MCPcopy Index your code
hub / github.com/cli/cli / buildCertificateIdentityOption

Function buildCertificateIdentityOption

pkg/cmd/attestation/verify/policy.go:110–132  ·  view source on GitHub ↗
(c verification.EnforcementCriteria)

Source from the content-addressed store, hash-verified

108}
109
110func buildCertificateIdentityOption(c verification.EnforcementCriteria) (verify.PolicyOption, error) {
111 sanMatcher, err := verify.NewSANMatcher(c.SAN, c.SANRegex)
112 if err != nil {
113 return nil, err
114 }
115
116 // Accept any issuer, we will verify the issuer as part of the extension verification
117 issuerMatcher, err := verify.NewIssuerMatcher("", ".*")
118 if err != nil {
119 return nil, err
120 }
121
122 extensions := certificate.Extensions{
123 RunnerEnvironment: c.Certificate.RunnerEnvironment,
124 }
125
126 certId, err := verify.NewCertificateIdentity(sanMatcher, issuerMatcher, extensions)
127 if err != nil {
128 return nil, err
129 }
130
131 return verify.WithCertificateIdentity(certId), nil
132}
133
134func buildSigstoreVerifyPolicy(c verification.EnforcementCriteria, a artifact.DigestedArtifact) (verify.PolicyBuilder, error) {
135 artifactDigestPolicyOption, err := verification.BuildDigestPolicyOption(a)

Callers 1

Calls

no outgoing calls

Tested by

no test coverage detected