHeader.Type) - } - - // https://slsa.dev/provenance/v0.1 - if statement.StatementHeader.PredicateType != PredicateSLSAProvenance { - return fmt.Errorf("%w: expected statement predicate type '%s', got '%s'", - serrors.ErrorInvalidDssePayload, PredicateSLSAProvenance, statement.StatementHeader.PredicateType) + cmp.Diff(unverifiedTextIntotoStatement, p.verifiedStatement)) } return nil @@ -217,18 +190,20 @@ func isValidBuilderID(id string) error { return serrors.ErrorInvalidBuilderID } -func validateRecipeType(builderID utils.TrustedBuilderID, recipeType string) error { +func validateBuildType(builderID utils.TrustedBuilderID, buildType string) error { var err error v := builderID.Version() switch v { + // NOTE: buildType is called recipeType in v0.1 specification. + // Builders with version <= v0.3 use v0.1 specification. case "v0.2": // In this version, the recipe type should be the same as // the builder ID. - if builderID.String() == recipeType { + if builderID.String() == buildType { return nil } err = fmt.Errorf("%w: expected '%s', got '%s'", - serrors.ErrorInvalidRecipe, builderID.String(), recipeType) + serrors.ErrorInvalidRecipe, builderID.String(), buildType) case "v0.3": // In this version, two recipe types are allowed, depending how the @@ -239,12 +214,12 @@ func validateRecipeType(builderID utils.TrustedBuilderID, recipeType string) err "https://cloudbuild.googleapis.com/CloudBuildSteps@", } for _, r := range recipes { - if strings.HasPrefix(recipeType, r) { + if strings.HasPrefix(buildType, r) { return nil } } err = fmt.Errorf("%w: expected on of '%s', got '%s'", - serrors.ErrorInvalidRecipe, strings.Join(recipes, ","), recipeType) + serrors.ErrorInvalidRecipe, strings.Join(recipes, ","), buildType) default: err = fmt.Errorf("%w: version '%s'", serrors.ErrorInvalidBuilderID, v) @@ -262,8 +237,11 @@ func (p *Provenance) VerifyBuilder(builderOpts *options.BuilderOpts) (*utils.Tru return nil, err } - statement := p.verifiedIntotoStatement - predicateBuilderID := statement.Predicate.Builder.ID + statement := p.verifiedStatement + predicateBuilderID, err := statement.BuilderID() + if err != nil { + return nil, err + } // Sanity check the builderID. if err := isValidBuilderID(predicateBuilderID); err != nil { @@ -283,26 +261,38 @@ func (p *Provenance) VerifyBuilder(builderOpts *options.BuilderOpts) (*utils.Tru } // Valiate the recipe type. - if err := validateRecipeType(*provBuilderID, statement.Predicate.Recipe.Type); err != nil { + buildType, err := statement.BuildType() + if err != nil { return nil, err } - - // Validate the recipe argument type. - expectedType := "type.googleapis.com/google.devtools.cloudbuild.v1.Build" - args, ok := statement.Predicate.Recipe.Arguments.(map[string]interface{}) - if !ok { - return nil, fmt.Errorf("%w: recipe arguments is not a map", serrors.ErrorInvalidDssePayload) + if err := validateBuildType(*provBuilderID, buildType); err != nil { + return nil, err } - ts, err := getAsString(args, "@type") + + // Validate the recipe argument type for v0.2 provenance only. + predicate, err := statement.Predicate() if err != nil { return nil, err } + switch v := predicate.(type) { + case v01.ProvenancePredicate: + expectedType := "type.googleapis.com/google.devtools.cloudbuild.v1.Build" + args, ok := v.Recipe.Arguments.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("%w: recipe arguments is not a map", serrors.ErrorInvalidDssePayload) + } + ts, err := getAsString(args, "@type") + if err != nil { + return nil, err + } - if ts != expectedType { - return nil, fmt.Errorf("%w: expected '%s', got '%s'", serrors.ErrorMismatchBuilderID, - expectedType, ts) + if ts != expectedType { + return nil, fmt.Errorf("%w: expected '%s', got '%s'", serrors.ErrorMismatchBuilderID, + expectedType, ts) + } + default: + return nil, fmt.Errorf("%w: unknown type %v", serrors.ErrorInvalidFormat, v) } - return provBuilderID, nil } @@ -324,8 +314,12 @@ func (p *Provenance) VerifySubjectDigest(expectedHash string) error { return err } - statement := p.verifiedIntotoStatement - for _, subject := range statement.StatementHeader.Subject { + statement := p.verifiedStatement + subjects, err := statement.Subjects() + if err != nil { + return err + } + for _, subject := range subjects { digestSet := subject.Digest hash, exists := digestSet["sha256"] if !exists { @@ -346,12 +340,11 @@ func (p *Provenance) VerifySourceURI(expectedSourceURI string, builderID utils.T return err } - statement := p.verifiedIntotoStatement - materials := statement.Predicate.Materials - if len(materials) == 0 { - return fmt.Errorf("%w: no materials", serrors.ErrorInvalidDssePayload) + statement := p.verifiedStatement + uri, err := statement.SourceURI() + if err != nil { + return err } - uri := materials[0].URI // NOTE: the material URI did not contain 'git+' for GCB versions <= v0.3. // A change occurred sometimes in v0.3 witout version bump. // Versions >= 0.3 contain the prefix (https://github.com/slsa-framework/slsa-verifier/pull/519). @@ -370,7 +363,6 @@ func (p *Provenance) VerifySourceURI(expectedSourceURI string, builderID utils.T `https://cloud.google.com/build/docs/automating-builds/github/build-repos-from-github`) } - var err error v := builderID.Version() switch v { case "v0.2": @@ -428,7 +420,7 @@ func (p *Provenance) getTag() (string, error) { return "", err } - statement := p.verifiedIntotoStatement + statement := p.verifiedStatement provenanceTag, err := getSubstitutionsField(statement, "TAG_NAME") if err != nil { return "", err @@ -437,32 +429,20 @@ func (p *Provenance) getTag() (string, error) { return provenanceTag, nil } -func getSubstitutionsField(statement *v01IntotoStatement, name string) (string, error) { - arguments := statement.Predicate.Recipe.Arguments - - argsMap, ok := arguments.(map[string]interface{}) - if !ok { - return "", fmt.Errorf("%w: cannot cast arguments as map", errorSubstitutionError) - } - - substitutions, ok := argsMap["substitutions"] - if !ok { - return "", fmt.Errorf("%w: no 'substitutions' field", errorSubstitutionError) - } - - m, ok := substitutions.(map[string]interface{}) - if !ok { - return "", fmt.Errorf("%w: cannot convert substitutions to a map", errorSubstitutionError) +func getSubstitutionsField(statement iface.Provenance, name string) (string, error) { + sysParams, err := statement.GetSystemParameters() + if err != nil { + return "", err } - value, ok := m[name] + value, ok := sysParams[name] if !ok { - return "", fmt.Errorf("%w: no entry '%v' in substitution map", errorSubstitutionError, name) + return "", fmt.Errorf("%w: no entry '%v' in substitution map", common.ErrSubstitution, name) } valueStr, ok := value.(string) if !ok { - return "", fmt.Errorf("%w: value '%v' is not a string", errorSubstitutionError, value) + return "", fmt.Errorf("%w: value '%v' is not a string", common.ErrSubstitution, value) } return valueStr, nil @@ -534,11 +514,14 @@ func (p *Provenance) verifySignatures(prov *provenance) error { continue } - var statement v01IntotoStatement - if err := json.Unmarshal(payload, &statement); err != nil { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + // TODO(#683): try v1.0 verification. + // We can use the text.SlsaprovenanceV01 field to dis-ambiguate. + stmt, err := v01.New(payload) + if err != nil { + errs = append(errs, err) + continue } - p.verifiedIntotoStatement = &statement + p.verifiedStatement = stmt p.verifiedProvenance = prov fmt.Fprintf(os.Stderr, "Verification succeeded with region key '%s'\n", region) return nil diff --git a/verifiers/internal/gcb/provenance_test.go b/verifiers/internal/gcb/provenance_test.go index d35e7bbe0..908b2e860 100644 --- a/verifiers/internal/gcb/provenance_test.go +++ b/verifiers/internal/gcb/provenance_test.go @@ -12,6 +12,8 @@ import ( serrors "github.com/slsa-framework/slsa-verifier/v2/errors" "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/common" + v01 "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/v0.1" "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" ) @@ -20,72 +22,19 @@ import ( // expect this statement to be populated; and this is done only // after the signature is verified. func setStatement(gcb *Provenance) error { - var statement v01IntotoStatement payload, err := utils.PayloadFromEnvelope(&gcb.gcloudProv.ProvenanceSummary.Provenance[0].Envelope) if err != nil { return fmt.Errorf("payloadFromEnvelope: %w", err) } - if err := json.Unmarshal(payload, &statement); err != nil { - return fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + stmt, err := v01.New(payload) + if err != nil { + return fmt.Errorf("v01.New: %w", err) } - gcb.verifiedIntotoStatement = &statement + gcb.verifiedStatement = stmt gcb.verifiedProvenance = &gcb.gcloudProv.ProvenanceSummary.Provenance[0] return nil } -func Test_VerifyIntotoHeaders(t *testing.T) { - t.Parallel() - tests := []struct { - name string - path string - expected error - }{ - { - name: "valid gcb provenance", - path: "./testdata/gcloud-container-github.json", - }, - { - name: "valid gcb provenance gcs", - path: "./testdata/gcloud-container-gcs.json", - }, - { - name: "invalid intoto header", - path: "./testdata/gcloud-container-invalid-intotoheader.json", - expected: serrors.ErrorInvalidDssePayload, - }, - { - name: "invalid provenance header", - path: "./testdata/gcloud-container-invalid-slsaheader.json", - expected: serrors.ErrorInvalidDssePayload, - }, - } - for _, tt := range tests { - tt := tt // Re-initializing variable so it is not changed while executing the closure below - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - content, err := os.ReadFile(tt.path) - if err != nil { - panic(fmt.Errorf("os.ReadFile: %w", err)) - } - - prov, err := ProvenanceFromBytes(content) - if err != nil { - panic(fmt.Errorf("ProvenanceFromBytes: %w", err)) - } - - if err := setStatement(prov); err != nil { - panic(fmt.Errorf("setStatement: %w", err)) - } - - err = prov.VerifyIntotoHeaders() - if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) { - t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors())) - } - }) - } -} - func Test_VerifyBuilder(t *testing.T) { t.Parallel() tests := []struct { @@ -243,7 +192,7 @@ func Test_VerifyBuilder(t *testing.T) { } } -func Test_validateRecipeType(t *testing.T) { +func Test_validateBuildType(t *testing.T) { t.Parallel() tests := []struct { name string @@ -303,7 +252,7 @@ func Test_validateRecipeType(t *testing.T) { if err != nil { panic(fmt.Errorf("BuilderIDNew: %w", err)) } - err = validateRecipeType(*builderID, tt.recipeType) + err = validateBuildType(*builderID, tt.recipeType) if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) { t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors())) } @@ -856,7 +805,7 @@ func Test_VerifyTextProvenance(t *testing.T) { } // Alter fields. - cpy, err := json.Marshal(prov.verifiedProvenance.Build.UnverifiedTextIntotoStatement) + cpy, err := json.Marshal(prov.verifiedProvenance.Build.UnverifiedTextIntotoStatementV01) if err != nil { panic(err) } @@ -893,7 +842,7 @@ func Test_VerifyTextProvenance(t *testing.T) { patch[i] += 1 } - if err = json.Unmarshal(patch, &prov.verifiedProvenance.Build.UnverifiedTextIntotoStatement); err != nil { + if err = json.Unmarshal(patch, &prov.verifiedProvenance.Build.UnverifiedTextIntotoStatementV01); err != nil { // If we updated a character that makes a non-string field invalid, like Time, unmarshaling will fail, // so we ignore the error. i += 1 @@ -995,19 +944,19 @@ func Test_getSubstitutionsField(t *testing.T) { name: "no substitutions field", path: "./testdata/gcloud-container-github.json", field: "TAG_NAME", - err: errorSubstitutionError, + err: common.ErrSubstitution, }, { name: "tag not present", path: "./testdata/gcloud-container-tag-notpresent.json", field: "TAG_NAME", - err: errorSubstitutionError, + err: common.ErrSubstitution, }, { name: "tag not string", path: "./testdata/gcloud-container-tag-notstring.json", field: "TAG_NAME", - err: errorSubstitutionError, + err: common.ErrSubstitution, }, } for _, tt := range tests { @@ -1029,7 +978,7 @@ func Test_getSubstitutionsField(t *testing.T) { panic(fmt.Errorf("setStatement: %w", err)) } - value, err := getSubstitutionsField(prov.verifiedIntotoStatement, tt.field) + value, err := getSubstitutionsField(prov.verifiedStatement, tt.field) if !cmp.Equal(err, tt.err, cmpopts.EquateErrors()) { t.Errorf(cmp.Diff(err, tt.err, cmpopts.EquateErrors())) } diff --git a/verifiers/internal/gcb/slsaprovenance/common/error.go b/verifiers/internal/gcb/slsaprovenance/common/error.go new file mode 100644 index 000000000..9cdade162 --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/common/error.go @@ -0,0 +1,5 @@ +package common + +import "errors" + +var ErrSubstitution = errors.New("GCB substitution variable error") diff --git a/verifiers/internal/gcb/slsaprovenance/iface/provenance.go b/verifiers/internal/gcb/slsaprovenance/iface/provenance.go new file mode 100644 index 000000000..9f784190f --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/iface/provenance.go @@ -0,0 +1,32 @@ +package iface + +import ( + intoto "github.com/in-toto/in-toto-golang/in_toto" +) + +// Provenance represents provenance for a predicate type and build type. +type Provenance interface { + // Predicate returns the predicate. + Predicate() (interface{}, error) + + // PredicateType returns the predicate type. + PredicateType() (string, error) + + // Header returns the statement header. + Header() (intoto.StatementHeader, error) + + // BuilderID returns the builder id in the predicate. + BuilderID() (string, error) + + // BuildType returns the buildType. + BuildType() (string, error) + + // SourceURI is the full URI (including tag). + SourceURI() (string, error) + + // Subject is the list of intoto subjects in the provenance. + Subjects() ([]intoto.Subject, error) + + // Get system pararmeters. + GetSystemParameters() (map[string]any, error) +} diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/provenance.go b/verifiers/internal/gcb/slsaprovenance/v0.1/provenance.go new file mode 100644 index 000000000..12a2d7abb --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/provenance.go @@ -0,0 +1,185 @@ +package v01 + +// NOTE: Copy of github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1 +// This holds an internal copy of in-toto-golang's structs for +// SLSA predicates to handle GCB's incompatibility with the +// published specification. +// Specifically, GCB provenance currently produces a string for +// ProvenancePredicate.Recipe.DefinedInMaterial rather than the SLSA compliant +// signed integer. Because of this, we comment out the field and do not unmarshal +// this in the Go struct. When comparing the envelope with the human-readable +// content, this field is ignored! +// GCB will later add compliant fields in the signed envelope, but NOT in the +// human-readable component. Either disregard comparison between human-readable +// summary and the signed envelope, or use this struct in comparison. + +import ( + "encoding/json" + "fmt" + "time" + + intoto "github.com/in-toto/in-toto-golang/in_toto" + intotov01 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.1" + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/common" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gcb/slsaprovenance/iface" +) + +const ( + // PredicateSLSAProvenance represents a build provenance for an artifact. + PredicateSLSAProvenance = intotov01.PredicateSLSAProvenance + // StatementInToto is the statement type for v0.1. + statementInToto = intoto.StatementInTotoV01 +) + +// ProvenancePredicate is the provenance predicate definition. +type ProvenancePredicate struct { + Builder ProvenanceBuilder `json:"builder"` + Recipe ProvenanceRecipe `json:"recipe"` + Metadata *ProvenanceMetadata `json:"metadata,omitempty"` + Materials []ProvenanceMaterial `json:"materials,omitempty"` +} + +// ProvenanceBuilder idenfifies the entity that executed the build steps. +type ProvenanceBuilder struct { + ID string `json:"id"` +} + +// ProvenanceRecipe describes the actions performed by the builder. +type ProvenanceRecipe struct { + Type string `json:"type"` + // DefinedInMaterial can be sent as the null pointer to indicate that + // the value is not present. + // DefinedInMaterial *int `json:"definedInMaterial,omitempty"` + EntryPoint string `json:"entryPoint"` + Arguments interface{} `json:"arguments,omitempty"` + Environment interface{} `json:"environment,omitempty"` +} + +// ProvenanceMetadata contains metadata for the built artifact. +type ProvenanceMetadata struct { + // Use pointer to make sure that the abscense of a time is not + // encoded as the Epoch time. + BuildStartedOn *time.Time `json:"buildStartedOn,omitempty"` + BuildFinishedOn *time.Time `json:"buildFinishedOn,omitempty"` + Completeness ProvenanceComplete `json:"completeness"` + Reproducible bool `json:"reproducible"` +} + +// ProvenanceMaterial defines the materials used to build an artifact. +type ProvenanceMaterial struct { + URI string `json:"uri"` + Digest DigestSet `json:"digest,omitempty"` +} + +// ProvenanceComplete indicates whether the claims in build/recipe are complete. +// For in depth information refer to the specifictaion: +// https://github.com/in-toto/attestation/blob/v0.1.0/spec/predicates/provenance.md +type ProvenanceComplete struct { + Arguments bool `json:"arguments"` + Environment bool `json:"environment"` + Materials bool `json:"materials"` +} + +// DigestSet contains a set of digests. It is represented as a map from +// algorithm name to lowercase hex-encoded value. +type DigestSet map[string]string + +// The GCB provenance contains a human-readable version of the intoto +// statement, but it is not compliant with the standard. It uses `slsaProvenance` +// instead of `predicate`. For backward compatibility, this has not been fixed +// by the GCB team. +type GCBIntotoTextStatement struct { + intoto.StatementHeader + SlsaProvenance ProvenancePredicate `json:"slsaProvenance"` +} + +// Provenance is GCB provenance. +type Provenance struct { + intoto.StatementHeader + Pred ProvenancePredicate `json:"predicate"` +} + +func New(payload []byte) (iface.Provenance, error) { + var provenance Provenance + if err := json.Unmarshal(payload, &provenance); err != nil { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, err.Error()) + } + + // Validate the intoto type. + if provenance.StatementHeader.Type != statementInToto { + return nil, fmt.Errorf("%w: expected statement header type '%s', got '%s'", + serrors.ErrorInvalidDssePayload, statementInToto, provenance.StatementHeader.Type) + } + + // Validate the predicate type. + if provenance.StatementHeader.PredicateType != PredicateSLSAProvenance { + return nil, fmt.Errorf("%w: expected statement predicate type '%s', got '%s'", + serrors.ErrorInvalidDssePayload, PredicateSLSAProvenance, provenance.StatementHeader.PredicateType) + } + return &provenance, nil +} + +func (p *Provenance) Predicate() (interface{}, error) { + return p.Pred, nil +} + +func (p *Provenance) PredicateType() (string, error) { + return p.StatementHeader.PredicateType, nil +} + +func (p *Provenance) Header() (intoto.StatementHeader, error) { + return p.StatementHeader, nil +} + +// BuilderID implements Statement.BuilderID. +func (p *Provenance) BuilderID() (string, error) { + return p.Pred.Builder.ID, nil +} + +// BuildType implements Statement.BuildType. +func (p *Provenance) BuildType() (string, error) { + return p.Pred.Recipe.Type, nil +} + +// BuildType implements Statement.GetSystemParameters. +func (p *Provenance) GetSystemParameters() (map[string]any, error) { + arguments := p.Pred.Recipe.Arguments + argsMap, ok := arguments.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("%w: cannot cast arguments as map", common.ErrSubstitution) + } + + substitutions, ok := argsMap["substitutions"] + if !ok { + return nil, fmt.Errorf("%w: no 'substitutions' field", common.ErrSubstitution) + } + + m, ok := substitutions.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("%w: cannot convert substitutions to a map", common.ErrSubstitution) + } + return m, nil +} + +// SourceURI implements Statement.SourceURI. +func (p *Provenance) SourceURI() (string, error) { + if len(p.Pred.Materials) == 0 { + return "", fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no material") + } + uri := p.Pred.Materials[0].URI + if uri == "" { + return "", fmt.Errorf("%w: empty uri", serrors.ErrorMalformedURI) + } + + return uri, nil +} + +// Subjects implements Statement.Subjects. +func (p *Provenance) Subjects() ([]intoto.Subject, error) { + subj := p.StatementHeader.Subject + if len(subj) == 0 { + return nil, fmt.Errorf("%w: %s", serrors.ErrorInvalidDssePayload, "no subjects") + } + return subj, nil +} diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/provenance_test.go b/verifiers/internal/gcb/slsaprovenance/v0.1/provenance_test.go new file mode 100644 index 000000000..ae1028e6f --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/provenance_test.go @@ -0,0 +1,56 @@ +package v01 + +import ( + "fmt" + "os" + "testing" + + "github.com/google/go-cmp/cmp" + "github.com/google/go-cmp/cmp/cmpopts" + + serrors "github.com/slsa-framework/slsa-verifier/v2/errors" +) + +func Test_New(t *testing.T) { + t.Parallel() + tests := []struct { + name string + path string + expected error + }{ + { + name: "valid gcb provenance", + path: "./testdata/gcloud-container-github.json", + }, + { + name: "valid gcb provenance gcs", + path: "./testdata/gcloud-container-gcs.json", + }, + { + name: "invalid intoto header", + path: "./testdata/gcloud-container-invalid-intotoheader.json", + expected: serrors.ErrorInvalidDssePayload, + }, + { + name: "invalid provenance header", + path: "./testdata/gcloud-container-invalid-slsaheader.json", + expected: serrors.ErrorInvalidDssePayload, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + content, err := os.ReadFile(tt.path) + if err != nil { + panic(fmt.Errorf("os.ReadFile: %w", err)) + } + fmt.Println(string(content)) + _, err = New(content) + if !cmp.Equal(err, tt.expected, cmpopts.EquateErrors()) { + t.Errorf(cmp.Diff(err, tt.expected, cmpopts.EquateErrors())) + } + }) + } +} diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-gcs.json b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-gcs.json new file mode 100644 index 000000000..2709bee7b --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-gcs.json @@ -0,0 +1 @@ +{"_type":"https://in-toto.io/Statement/v0.1","predicate":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"},"materials":[{"digest":{"md5":"6e9c2c03099262d534519d106fe04b08"},"uri":"gs://damith-sds_cloudbuild/source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz#1665165361152729"}],"metadata":{"buildFinishedOn":"2022-10-07T17:57:16.595464Z","buildInvocationId":"565456b1-0394-4c71-8c18-79f9057483df","buildStartedOn":"2022-10-07T17:56:01.814040892Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"565456b1-0394-4c71-8c18-79f9057483df","name":"projects/171719165453/locations/us-central1/builds/565456b1-0394-4c71-8c18-79f9057483df","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"requestedVerifyOption":"VERIFIED"},"sourceProvenance":{"fileHashes":{"gs://damith-sds_cloudbuild/source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz#1665165361152729":{"fileHash":[{"type":"MD5","value":"bpwsAwmSYtU0UZ0Qb+BLCA=="}]}},"resolvedStorageSource":{"bucket":"damith-sds_cloudbuild","generation":"1665165361152729","object":"source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz"}},"steps":[{"args":["-c","docker build -t us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart .\ndocker push us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart\n"],"entrypoint":"/bin/bash","id":"Build and Push Container Image: Backend","name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-10-07T17:56:08.614390837Z","startTime":"2022-10-07T17:56:08.610302991Z"},"status":"SUCCESS","timing":{"endTime":"2022-10-07T17:57:15.136042514Z","startTime":"2022-10-07T17:56:08.610302991Z"}}],"substitutions":{"_BACKEND_IMAGE":"us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart"}},"definedInMaterial":"-1","type":"https://cloudbuild.googleapis.com/CloudBuildSteps@v0.1"}},"predicateType":"https://slsa.dev/provenance/v0.1","slsaProvenance":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.3"},"materials":[{"digest":{"md5":"6e9c2c03099262d534519d106fe04b08"},"uri":"gs://damith-sds_cloudbuild/source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz#1665165361152729"}],"metadata":{"buildFinishedOn":"2022-10-07T17:57:16.595464Z","buildInvocationId":"565456b1-0394-4c71-8c18-79f9057483df","buildStartedOn":"2022-10-07T17:56:01.814040892Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"565456b1-0394-4c71-8c18-79f9057483df","name":"projects/171719165453/locations/us-central1/builds/565456b1-0394-4c71-8c18-79f9057483df","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"requestedVerifyOption":"VERIFIED"},"sourceProvenance":{"fileHashes":{"gs://damith-sds_cloudbuild/source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz#1665165361152729":{"fileHash":[{"type":"MD5","value":"bpwsAwmSYtU0UZ0Qb+BLCA=="}]}},"resolvedStorageSource":{"bucket":"damith-sds_cloudbuild","generation":"1665165361152729","object":"source/1665165360.279777-955d1904741e4bbeb3461080299e929a.tgz"}},"steps":[{"args":["-c","docker build -t us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart .\ndocker push us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart\n"],"entrypoint":"/bin/bash","id":"Build and Push Container Image: Backend","name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-10-07T17:56:08.614390837Z","startTime":"2022-10-07T17:56:08.610302991Z"},"status":"SUCCESS","timing":{"endTime":"2022-10-07T17:57:15.136042514Z","startTime":"2022-10-07T17:56:08.610302991Z"}}],"substitutions":{"_BACKEND_IMAGE":"us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart"}},"definedInMaterial":"-1","type":"https://cloudbuild.googleapis.com/CloudBuildSteps@v0.1"}},"subject":[{"digest":{"sha256":"9dcfacc497b61c4d2ff5708e644c060726781fae514dc8ba71c49dced675bcbe"},"name":"https://us-central1-docker.pkg.dev/damith-sds/containers/java-guestbook-backend:quickstart"}]} \ No newline at end of file diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-github.json b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-github.json new file mode 100644 index 000000000..ebd6d9c3b --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-github.json @@ -0,0 +1 @@ +{"_type":"https://in-toto.io/Statement/v0.1","predicate":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"predicateType":"https://slsa.dev/provenance/v0.1","slsaProvenance":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"subject":[{"digest":{"sha256":"1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd"},"name":"https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14"}]} \ No newline at end of file diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-intotoheader.json b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-intotoheader.json new file mode 100644 index 000000000..b00fbed1f --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-intotoheader.json @@ -0,0 +1 @@ +{"_type":"https://in-toto.io/Statement/v0.2","predicate":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"predicateType":"https://slsa.dev/provenance/v0.1","slsaProvenance":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"subject":[{"digest":{"sha256":"1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd"},"name":"https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14"}]} \ No newline at end of file diff --git a/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-slsaheader.json b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-slsaheader.json new file mode 100644 index 000000000..5b56bcb08 --- /dev/null +++ b/verifiers/internal/gcb/slsaprovenance/v0.1/testdata/gcloud-container-invalid-slsaheader.json @@ -0,0 +1 @@ +{"_type":"https://in-toto.io/Statement/v0.1","predicate":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"predicateType":"https://slsa.dev/provenance/v0.2","slsaProvenance":{"builder":{"id":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"},"materials":[{"uri":"https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e"}],"metadata":{"buildFinishedOn":"2022-08-15T22:43:34.366498Z","buildInvocationId":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","buildStartedOn":"2022-08-15T22:43:18.700638187Z"},"recipe":{"arguments":{"@type":"type.googleapis.com/google.devtools.cloudbuild.v1.Build","id":"b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b","options":{"dynamicSubstitutions":true,"logging":"LEGACY","pool":{},"substitutionOption":"ALLOW_LOOSE"},"sourceProvenance":{},"steps":[{"args":["build","-t","us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14","."],"name":"gcr.io/cloud-builders/docker","pullTiming":{"endTime":"2022-08-15T22:43:21.662016533Z","startTime":"2022-08-15T22:43:21.657262492Z"},"status":"SUCCESS","timing":{"endTime":"2022-08-15T22:43:27.056377441Z","startTime":"2022-08-15T22:43:21.657262492Z"}}]},"entryPoint":"cloudbuild.yaml","type":"https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2"}},"subject":[{"digest":{"sha256":"1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd"},"name":"https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14"}]} \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-intotoheader.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-intotoheader.json deleted file mode 100644 index bd2a38ebb..000000000 --- a/verifiers/internal/gcb/testdata/gcloud-container-invalid-intotoheader.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "image_summary": { - "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "registry": "us-west2-docker.pkg.dev", - "repository": "quickstart-docker-repo" - }, - "provenance_summary": { - "provenance": [ - { - "build": { - "intotoStatement": { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.1", - "slsaProvenance": { - "builder": { - "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" - }, - "materials": [ - { - "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" - } - ], - "metadata": { - "buildFinishedOn": "2022-08-15T22:43:34.366498Z", - "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "buildStartedOn": "2022-08-15T22:43:18.700638187Z" - }, - "recipe": { - "arguments": { - "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", - "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "options": { - "dynamicSubstitutions": true, - "logging": "LEGACY", - "pool": {}, - "substitutionOption": "ALLOW_LOOSE" - }, - "sourceProvenance": {}, - "steps": [ - { - "args": [ - "build", - "-t", - "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", - "." - ], - "name": "gcr.io/cloud-builders/docker", - "pullTiming": { - "endTime": "2022-08-15T22:43:21.662016533Z", - "startTime": "2022-08-15T22:43:21.657262492Z" - }, - "status": "SUCCESS", - "timing": { - "endTime": "2022-08-15T22:43:27.056377441Z", - "startTime": "2022-08-15T22:43:21.657262492Z" - } - } - ] - }, - "entryPoint": "cloudbuild.yaml", - "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" - } - }, - "subject": [ - { - "digest": { - "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" - }, - "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" - } - ] - } - }, - "createTime": "2022-08-15T22:43:35.649016Z", - "envelope": { - "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjIiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgInVyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL2djYi10ZXN0cy9jb21taXQvZmJiYjk4NzY1ZTg1YWQ0NjQzMDJkYzU5Nzc5NjgxMDRkMzZlNDU1ZSIKICAgICAgfQogICAgXSwKICAgICJtZXRhZGF0YSI6IHsKICAgICAgImJ1aWxkRmluaXNoZWRPbiI6ICIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLAogICAgICAiYnVpbGRJbnZvY2F0aW9uSWQiOiAiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwKICAgICAgImJ1aWxkU3RhcnRlZE9uIjogIjIwMjItMDgtMTVUMjI6NDM6MTguNzAwNjM4MTg3WiIKICAgIH0sCiAgICAicmVjaXBlIjogewogICAgICAiYXJndW1lbnRzIjogewogICAgICAgICJAdHlwZSI6ICJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwKICAgICAgICAiaWQiOiAiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwKICAgICAgICAib3B0aW9ucyI6IHsKICAgICAgICAgICJkeW5hbWljU3Vic3RpdHV0aW9ucyI6IHRydWUsCiAgICAgICAgICAibG9nZ2luZyI6ICJMRUdBQ1kiLAogICAgICAgICAgInBvb2wiOiB7fSwKICAgICAgICAgICJzdWJzdGl0dXRpb25PcHRpb24iOiAiQUxMT1dfTE9PU0UiCiAgICAgICAgfSwKICAgICAgICAic291cmNlUHJvdmVuYW5jZSI6IHt9LAogICAgICAgICJzdGVwcyI6IFsKICAgICAgICAgIHsKICAgICAgICAgICAgImFyZ3MiOiBbCiAgICAgICAgICAgICAgImJ1aWxkIiwKICAgICAgICAgICAgICAiLXQiLAogICAgICAgICAgICAgICJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLAogICAgICAgICAgICAgICIuIgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwKICAgICAgICAgICAgInB1bGxUaW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInN0YXR1cyI6ICJTVUNDRVNTIiwKICAgICAgICAgICAgInRpbWluZyI6IHsKICAgICAgICAgICAgICAiZW5kVGltZSI6ICIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLAogICAgICAgICAgICAgICJzdGFydFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIgogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAiZW50cnlQb2ludCI6ICJjbG91ZGJ1aWxkLnlhbWwiLAogICAgICAidHlwZSI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIiCiAgICB9CiAgfSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMSIsCiAgInNsc2FQcm92ZW5hbmNlIjogewogICAgImJ1aWxkZXIiOiB7CiAgICAgICJpZCI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIiCiAgICB9LAogICAgIm1hdGVyaWFscyI6IFsKICAgICAgewogICAgICAgICJ1cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUiCiAgICAgIH0KICAgIF0sCiAgICAibWV0YWRhdGEiOiB7CiAgICAgICJidWlsZEZpbmlzaGVkT24iOiAiMjAyMi0wOC0xNVQyMjo0MzozNC4zNjY0OThaIiwKICAgICAgImJ1aWxkSW52b2NhdGlvbklkIjogImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsCiAgICAgICJidWlsZFN0YXJ0ZWRPbiI6ICIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oiCiAgICB9LAogICAgInJlY2lwZSI6IHsKICAgICAgImFyZ3VtZW50cyI6IHsKICAgICAgICAiQHR5cGUiOiAidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsCiAgICAgICAgImlkIjogImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsCiAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAiZHluYW1pY1N1YnN0aXR1dGlvbnMiOiB0cnVlLAogICAgICAgICAgImxvZ2dpbmciOiAiTEVHQUNZIiwKICAgICAgICAgICJwb29sIjoge30sCiAgICAgICAgICAic3Vic3RpdHV0aW9uT3B0aW9uIjogIkFMTE9XX0xPT1NFIgogICAgICAgIH0sCiAgICAgICAgInNvdXJjZVByb3ZlbmFuY2UiOiB7fSwKICAgICAgICAic3RlcHMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJhcmdzIjogWwogICAgICAgICAgICAgICJidWlsZCIsCiAgICAgICAgICAgICAgIi10IiwKICAgICAgICAgICAgICAidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwKICAgICAgICAgICAgICAiLiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsCiAgICAgICAgICAgICJwdWxsVGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJzdGF0dXMiOiAiU1VDQ0VTUyIsCiAgICAgICAgICAgICJ0aW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyNy4wNTYzNzc0NDFaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgImVudHJ5UG9pbnQiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgInR5cGUiOiAiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIgogICAgfQogIH0sCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCIKICAgIH0KICBdCn0K", - "payloadType": "application/vnd.in-toto+json", - "signatures": [ - { - "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", - "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" - } - ] - }, - "kind": "BUILD", - "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", - "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "updateTime": "2022-08-15T22:43:35.649016Z" - } - ] - } -} \ No newline at end of file diff --git a/verifiers/internal/gcb/testdata/gcloud-container-invalid-slsaheader.json b/verifiers/internal/gcb/testdata/gcloud-container-invalid-slsaheader.json deleted file mode 100644 index ad783b4b9..000000000 --- a/verifiers/internal/gcb/testdata/gcloud-container-invalid-slsaheader.json +++ /dev/null @@ -1,94 +0,0 @@ -{ - "image_summary": { - "digest": "sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "fully_qualified_digest": "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "registry": "us-west2-docker.pkg.dev", - "repository": "quickstart-docker-repo" - }, - "provenance_summary": { - "provenance": [ - { - "build": { - "intotoStatement": { - "_type": "https://in-toto.io/Statement/v0.1", - "predicateType": "https://slsa.dev/provenance/v0.1", - "slsaProvenance": { - "builder": { - "id": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" - }, - "materials": [ - { - "uri": "https://github.com/laurentsimon/gcb-tests/commit/fbbb98765e85ad464302dc5977968104d36e455e" - } - ], - "metadata": { - "buildFinishedOn": "2022-08-15T22:43:34.366498Z", - "buildInvocationId": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "buildStartedOn": "2022-08-15T22:43:18.700638187Z" - }, - "recipe": { - "arguments": { - "@type": "type.googleapis.com/google.devtools.cloudbuild.v1.Build", - "id": "b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "options": { - "dynamicSubstitutions": true, - "logging": "LEGACY", - "pool": {}, - "substitutionOption": "ALLOW_LOOSE" - }, - "sourceProvenance": {}, - "steps": [ - { - "args": [ - "build", - "-t", - "us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14", - "." - ], - "name": "gcr.io/cloud-builders/docker", - "pullTiming": { - "endTime": "2022-08-15T22:43:21.662016533Z", - "startTime": "2022-08-15T22:43:21.657262492Z" - }, - "status": "SUCCESS", - "timing": { - "endTime": "2022-08-15T22:43:27.056377441Z", - "startTime": "2022-08-15T22:43:21.657262492Z" - } - } - ] - }, - "entryPoint": "cloudbuild.yaml", - "type": "https://cloudbuild.googleapis.com/GoogleHostedWorker@v0.2" - } - }, - "subject": [ - { - "digest": { - "sha256": "1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd" - }, - "name": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image:v14" - } - ] - } - }, - "createTime": "2022-08-15T22:43:35.649016Z", - "envelope": { - "payload": "ewogICJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLAogICJwcmVkaWNhdGUiOiB7CiAgICAiYnVpbGRlciI6IHsKICAgICAgImlkIjogImh0dHBzOi8vY2xvdWRidWlsZC5nb29nbGVhcGlzLmNvbS9Hb29nbGVIb3N0ZWRXb3JrZXJAdjAuMiIKICAgIH0sCiAgICAibWF0ZXJpYWxzIjogWwogICAgICB7CiAgICAgICAgInVyaSI6ICJodHRwczovL2dpdGh1Yi5jb20vbGF1cmVudHNpbW9uL2djYi10ZXN0cy9jb21taXQvZmJiYjk4NzY1ZTg1YWQ0NjQzMDJkYzU5Nzc5NjgxMDRkMzZlNDU1ZSIKICAgICAgfQogICAgXSwKICAgICJtZXRhZGF0YSI6IHsKICAgICAgImJ1aWxkRmluaXNoZWRPbiI6ICIyMDIyLTA4LTE1VDIyOjQzOjM0LjM2NjQ5OFoiLAogICAgICAiYnVpbGRJbnZvY2F0aW9uSWQiOiAiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwKICAgICAgImJ1aWxkU3RhcnRlZE9uIjogIjIwMjItMDgtMTVUMjI6NDM6MTguNzAwNjM4MTg3WiIKICAgIH0sCiAgICAicmVjaXBlIjogewogICAgICAiYXJndW1lbnRzIjogewogICAgICAgICJAdHlwZSI6ICJ0eXBlLmdvb2dsZWFwaXMuY29tL2dvb2dsZS5kZXZ0b29scy5jbG91ZGJ1aWxkLnYxLkJ1aWxkIiwKICAgICAgICAiaWQiOiAiYjZlMDUyYTctNWFhNC00MWJmLWE1NmItOWJjNGU0ZjMwNThiIiwKICAgICAgICAib3B0aW9ucyI6IHsKICAgICAgICAgICJkeW5hbWljU3Vic3RpdHV0aW9ucyI6IHRydWUsCiAgICAgICAgICAibG9nZ2luZyI6ICJMRUdBQ1kiLAogICAgICAgICAgInBvb2wiOiB7fSwKICAgICAgICAgICJzdWJzdGl0dXRpb25PcHRpb24iOiAiQUxMT1dfTE9PU0UiCiAgICAgICAgfSwKICAgICAgICAic291cmNlUHJvdmVuYW5jZSI6IHt9LAogICAgICAgICJzdGVwcyI6IFsKICAgICAgICAgIHsKICAgICAgICAgICAgImFyZ3MiOiBbCiAgICAgICAgICAgICAgImJ1aWxkIiwKICAgICAgICAgICAgICAiLXQiLAogICAgICAgICAgICAgICJ1cy13ZXN0Mi1kb2NrZXIucGtnLmRldi9nb3NzdC1zY2FyZS1zYW5kYm94L3F1aWNrc3RhcnQtZG9ja2VyLXJlcG8vcXVpY2tzdGFydC1pbWFnZTp2MTQiLAogICAgICAgICAgICAgICIuIgogICAgICAgICAgICBdLAogICAgICAgICAgICAibmFtZSI6ICJnY3IuaW8vY2xvdWQtYnVpbGRlcnMvZG9ja2VyIiwKICAgICAgICAgICAgInB1bGxUaW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyMS42NjIwMTY1MzNaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiIKICAgICAgICAgICAgfSwKICAgICAgICAgICAgInN0YXR1cyI6ICJTVUNDRVNTIiwKICAgICAgICAgICAgInRpbWluZyI6IHsKICAgICAgICAgICAgICAiZW5kVGltZSI6ICIyMDIyLTA4LTE1VDIyOjQzOjI3LjA1NjM3NzQ0MVoiLAogICAgICAgICAgICAgICJzdGFydFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyMS42NTcyNjI0OTJaIgogICAgICAgICAgICB9CiAgICAgICAgICB9CiAgICAgICAgXQogICAgICB9LAogICAgICAiZW50cnlQb2ludCI6ICJjbG91ZGJ1aWxkLnlhbWwiLAogICAgICAidHlwZSI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIiCiAgICB9CiAgfSwKICAicHJlZGljYXRlVHlwZSI6ICJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjAuMiIsCiAgInNsc2FQcm92ZW5hbmNlIjogewogICAgImJ1aWxkZXIiOiB7CiAgICAgICJpZCI6ICJodHRwczovL2Nsb3VkYnVpbGQuZ29vZ2xlYXBpcy5jb20vR29vZ2xlSG9zdGVkV29ya2VyQHYwLjIiCiAgICB9LAogICAgIm1hdGVyaWFscyI6IFsKICAgICAgewogICAgICAgICJ1cmkiOiAiaHR0cHM6Ly9naXRodWIuY29tL2xhdXJlbnRzaW1vbi9nY2ItdGVzdHMvY29tbWl0L2ZiYmI5ODc2NWU4NWFkNDY0MzAyZGM1OTc3OTY4MTA0ZDM2ZTQ1NWUiCiAgICAgIH0KICAgIF0sCiAgICAibWV0YWRhdGEiOiB7CiAgICAgICJidWlsZEZpbmlzaGVkT24iOiAiMjAyMi0wOC0xNVQyMjo0MzozNC4zNjY0OThaIiwKICAgICAgImJ1aWxkSW52b2NhdGlvbklkIjogImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsCiAgICAgICJidWlsZFN0YXJ0ZWRPbiI6ICIyMDIyLTA4LTE1VDIyOjQzOjE4LjcwMDYzODE4N1oiCiAgICB9LAogICAgInJlY2lwZSI6IHsKICAgICAgImFyZ3VtZW50cyI6IHsKICAgICAgICAiQHR5cGUiOiAidHlwZS5nb29nbGVhcGlzLmNvbS9nb29nbGUuZGV2dG9vbHMuY2xvdWRidWlsZC52MS5CdWlsZCIsCiAgICAgICAgImlkIjogImI2ZTA1MmE3LTVhYTQtNDFiZi1hNTZiLTliYzRlNGYzMDU4YiIsCiAgICAgICAgIm9wdGlvbnMiOiB7CiAgICAgICAgICAiZHluYW1pY1N1YnN0aXR1dGlvbnMiOiB0cnVlLAogICAgICAgICAgImxvZ2dpbmciOiAiTEVHQUNZIiwKICAgICAgICAgICJwb29sIjoge30sCiAgICAgICAgICAic3Vic3RpdHV0aW9uT3B0aW9uIjogIkFMTE9XX0xPT1NFIgogICAgICAgIH0sCiAgICAgICAgInNvdXJjZVByb3ZlbmFuY2UiOiB7fSwKICAgICAgICAic3RlcHMiOiBbCiAgICAgICAgICB7CiAgICAgICAgICAgICJhcmdzIjogWwogICAgICAgICAgICAgICJidWlsZCIsCiAgICAgICAgICAgICAgIi10IiwKICAgICAgICAgICAgICAidXMtd2VzdDItZG9ja2VyLnBrZy5kZXYvZ29zc3Qtc2NhcmUtc2FuZGJveC9xdWlja3N0YXJ0LWRvY2tlci1yZXBvL3F1aWNrc3RhcnQtaW1hZ2U6djE0IiwKICAgICAgICAgICAgICAiLiIKICAgICAgICAgICAgXSwKICAgICAgICAgICAgIm5hbWUiOiAiZ2NyLmlvL2Nsb3VkLWJ1aWxkZXJzL2RvY2tlciIsCiAgICAgICAgICAgICJwdWxsVGltaW5nIjogewogICAgICAgICAgICAgICJlbmRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjYyMDE2NTMzWiIsCiAgICAgICAgICAgICAgInN0YXJ0VGltZSI6ICIyMDIyLTA4LTE1VDIyOjQzOjIxLjY1NzI2MjQ5MloiCiAgICAgICAgICAgIH0sCiAgICAgICAgICAgICJzdGF0dXMiOiAiU1VDQ0VTUyIsCiAgICAgICAgICAgICJ0aW1pbmciOiB7CiAgICAgICAgICAgICAgImVuZFRpbWUiOiAiMjAyMi0wOC0xNVQyMjo0MzoyNy4wNTYzNzc0NDFaIiwKICAgICAgICAgICAgICAic3RhcnRUaW1lIjogIjIwMjItMDgtMTVUMjI6NDM6MjEuNjU3MjYyNDkyWiIKICAgICAgICAgICAgfQogICAgICAgICAgfQogICAgICAgIF0KICAgICAgfSwKICAgICAgImVudHJ5UG9pbnQiOiAiY2xvdWRidWlsZC55YW1sIiwKICAgICAgInR5cGUiOiAiaHR0cHM6Ly9jbG91ZGJ1aWxkLmdvb2dsZWFwaXMuY29tL0dvb2dsZUhvc3RlZFdvcmtlckB2MC4yIgogICAgfQogIH0sCiAgInN1YmplY3QiOiBbCiAgICB7CiAgICAgICJkaWdlc3QiOiB7CiAgICAgICAgInNoYTI1NiI6ICIxYTAzM2IwMDJmODllZDJiOGVhNzMzMTYyNDk3ZmI3MGYxYTQwNDlhN2Y4NjAyZDZhMzM2ODJiNGFkOTkyMWZkIgogICAgICB9LAogICAgICAibmFtZSI6ICJodHRwczovL3VzLXdlc3QyLWRvY2tlci5wa2cuZGV2L2dvc3N0LXNjYXJlLXNhbmRib3gvcXVpY2tzdGFydC1kb2NrZXItcmVwby9xdWlja3N0YXJ0LWltYWdlOnYxNCIKICAgIH0KICBdCn0K", - "payloadType": "application/vnd.in-toto+json", - "signatures": [ - { - "keyid": "projects/verified-builder/locations/global/keyRings/attestor/cryptoKeys/builtByGCB/cryptoKeyVersions/1", - "sig": "MEYCIQD-0xUsdkYnsmKnQL_ndEvXknLfn82zsG-hGyYUd4aYsAIhAP4KSCxN2VPNc-dvfrQIGduMUNmAiHxLttdezqdrSf3F" - } - ] - }, - "kind": "BUILD", - "name": "projects/gosst-scare-sandbox/occurrences/8ce06798-f94d-4772-a224-04e473163790", - "noteName": "projects/verified-builder/notes/intoto_b6e052a7-5aa4-41bf-a56b-9bc4e4f3058b", - "resourceUri": "https://us-west2-docker.pkg.dev/gosst-scare-sandbox/quickstart-docker-repo/quickstart-image@sha256:1a033b002f89ed2b8ea733162497fb70f1a4049a7f8602d6a33682b4ad9921fd", - "updateTime": "2022-08-15T22:43:35.649016Z" - } - ] - } - } \ No newline at end of file diff --git a/verifiers/internal/gcb/verifier.go b/verifiers/internal/gcb/verifier.go index 04f31e6bb..511065009 100644 --- a/verifiers/internal/gcb/verifier.go +++ b/verifiers/internal/gcb/verifier.go @@ -64,11 +64,6 @@ func (v *GCBVerifier) VerifyImage(ctx context.Context, return nil, nil, err } - // Verify intoto header. - if err := prov.VerifyIntotoHeaders(); err != nil { - return nil, nil, err - } - // Verify the builder. builderID, err := prov.VerifyBuilder(builderOpts) if err != nil { diff --git a/verifiers/internal/gha/builder.go b/verifiers/internal/gha/builder.go index 062905056..5d82bf0fb 100644 --- a/verifiers/internal/gha/builder.go +++ b/verifiers/internal/gha/builder.go @@ -109,34 +109,45 @@ func verifyTrustedBuilderID(certBuilderID, certTag string, expectedBuilderID *st if _, ok := defaultTrustedBuilders[certBuilderID]; !ok { return nil, false, fmt.Errorf("%w: %s with builderID provided: %t", serrors.ErrorUntrustedReusableWorkflow, certBuilderID, expectedBuilderID != nil) } + // Construct the builderID using the certificate's builder's name and tag. trustedBuilderID, err = utils.TrustedBuilderIDNew(certBuilderID+"@"+certTag, true) if err != nil { return nil, false, err } - } else { - // Verify the builderID. - // We only accept IDs on github.com. - trustedBuilderID, err = utils.TrustedBuilderIDNew(certBuilderID+"@"+certTag, true) - if err != nil { - return nil, false, err - } // Check if: // - the builder in the cert is a BYOB builder // - the caller trusts the BYOB builder // If both are true, we don't match the user-provided builder ID // against the certificate. Instead that will be done by the caller. - if isTrustedDelegatorBuilder(trustedBuilderID, defaultTrustedBuilders) { - return trustedBuilderID, true, nil - } + // + // This return of the delegator builderID enables non-compulsory + // builderID feature for BYOB builders by setting byob flag to true. + return trustedBuilderID, isTrustedDelegatorBuilder(trustedBuilderID, defaultTrustedBuilders), nil + } - // Not a BYOB builder. BuilderID provided by user should match the certificate. - // Note: the certificate builderID has the form `name@refs/tags/v1.2.3`, - // so we pass `allowRef = true`. - if err := trustedBuilderID.MatchesLoose(*expectedBuilderID, true); err != nil { - return nil, false, fmt.Errorf("%w: %v", serrors.ErrorUntrustedReusableWorkflow, err) - } + // Verify the builderID. + // We only accept IDs on github.com. + trustedBuilderID, err = utils.TrustedBuilderIDNew(certBuilderID+"@"+certTag, true) + if err != nil { + return nil, false, err + } + + // Check if: + // - the builder in the cert is a BYOB builder + // - the caller trusts the BYOB builder + // If both are true, we don't match the user-provided builder ID + // against the certificate. Instead that will be done by the caller. + if isTrustedDelegatorBuilder(trustedBuilderID, defaultTrustedBuilders) { + return trustedBuilderID, true, nil + } + + // Not a BYOB builder. BuilderID provided by user should match the certificate. + // Note: the certificate builderID has the form `name@refs/tags/v1.2.3`, + // so we pass `allowRef = true`. + if err := trustedBuilderID.MatchesLoose(*expectedBuilderID, true); err != nil { + return nil, false, fmt.Errorf("%w: %v", serrors.ErrorUntrustedReusableWorkflow, err) } return trustedBuilderID, false, nil diff --git a/verifiers/internal/gha/builder_test.go b/verifiers/internal/gha/builder_test.go index e710fec14..8475fc599 100644 --- a/verifiers/internal/gha/builder_test.go +++ b/verifiers/internal/gha/builder_test.go @@ -477,6 +477,17 @@ func Test_verifyTrustedBuilderID(t *testing.T) { defaults: defaultBYOBReusableWorkflows, byob: true, }, + { + // This is a BYOB workflow without an id that tests non-compulsory builder-id + // feature of slsa-verifier and expects byob to be true + name: "generic delegator workflow no id", + path: trustedBuilderRepository + "/.github/workflows/delegator_generic_slsa3.yml", + // NOTE: id is nil. + id: nil, + tag: "refs/tags/v1.2.3", + defaults: defaultBYOBReusableWorkflows, + byob: true, + }, { name: "low perms delegator workflow short tag", path: trustedBuilderRepository + "/.github/workflows/delegator_lowperms-generic_slsa3.yml", @@ -486,10 +497,15 @@ func Test_verifyTrustedBuilderID(t *testing.T) { byob: true, }, { - name: "low perms delegator workflow no ID provided", - path: trustedBuilderRepository + "/.github/workflows/delegator_lowperms-generic_slsa3.yml", + // This is a BYOB workflow without an id that tests non-compulsory builder-id + // feature of slsa-verifier and expects byob to be true + name: "low perms delegator workflow no ID provided", + path: trustedBuilderRepository + "/.github/workflows/delegator_lowperms-generic_slsa3.yml", + // NOTE: id is nil. + id: nil, tag: "v1.2.3", defaults: defaultBYOBReusableWorkflows, + byob: true, }, { name: "default mismatch against container defaults long tag", diff --git a/verifiers/internal/gha/provenance.go b/verifiers/internal/gha/provenance.go index e31c8c625..f9e592e5c 100644 --- a/verifiers/internal/gha/provenance.go +++ b/verifiers/internal/gha/provenance.go @@ -58,6 +58,27 @@ func verifyBuilderIDExactMatch(prov iface.Provenance, expectedBuilderID string) return nil } +// verifyBuilderIDPathPrefix verifies that the builder ID in provenance matches the provided expectedBuilderIDPathPrefix. +// Returns provenance builderID if verified against provided expected Builder ID path prefix. +func verifyBuilderIDPathPrefix(prov iface.Provenance, expectedBuilderIDPathPrefix string) (string, error) { + id, err := prov.BuilderID() + if err != nil { + return "", err + } + + provBuilderID, err := utils.TrustedBuilderIDNew(id, false) + if err != nil { + return "", err + } + + // Compare actual BuilderID with the expected BuilderID Path Prefix. + if !strings.HasPrefix(provBuilderID.Name(), expectedBuilderIDPathPrefix) { + return "", fmt.Errorf("%w: BuilderID Path Mismatch. Got: %q. Expected BuilderID Path Prefix: %q", serrors.ErrorInvalidBuilderID, provBuilderID.Name(), expectedBuilderIDPathPrefix) + } + + return provBuilderID.Name(), nil +} + // Verify Builder ID in provenance statement. // This function verifies the names match. If the expected builder ID contains a version, // it also verifies the versions match. @@ -70,6 +91,7 @@ func verifyBuilderIDLooseMatch(prov iface.Provenance, expectedBuilderID string) if err != nil { return err } + if err := provBuilderID.MatchesLoose(expectedBuilderID, true); err != nil { return err } @@ -272,21 +294,62 @@ func isValidDelegatorBuilderID(prov iface.Provenance) error { if err != nil { return err } + parts := strings.Split(id, "@") if len(parts) != 2 { return fmt.Errorf("%w: %s", serrors.ErrorInvalidBuilderID, id) } + builderRef := parts[1] // Exception for JReleaser builders. // See https://github.com/slsa-framework/slsa-github-generator/issues/2035#issuecomment-1579963802. if strings.HasPrefix(parts[0], JReleaserRepository) { - return utils.IsValidJreleaserBuilderTag(parts[1]) + return utils.IsValidJreleaserBuilderTag(builderRef) + } + + sourceURI, err := prov.SourceURI() + if err != nil { + return err + } + + uri, _, err := utils.ParseGitURIAndRef(sourceURI) + if err != nil { + return err + } + // Exception to enable e2e tests for BYOB builders referenced at main. + normalizedE2eRepoURI := utils.NormalizeGitURI(httpsGithubCom + e2eTestRepository) + normalizedURI := utils.NormalizeGitURI(uri) + if normalizedURI == normalizedE2eRepoURI && options.TestingEnabled() { + // Allow verification on the main branch to support e2e tests. + if builderRef == "refs/heads/main" { + return nil + } + } + + return utils.IsValidBuilderTag(builderRef, false) +} + +// builderID returns the trusted builder ID from the provenance. +// The certTrustedBuilderID input is from the Fulcio certificate. +func builderID(env *dsselib.Envelope, certTrustedBuilderID *utils.TrustedBuilderID) (*utils.TrustedBuilderID, error) { + prov, err := slsaprovenance.ProvenanceFromEnvelope(certTrustedBuilderID.Name(), env) + if err != nil { + return nil, err } - return utils.IsValidBuilderTag(parts[1], false) + id, err := prov.BuilderID() + if err != nil { + return nil, err + } + verifiedBuilderID, err := utils.TrustedBuilderIDNew(id, true) + if err != nil { + return nil, err + } + return verifiedBuilderID, nil } // VerifyProvenance verifies the provenance for the given DSSE envelope. -func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts, trustedBuilderID *utils.TrustedBuilderID, byob bool) error { +func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceOpts, trustedBuilderID *utils.TrustedBuilderID, byob bool, + expectedID *string) error { prov, err := slsaprovenance.ProvenanceFromEnvelope(trustedBuilderID.Name(), env) if err != nil { return err @@ -297,7 +360,24 @@ func VerifyProvenance(env *dsselib.Envelope, provenanceOpts *options.ProvenanceO if err := isValidDelegatorBuilderID(prov); err != nil { return err } - // Note: `provenanceOpts.ExpectedBuilderID` is provided by the user. + + // If expectedID is not provided, check to see if it is a trusted builder. + // If not provided, then a trusted builder is expected, to populate provenanceOpts.ExpectedBuilderID + // with that builder, otherwise, populate from user input. + // + // This can verify the actual BYOB builderIDPath against the trusted builderIDPath provided. + // Currently slsa-framework path is the only one supported for ExpectedBuilderPath. + if expectedID == nil { + var trustedBuilderRepositoryPath = httpsGithubCom + trustedBuilderRepository + "/.github/workflows/" + if provenanceOpts.ExpectedBuilderID, err = verifyBuilderIDPathPrefix(prov, trustedBuilderRepositoryPath); err != nil { + return err + } + } else { + provenanceOpts.ExpectedBuilderID = *expectedID + } + + // NOTE: `provenanceOpts.ExpectedBuilderID` is provided by the user + // or from return of verifyBuilderIDPath. if err := verifyBuilderIDLooseMatch(prov, provenanceOpts.ExpectedBuilderID); err != nil { return err } diff --git a/verifiers/internal/gha/provenance_test.go b/verifiers/internal/gha/provenance_test.go index bdbe2d395..eb0c4e7c2 100644 --- a/verifiers/internal/gha/provenance_test.go +++ b/verifiers/internal/gha/provenance_test.go @@ -1,6 +1,8 @@ package gha import ( + "os" + "path/filepath" "testing" "time" @@ -9,6 +11,8 @@ import ( slsacommon "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/common" slsa02 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v0.2" slsa1 "github.com/in-toto/in-toto-golang/in_toto/slsa_provenance/v1" + "github.com/slsa-framework/slsa-verifier/v2/options" + "github.com/slsa-framework/slsa-verifier/v2/verifiers/utils" serrors "github.com/slsa-framework/slsa-verifier/v2/errors" "github.com/slsa-framework/slsa-verifier/v2/verifiers/internal/gha/slsaprovenance/common" @@ -399,45 +403,76 @@ func Test_verifySourceURI(t *testing.T) { } func Test_isValidDelegatorBuilderID(t *testing.T) { - t.Parallel() tests := []struct { - name string - builderID string - err error + name string + builderID string + sourceURI string + testingEnabled bool + err error }{ { name: "no @", builderID: "some/builderID", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, err: serrors.ErrorInvalidBuilderID, }, { name: "invalid ref", builderID: "some/builderID@v1.2.3", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, err: serrors.ErrorInvalidRef, }, { name: "invalid ref not tag", builderID: "some/builderID@refs/head/v1.2.3", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, err: serrors.ErrorInvalidRef, }, { name: "invalid ref not full semver", builderID: "some/builderID@refs/heads/v1.2", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, err: serrors.ErrorInvalidRef, }, { name: "valid builder", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, builderID: "some/builderID@refs/tags/v1.2.3", }, + { + name: "invalid builder ref not e2e repo with testing enabled", + sourceURI: "git+" + httpsGithubCom + "some/repo", + builderID: "some/builderID@refs/heads/main", + testingEnabled: true, + err: serrors.ErrorInvalidRef, + }, + { + name: "invalid builder ref e2e repo with testing enabled", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, + builderID: "some/builderID@refs/heads/main", + testingEnabled: true, + }, + { + name: "invalid builder ref e2e repo", + sourceURI: "git+" + httpsGithubCom + e2eTestRepository, + builderID: "some/builderID@refs/heads/main", + err: serrors.ErrorInvalidRef, + }, } for _, tt := range tests { tt := tt // Re-initializing variable so it is not changed while executing the closure below t.Run(tt.name, func(t *testing.T) { - t.Parallel() - prov := &testProvenance{ builderID: tt.builderID, + sourceURI: tt.sourceURI, + } + + if tt.testingEnabled { + t.Setenv("SLSA_VERIFIER_TESTING", "1") + } else { + // Ensure that the variable is not set. + t.Setenv("SLSA_VERIFIER_TESTING", "") } err := isValidDelegatorBuilderID(prov) @@ -1182,3 +1217,144 @@ func Test_VerifyVersionedTag(t *testing.T) { }) } } + +func Test_VerifyProvenance(t *testing.T) { + t.Parallel() + tests := []struct { + name string + envelopePath string + provenanceOpts *options.ProvenanceOpts + trustedBuilderIDName string + byob bool + expectedID *string + expected error + }{ + { + name: "Verify Trusted (slsa-github-generator) Bazel Builder (v1.8.0)", + envelopePath: "bazel-trusted-dsseEnvelope.build.slsa", + provenanceOpts: &options.ProvenanceOpts{ + ExpectedBranch: nil, + ExpectedTag: nil, + ExpectedVersionedTag: nil, + ExpectedDigest: "caaadba2846905ac477c777e96a636e1c2e067fdf6fed90ec9eeca4df18d6ed9", + ExpectedSourceURI: "github.com/enteraga6/slsa-lvl3-generic-provenance-with-bazel-example", + ExpectedBuilderID: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.8.0", + ExpectedWorkflowInputs: map[string]string{}, + }, + byob: true, + trustedBuilderIDName: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.8.0", + expectedID: nil, + }, + { + name: "Verify Un-Trusted (slsa-github-generator) Bazel Builder (from enteraga6/slsa-github-generator)", + envelopePath: "bazel-untrusted-dsseEnvelope.sigstore", + provenanceOpts: &options.ProvenanceOpts{ + ExpectedBranch: nil, + ExpectedTag: nil, + ExpectedVersionedTag: nil, + ExpectedDigest: "caaadba2846905ac477c777e96a636e1c2e067fdf6fed90ec9eeca4df18d6ed9", + ExpectedSourceURI: "github.com/enteraga6/slsa-lvl3-generic-provenance-with-bazel-example", + ExpectedBuilderID: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.7.0", + ExpectedWorkflowInputs: map[string]string{}, + }, + byob: true, + trustedBuilderIDName: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.7.0", + expectedID: nil, + expected: serrors.ErrorInvalidBuilderID, + }, + { + name: "Verify Trusted - Empty ExpectedBuilderID", + envelopePath: "bazel-trusted-dsseEnvelope.build.slsa", + provenanceOpts: &options.ProvenanceOpts{ + ExpectedBranch: nil, + ExpectedTag: nil, + ExpectedVersionedTag: nil, + ExpectedDigest: "caaadba2846905ac477c777e96a636e1c2e067fdf6fed90ec9eeca4df18d6ed9", + ExpectedSourceURI: "github.com/enteraga6/slsa-lvl3-generic-provenance-with-bazel-example", + ExpectedBuilderID: "", + ExpectedWorkflowInputs: map[string]string{}, + }, + byob: true, + trustedBuilderIDName: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.8.0", + expectedID: nil, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + trustedBuilderID, tErr := utils.TrustedBuilderIDNew(tt.trustedBuilderIDName, true) + if tErr != nil { + t.Errorf("Provenance Verification FAILED. Error: %v", tErr) + } + + envelopeBytes, err := os.ReadFile(filepath.Join("testdata", tt.envelopePath)) + if err != nil { + t.Errorf("os.ReadFile: %v", err) + } + + env, err := EnvelopeFromBytes(envelopeBytes) + if err != nil { + t.Errorf("unexpected error parsing envelope %v", err) + } + + if err := VerifyProvenance(env, tt.provenanceOpts, trustedBuilderID, tt.byob, tt.expectedID); !errCmp(err, tt.expected) { + t.Errorf(cmp.Diff(err, tt.expected)) + } + }) + } +} + +func Test_VerifyUntrustedProvenance(t *testing.T) { + t.Parallel() + tests := []struct { + name string + envelopePath string + provenanceOpts *options.ProvenanceOpts + trustedBuilderIDName string + byob bool + expectedID *string + expected error + }{ + { + name: "Verify Un-Trusted (slsa-github-generator) Bazel Builder (from enteraga6/slsa-github-generator)", + envelopePath: "bazel-untrusted-dsseEnvelope.sigstore", + provenanceOpts: &options.ProvenanceOpts{ + ExpectedBranch: nil, + ExpectedTag: nil, + ExpectedVersionedTag: nil, + ExpectedDigest: "caaadba2846905ac477c777e96a636e1c2e067fdf6fed90ec9eeca4df18d6ed9", + ExpectedSourceURI: "github.com/enteraga6/slsa-lvl3-generic-provenance-with-bazel-example", + ExpectedBuilderID: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.7.0", + ExpectedWorkflowInputs: map[string]string{}, + }, + byob: true, + trustedBuilderIDName: "https://github.com/slsa-framework/slsa-github-generator/.github/workflows/delegator_lowperms-generic_slsa3.yml@refs/tags/v1.7.0", + expectedID: nil, + }, + } + for _, tt := range tests { + tt := tt // Re-initializing variable so it is not changed while executing the closure below + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + trustedBuilderID, tErr := utils.TrustedBuilderIDNew(tt.trustedBuilderIDName, true) + if tErr != nil { + t.Errorf("Provenance Verification FAILED. Error: %v", tErr) + } + + envelopeBytes, err := os.ReadFile(filepath.Join("testdata", tt.envelopePath)) + if err != nil { + t.Errorf("os.ReadFile: %v", err) + } + + env, err := EnvelopeFromBytes(envelopeBytes) + if err != nil { + t.Errorf("unexpected error parsing envelope %v", err) + } + + if err := VerifyProvenance(env, tt.provenanceOpts, trustedBuilderID, tt.byob, tt.expectedID); errCmp(err, tt.expected) { + t.Errorf(cmp.Diff(err, tt.expected)) + } + }) + } +} diff --git a/verifiers/internal/gha/testdata/bazel-trusted-dsseEnvelope.build.slsa b/verifiers/internal/gha/testdata/bazel-trusted-dsseEnvelope.build.slsa new file mode 100644 index 000000000..19202c08b --- /dev/null +++ b/verifiers/internal/gha/testdata/bazel-trusted-dsseEnvelope.build.slsa @@ -0,0 +1,3 @@ +{ + "payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJmaWIiLCJkaWdlc3QiOnsic2hhMjU2IjoiY2FhYWRiYTI4NDY5MDVhYzQ3N2M3NzdlOTZhNjM2ZTFjMmUwNjdmZGY2ZmVkOTBlYzllZWNhNGRmMThkNmVkOSJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvZGVsZWdhdG9yLWdlbmVyaWNAdjAiLCJleHRlcm5hbFBhcmFtZXRlcnMiOnsiaW5wdXRzIjp7InJla29yLWxvZy1wdWJsaWMiOmZhbHNlLCJ0YXJnZXRzIjoiLy9zcmMvLi4uIC8vc3JjL2ludGVybmFsOmFsbCIsImZsYWdzIjoiIiwibmVlZHMtcnVuZmlsZXMiOmZhbHNlLCJpbmNsdWRlcy1qYXZhIjpmYWxzZSwidXNlci1qYXZhLWRpc3RyaWJ1dGlvbiI6Im9yYWNsZSIsInVzZXItamF2YS12ZXJzaW9uIjoiMTcifSwidmFycyI6e319LCJpbnRlcm5hbFBhcmFtZXRlcnMiOnsiR0lUSFVCX0FDVE9SX0lEIjoiNzg5NTM2MDQiLCJHSVRIVUJfRVZFTlRfTkFNRSI6IndvcmtmbG93X2Rpc3BhdGNoIiwiR0lUSFVCX0JBU0VfUkVGIjoiIiwiR0lUSFVCX1JFRiI6InJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9SRUZfVFlQRSI6ImJyYW5jaCIsIkdJVEhVQl9SRVBPU0lUT1JZIjoiZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwiR0lUSFVCX1JFUE9TSVRPUllfSUQiOiI2NDI1Nzk1MTEiLCJHSVRIVUJfUkVQT1NJVE9SWV9PV05FUl9JRCI6Ijc4OTUzNjA0IiwiR0lUSFVCX1JVTl9BVFRFTVBUIjoiMSIsIkdJVEhVQl9SVU5fSUQiOiI1NzkyMTA4NzQ4IiwiR0lUSFVCX1JVTl9OVU1CRVIiOiIxIiwiR0lUSFVCX1NIQSI6IjdmMjNhYzQ3ODNjYjcwMmE2OGM1NWY3OTU1Y2MyOTZmZGQ0MjVkYmIiLCJHSVRIVUJfVFJJR0dFUklOR19BQ1RPUl9JRCI6Ijc4OTUzNjA0IiwiR0lUSFVCX1dPUktGTE9XX1JFRiI6ImVudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS8uZ2l0aHViL3dvcmtmbG93cy90ZXN0LXZlcmlmaWVyLWdsb2IueWFtbEByZWZzL2hlYWRzL21haW4iLCJHSVRIVUJfV09SS0ZMT1dfU0hBIjoiN2YyM2FjNDc4M2NiNzAyYTY4YzU1Zjc5NTVjYzI5NmZkZDQyNWRiYiIsIkdJVEhVQl9FVkVOVF9QQVlMT0FEIjp7ImlucHV0cyI6bnVsbCwicmVmIjoicmVmcy9oZWFkcy9tYWluIiwicmVwb3NpdG9yeSI6eyJhbGxvd19mb3JraW5nIjp0cnVlLCJhcmNoaXZlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3thcmNoaXZlX2Zvcm1hdH17L3JlZn0iLCJhcmNoaXZlZCI6ZmFsc2UsImFzc2lnbmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9hc3NpZ25lZXN7L3VzZXJ9IiwiYmxvYnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvZ2l0L2Jsb2Jzey9zaGF9IiwiYnJhbmNoZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvYnJhbmNoZXN7L2JyYW5jaH0iLCJjbG9uZV91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlLmdpdCIsImNvbGxhYm9yYXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvY29sbGFib3JhdG9yc3svY29sbGFib3JhdG9yfSIsImNvbW1lbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2NvbW1lbnRzey9udW1iZXJ9IiwiY29tbWl0c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9jb21taXRzey9zaGF9IiwiY29tcGFyZV91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9jb21wYXJlL3tiYXNlfS4uLntoZWFkfSIsImNvbnRlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2NvbnRlbnRzL3srcGF0aH0iLCJjb250cmlidXRvcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvY29udHJpYnV0b3JzIiwiY3JlYXRlZF9hdCI6IjIwMjMtMDUtMThUMjI6MzE6MTNaIiwiZGVmYXVsdF9icmFuY2giOiJtYWluIiwiZGVwbG95bWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvZGVwbG95bWVudHMiLCJkZXNjcmlwdGlvbiI6IlRlc3RpbmcgZ2VuZXJpYyBwcm92ZW5hbmNlIHdpdGggQmF6ZWwgZm9yIFNMU0EgTGV2ZWwgMy4iLCJkaXNhYmxlZCI6ZmFsc2UsImRvd25sb2Fkc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9kb3dubG9hZHMiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvZXZlbnRzIiwiZm9yayI6dHJ1ZSwiZm9ya3MiOjAsImZvcmtzX2NvdW50IjowLCJmb3Jrc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9mb3JrcyIsImZ1bGxfbmFtZSI6ImVudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZSIsImdpdF9jb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2dpdC9jb21taXRzey9zaGF9IiwiZ2l0X3JlZnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvZ2l0L3JlZnN7L3NoYX0iLCJnaXRfdGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9naXQvdGFnc3svc2hhfSIsImdpdF91cmwiOiJnaXQ6Ly9naXRodWIuY29tL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS5naXQiLCJoYXNfZGlzY3Vzc2lvbnMiOmZhbHNlLCJoYXNfZG93bmxvYWRzIjp0cnVlLCJoYXNfaXNzdWVzIjpmYWxzZSwiaGFzX3BhZ2VzIjpmYWxzZSwiaGFzX3Byb2plY3RzIjp0cnVlLCJoYXNfd2lraSI6dHJ1ZSwiaG9tZXBhZ2UiOiIiLCJob29rc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9ob29rcyIsImh0bWxfdXJsIjoiaHR0cHM6Ly9naXRodWIuY29tL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZSIsImlkIjo2NDI1Nzk1MTEsImlzX3RlbXBsYXRlIjpmYWxzZSwiaXNzdWVfY29tbWVudF91cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9pc3N1ZXMvY29tbWVudHN7L251bWJlcn0iLCJpc3N1ZV9ldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvaXNzdWVzL2V2ZW50c3svbnVtYmVyfSIsImlzc3Vlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9pc3N1ZXN7L251bWJlcn0iLCJrZXlzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2tleXN7L2tleV9pZH0iLCJsYWJlbHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvbGFiZWxzey9uYW1lfSIsImxhbmd1YWdlIjoiQysrIiwibGFuZ3VhZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2xhbmd1YWdlcyIsImxpY2Vuc2UiOnsia2V5IjoibWl0IiwibmFtZSI6Ik1JVCBMaWNlbnNlIiwibm9kZV9pZCI6Ik1EYzZUR2xqWlc1elpURXoiLCJzcGR4X2lkIjoiTUlUIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9saWNlbnNlcy9taXQifSwibWVyZ2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL21lcmdlcyIsIm1pbGVzdG9uZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvbWlsZXN0b25lc3svbnVtYmVyfSIsIm1pcnJvcl91cmwiOm51bGwsIm5hbWUiOiJzbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZSIsIm5vZGVfaWQiOiJSX2tnRE9Ka3o4TnciLCJub3RpZmljYXRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL25vdGlmaWNhdGlvbnN7P3NpbmNlLGFsbCxwYXJ0aWNpcGF0aW5nfSIsIm9wZW5faXNzdWVzIjowLCJvcGVuX2lzc3Vlc19jb3VudCI6MCwib3duZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS83ODk1MzYwND92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2IiwiaWQiOjc4OTUzNjA0LCJsb2dpbiI6ImVudGVyYWdhNiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqYzRPVFV6TmpBMCIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2In0sInByaXZhdGUiOmZhbHNlLCJwdWxsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9wdWxsc3svbnVtYmVyfSIsInB1c2hlZF9hdCI6IjIwMjMtMDgtMDhUMDI6MzQ6MjVaIiwicmVsZWFzZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvcmVsZWFzZXN7L2lkfSIsInNpemUiOjExNSwic3NoX3VybCI6ImdpdEBnaXRodWIuY29tOmVudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS5naXQiLCJzdGFyZ2F6ZXJzX2NvdW50IjowLCJzdGFyZ2F6ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3N0YXJnYXplcnMiLCJzdGF0dXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9zdGF0dXNlcy97c2hhfSIsInN1YnNjcmliZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3N1YnNjcmliZXJzIiwic3Vic2NyaXB0aW9uX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3N1YnNjcmlwdGlvbiIsInN2bl91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwidGFnc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS90YWdzIiwidGVhbXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvdGVhbXMiLCJ0b3BpY3MiOltdLCJ0cmVlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9naXQvdHJlZXN7L3NoYX0iLCJ1cGRhdGVkX2F0IjoiMjAyMy0wNS0xOVQwMToxOTozOVoiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZSIsInZpc2liaWxpdHkiOiJwdWJsaWMiLCJ3YXRjaGVycyI6MCwid2F0Y2hlcnNfY291bnQiOjAsIndlYl9jb21taXRfc2lnbm9mZl9yZXF1aXJlZCI6ZmFsc2V9LCJzZW5kZXIiOnsiYXZhdGFyX3VybCI6Imh0dHBzOi8vYXZhdGFycy5naXRodWJ1c2VyY29udGVudC5jb20vdS83ODk1MzYwND92PTQiLCJldmVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZXZlbnRzey9wcml2YWN5fSIsImZvbGxvd2Vyc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9mb2xsb3dlcnMiLCJmb2xsb3dpbmdfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZm9sbG93aW5ney9vdGhlcl91c2VyfSIsImdpc3RzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L2dpc3Rzey9naXN0X2lkfSIsImdyYXZhdGFyX2lkIjoiIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2IiwiaWQiOjc4OTUzNjA0LCJsb2dpbiI6ImVudGVyYWdhNiIsIm5vZGVfaWQiOiJNRFE2VlhObGNqYzRPVFV6TmpBMCIsIm9yZ2FuaXphdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvb3JncyIsInJlY2VpdmVkX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9yZWNlaXZlZF9ldmVudHMiLCJyZXBvc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9yZXBvcyIsInNpdGVfYWRtaW4iOmZhbHNlLCJzdGFycmVkX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3N0YXJyZWR7L293bmVyfXsvcmVwb30iLCJzdWJzY3JpcHRpb25zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3N1YnNjcmlwdGlvbnMiLCJ0eXBlIjoiVXNlciIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2In0sIndvcmtmbG93IjoiLmdpdGh1Yi93b3JrZmxvd3MvdGVzdC12ZXJpZmllci1nbG9iLnlhbWwifX0sInJlc29sdmVkRGVwZW5kZW5jaWVzIjpbeyJ1cmkiOiJnaXQraHR0cHM6Ly9naXRodWIuY29tL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZUByZWZzL2hlYWRzL21haW4iLCJkaWdlc3QiOnsiZ2l0Q29tbWl0IjoiN2YyM2FjNDc4M2NiNzAyYTY4YzU1Zjc5NTVjYzI5NmZkZDQyNWRiYiJ9fV19LCJydW5EZXRhaWxzIjp7ImJ1aWxkZXIiOnsiaWQiOiJodHRwczovL2dpdGh1Yi5jb20vc2xzYS1mcmFtZXdvcmsvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfYmF6ZWxfc2xzYTMueW1sQHJlZnMvdGFncy92MS44LjAifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9hY3Rpb25zL3J1bnMvNTc5MjEwODc0OC9hdHRlbXB0cy8xIn19fX0=","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEYCIQC5KILL/ouIQVHa10bCUW2VukAff5Towcn7t9wP48Qx2AIhAJBiNPxVT2ug4dKNzV73VR+7Qj6wNW7F+vtJ0ngsyIM4","keyid":""}] +} \ No newline at end of file diff --git a/verifiers/internal/gha/testdata/bazel-untrusted-dsseEnvelope.sigstore b/verifiers/internal/gha/testdata/bazel-untrusted-dsseEnvelope.sigstore new file mode 100644 index 000000000..35c29dc54 --- /dev/null +++ b/verifiers/internal/gha/testdata/bazel-untrusted-dsseEnvelope.sigstore @@ -0,0 +1,3 @@ +{ + "payload":"eyJfdHlwZSI6Imh0dHBzOi8vaW4tdG90by5pby9TdGF0ZW1lbnQvdjAuMSIsInN1YmplY3QiOlt7Im5hbWUiOiJmaWIiLCJkaWdlc3QiOnsic2hhMjU2IjoiY2FhYWRiYTI4NDY5MDVhYzQ3N2M3NzdlOTZhNjM2ZTFjMmUwNjdmZGY2ZmVkOTBlYzllZWNhNGRmMThkNmVkOSJ9fV0sInByZWRpY2F0ZVR5cGUiOiJodHRwczovL3Nsc2EuZGV2L3Byb3ZlbmFuY2UvdjEiLCJwcmVkaWNhdGUiOnsiYnVpbGREZWZpbml0aW9uIjp7ImJ1aWxkVHlwZSI6Imh0dHBzOi8vZ2l0aHViLmNvbS9zbHNhLWZyYW1ld29yay9zbHNhLWdpdGh1Yi1nZW5lcmF0b3IvZGVsZWdhdG9yLWdlbmVyaWNAdjAiLCJleHRlcm5hbFBhcmFtZXRlcnMiOnsiaW5wdXRzIjp7InJla29yLWxvZy1wdWJsaWMiOmZhbHNlLCJ0YXJnZXRzIjoiLy9zcmM6ZmliIiwiZmxhZ3MiOiIiLCJuZWVkcy1ydW5maWxlcyI6ZmFsc2UsImluY2x1ZGVzLWphdmEiOmZhbHNlLCJ1c2VyLWphdmEtZGlzdHJpYnV0aW9uIjoib3JhY2xlIiwidXNlci1qYXZhLXZlcnNpb24iOiIxNyJ9LCJ2YXJzIjp7fX0sImludGVybmFsUGFyYW1ldGVycyI6eyJHSVRIVUJfQUNUT1JfSUQiOiI3ODk1MzYwNCIsIkdJVEhVQl9FVkVOVF9OQU1FIjoid29ya2Zsb3dfZGlzcGF0Y2giLCJHSVRIVUJfUkVGIjoicmVmcy9oZWFkcy9tYWluIiwiR0lUSFVCX1JFRl9UWVBFIjoiYnJhbmNoIiwiR0lUSFVCX1JFUE9TSVRPUlkiOiJlbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUiLCJHSVRIVUJfUkVQT1NJVE9SWV9JRCI6IjY0MjU3OTUxMSIsIkdJVEhVQl9SRVBPU0lUT1JZX09XTkVSX0lEIjoiNzg5NTM2MDQiLCJHSVRIVUJfUlVOX0FUVEVNUFQiOiIxIiwiR0lUSFVCX1JVTl9JRCI6IjU3OTIyMTgxNjMiLCJHSVRIVUJfUlVOX05VTUJFUiI6IjIiLCJHSVRIVUJfU0hBIjoiN2YyM2FjNDc4M2NiNzAyYTY4YzU1Zjc5NTVjYzI5NmZkZDQyNWRiYiIsIkdJVEhVQl9UUklHR0VSSU5HX0FDVE9SX0lEIjoiNzg5NTM2MDQiLCJHSVRIVUJfV09SS0ZMT1dfUkVGIjoiZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlLy5naXRodWIvd29ya2Zsb3dzL3Rlc3QtdmVyaWZpZXItMi55YW1sQHJlZnMvaGVhZHMvbWFpbiIsIkdJVEhVQl9XT1JLRkxPV19TSEEiOiI3ZjIzYWM0NzgzY2I3MDJhNjhjNTVmNzk1NWNjMjk2ZmRkNDI1ZGJiIiwiR0lUSFVCX0VWRU5UX1BBWUxPQUQiOnsiaW5wdXRzIjpudWxsLCJyZWYiOiJyZWZzL2hlYWRzL21haW4iLCJyZXBvc2l0b3J5Ijp7ImFsbG93X2ZvcmtpbmciOnRydWUsImFyY2hpdmVfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUve2FyY2hpdmVfZm9ybWF0fXsvcmVmfSIsImFyY2hpdmVkIjpmYWxzZSwiYXNzaWduZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2Fzc2lnbmVlc3svdXNlcn0iLCJibG9ic191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9naXQvYmxvYnN7L3NoYX0iLCJicmFuY2hlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9icmFuY2hlc3svYnJhbmNofSIsImNsb25lX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUuZ2l0IiwiY29sbGFib3JhdG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9jb2xsYWJvcmF0b3Jzey9jb2xsYWJvcmF0b3J9IiwiY29tbWVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvY29tbWVudHN7L251bWJlcn0iLCJjb21taXRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2NvbW1pdHN7L3NoYX0iLCJjb21wYXJlX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2NvbXBhcmUve2Jhc2V9Li4ue2hlYWR9IiwiY29udGVudHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvY29udGVudHMveytwYXRofSIsImNvbnRyaWJ1dG9yc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9jb250cmlidXRvcnMiLCJjcmVhdGVkX2F0IjoiMjAyMy0wNS0xOFQyMjozMToxM1oiLCJkZWZhdWx0X2JyYW5jaCI6Im1haW4iLCJkZXBsb3ltZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9kZXBsb3ltZW50cyIsImRlc2NyaXB0aW9uIjoiVGVzdGluZyBnZW5lcmljIHByb3ZlbmFuY2Ugd2l0aCBCYXplbCBmb3IgU0xTQSBMZXZlbCAzLiIsImRpc2FibGVkIjpmYWxzZSwiZG93bmxvYWRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2Rvd25sb2FkcyIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9ldmVudHMiLCJmb3JrIjp0cnVlLCJmb3JrcyI6MCwiZm9ya3NfY291bnQiOjAsImZvcmtzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2ZvcmtzIiwiZnVsbF9uYW1lIjoiZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwiZ2l0X2NvbW1pdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvZ2l0L2NvbW1pdHN7L3NoYX0iLCJnaXRfcmVmc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9naXQvcmVmc3svc2hhfSIsImdpdF90YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2dpdC90YWdzey9zaGF9IiwiZ2l0X3VybCI6ImdpdDovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlLmdpdCIsImhhc19kaXNjdXNzaW9ucyI6ZmFsc2UsImhhc19kb3dubG9hZHMiOnRydWUsImhhc19pc3N1ZXMiOmZhbHNlLCJoYXNfcGFnZXMiOmZhbHNlLCJoYXNfcHJvamVjdHMiOnRydWUsImhhc193aWtpIjp0cnVlLCJob21lcGFnZSI6IiIsImhvb2tzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2hvb2tzIiwiaHRtbF91cmwiOiJodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwiaWQiOjY0MjU3OTUxMSwiaXNfdGVtcGxhdGUiOmZhbHNlLCJpc3N1ZV9jb21tZW50X3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2lzc3Vlcy9jb21tZW50c3svbnVtYmVyfSIsImlzc3VlX2V2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9pc3N1ZXMvZXZlbnRzey9udW1iZXJ9IiwiaXNzdWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2lzc3Vlc3svbnVtYmVyfSIsImtleXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUva2V5c3sva2V5X2lkfSIsImxhYmVsc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9sYWJlbHN7L25hbWV9IiwibGFuZ3VhZ2UiOiJDKysiLCJsYW5ndWFnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvbGFuZ3VhZ2VzIiwibGljZW5zZSI6eyJrZXkiOiJtaXQiLCJuYW1lIjoiTUlUIExpY2Vuc2UiLCJub2RlX2lkIjoiTURjNlRHbGpaVzV6WlRFeiIsInNwZHhfaWQiOiJNSVQiLCJ1cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL2xpY2Vuc2VzL21pdCJ9LCJtZXJnZXNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvbWVyZ2VzIiwibWlsZXN0b25lc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9taWxlc3RvbmVzey9udW1iZXJ9IiwibWlycm9yX3VybCI6bnVsbCwibmFtZSI6InNsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwibm9kZV9pZCI6IlJfa2dET0prejhOdyIsIm5vdGlmaWNhdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvbm90aWZpY2F0aW9uc3s/c2luY2UsYWxsLHBhcnRpY2lwYXRpbmd9Iiwib3Blbl9pc3N1ZXMiOjAsIm9wZW5faXNzdWVzX2NvdW50IjowLCJvd25lciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91Lzc4OTUzNjA0P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9lbnRlcmFnYTYiLCJpZCI6Nzg5NTM2MDQsImxvZ2luIjoiZW50ZXJhZ2E2Iiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pjNE9UVXpOakEwIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYifSwicHJpdmF0ZSI6ZmFsc2UsInB1bGxzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3B1bGxzey9udW1iZXJ9IiwicHVzaGVkX2F0IjoiMjAyMy0wOC0wOFQwMjozNDoyNVoiLCJyZWxlYXNlc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9yZWxlYXNlc3svaWR9Iiwic2l6ZSI6MTE1LCJzc2hfdXJsIjoiZ2l0QGdpdGh1Yi5jb206ZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlLmdpdCIsInN0YXJnYXplcnNfY291bnQiOjAsInN0YXJnYXplcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvc3RhcmdhemVycyIsInN0YXR1c2VzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3N0YXR1c2VzL3tzaGF9Iiwic3Vic2NyaWJlcnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvc3Vic2NyaWJlcnMiLCJzdWJzY3JpcHRpb25fdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS9yZXBvcy9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUvc3Vic2NyaXB0aW9uIiwic3ZuX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9lbnRlcmFnYTYvc2xzYS1sdmwzLWdlbmVyaWMtcHJvdmVuYW5jZS13aXRoLWJhemVsLWV4YW1wbGUiLCJ0YWdzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL3RhZ3MiLCJ0ZWFtc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3JlcG9zL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS90ZWFtcyIsInRvcGljcyI6W10sInRyZWVzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlL2dpdC90cmVlc3svc2hhfSIsInVwZGF0ZWRfYXQiOiIyMDIzLTA1LTE5VDAxOjE5OjM5WiIsInVybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vcmVwb3MvZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlIiwidmlzaWJpbGl0eSI6InB1YmxpYyIsIndhdGNoZXJzIjowLCJ3YXRjaGVyc19jb3VudCI6MCwid2ViX2NvbW1pdF9zaWdub2ZmX3JlcXVpcmVkIjpmYWxzZX0sInNlbmRlciI6eyJhdmF0YXJfdXJsIjoiaHR0cHM6Ly9hdmF0YXJzLmdpdGh1YnVzZXJjb250ZW50LmNvbS91Lzc4OTUzNjA0P3Y9NCIsImV2ZW50c191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9ldmVudHN7L3ByaXZhY3l9IiwiZm9sbG93ZXJzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L2ZvbGxvd2VycyIsImZvbGxvd2luZ191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9mb2xsb3dpbmd7L290aGVyX3VzZXJ9IiwiZ2lzdHNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvZ2lzdHN7L2dpc3RfaWR9IiwiZ3JhdmF0YXJfaWQiOiIiLCJodG1sX3VybCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9lbnRlcmFnYTYiLCJpZCI6Nzg5NTM2MDQsImxvZ2luIjoiZW50ZXJhZ2E2Iiwibm9kZV9pZCI6Ik1EUTZWWE5sY2pjNE9UVXpOakEwIiwib3JnYW5pemF0aW9uc191cmwiOiJodHRwczovL2FwaS5naXRodWIuY29tL3VzZXJzL2VudGVyYWdhNi9vcmdzIiwicmVjZWl2ZWRfZXZlbnRzX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3JlY2VpdmVkX2V2ZW50cyIsInJlcG9zX3VybCI6Imh0dHBzOi8vYXBpLmdpdGh1Yi5jb20vdXNlcnMvZW50ZXJhZ2E2L3JlcG9zIiwic2l0ZV9hZG1pbiI6ZmFsc2UsInN0YXJyZWRfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvc3RhcnJlZHsvb3duZXJ9ey9yZXBvfSIsInN1YnNjcmlwdGlvbnNfdXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYvc3Vic2NyaXB0aW9ucyIsInR5cGUiOiJVc2VyIiwidXJsIjoiaHR0cHM6Ly9hcGkuZ2l0aHViLmNvbS91c2Vycy9lbnRlcmFnYTYifSwid29ya2Zsb3ciOiIuZ2l0aHViL3dvcmtmbG93cy90ZXN0LXZlcmlmaWVyLTIueWFtbCJ9fSwicmVzb2x2ZWREZXBlbmRlbmNpZXMiOlt7InVyaSI6ImdpdCtodHRwczovL2dpdGh1Yi5jb20vZW50ZXJhZ2E2L3Nsc2EtbHZsMy1nZW5lcmljLXByb3ZlbmFuY2Utd2l0aC1iYXplbC1leGFtcGxlQHJlZnMvaGVhZHMvbWFpbiIsImRpZ2VzdCI6eyJnaXRDb21taXQiOiI3ZjIzYWM0NzgzY2I3MDJhNjhjNTVmNzk1NWNjMjk2ZmRkNDI1ZGJiIn19XX0sInJ1bkRldGFpbHMiOnsiYnVpbGRlciI6eyJpZCI6Imh0dHBzOi8vZ2l0aHViLmNvbS9lbnRlcmFnYTYvc2xzYS1naXRodWItZ2VuZXJhdG9yLy5naXRodWIvd29ya2Zsb3dzL2J1aWxkZXJfYmF6ZWxfc2xzYTMueW1sQHJlZnMvdGFncy92MS4wLjEifSwibWV0YWRhdGEiOnsiaW52b2NhdGlvbklkIjoiaHR0cHM6Ly9naXRodWIuY29tL2VudGVyYWdhNi9zbHNhLWx2bDMtZ2VuZXJpYy1wcm92ZW5hbmNlLXdpdGgtYmF6ZWwtZXhhbXBsZS9hY3Rpb25zL3J1bnMvNTc5MjIxODE2My9hdHRlbXB0cy8xIn19fX0=","payloadType":"application/vnd.in-toto+json","signatures":[{"sig":"MEUCIBI2U1FXszYZ2BU1hrtiCgfDsvLBpftB5gvGv0UrobTrAiEAnBPjQHPQHXgGRGokorag5kq9BSDNIGs90v/hHUNY77s=","keyid":""}] +} \ No newline at end of file diff --git a/verifiers/internal/gha/verifier.go b/verifiers/internal/gha/verifier.go index d49090fc5..d8168be4e 100644 --- a/verifiers/internal/gha/verifier.go +++ b/verifiers/internal/gha/verifier.go @@ -71,21 +71,23 @@ func verifyEnvAndCert(env *dsse.Envelope, // There is a corner-case to handle: if the verified builder ID from the cert // is a delegator builder, the user MUST provide an expected builder ID // and we MUST match it against the content of the provenance. + + if err := VerifyProvenance(env, provenanceOpts, verifiedBuilderID, byob, builderOpts.ExpectedID); err != nil { + return nil, nil, err + } + if byob { - if builderOpts.ExpectedID == nil || *builderOpts.ExpectedID == "" { - // NOTE: we will need to update the logic here once our default trusted builders - // are migrated to using BYOB. - return nil, nil, fmt.Errorf("%w: empty ID", serrors.ErrorInvalidBuilderID) + // Overwrite the builderID to match the one in the provenance. + verifiedBuilderID, err = builderID(env, verifiedBuilderID) + if err != nil { + return nil, nil, err } - provenanceOpts.ExpectedBuilderID = *builderOpts.ExpectedID - } - if err := VerifyProvenance(env, provenanceOpts, verifiedBuilderID, byob); err != nil { - return nil, nil, err } fmt.Fprintf(os.Stderr, "Verified build using builder %q at commit %s\n", - workflowInfo.SubjectWorkflow.String(), + verifiedBuilderID.String(), workflowInfo.SourceSha1) + // Return verified provenance. r, err := base64.StdEncoding.DecodeString(env.Payload) if err != nil {