minor fix
This commit is contained in:
ejahnGithub
parent
e21e5ef5c5
commit
580ddf6997
2 changed files with 11 additions and 13 deletions
|
|
@ -7,15 +7,16 @@ import (
|
|||
|
||||
func VerifyCertExtensions(results []*AttestationProcessingResult, owner string, repo string) error {
|
||||
for _, attestation := range results {
|
||||
if owner != "" {
|
||||
expectedSourceRepositoryOwnerURI := fmt.Sprintf("https://github.com/%s", owner)
|
||||
sourceRepositoryOwnerURI := attestation.VerificationResult.Signature.Certificate.Extensions.SourceRepositoryOwnerURI
|
||||
if sourceRepositoryOwnerURI != "" && !strings.EqualFold(expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI) {
|
||||
return fmt.Errorf("expected SourceRepositoryOwnerURI to be %s, got %s", expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI)
|
||||
}
|
||||
// TODO: handle proxima prefix
|
||||
expectedSourceRepositoryOwnerURI := fmt.Sprintf("https://github.com/%s", owner)
|
||||
sourceRepositoryOwnerURI := attestation.VerificationResult.Signature.Certificate.Extensions.SourceRepositoryOwnerURI
|
||||
if sourceRepositoryOwnerURI != "" && !strings.EqualFold(expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI) {
|
||||
return fmt.Errorf("expected SourceRepositoryOwnerURI to be %s, got %s", expectedSourceRepositoryOwnerURI, sourceRepositoryOwnerURI)
|
||||
}
|
||||
|
||||
// if repo is set, check the SourceRepositoryURI field
|
||||
if repo != "" {
|
||||
// TODO: handle proxima prefix
|
||||
expectedSourceRepositoryURI := fmt.Sprintf("https://github.com/%s", repo)
|
||||
sourceRepositoryURI := attestation.VerificationResult.Signature.Certificate.Extensions.SourceRepositoryURI
|
||||
if sourceRepositoryURI != "" && !strings.EqualFold(expectedSourceRepositoryURI, sourceRepositoryURI) {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ const (
|
|||
)
|
||||
|
||||
func expandToGitHubURL(ownerOrRepo string) string {
|
||||
// TODO: handle proxima prefix
|
||||
return fmt.Sprintf("(?i)^https://github.com/%s/", ownerOrRepo)
|
||||
}
|
||||
|
||||
|
|
@ -42,12 +43,6 @@ func buildSANMatcher(opts *Options) (verify.SubjectAlternativeNameMatcher, error
|
|||
return verify.SubjectAlternativeNameMatcher{}, nil
|
||||
}
|
||||
|
||||
func buildCertExtensions(runnerEnv string) certificate.Extensions {
|
||||
return certificate.Extensions{
|
||||
RunnerEnvironment: runnerEnv,
|
||||
}
|
||||
}
|
||||
|
||||
func buildCertificateIdentityOption(opts *Options, runnerEnv string) (verify.PolicyOption, error) {
|
||||
sanMatcher, err := buildSANMatcher(opts)
|
||||
if err != nil {
|
||||
|
|
@ -59,7 +54,9 @@ func buildCertificateIdentityOption(opts *Options, runnerEnv string) (verify.Pol
|
|||
return nil, err
|
||||
}
|
||||
|
||||
extensions := buildCertExtensions(runnerEnv)
|
||||
extensions := certificate.Extensions{
|
||||
RunnerEnvironment: runnerEnv,
|
||||
}
|
||||
|
||||
certId, err := verify.NewCertificateIdentity(sanMatcher, issuerMatcher, extensions)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue