func validate()

in internal/verifier/verifier.go [106:131]

• 21 lines of code
• 7 McCabe index (conditional complexity)

func validate(req *plugin.VerifySignatureRequest) error {
	if req.ContractVersion != plugin.ContractVersion {
		return plugin.NewUnsupportedContractVersionError(req.ContractVersion)
	}

	if slices.Contains(req.TrustPolicy.TrustedIdentities, wildcardIdentity) {
		return plugin.NewValidationError(errMsgWildcardIdentity)
	}

	for _, value := range req.TrustPolicy.SignatureVerification {
		if !pluginCapabilitySupported(value) {
			return plugin.NewValidationErrorf("'%s' is not a supported plugin capability", value)
		}
	}

	critcAttr := req.Signature.CriticalAttributes
	if critcAttr.AuthenticSigningTime.IsZero() {
		return plugin.NewValidationError("missing authenticSigningTime")
	}

	if !strings.EqualFold(critcAttr.SigningScheme, signingSchemeAuthority) {
		return plugin.NewUnsupportedError(fmt.Sprintf("'%s' signing scheme", req.Signature.CriticalAttributes.SigningScheme))
	}

	return nil
}