bundle: Just use email OID regardless of actual value

Apparently Fulcio does not care about the CSR subject: just claim everything is an email. https://github.com/sigstore/fulcio/blob/main/fulcio.proto#L106 Signed-off-by: Jussi Kukkonen <[email protected]>
sigstore · Oct 23, 2024 · 07cb957 · 07cb957
1 parent 912186f
commit 07cb957
Showing 1 changed file with 3 additions and 6 deletions.
diff --git a/src/bundle/sign.rs b/src/bundle/sign.rs
@@ -85,13 +85,10 @@ impl<'ctx> SigningSession<'ctx> {
         fulcio: &FulcioClient,
         token: &IdentityToken,
     ) -> SigstoreResult<(ecdsa::SigningKey<NistP256>, fulcio::CertificateResponse)> {
+        // NOTE: Currently both email and machine identities get wrapped in a "email" OID.
+        // Fulcio does not care about the content.
         let identity = match &token.identity {
-            Identity::Sub(_) => {
-                return Err(SigstoreError::IdentityTokenError(
-                    "Non-email identities are not yet supported".to_string(),
-                ))
-            }
-            Identity::Email(identity) => identity.as_str(),
+            Identity::Sub(identity) | Identity::Email(identity) => identity.as_str(),
         };
 
         let subject =