ci: Add CLI tests and cover signatures created by v0.3.1 (#455)

* ci: Add CLI tests and cover signatures created by v0.3.1

Signed-off-by: Stefan Berger <[email protected]>

* ci: Write test cases in python

Signed-off-by: Stefan Berger <[email protected]>

---------

Signed-off-by: Stefan Berger <[email protected]>

Author: stefanberger

.github/workflows/cli.yml

@@ -0,0 +1,41 @@
+# Copyright 2025 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Run CLI tests
+on:
+  pull_request:
+    branches: [main]
+    types: [opened, synchronize]
+    paths-ignore:
+      - '**/*.md'
+      - '*.md'
+  workflow_dispatch:
+
+permissions: {}
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  model-signing-cli-test:
+    runs-on: ubuntu-24.04
+    steps:
+    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+    - name: Run CLI tests
+      run: |
+        python -m venv venv
+        . venv/bin/activate
+        pip install -e .
+        ./scripts/tests/testrunner

scripts/tests/functions

@@ -0,0 +1,10 @@
+
+# Get the list of files that were signed
+get_signed_files()
+{
+	local sigfile="$1"
+
+	jq -r .dsseEnvelope.payload < "${sigfile}" | \
+		base64 -d | \
+		jq -c '.predicate.resources | map(.name)'
+}

scripts/tests/keys/certificate/ca-cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID9DCCAlygAwIBAgIUMqXRfD5TlsabbQzC0slV583dfHowDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAxMHcm9vdC1jYTAeFw0yNTA1MDIyMzM2MjhaFw0zNTA0MzAy
+MzM2MjhaMBIxEDAOBgNVBAMTB3Jvb3QtY2EwggGiMA0GCSqGSIb3DQEBAQUAA4IB
+jwAwggGKAoIBgQC/xiBPWRmrpY4j9XZCaED6T6/uObidGuCGAsjAEusms7M7qvTP
+pStAW7IfZlx+50fUwbiSuBbZRhvX8rBjh9ta9zKioK0pFydrNWOeWXBG0EDiRYiz
+lf7kH28H3Fp9M0wE1oNSCwb90yB6YIUnTUMuylgJtsvWe/dZMDu4mPgyTUk9ufyE
+phTwLPew73USo6RPDn7IJdoEhh5/zlCGv5BewAzXfUN+OLk5tfZGU4CHcNHE98/N
+DHTdGAtXJ50OZz9GcIa/kMTlzI3xOVylD5p//wXowbHcGKjwlVvIEmen5Hz30pxA
+TkMYxg2QRmH/AX2vKktTp4NDdvstNA16e4UwHPaQDnE5pINXLnixsLMMTZcbnSzY
+hMCVDFXSbhv5dzZ671iopWaNQQloNephR71+PtGpGomcwJ0/UNjxoHu+iFOdXx6q
+poYUj/IGZNZ5S7OEr5SrHzCutckLIIdSjZSQDxS7nqXjRJY0P2kY2zcLDGBzq/It
+5NjO/ZC62d1KWVMCAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8E
+BAMCAgQwHQYDVR0OBBYEFBBCw8dXtjNLnmpoacShTy1l742lMA0GCSqGSIb3DQEB
+CwUAA4IBgQAcFEsJPeo7UhTcbX2cHVssGj3MUmcVZ6Ta+ysiYpz2q3sVtdeeK51D
+nD2g8hzP53rmd6+XOgqcjPkFJR2387sDdwptfVQincoSo6KFa7CZ76w8zJfBGNBp
+/rb2wygAM7/HRG6TfgD/wrgqfUBZ+VgNIzAbpSRvqRYrSeEfh1oJpeZA0OOgpldX
+CGCGJbNWQIhX/J608mg2g2CiVO5ALT0d2VMjffymAL7rXx71UoZaOXlGbkB7Ykg7
+Y1DgLBNGJ7IOpHMYCHggx3haKXs3Hk9bMGLJI5YRVi8b4lyksdOwvxLKqHLBIRbg
+FQOYTT34nUwWv8uvA7X1tlSVVUtLMG+couscKcorQI6nuY44KqkwwK0v+fSmHyh7
+UZOSTNdeWSMdMCJi+HLbbFcanW8WyHQ9qACmq2YIjMs6QH+xrKQkn7ARbpnrZnhq
+F11pOL1EvJG/qooceoDcJDm4I1HNwd4UYmWOIJ+oaGBw3r8OA2mPKQ7r8yVE+SuX
+fLFGLv//rKc=
+-----END CERTIFICATE-----

scripts/tests/keys/certificate/ca-priv.pem

@@ -0,0 +1,180 @@
+Public Key Info:
+	Public Key Algorithm: RSA
+	Key Security Level: High (3072 bits)
+
+modulus:
+	00:bf:c6:20:4f:59:19:ab:a5:8e:23:f5:76:42:68:40
+	fa:4f:af:ee:39:b8:9d:1a:e0:86:02:c8:c0:12:eb:26
+	b3:b3:3b:aa:f4:cf:a5:2b:40:5b:b2:1f:66:5c:7e:e7
+	47:d4:c1:b8:92:b8:16:d9:46:1b:d7:f2:b0:63:87:db
+	5a:f7:32:a2:a0:ad:29:17:27:6b:35:63:9e:59:70:46
+	d0:40:e2:45:88:b3:95:fe:e4:1f:6f:07:dc:5a:7d:33
+	4c:04:d6:83:52:0b:06:fd:d3:20:7a:60:85:27:4d:43
+	2e:ca:58:09:b6:cb:d6:7b:f7:59:30:3b:b8:98:f8:32
+	4d:49:3d:b9:fc:84:a6:14:f0:2c:f7:b0:ef:75:12:a3
+	a4:4f:0e:7e:c8:25:da:04:86:1e:7f:ce:50:86:bf:90
+	5e:c0:0c:d7:7d:43:7e:38:b9:39:b5:f6:46:53:80:87
+	70:d1:c4:f7:cf:cd:0c:74:dd:18:0b:57:27:9d:0e:67
+	3f:46:70:86:bf:90:c4:e5:cc:8d:f1:39:5c:a5:0f:9a
+	7f:ff:05:e8:c1:b1:dc:18:a8:f0:95:5b:c8:12:67:a7
+	e4:7c:f7:d2:9c:40:4e:43:18:c6:0d:90:46:61:ff:01
+	7d:af:2a:4b:53:a7:83:43:76:fb:2d:34:0d:7a:7b:85
+	30:1c:f6:90:0e:71:39:a4:83:57:2e:78:b1:b0:b3:0c
+	4d:97:1b:9d:2c:d8:84:c0:95:0c:55:d2:6e:1b:f9:77
+	36:7a:ef:58:a8:a5:66:8d:41:09:68:35:ea:61:47:bd
+	7e:3e:d1:a9:1a:89:9c:c0:9d:3f:50:d8:f1:a0:7b:be
+	88:53:9d:5f:1e:aa:a6:86:14:8f:f2:06:64:d6:79:4b
+	b3:84:af:94:ab:1f:30:ae:b5:c9:0b:20:87:52:8d:94
+	90:0f:14:bb:9e:a5:e3:44:96:34:3f:69:18:db:37:0b
+	0c:60:73:ab:f2:2d:e4:d8:ce:fd:90:ba:d9:dd:4a:59
+	53:
+
+public exponent:
+	01:00:01:
+
+private exponent:
+	64:44:d9:3b:e3:a0:52:68:db:6a:dd:ba:99:7a:1d:0f
+	43:7e:ff:15:da:fa:f9:c4:8f:0d:01:9d:bb:c6:8b:93
+	c5:90:db:0f:e9:49:b8:d5:8b:9c:14:62:d6:d5:db:63
+	69:50:68:8a:fe:09:a4:4c:cd:de:19:1c:34:ce:21:d8
+	ec:0a:e3:91:13:38:ba:cc:77:77:90:c0:88:8e:f5:d7
+	89:35:45:99:f6:1b:e5:0b:ad:8b:c6:16:66:91:b3:b2
+	79:8d:17:58:5c:3f:a9:93:2c:16:10:45:4e:89:4d:29
+	37:ce:d4:35:69:5a:99:b2:78:45:89:d4:38:d6:fc:a6
+	00:37:6f:f9:21:fa:1c:54:7f:8e:7a:4a:99:71:c7:71
+	ef:8b:ea:aa:07:70:78:91:0f:7d:4f:88:37:0c:0e:16
+	1c:60:1a:83:7a:38:92:bb:f5:fa:b7:eb:89:59:58:77
+	9a:96:5b:e3:a0:98:74:b9:ed:0a:70:e5:5b:6e:de:78
+	05:27:b9:24:90:2b:d4:af:e1:65:fa:30:60:1a:65:22
+	1c:0a:b8:f5:23:1d:63:e8:42:f2:7e:53:c4:15:b4:61
+	86:a1:39:99:40:69:75:7b:6e:e7:5b:00:26:c6:39:09
+	85:2c:d7:9a:76:9c:3c:6f:6a:f6:23:a1:c6:2a:8e:e8
+	1c:0e:b6:d4:32:b6:4c:7d:ff:07:4c:fd:9a:01:dc:a8
+	2f:7c:6d:17:f8:57:47:bd:9e:c1:4e:a6:4c:65:1a:5f
+	67:52:81:ab:68:20:65:78:84:b7:e6:a6:2a:0d:5c:11
+	82:be:7a:68:81:7e:36:de:d7:f1:50:d2:9a:41:e1:db
+	1f:c4:de:01:50:9c:87:fb:38:12:41:09:a2:ee:e8:20
+	d3:30:7f:d5:90:57:0a:0b:c0:4f:97:4f:32:67:24:e1
+	a9:dd:ca:69:a0:18:86:a0:b2:e2:1b:ce:dd:71:5f:2f
+	99:04:41:9d:4d:46:e7:8b:a4:d9:ff:1c:fb:dd:f7:31
+
+
+prime1:
+	00:e5:c6:6c:35:07:0f:14:15:49:b8:eb:92:26:ba:63
+	65:1e:55:98:40:50:28:1b:12:2f:99:49:73:59:2f:ba
+	a3:68:cf:d6:2c:4c:b6:51:3e:38:ed:86:1d:a0:87:65
+	ee:9e:a1:7a:ee:fd:60:76:76:f1:a7:bb:ed:c4:a8:e5
+	0d:e4:35:69:52:35:09:9d:10:8c:c3:1b:c1:0a:26:72
+	71:f6:54:be:88:49:24:73:41:53:27:88:d7:44:bd:34
+	20:b6:bf:76:3a:1a:5c:e8:fb:08:d9:0d:5b:25:4b:85
+	f5:91:01:e4:fb:d0:02:86:2b:9e:f6:a2:5f:d8:9f:3d
+	e1:f8:86:1d:bb:3f:6d:8c:61:e2:e4:33:97:70:d0:d2
+	60:a1:a5:64:9b:63:0c:08:4a:68:12:ec:fe:33:39:88
+	f1:4c:fe:d1:81:8c:a9:04:ba:02:8a:d4:14:94:a9:9b
+	c9:f4:2f:e1:b8:21:ab:c6:27:8a:7b:a3:e3:be:3e:fb
+	87:
+
+prime2:
+	00:d5:a9:62:5d:67:4b:c8:ee:a3:ff:ad:53:b7:cb:33
+	d0:62:27:7f:ad:98:21:f0:c9:47:f3:0d:56:a2:0c:28
+	8c:ad:65:1c:9e:60:42:c6:cc:a3:30:40:9c:7b:8d:18
+	75:d7:4d:dc:c1:60:ad:1c:41:34:14:4b:6e:e7:69:9b
+	0c:66:37:74:71:01:85:9b:81:77:9d:d2:60:77:ef:36
+	76:c1:08:29:5d:4a:92:ff:d8:b0:16:d5:44:ef:af:52
+	f6:e9:df:0a:91:04:02:4b:14:08:f4:14:b7:55:4c:e7
+	05:32:ea:11:f9:9c:29:56:de:d4:b1:59:47:b8:70:09
+	cb:53:2f:c6:dc:fb:52:d9:b1:b8:25:14:69:c3:ba:78
+	94:24:b3:1d:0e:0b:91:e7:0d:64:33:b0:1d:92:92:a4
+	78:52:69:ea:7a:04:c1:87:3a:82:e0:fb:fd:3a:85:bf
+	f0:49:1f:5b:58:95:16:e5:00:9e:b7:2a:3e:7e:1c:de
+	d5:
+
+coefficient:
+	00:b7:31:f9:b1:f8:58:9b:03:f1:38:e9:0d:aa:b4:da
+	fd:43:3d:e7:ca:3d:b1:b1:d6:11:a5:16:93:e7:8a:2d
+	58:3f:6d:ac:1c:52:64:4e:7e:e6:14:26:4f:bd:34:ee
+	7d:87:58:e6:69:41:0b:5d:c0:fb:c8:1a:4f:75:c4:70
+	5e:12:2e:1e:2f:28:5b:a2:6e:a6:72:40:27:ee:78:2f
+	d9:f0:b2:1b:3c:80:6e:42:60:6b:43:d7:f7:35:15:5f
+	ab:36:57:62:f6:46:6e:ec:b4:a7:41:85:2f:31:87:d2
+	41:36:52:01:97:bf:1d:70:d0:23:36:be:65:54:4a:54
+	8d:a9:c3:94:4e:4e:ca:3c:b2:47:a9:b5:1c:bf:f5:6a
+	44:a5:17:0c:3b:4c:43:84:cc:88:d4:b6:d9:33:6a:3b
+	ac:6f:bd:00:aa:1c:f7:3e:a4:66:e6:3e:b4:28:58:d6
+	c8:e0:c5:5c:d2:3d:35:57:8d:35:ce:3e:38:03:ba:94
+	f9:
+
+exp1:
+	3b:17:3a:40:b0:de:09:d6:27:ad:6c:b7:9b:4a:17:c1
+	ab:79:6b:bc:2e:61:02:05:3d:44:78:85:37:8c:74:bd
+	0d:79:55:a4:f2:dd:78:2b:3e:4c:a7:4e:fb:37:96:d9
+	34:e6:66:4d:0b:d0:40:e6:f9:e2:9f:0b:d8:a5:6e:b2
+	91:db:c2:88:27:a7:9f:42:e0:50:54:d4:e2:1d:5d:15
+	3d:ba:31:7d:af:01:b6:ba:37:fe:54:cc:b7:9a:c8:cb
+	18:f4:48:1d:4d:26:53:ac:2b:6c:56:68:f8:40:61:e4
+	f3:33:bf:85:9a:ca:eb:62:50:71:30:f4:e1:2a:a2:a9
+	78:56:55:53:10:4e:c5:e9:6e:86:2d:56:66:e6:ed:13
+	78:be:a6:0e:e7:fb:f2:2d:e0:71:ed:8c:b9:f3:b3:ea
+	0a:59:05:dc:01:26:7e:56:af:cc:b0:19:d2:d9:83:7c
+	fe:55:4a:01:26:77:9c:70:12:c7:15:30:be:7e:48:05
+
+exp2:
+	15:5d:fd:22:4e:24:3c:11:f1:80:ae:3a:c3:14:a5:37
+	df:b9:07:81:ba:c7:1a:27:66:f4:9d:8e:de:61:cc:e4
+	54:aa:d9:f3:d4:b8:98:dc:fa:2c:e7:29:3f:09:db:3a
+	5d:af:c1:b5:ed:0f:22:d6:3a:79:15:1a:20:36:65:75
+	15:fb:d1:bf:43:61:b3:2d:7d:62:e1:19:18:a5:69:92
+	f2:b6:f8:3c:06:2b:31:3e:e0:4d:48:42:be:9d:8f:f4
+	75:6b:02:c9:81:d7:20:de:fe:0e:3a:cc:22:d1:b0:00
+	cb:18:b1:77:7e:f0:7b:69:89:67:ba:ff:fb:27:e9:32
+	d6:3c:de:ec:56:8d:f0:8b:5f:59:05:f3:95:c9:5e:29
+	a2:89:ef:0b:ea:88:4a:cd:02:0a:51:40:83:d9:fa:6c
+	b6:01:35:9b:c2:42:00:5e:0f:9c:a4:56:ac:b5:97:7e
+	56:31:b6:96:e3:42:08:e0:c8:fe:94:50:ef:97:bf:89
+
+
+Public Key PIN:
+	pin-sha256:CYUTMjvcHVpA+aC1bwvCkvTnUsrKi0Izi7ohmCkUjwI=
+Public Key ID:
+	sha256:098513323bdc1d5a40f9a0b56f0bc292f4e752caca8b42338bba219829148f02
+	sha1:1042c3c757b6334b9e6a6869c4a14f2d65ef8da5
+
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAv8YgT1kZq6WOI/V2QmhA+k+v7jm4nRrghgLIwBLrJrOzO6r0
+z6UrQFuyH2ZcfudH1MG4krgW2UYb1/KwY4fbWvcyoqCtKRcnazVjnllwRtBA4kWI
+s5X+5B9vB9xafTNMBNaDUgsG/dMgemCFJ01DLspYCbbL1nv3WTA7uJj4Mk1JPbn8
+hKYU8Cz3sO91EqOkTw5+yCXaBIYef85Qhr+QXsAM131Dfji5ObX2RlOAh3DRxPfP
+zQx03RgLVyedDmc/RnCGv5DE5cyN8TlcpQ+af/8F6MGx3Bio8JVbyBJnp+R899Kc
+QE5DGMYNkEZh/wF9rypLU6eDQ3b7LTQNenuFMBz2kA5xOaSDVy54sbCzDE2XG50s
+2ITAlQxV0m4b+Xc2eu9YqKVmjUEJaDXqYUe9fj7RqRqJnMCdP1DY8aB7vohTnV8e
+qqaGFI/yBmTWeUuzhK+Uqx8wrrXJCyCHUo2UkA8Uu56l40SWND9pGNs3Cwxgc6vy
+LeTYzv2QutndSllTAgMBAAECggGAZETZO+OgUmjbat26mXodD0N+/xXa+vnEjw0B
+nbvGi5PFkNsP6Um41YucFGLW1dtjaVBoiv4JpEzN3hkcNM4h2OwK45ETOLrMd3eQ
+wIiO9deJNUWZ9hvlC62LxhZmkbOyeY0XWFw/qZMsFhBFTolNKTfO1DVpWpmyeEWJ
+1DjW/KYAN2/5IfocVH+OekqZccdx74vqqgdweJEPfU+INwwOFhxgGoN6OJK79fq3
+64lZWHeallvjoJh0ue0KcOVbbt54BSe5JJAr1K/hZfowYBplIhwKuPUjHWPoQvJ+
+U8QVtGGGoTmZQGl1e27nWwAmxjkJhSzXmnacPG9q9iOhxiqO6BwOttQytkx9/wdM
+/ZoB3KgvfG0X+FdHvZ7BTqZMZRpfZ1KBq2ggZXiEt+amKg1cEYK+emiBfjbe1/FQ
+0ppB4dsfxN4BUJyH+zgSQQmi7ugg0zB/1ZBXCgvAT5dPMmck4andymmgGIagsuIb
+zt1xXy+ZBEGdTUbni6TZ/xz73fcxAoHBAOXGbDUHDxQVSbjrkia6Y2UeVZhAUCgb
+Ei+ZSXNZL7qjaM/WLEy2UT447YYdoIdl7p6heu79YHZ28ae77cSo5Q3kNWlSNQmd
+EIzDG8EKJnJx9lS+iEkkc0FTJ4jXRL00ILa/djoaXOj7CNkNWyVLhfWRAeT70AKG
+K572ol/Ynz3h+IYduz9tjGHi5DOXcNDSYKGlZJtjDAhKaBLs/jM5iPFM/tGBjKkE
+ugKK1BSUqZvJ9C/huCGrxieKe6Pjvj77hwKBwQDVqWJdZ0vI7qP/rVO3yzPQYid/
+rZgh8MlH8w1WogwojK1lHJ5gQsbMozBAnHuNGHXXTdzBYK0cQTQUS27naZsMZjd0
+cQGFm4F3ndJgd+82dsEIKV1Kkv/YsBbVRO+vUvbp3wqRBAJLFAj0FLdVTOcFMuoR
++ZwpVt7UsVlHuHAJy1Mvxtz7UtmxuCUUacO6eJQksx0OC5HnDWQzsB2SkqR4Umnq
+egTBhzqC4Pv9OoW/8EkfW1iVFuUAnrcqPn4c3tUCgcA7FzpAsN4J1ietbLebShfB
+q3lrvC5hAgU9RHiFN4x0vQ15VaTy3XgrPkynTvs3ltk05mZNC9BA5vninwvYpW6y
+kdvCiCenn0LgUFTU4h1dFT26MX2vAba6N/5UzLeayMsY9EgdTSZTrCtsVmj4QGHk
+8zO/hZrK62JQcTD04SqiqXhWVVMQTsXpboYtVmbm7RN4vqYO5/vyLeBx7Yy587Pq
+ClkF3AEmflavzLAZ0tmDfP5VSgEmd5xwEscVML5+SAUCgcAVXf0iTiQ8EfGArjrD
+FKU337kHgbrHGidm9J2O3mHM5FSq2fPUuJjc+iznKT8J2zpdr8G17Q8i1jp5FRog
+NmV1FfvRv0Nhsy19YuEZGKVpkvK2+DwGKzE+4E1IQr6dj/R1awLJgdcg3v4OOswi
+0bAAyxixd37we2mJZ7r/+yfpMtY83uxWjfCLX1kF85XJXimiie8L6ohKzQIKUUCD
+2fpstgE1m8JCAF4PnKRWrLWXflYxtpbjQgjgyP6UUO+Xv4kCgcEAtzH5sfhYmwPx
+OOkNqrTa/UM958o9sbHWEaUWk+eKLVg/bawcUmROfuYUJk+9NO59h1jmaUELXcD7
+yBpPdcRwXhIuHi8oW6JupnJAJ+54L9nwshs8gG5CYGtD1/c1FV+rNldi9kZu7LSn
+QYUvMYfSQTZSAZe/HXDQIza+ZVRKVI2pw5ROTso8skeptRy/9WpEpRcMO0xDhMyI
+1LbZM2o7rG+9AKoc9z6kZuY+tChY1sjgxVzSPTVXjTXOPjgDupT5
+-----END RSA PRIVATE KEY-----

scripts/tests/keys/certificate/gen.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+
+# create root-ca
+certtool \
+	--generate-privkey \
+	--outfile ca-priv.pem
+
+TEMPLATE="cn=root-ca\nca\ncert_signing_key\nexpiration_days = 3650\n"
+
+certtool \
+	--generate-self-signed \
+	--template <(echo -e "${TEMPLATE}") \
+	--outfile ca-cert.pem \
+	--load-privkey ca-priv.pem
+
+# create intermediate-ca
+certtool \
+	--generate-privkey \
+	--outfile int-ca-priv.pem
+
+TEMPLATE="cn=intermediate-ca\nca\ncert_signing_key\nexpiration_days = 3650\n"
+
+certtool \
+	--generate-certificate \
+	--template <(echo -e "${TEMPLATE}") \
+	--outfile int-ca-cert.pem \
+	--load-privkey int-ca-priv.pem \
+	--load-ca-privkey ca-priv.pem \
+	--load-ca-certificate ca-cert.pem
+
+# code-signing key
+certtool \
+	--generate-privkey \
+	--key-type ecdsa \
+	--curve secp384r1 \
+	--outfile signing-key.pem
+
+TEMPLATE="cn=intermediate-ca\nca\ncode_signing_key\nsigning_key\nexpiration_days = 3650\n"
+
+certtool \
+	--generate-certificate \
+	--template <(echo -e "${TEMPLATE}") \
+	--outfile signing-key-cert.pem \
+	--load-privkey signing-key.pem \
+	--load-ca-privkey int-ca-priv.pem \
+	--load-ca-certificate int-ca-cert.pem
+
+certtool \
+	--pubkey-info \
+	--load-privkey signing-key.pem \
+	> signing-key-pub.pem

scripts/tests/keys/certificate/int-ca-cert.pem

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHTCCAoWgAwIBAgIUSd+dJ4nS63JskKys4/XmTtBri4UwDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAxMHcm9vdC1jYTAeFw0yNTA1MDIyMzM2MjhaFw0zNTA0MzAy
+MzM2MjhaMBoxGDAWBgNVBAMTD2ludGVybWVkaWF0ZS1jYTCCAaIwDQYJKoZIhvcN
+AQEBBQADggGPADCCAYoCggGBAK7LNuadUjxuZH0rAim9ev3TvR4uSix9mKtHHqwz
+z3zPXuQXzwJ5Wy7GfXNds+aVD4Bwv5NQQHWdTAlZT+7K0CiMIPozRDTVWQKYZZwy
+CM4km6eZKDHxzLkm3fLDd56a1ISV4+ERZsS+DWV3Y9ukZPx9doa1XGLd3oq8o4/T
+wmNAL+rM0npxgegEYYX2DGnqHYiFkS+FdjKIRycFh+dyR6qW5IZ5FW4FMt4WynrM
+p7jWaiLnphyRs+6Xs+zTo3c+dLS82qlLCBkrI1AREx87y4nAnFMPtVi9+2f76YZ9
+ABykovUY6ddFKCFplD4lkvc+klhFi6DSq3sDZb06gTDV/cl9p2hc8jCF9SYVPhkR
+SHSBO/XhojOjQ4ZuNFCyCfaz1KPqK8/hK0OvMh43ZNcyiKy4GYaLQsRl2diOS8O0
+4Ak0+twoKfo7fw5hTYuQ8sc3/8B54W3aOael/730Jko8YeQfl1E2Y10Iyhf6ZbBD
+wWjs9JcOAXZVMTw+1RCW8mwSfwIDAQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4G
+A1UdDwEB/wQEAwICBDAdBgNVHQ4EFgQU8Y+MvYW26MAbiuYGhdsWnumU0zIwHwYD
+VR0jBBgwFoAUEELDx1e2M0ueamhpxKFPLWXvjaUwDQYJKoZIhvcNAQELBQADggGB
+AIUEX+jqSQu1gu6OUWegIBt3g//DkazkR76tQKf+BYb9QixNbHA9DvmK9r76tfed
+q4fFnVKeFbhAqWy+waIDVLZsKWiOj3cIeOon/oZCK3hGtK4q36h0yMsy6AQkfNXj
+IAFgGhIGEQcDq0kgDmdHutHPxjPu77DmMdT0DIczJYKQJpfrs8Al0xiDmdVEsmbR
+nd9RyI+bcPc9bfkRkOuRIAwt6IIWgA1gEFSTtRaTxjXfRIdmz2A0MTpYLNTEvPds
+DdxzhTVZelNI582rhWc/MaXcX5xULbsGJyWobtXcBZfb/9IJi9MBtWWp/t5+/PCu
+IWVHgG8MtnI0EdBXIiTcLH/XJMrRGrvjZW20nyD2nZl5L+qeDGkpSfGJ6dBVaDuV
+liSAj0emondZobXI/ypntpxqtWquZCkbBMQ69dUWE3vIh1aQpleSrAvbukZBzvk5
+FXfVF2T6/TY7HQjUcuURpoAnMtwM8FwrBixFhKGlRpFJjdIVUerT1RrZkvHO5qlg
+Hg==
+-----END CERTIFICATE-----