rename to TrustedProducerID, allow muyltiple --subject-digest flags

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>

cli/slsa-verifier/verify.go

@@ -190,17 +190,18 @@ func verifyVSACmd() *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "verify-vsa [flags] subject-digest [subject-digest...]",
-		Args:  cobra.MinimumNArgs(1),
+		Args:  cobra.NoArgs,
 		Short: "Verifies SLSA VSAs for the given subject-digests [experimental]",
 		Run: func(cmd *cobra.Command, args []string) {
 			v := verify.VerifyVSACommand{
+				SubjectDigests:    &o.SubjectDigests,
 				AttestationsPath:  &o.AttestationsPath,
 				VerifierID:        &o.VerifierID,
 				ResourceUri:       &o.ResourceUri,
 				VerifiedLevels:    &o.VerifiedLevels,
 				PrintAttestations: &o.PrintAttestations,
 			}
-			if _, err := v.Exec(cmd.Context(), &args); err != nil {
+			if _, err := v.Exec(cmd.Context()); err != nil {
 				fmt.Fprintf(os.Stderr, "%s: %v\n", FAILURE, err)
 				os.Exit(1)
 			} else {

cli/slsa-verifier/verify/options.go

@@ -129,6 +129,7 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) {
 
 // VerifyVSAOptions is the top-level options for the `verifyVSA` command.
 type VerifyVSAOptions struct {
+	SubjectDigests    []string
 	AttestationsPath  string
 	VerifierID        string
 	ResourceUri       string
@@ -140,6 +141,9 @@ var _ Interface = (*VerifyVSAOptions)(nil)
 
 // AddFlags implements Interface.
 func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringArrayVar(&o.SubjectDigests, "subject-digest", []string{},
+		"the digests to be verified. Pass multiple digests by repeating the flag.")
+
 	cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "",
 		"path to a file containing the attestations")
 
@@ -155,6 +159,7 @@ func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.PrintAttestations, "print-attestations", false,
 		"[optional] print the verified attestations to stdout")
 
+	cmd.MarkFlagRequired("subject-digests")
 	cmd.MarkFlagRequired("attestations-path")
 	cmd.MarkFlagRequired("verifier-id")
 	cmd.MarkFlagRequired("resource-uri")

cli/slsa-verifier/verify/verify_vsa.go

@@ -27,6 +27,7 @@ import (
 
 // VerifyVSACommand
 type VerifyVSACommand struct {
+	SubjectDigests    *[]string
 	AttestationsPath  *string
 	VerifierID        *string
 	ResourceUri       *string
@@ -35,14 +36,14 @@ type VerifyVSACommand struct {
 }
 
 // Exec executes the verifiers.VerifyVSA
-func (c *VerifyVSACommand) Exec(ctx context.Context, expectedDigests *[]string) (*utils.TrustedAttestationProducerID, error) {
+func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID, error) {
 	if !options.ExperimentalEnabled() {
 		err := errors.New("feature support is only provided in SLSA_VERIFIER_EXPERIMENTAL mode")
 		printFailed(err)
 		return nil, err
 	}
 	vsaOpts := &options.VSAOpts{
-		ExpectedDigests:        *expectedDigests,
+		ExpectedDigests:        *c.SubjectDigests,
 		ExpectedVerifierID:     *c.VerifierID,
 		ExpectedResourceURI:    *c.ResourceUri,
 		ExpectedVerifiedLevels: *c.VerifiedLevels,
@@ -52,6 +53,8 @@ func (c *VerifyVSACommand) Exec(ctx context.Context, expectedDigests *[]string)
 		printFailed(err)
 		return nil, err
 	}
+	fmt.Println("Attestations: ", string(attestations))
+	fmt.Println("opts: ", vsaOpts)
 	verifiedProvenance, outProducerID, err := verifiers.VerifyVSA(ctx, attestations, vsaOpts)
 	if err != nil {
 		printFailed(err)

verifiers/utils/trusted_attestation_producer.go

@@ -1,6 +1,6 @@
 package utils
 
-// TrustedAttestationProducer represents an identifer that has been explicitly trusted.
-type TrustedAttestationProducerID struct {
+// TrustedAttesterID represents an identifer that has been explicitly trusted.
+type TrustedAttesterID struct {
 	name, version string
 }

verifiers/verifier.go

@@ -79,7 +79,7 @@ func VerifyNpmPackage(ctx context.Context,
 func VerifyVSA(ctx context.Context,
 	attestations []byte,
 	vsaOpts *options.VSAOpts,
-) ([]byte, *utils.TrustedAttestationProducerID, error) {
+) ([]byte, *utils.TrustedAttesterID, error) {
 	// TODO: Implement this function.
 	return nil, nil, nil
 }