WIP: example local test suite for cosign v2 sig and v3 bundle verification

Signed-off-by: leigh capili <leigh@null.net>

Author: stealthybox

internal/oci/cosign/cosign_test.go

@@ -21,6 +21,7 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
+	"os"
 	"reflect"
 	"testing"
 
@@ -191,3 +192,69 @@ func TestPrivateKeyVerificationWithProxy(t *testing.T) {
 		})
 	}
 }
+
+func TestPKBundleAttestations(t *testing.T) {
+	g := NewWithT(t)
+
+	// registryAddr := testregistry.New(t)
+
+	// proxyAddr, proxyPort := testproxy.New(t)
+
+	pubKey, err := os.ReadFile("/Users/stealthybox/hack/cosign/cosign.pub")
+	g.Expect(err).NotTo(HaveOccurred())
+
+	tests := []struct {
+		name   string
+		tagURL string
+	}{
+		{
+			name:   "v2",
+			tagURL: "localhost:5558/v2-zot",
+		},
+		{
+			name:   "v2",
+			tagURL: "localhost:5559/v2-reg",
+		},
+		{
+			name:   "v3 bundle oci 1.1 referrers",
+			tagURL: "localhost:5558/v3-bundle-zot",
+		},
+		{
+			name:   "v3 bundle oci 1.0 fallback",
+			tagURL: "localhost:5559/v3-bundle-reg",
+		},
+		{
+			name:   "v2-v3 bundle oci 1.1 referrers",
+			tagURL: "localhost:5558/v2-v3-bundle-zot",
+		},
+		{
+			name:   "v2-v3 bundle oci 1.0 fallback",
+			tagURL: "localhost:5559/v2-v3-bundle-reg",
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			g := NewWithT(t)
+
+			ctx := context.Background()
+
+			// tagURL := fmt.Sprintf(tag, registryAddr)
+			ref, err := name.ParseReference(tt.tagURL)
+			g.Expect(err).NotTo(HaveOccurred())
+
+			transport := http.DefaultTransport.(*http.Transport).Clone()
+			// transport.Proxy = http.ProxyURL(tt.proxyURL)
+
+			var opts []Options
+			opts = append(opts, WithRemoteOptions(remote.WithTransport(transport)))
+			opts = append(opts, WithPublicKey(pubKey))
+
+			verifier, err := NewCosignVerifier(ctx, opts...)
+			g.Expect(err).NotTo(HaveOccurred())
+
+			_, err = verifier.Verify(ctx, ref)
+			g.Expect(err).NotTo(HaveOccurred())
+		})
+	}
+}