incorporated review comments

Mukuls77 · Mukuls77 · commit 8743a71072bd · 2024-01-20T10:57:11.000+05:30
Signed-off-by: Mukuls77 &lt;mukul.sharma77@gmail.com&gt;
diff --git a/pkg/cosign/verify.go b/pkg/cosign/verify.go
@@ -216,8 +216,9 @@ func verifyOCISignature(ctx context.Context, verifier signature.Verifier, sig pa
 	return verifier.VerifySignature(bytes.NewReader(signature), bytes.NewReader(payload), options.WithContext(ctx))
 }
 
-// ValidateAndUnpackCert calls ValidateAndUnpackCertWithIntermediates() by passing intermediate
-// certs from checkOpts as separate argument
+// ValidateAndUnpackCert creates a Verifier from a certificate. Verifies that the
+// certificate chains up to a trusted root using intermediate certificate chain coming from CheckOpts.
+// Optionally verifies the subject and issuer of the certificate.
 func ValidateAndUnpackCert(cert *x509.Certificate, co *CheckOpts) (signature.Verifier, error) {
 	return ValidateAndUnpackCertWithIntermediates(cert, co, co.IntermediateCerts)
 }
@@ -246,9 +247,6 @@ func ValidateAndUnpackCertWithIntermediates(cert *x509.Certificate, co *CheckOpt
 	}
 
 	// Now verify the cert, then the signature.
-	if intermediateCerts == nil {
-		intermediateCerts = co.IntermediateCerts
-	}
 	chains, err := TrustedCert(cert, co.RootCerts, intermediateCerts)
 
 	if err != nil {
@@ -742,6 +740,10 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash,
 				}
 			}
 		}
+		// In case pool is not set than set it from co.IntermediateCerts
+		if pool == nil {
+			pool = co.IntermediateCerts
+		}
 		verifier, err = ValidateAndUnpackCertWithIntermediates(cert, co, pool)
 		if err != nil {
 			return false, err

Original file line number	Diff line number	Diff line change
`@@ -216,8 +216,9 @@ func verifyOCISignature(ctx context.Context, verifier signature.Verifier, sig pa`
`216`	`216`	`return verifier.VerifySignature(bytes.NewReader(signature), bytes.NewReader(payload), options.WithContext(ctx))`
`217`	`217`	`}`
`218`	`218`
`219`		`-// ValidateAndUnpackCert calls ValidateAndUnpackCertWithIntermediates() by passing intermediate`
`220`		`-// certs from checkOpts as separate argument`
	`219`	`+// ValidateAndUnpackCert creates a Verifier from a certificate. Verifies that the`
	`220`	`+// certificate chains up to a trusted root using intermediate certificate chain coming from CheckOpts.`
	`221`	`+// Optionally verifies the subject and issuer of the certificate.`
`221`	`222`	`func ValidateAndUnpackCert(cert x509.Certificate, co CheckOpts) (signature.Verifier, error) {`
`222`	`223`	`return ValidateAndUnpackCertWithIntermediates(cert, co, co.IntermediateCerts)`
`223`	`224`	`}`
`@@ -246,9 +247,6 @@ func ValidateAndUnpackCertWithIntermediates(cert x509.Certificate, co CheckOpt`
`246`	`247`	`}`
`247`	`248`
`248`	`249`	`// Now verify the cert, then the signature.`
`249`		`- if intermediateCerts == nil {`
`250`		`- intermediateCerts = co.IntermediateCerts`
`251`		`- }`
`252`	`250`	`chains, err := TrustedCert(cert, co.RootCerts, intermediateCerts)`
`253`	`251`
`254`	`252`	`if err != nil {`
`@@ -742,6 +740,10 @@ func verifyInternal(ctx context.Context, sig oci.Signature, h v1.Hash,`
`742`	`740`	`}`
`743`	`741`	`}`
`744`	`742`	`}`
	`743`	`+ // In case pool is not set than set it from co.IntermediateCerts`
	`744`	`+ if pool == nil {`
	`745`	`+ pool = co.IntermediateCerts`
	`746`	`+ }`
`745`	`747`	`verifier, err = ValidateAndUnpackCertWithIntermediates(cert, co, pool)`
`746`	`748`	`if err != nil {`
`747`	`749`	`return false, err`