Skip to content
This repository has been archived by the owner on Apr 9, 2024. It is now read-only.

Commit

Permalink
Add skeleton for a metadata verifier
Browse files Browse the repository at this point in the history
  • Loading branch information
rbehjati committed Apr 14, 2022
1 parent 3752841 commit b4a790c
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 1 deletion.
3 changes: 2 additions & 1 deletion experimental/auth-logic/wrappers/provenance_build_wrapper.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,8 @@ func (pbw ProvenanceBuildWrapper) EmitStatement() (UnattributedStatement, error)
}

sanitizedAppName := SanitizeName(provenance.Subject[0].Name)
verifier := verify.ReproducibleProvenanceVerifier{}
// TODO(#69): Set the verifier as a field in pbw, and use that here.
verifier := verify.AmberProvenanceMetadataVerifier{}
if err := verifier.Verify(pbw.ProvenanceFilePath); err != nil {
return UnattributedStatement{}, fmt.Errorf("verification of the provenance file failed: %v", err)
}
Expand Down
25 changes: 25 additions & 0 deletions verify/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -83,3 +83,28 @@ func (verifier *ReproducibleProvenanceVerifier) Verify(provenanceFilePath string

return nil
}

// AmberProvenanceMetadataVerifier verifies Amber provenances by comparing the
// content of the provenance predicate against a given set of expected values.
type AmberProvenanceMetadataVerifier struct {
// TODO(#69): Add metadata fields.
}

// Verify verifies a given Amber provenance file by checking its content
// against the expected values specified in this
// AmberProvenanceMetadataVerifier instance. Returns an error if any of the
// values is not as expected. Otherwise returns nil, indicating success.
func (verifier *AmberProvenanceMetadataVerifier) Verify(provenanceFilePath string) error {
provenance, err := slsa.ParseProvenanceFile(provenanceFilePath)
if err != nil {
return fmt.Errorf("couldn't load the provenance file from %s: %v", provenanceFilePath, err)
}

if provenance.Predicate.BuildType != common.AmberBuildTypeV1 {
return fmt.Errorf("incorrect BuildType: got %s, want %v", provenance.Predicate.BuildType, common.AmberBuildTypeV1)
}

// TODO(#69): Check metadata against the expected values.

return nil
}

0 comments on commit b4a790c

Please sign in to comment.