func validateTrustedIdentity()

in internal/verifier/verifier.go [133:175]

• 39 lines of code
• 12 McCabe index (conditional complexity)

func validateTrustedIdentity(request *plugin.VerifySignatureRequest, response *plugin.VerifySignatureResponse) error {
	signatureIdentity, err := getValueAsString(request.Signature.CriticalAttributes.ExtendedAttributes, attrSigningProfileVersion)
	if err != nil {
		return err
	}

	var trustedArns []string
	for _, identity := range request.TrustPolicy.TrustedIdentities {
		if _, ok := isSigningProfileArn(identity); ok {
			trustedArns = append(trustedArns, identity)
		}
	}

	result := &plugin.VerificationResult{
		Success: false,
		Reason:  reasonTrustedIdentityFailure,
	}

	var profileMatch bool
	for _, identity := range request.TrustPolicy.TrustedIdentities {
		if arn, ok := isSigningProfileArn(identity); ok {
			s := strings.Split(arn.Resource, "/")
			if len(s) == 3 { // if profile arn
				lastIndex := strings.LastIndex(signatureIdentity, "/")
				if lastIndex != -1 && strings.EqualFold(signatureIdentity[:lastIndex], identity) {
					profileMatch = true
				}
			} else if len(s) == 4 { // if profile version arn
				if strings.EqualFold(signatureIdentity, identity) {
					profileMatch = true
				}
			}
			if profileMatch {
				result.Success = true
				result.Reason = fmt.Sprintf(reasonTrustedIdentitySuccessFmt, identity)
				break
			}
		}
	}

	response.VerificationResults[plugin.CapabilityTrustedIdentityVerifier] = result
	return nil
}