MCPcopy Index your code
hub / github.com/cli/cli / buildVerificationPolicy

Function buildVerificationPolicy

pkg/cmd/release/shared/attestation.go:102–114  ·  view source on GitHub ↗

buildVerificationPolicy constructs a verification policy for GitHub releases

(a artifact.DigestedArtifact, trustDomain string)

Source from the content-addressed store, hash-verified

100
101// buildVerificationPolicy constructs a verification policy for GitHub releases
102func buildVerificationPolicy(a artifact.DigestedArtifact, trustDomain string) verify.PolicyBuilder {
103 // If no trust domain is specified, default to "dotcom"
104 if trustDomain == "" {
105 trustDomain = "dotcom"
106 }
107 // SAN must match the GitHub releases domain. No issuer extension (match anything)
108 sanMatcher, _ := verify.NewSANMatcher("", fmt.Sprintf("^https://%s\\.releases\\.github\\.com$", trustDomain))
109 issuerMatcher, _ := verify.NewIssuerMatcher("", ".*")
110 certId, _ := verify.NewCertificateIdentity(sanMatcher, issuerMatcher, certificate.Extensions{})
111
112 artifactDigestPolicyOption, _ := verification.BuildDigestPolicyOption(a)
113 return verify.NewPolicy(artifactDigestPolicyOption, verify.WithCertificateIdentity(certId))
114}
115
116type MockVerifier struct {
117 mockResult *verification.AttestationProcessingResult

Callers 1

VerifyAttestationMethod · 0.85

Calls 1

BuildDigestPolicyOptionFunction · 0.92

Tested by

no test coverage detected