From b90ede0bdecb476bf94148f73a429be013552e82 Mon Sep 17 00:00:00 2001
From: Ramon Petgrave <ramon.petgrave64@gmail.com>
Date: Fri, 14 Jun 2024 18:15:25 +0000
Subject: [PATCH] rename to TrustedProducerID, allow muyltiple --subject-digest
 flags

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
---
 cli/slsa-verifier/verify.go                     | 5 +++--
 cli/slsa-verifier/verify/options.go             | 5 +++++
 cli/slsa-verifier/verify/verify_vsa.go          | 7 +++++--
 verifiers/utils/trusted_attestation_producer.go | 4 ++--
 verifiers/verifier.go                           | 2 +-
 5 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/cli/slsa-verifier/verify.go b/cli/slsa-verifier/verify.go
index 5efaf11..1f372b1 100644
--- a/cli/slsa-verifier/verify.go
+++ b/cli/slsa-verifier/verify.go
@@ -190,17 +190,18 @@ func verifyVSACmd() *cobra.Command {
 
 	cmd := &cobra.Command{
 		Use:   "verify-vsa [flags] subject-digest [subject-digest...]",
-		Args:  cobra.MinimumNArgs(1),
+		Args:  cobra.NoArgs,
 		Short: "Verifies SLSA VSAs for the given subject-digests [experimental]",
 		Run: func(cmd *cobra.Command, args []string) {
 			v := verify.VerifyVSACommand{
+				SubjectDigests:    &o.SubjectDigests,
 				AttestationsPath:  &o.AttestationsPath,
 				VerifierID:        &o.VerifierID,
 				ResourceUri:       &o.ResourceUri,
 				VerifiedLevels:    &o.VerifiedLevels,
 				PrintAttestations: &o.PrintAttestations,
 			}
-			if _, err := v.Exec(cmd.Context(), &args); err != nil {
+			if _, err := v.Exec(cmd.Context()); err != nil {
 				fmt.Fprintf(os.Stderr, "%s: %v\n", FAILURE, err)
 				os.Exit(1)
 			} else {
diff --git a/cli/slsa-verifier/verify/options.go b/cli/slsa-verifier/verify/options.go
index 55e4857..1350fad 100644
--- a/cli/slsa-verifier/verify/options.go
+++ b/cli/slsa-verifier/verify/options.go
@@ -129,6 +129,7 @@ func (o *VerifyNpmOptions) AddFlags(cmd *cobra.Command) {
 
 // VerifyVSAOptions is the top-level options for the `verifyVSA` command.
 type VerifyVSAOptions struct {
+	SubjectDigests    []string
 	AttestationsPath  string
 	VerifierID        string
 	ResourceUri       string
@@ -140,6 +141,9 @@ var _ Interface = (*VerifyVSAOptions)(nil)
 
 // AddFlags implements Interface.
 func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) {
+	cmd.Flags().StringArrayVar(&o.SubjectDigests, "subject-digest", []string{},
+		"the digests to be verified. Pass multiple digests by repeating the flag.")
+
 	cmd.Flags().StringVar(&o.AttestationsPath, "attestations-path", "",
 		"path to a file containing the attestations")
 
@@ -155,6 +159,7 @@ func (o *VerifyVSAOptions) AddFlags(cmd *cobra.Command) {
 	cmd.Flags().BoolVar(&o.PrintAttestations, "print-attestations", false,
 		"[optional] print the verified attestations to stdout")
 
+	cmd.MarkFlagRequired("subject-digests")
 	cmd.MarkFlagRequired("attestations-path")
 	cmd.MarkFlagRequired("verifier-id")
 	cmd.MarkFlagRequired("resource-uri")
diff --git a/cli/slsa-verifier/verify/verify_vsa.go b/cli/slsa-verifier/verify/verify_vsa.go
index 19c1194..9524299 100644
--- a/cli/slsa-verifier/verify/verify_vsa.go
+++ b/cli/slsa-verifier/verify/verify_vsa.go
@@ -27,6 +27,7 @@ import (
 
 // VerifyVSACommand
 type VerifyVSACommand struct {
+	SubjectDigests    *[]string
 	AttestationsPath  *string
 	VerifierID        *string
 	ResourceUri       *string
@@ -35,14 +36,14 @@ type VerifyVSACommand struct {
 }
 
 // Exec executes the verifiers.VerifyVSA
-func (c *VerifyVSACommand) Exec(ctx context.Context, expectedDigests *[]string) (*utils.TrustedAttestationProducerID, error) {
+func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID, error) {
 	if !options.ExperimentalEnabled() {
 		err := errors.New("feature support is only provided in SLSA_VERIFIER_EXPERIMENTAL mode")
 		printFailed(err)
 		return nil, err
 	}
 	vsaOpts := &options.VSAOpts{
-		ExpectedDigests:        *expectedDigests,
+		ExpectedDigests:        *c.SubjectDigests,
 		ExpectedVerifierID:     *c.VerifierID,
 		ExpectedResourceURI:    *c.ResourceUri,
 		ExpectedVerifiedLevels: *c.VerifiedLevels,
@@ -52,6 +53,8 @@ func (c *VerifyVSACommand) Exec(ctx context.Context, expectedDigests *[]string)
 		printFailed(err)
 		return nil, err
 	}
+	fmt.Println("Attestations: ", string(attestations))
+	fmt.Println("opts: ", vsaOpts)
 	verifiedProvenance, outProducerID, err := verifiers.VerifyVSA(ctx, attestations, vsaOpts)
 	if err != nil {
 		printFailed(err)
diff --git a/verifiers/utils/trusted_attestation_producer.go b/verifiers/utils/trusted_attestation_producer.go
index a4a7978..8bd262d 100644
--- a/verifiers/utils/trusted_attestation_producer.go
+++ b/verifiers/utils/trusted_attestation_producer.go
@@ -1,6 +1,6 @@
 package utils
 
-// TrustedAttestationProducer represents an identifer that has been explicitly trusted.
-type TrustedAttestationProducerID struct {
+// TrustedAttesterID represents an identifer that has been explicitly trusted.
+type TrustedAttesterID struct {
 	name, version string
 }
diff --git a/verifiers/verifier.go b/verifiers/verifier.go
index 9a1dd78..d7d6cad 100644
--- a/verifiers/verifier.go
+++ b/verifiers/verifier.go
@@ -79,7 +79,7 @@ func VerifyNpmPackage(ctx context.Context,
 func VerifyVSA(ctx context.Context,
 	attestations []byte,
 	vsaOpts *options.VSAOpts,
-) ([]byte, *utils.TrustedAttestationProducerID, error) {
+) ([]byte, *utils.TrustedAttesterID, error) {
 	// TODO: Implement this function.
 	return nil, nil, nil
 }