incorporated review comments

Signed-off-by: Mukuls77 <mukul.sharma77@gmail.com>

test/e2e_test_attach.sh

@@ -14,6 +14,12 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+# This test case test two scenarios
+# scenario 1: Attach a single signature with certificate and certificate chain to an artifact
+# and verify it using root certificate
+# scenario 2: Attaches second signature with diffrent certificate and certificate chain to same
+# artifact and verify it using both root certificates separately 
+
 set -ex
 
 go build -o cosign ./cmd/cosign
@@ -48,35 +54,42 @@ IMAGE_URI_DIGEST=$IMAGE_URI@$SRC_DIGEST
 ## Generate
 ./cosign generate $IMAGE_URI_DIGEST > payload.json
 
-## Sign with Leafcert Private Key
+## Scenario 1 Starts
+
+## Sign with First Leafcert Private Key
 openssl dgst -sha256 -sign ./private_key -out payload.sig payload.json
 cat payload.sig | base64 > payloadbase64.sig
-openssl dgst -sha256 -sign ./secondprivate_key -out secondpayload.sig payload.json
-cat secondpayload.sig | base64 > secondpayloadbase64.sig
-
 
 SIGNATURE=$(cat payloadbase64.sig | base64)
 echo "Signature: $SIGNATURE"
-SIGNATURE2=$(cat secondpayloadbase64.sig | base64)
-echo "Second Signature: $SIGNATURE2"
 
 PAYLOAD=$(cat payload.json)
 echo "Payload: $PAYLOAD"
 
-
-
 ## Attach Signature, payload, cert and cert-chain
 ./cosign attach signature --signature ./payloadbase64.sig --payload ./payload.json --cert ./leafcert.pem --cert-chain ./certchain.pem $IMAGE_URI_DIGEST
-./cosign attach signature --signature ./secondpayloadbase64.sig --payload ./payload.json --cert ./secondleafcert.pem --cert-chain ./secondcertchain.pem $IMAGE_URI_DIGEST
-
 
 ## confirm manifest conatins annotation for cert and cert chain
 crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "application/vnd.oci.image.config.v1+json"
 crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "dev.sigstore.cosign/certificate"
 crane manifest $(./cosign triangulate $IMAGE_URI_DIGEST) | grep -q "dev.sigstore.cosign/chain"
 
-## Verify Signature, payload, cert and cert-chain using Root certificate only
+## Verify Signature, payload, cert and cert-chain using Root certificate only 
+./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./rootcert.pem
+
+## Scenario 2 Starts
+
+## Sign with Leafcert Private Key
+openssl dgst -sha256 -sign ./secondprivate_key -out secondpayload.sig payload.json
+cat secondpayload.sig | base64 > secondpayloadbase64.sig
+
+SIGNATURE2=$(cat secondpayloadbase64.sig | base64)
+echo "Second Signature: $SIGNATURE2"
+
+## Attach Second Signature, payload, cert and cert-chain
+./cosign attach signature --signature ./secondpayloadbase64.sig --payload ./payload.json --cert ./secondleafcert.pem --cert-chain ./secondcertchain.pem $IMAGE_URI_DIGEST
 
+## Verify Signature, payload, cert and cert-chain using Root certificate only 
 ./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./rootcert.pem
 
 ./cosign verify $IMAGE_URI_DIGEST --insecure-ignore-sct --insecure-ignore-tlog --certificate-identity-regexp '.*' --certificate-oidc-issuer-regexp '.*' --cert-chain=./secondrootcert.pem