fix: fix intermediate certificate validation (#234)

Signed-off-by: Asra Ali <[email protected]>

Signed-off-by: Asra Ali <[email protected]>

Author: asraa

.github/workflows/release.yml

@@ -14,7 +14,7 @@ jobs:
     permissions:
       id-token: write # For signing.
       contents: write # For asset uploads.
-    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v0.0.1
+    uses: slsa-framework/slsa-github-generator/.github/workflows/builder_go_slsa3.yml@v1.2.0
     with:
       go-version: 1.18
       config-file: .github/config-release.yml

pkg/provenance.go

@@ -357,8 +357,9 @@ func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dss
 		}
 
 		co := &cosign.CheckOpts{
-			RootCerts:      fulcio.GetRoots(),
-			CertOidcIssuer: certOidcIssuer,
+			RootCerts:         fulcio.GetRoots(),
+			IntermediateCerts: fulcio.GetIntermediates(),
+			CertOidcIssuer:    certOidcIssuer,
 		}
 		verifier, err := cosign.ValidateAndUnpackCert(cert, co)
 		if err != nil {
@@ -376,7 +377,6 @@ func FindSigningCertificate(ctx context.Context, uuids []string, dssePayload dss
 		fmt.Fprintf(os.Stderr, "Verified against tlog entry %d\n", *entry.LogIndex)
 		return cert, nil
 	}
-
 	return nil, ErrorNoValidRekorEntries
 }