(c verification.EnforcementCriteria)
| 108 | } |
| 109 | |
| 110 | func buildCertificateIdentityOption(c verification.EnforcementCriteria) (verify.PolicyOption, error) { |
| 111 | sanMatcher, err := verify.NewSANMatcher(c.SAN, c.SANRegex) |
| 112 | if err != nil { |
| 113 | return nil, err |
| 114 | } |
| 115 | |
| 116 | // Accept any issuer, we will verify the issuer as part of the extension verification |
| 117 | issuerMatcher, err := verify.NewIssuerMatcher("", ".*") |
| 118 | if err != nil { |
| 119 | return nil, err |
| 120 | } |
| 121 | |
| 122 | extensions := certificate.Extensions{ |
| 123 | RunnerEnvironment: c.Certificate.RunnerEnvironment, |
| 124 | } |
| 125 | |
| 126 | certId, err := verify.NewCertificateIdentity(sanMatcher, issuerMatcher, extensions) |
| 127 | if err != nil { |
| 128 | return nil, err |
| 129 | } |
| 130 | |
| 131 | return verify.WithCertificateIdentity(certId), nil |
| 132 | } |
| 133 | |
| 134 | func buildSigstoreVerifyPolicy(c verification.EnforcementCriteria, a artifact.DigestedArtifact) (verify.PolicyBuilder, error) { |
| 135 | artifactDigestPolicyOption, err := verification.BuildDigestPolicyOption(a) |
no outgoing calls
no test coverage detected