in internal/verifier/verifier.go [71:104]
func (v *Verifier) Verify(ctx context.Context, request *plugin.VerifySignatureRequest) (*plugin.VerifySignatureResponse, error) {
log := logger.GetLogger(ctx)
log.Debug("validating VerifySignatureRequest")
if err := validate(request); err != nil {
log.Debugf("validate VerifySignatureRequest error :%s", err)
return nil, err
}
response := plugin.VerifySignatureResponse{
VerificationResults: make(map[plugin.Capability]*plugin.VerificationResult),
}
if slices.Contains(request.TrustPolicy.SignatureVerification, plugin.CapabilityTrustedIdentityVerifier) {
log.Debug("validating trusted identity")
if err := validateTrustedIdentity(request, &response); err != nil {
log.Debugf("validate trusted identity error :%v", err)
return nil, err
}
log.Debugf("verification response: %+v\n", response)
}
if slices.Contains(request.TrustPolicy.SignatureVerification, plugin.CapabilityRevocationCheckVerifier) {
log.Debug("validating revocation status")
if err := v.validateRevocation(ctx, request, &response); err != nil {
log.Debugf("validate revocation status error :%v", err)
return nil, err
}
log.Debugf("verification response: %+v\n", response)
}
// marking both signing-job ARN and signing-profile-version arn as processed attributes here because the plugin should
// return both of them as processed even if the revocation call was skipped
response.ProcessedAttributes = slices.AppendIfNotPresent(response.ProcessedAttributes, attrSigningProfileVersion)
response.ProcessedAttributes = slices.AppendIfNotPresent(response.ProcessedAttributes, attrSigningJob)
return &response, nil
}