feat!: refresh PSA templates and CBOR fixtures

Updated PSA reference value templates in CoMID and CoRIM to align with the latest specifications. Regenerated CBOR test fixtures and bumped the CoRIM dependency version.

All templates and fixtures now reflect the updated PSA profile structure.

BREAKING CHANGE: PSA reference value CBOR files generated with previous CoRIM versions are no longer compatible. Applications must regenerate CBOR payloads using the updated templates.

Signed-off-by: Abhishek kumar <abhirajabhi312@gmail.com>

Author: abhiraj-ku

.github/workflows/ci-go-cover.yml

@@ -31,7 +31,7 @@ jobs:
       uses: actions/checkout@v2
     - name: Install mockgen
       run: |
-        go install github.com/golang/mock/mockgen@v1.5.0
+        go install go.uber.org/mock/mockgen@v0.6.0
     - name: Go Coverage
       run: |
         go version

.github/workflows/ci.yml

@@ -21,7 +21,7 @@ jobs:
         fetch-depth: 1
     - name: Install mockgen
       run: |
-        go install github.com/golang/mock/mockgen@v1.5.0
+        go install go.uber.org/mock/mockgen@v0.6.0
     - name: Build project
       run: go build ./...
     - name: Run tests

.github/workflows/linters.yml

@@ -19,6 +19,6 @@ jobs:
         curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin v2.1.6
     - name: Install mockgen
       run: |
-        go install github.com/golang/mock/mockgen@v1.5.0
+        go install go.uber.org/mock/mockgen@v0.6.0
     - name: Run required linters in .golangci.yml plus hard-coded ones here
       run: make lint

README.md

@@ -556,9 +556,9 @@ Further, it is required to supply the media type of the content via the
 `--media-type` switch (abbrev. `-m`)
 ```
 $ cocli corim submit \
-    --corim-file data/corim/unsigned-corim.cbor \
-    --api-server "https://veraison.example/endorsement-provisioning/v1/submit" \
-    --media-type "application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1"
+  --corim-file data/corim/unsigned-corim.cbor \
+  --api-server "https://veraison.example/endorsement-provisioning/v1/submit" \
+  --media-type "application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0"
 
 >> "unsigned-corim.cbor" submit ok
 ```

cmd/comidCreate_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2025 Contributors to the Veraison project.
+// Copyright 2021-2026 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -9,7 +9,6 @@ import (
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/veraison/corim/comid"
 	"github.com/veraison/corim/profiles/tdx"
 )
 
@@ -87,7 +86,7 @@ func Test_ComidCreateCmd_template_from_file_to_default_dir(t *testing.T) {
 	cmd := NewComidCreateCmd()
 
 	fs = afero.NewMemMapFs()
-	err = afero.WriteFile(fs, "ok.json", []byte(comid.PSARefValJSONTemplate), 0644)
+	err = afero.WriteFile(fs, "ok.json", testComidTemplate, 0644)
 	require.NoError(t, err)
 
 	args := []string{
@@ -110,7 +109,7 @@ func Test_ComidCreateCmd_template_from_dir_to_custom_dir(t *testing.T) {
 	cmd := NewComidCreateCmd()
 
 	fs = afero.NewMemMapFs()
-	err = afero.WriteFile(fs, "testdir/ok.json", []byte(comid.PSARefValJSONTemplate), 0644)
+	err = afero.WriteFile(fs, "testdir/ok.json", testComidTemplate, 0644)
 	require.NoError(t, err)
 
 	args := []string{

cmd/corimSubmit.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2024 Contributors to the Veraison project.
+// Copyright 2021-2026 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -36,14 +36,14 @@ func NewCorimSubmitCmd(submitter ISubmitter) *cobra.Command {
 		Long: `submit a CBOR-encoded CoRIM payload with supplied media type to the given API Server
 
 	To submit the CBOR-encoded CoRIM from file "unsigned-corim.cbor" with media type
-	"application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1" to the Veraison
+	"application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0" to the Veraison
 	provisioning API endpoint "https://veraison.example/endorsement-provisioning/v1", do:
 
 
 	cocli corim submit \
 			--corim-file=unsigned-corim.cbor \
 			--api-server="https://veraison.example/endorsement-provisioning/v1/submit" \
-			--media-type="application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1"
+			--media-type="application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0"
 	`,
 
 		RunE: func(cmd *cobra.Command, args []string) error {

cmd/corimSubmit_test.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2024 Contributors to the Veraison project.
+// Copyright 2021-2026 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -7,11 +7,11 @@ import (
 	"errors"
 	"testing"
 
-	"github.com/golang/mock/gomock"
 	"github.com/spf13/afero"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	mock_deps "github.com/veraison/cocli/cmd/mocks"
+	"go.uber.org/mock/gomock"
 )
 
 func Test_CorimSubmitCmd_bad_server_url(t *testing.T) {
@@ -24,7 +24,7 @@ func Test_CorimSubmitCmd_bad_server_url(t *testing.T) {
 	args := []string{
 		"--corim-file=corim.cbor",
 		"--api-server=http://www.example.com:80index",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -45,7 +45,7 @@ func Test_CorimSubmitCmd_missing_server_url(t *testing.T) {
 
 	args := []string{
 		"--corim-file=corim.cbor",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -90,7 +90,7 @@ func Test_CorimSubmitCmd_missing_corim_file(t *testing.T) {
 	args := []string{
 		"--corim-file=",
 		"--api-server=http://www.example.com:8080",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -109,7 +109,7 @@ func Test_CorimSubmitCmd_non_existent_corim_file(t *testing.T) {
 	args := []string{
 		"--corim-file=bad.cbor",
 		"--api-server=http://www.example.com:8080",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -127,7 +127,7 @@ func Test_CorimSubmitCmd_submit_ok(t *testing.T) {
 	args := []string{
 		"--corim-file=corim.cbor",
 		"--api-server=http://veraison.example/endorsement-provisioning/v1/submit",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -139,7 +139,7 @@ func Test_CorimSubmitCmd_submit_ok(t *testing.T) {
 	ms.EXPECT().SetIsInsecure(false)
 	ms.EXPECT().SetCerts([]string{})
 	ms.EXPECT().SetDeleteSession(true)
-	ms.EXPECT().Run(testSignedCorimValid, "application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1").Return(nil)
+	ms.EXPECT().Run(testSignedCorimValid, "application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0").Return(nil)
 	err = cmd.Execute()
 	assert.NoError(t, err)
 }
@@ -154,7 +154,7 @@ func Test_CorimSubmitCmd_submit_not_ok(t *testing.T) {
 	args := []string{
 		"--corim-file=corim.cbor",
 		"--api-server=http://veraison.example/endorsement-provisioning/v1/submit",
-		"--media-type=application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1",
+		"--media-type=application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0",
 	}
 	cmd.SetArgs(args)
 
@@ -168,7 +168,7 @@ func Test_CorimSubmitCmd_submit_not_ok(t *testing.T) {
 	ms.EXPECT().SetDeleteSession(true)
 	err = errors.New(`unexpected HTTP response code 404`)
 
-	ms.EXPECT().Run(testSignedCorimValid, "application/corim-unsigned+cbor; profile=http://arm.com/psa/iot/1").Return(err)
+	ms.EXPECT().Run(testSignedCorimValid, "application/corim-unsigned+cbor; profile=tag:arm.com,2025:psa#1.0.0").Return(err)
 	err = cmd.Execute()
 	assert.EqualError(t, err, "submit CoRIM payload failed reason: run failed: unexpected HTTP response code 404")
 }

cmd/test_vars.go

@@ -1,4 +1,4 @@
-// Copyright 2021-2025 Contributors to the Veraison project.
+// Copyright 2021-2026 Contributors to the Veraison project.
 // SPDX-License-Identifier: Apache-2.0
 
 package cmd
@@ -13,6 +13,9 @@ var (
 	minimalCorimTemplate = []byte(`{
 		"corim-id": "5c57e8f4-46cd-421b-91c9-08cf93e13cfc"
 	}`)
+
+	//go:embed testcases/test-comid.json
+	testComidTemplate []byte
 	badCBOR = comid.MustHexDecode(nil, "ffff")
 	// a "tag-id only" CoMID {1: {0: h'366D0A0A598845ED84882F2A544F6242'}}
 	invalidComid = comid.MustHexDecode(nil,