From 3a166f1fafb58c3579367f37763f8c4c6ce97a03 Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Thu, 28 Oct 2021 10:58:55 -0700
Subject: [PATCH] handle Critical and critical in Cosign response payload

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---
 pkg/cosign/cosign.go | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/pkg/cosign/cosign.go b/pkg/cosign/cosign.go
index 6bf1d54426..dfa3c8d283 100644
--- a/pkg/cosign/cosign.go
+++ b/pkg/cosign/cosign.go
@@ -261,7 +261,7 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
 
 		log.V(4).Info("image verification response", "image", imgRef, "payload", jsonMap)
 
-		// The cosign response is in the JSON format:
+		// The expected response is in the JSON format:
 		// {
 		//   "critical": {
 		// 	   "identity": {
@@ -274,7 +274,19 @@ func extractDigest(imgRef string, verified []cosign.SignedPayload, log logr.Logg
 		//    },
 		//    "optional": null
 		// }
-		critical := jsonMap["critical"].(map[string]interface{})
+
+		// some versions of Cosign seem to return "Critical" instead of "critical".
+		// check for both...
+		var critical map[string]interface{}
+		if jsonMap["critical"] != nil {
+			critical = jsonMap["critical"].(map[string]interface{})
+		} else if jsonMap["Critical"] != nil {
+			critical = jsonMap["Critical"].(map[string]interface{})
+		} else {
+			log.Info("unexpected image verification payload", "image", imgRef, "payload", jsonMap)
+			continue
+		}
+
 		if critical != nil {
 			typeStr := critical["type"].(string)
 			if typeStr == "cosign container image signature" {