remove unused certFile param to verifyCertBundle

Signed-off-by: Dmitry S <[email protected]>

cmd/cosign/cli/verify/verify.go

@@ -295,7 +295,7 @@ func (c *VerifyCommand) Exec(ctx context.Context, images []string) (err error) {
 				return err
 			}
 		default:
-			return errors.New("internal error in handling CertChain and RootCerts - default case should never happen")
+			return errors.New("no certificate chain provided to verify certificate")
 		}
 
 		if c.SCTRef != "" {

test/e2e_test.go

@@ -151,7 +151,7 @@ func TestSignVerifyCertBundle(t *testing.T) {
 
 	ctx := context.Background()
 	// Verify should fail at first
-	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, nil, "", true), t)
+	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, nil, "", true), t)
 	// So should download
 	mustErr(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)
 
@@ -170,13 +170,13 @@ func TestSignVerifyCertBundle(t *testing.T) {
 
 	// Now verify and download should work!
 	ignoreTlog := true
-	must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, nil, "", ignoreTlog), t)
+	must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, nil, "", ignoreTlog), t)
 	// verification with certificate chain instead of root/intermediate files should work as well
 	must(verifyCertChain(pubKeyPath, certChainFile, certFile, imgName, true, nil, "", ignoreTlog), t)
 	must(download.SignatureCmd(ctx, options.RegistryOptions{}, imgName), t)
 
 	// Look for a specific annotation
-	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
+	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
 
 	so.AnnotationOptions = options.AnnotationOptions{
 		Annotations: []string{"foo=bar"},
@@ -185,10 +185,10 @@ func TestSignVerifyCertBundle(t *testing.T) {
 	must(sign.SignCmd(ro, ko, so, []string{imgName}), t)
 
 	// It should match this time.
-	must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
+	must(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar"}, "", ignoreTlog), t)
 
 	// But two doesn't work
-	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, certFile, imgName, true, map[string]interface{}{"foo": "bar", "baz": "bat"}, "", ignoreTlog), t)
+	mustErr(verifyCertBundle(pubKeyPath, caCertFile, caIntermediateCertFile, imgName, true, map[string]interface{}{"foo": "bar", "baz": "bat"}, "", ignoreTlog), t)
 }
 
 func TestSignVerifyClean(t *testing.T) {

test/helpers.go

@@ -108,7 +108,7 @@ var verifyCertChain = func(keyRef, certChain, certFile, imageRef string, checkCl
 	return cmd.Exec(context.Background(), args)
 }
 
-var verifyCertBundle = func(keyRef, caCertFile, caIntermediates, certFile, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string, skipTlogVerify bool) error {
+var verifyCertBundle = func(keyRef, caCertFile, caIntermediateCertFile, imageRef string, checkClaims bool, annotations map[string]interface{}, attachment string, skipTlogVerify bool) error {
 	cmd := cliverify.VerifyCommand{
 		KeyRef:        keyRef,
 		RekorURL:      rekorURL,
@@ -119,7 +119,7 @@ var verifyCertBundle = func(keyRef, caCertFile, caIntermediates, certFile, image
 		MaxWorkers:    10,
 		IgnoreTlog:    skipTlogVerify,
 		CertVerifyOptions: options.CertVerifyOptions{
-			CAIntermediates:      caIntermediates,
+			CAIntermediates:      caIntermediateCertFile,
 			CARoots:              caCertFile,
 			CertOidcIssuerRegexp: ".*",
 			CertIdentityRegexp:   ".*",