| 262 | } |
| 263 | |
| 264 | func runVerify(opts *Options) error { |
| 265 | ec, err := newEnforcementCriteria(opts) |
| 266 | if err != nil { |
| 267 | opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to build verification policy")) |
| 268 | return err |
| 269 | } |
| 270 | |
| 271 | if err := ec.Valid(); err != nil { |
| 272 | opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Invalid verification policy")) |
| 273 | return err |
| 274 | } |
| 275 | |
| 276 | artifact, err := artifact.NewDigestedArtifact(opts.OCIClient, opts.ArtifactPath, opts.DigestAlgorithm) |
| 277 | if err != nil { |
| 278 | opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ Loading digest for %s failed\n"), opts.ArtifactPath) |
| 279 | return err |
| 280 | } |
| 281 | |
| 282 | opts.Logger.Printf("Loaded digest %s for %s\n", artifact.DigestWithAlg(), artifact.URL) |
| 283 | |
| 284 | attestations, logMsg, err := getAttestations(opts, *artifact) |
| 285 | if err != nil { |
| 286 | if ok := errors.Is(err, api.ErrNoAttestationsFound); ok { |
| 287 | opts.Logger.Printf(opts.Logger.ColorScheme.Red("✗ No attestations found for subject %s\n"), artifact.DigestWithAlg()) |
| 288 | return err |
| 289 | } |
| 290 | // Print the message signifying failure fetching attestations |
| 291 | opts.Logger.Println(opts.Logger.ColorScheme.Red(logMsg)) |
| 292 | return err |
| 293 | } |
| 294 | // Print the message signifying success fetching attestations |
| 295 | opts.Logger.Println(logMsg) |
| 296 | |
| 297 | // print information about the policy that will be enforced against attestations |
| 298 | opts.Logger.Println("\nThe following policy criteria will be enforced:") |
| 299 | opts.Logger.Println(ec.BuildPolicyInformation()) |
| 300 | |
| 301 | verified, errMsg, err := verifyAttestations(*artifact, attestations, opts.SigstoreVerifier, ec) |
| 302 | if err != nil { |
| 303 | opts.Logger.Println(opts.Logger.ColorScheme.Red(errMsg)) |
| 304 | return err |
| 305 | } |
| 306 | |
| 307 | opts.Logger.Println(opts.Logger.ColorScheme.Green("✓ Verification succeeded!\n")) |
| 308 | |
| 309 | // If an exporter is provided with the --json flag, write the results to the terminal in JSON format |
| 310 | if opts.exporter != nil { |
| 311 | // print the results to the terminal as an array of JSON objects |
| 312 | if err = opts.exporter.Write(opts.Logger.IO, verified); err != nil { |
| 313 | opts.Logger.Println(opts.Logger.ColorScheme.Red("✗ Failed to write JSON output")) |
| 314 | return err |
| 315 | } |
| 316 | return nil |
| 317 | } |
| 318 | |
| 319 | opts.Logger.Printf("The following %s matched the policy criteria\n\n", text.Pluralize(len(verified), "attestation")) |
| 320 | |
| 321 | // Otherwise print the results to the terminal |