use pointers

Signed-off-by: Ramon Petgrave <ramon.petgrave64@gmail.com>
2026-05-17 05:56:37 +00:00 · 2024-06-20 18:03:48 +00:00
parent 5636d0a832
commit fec61b1f27
3 changed files with 20 additions and 20 deletions
--- a/cli/slsa-verifier/verify/verify_vsa.go
+++ b/cli/slsa-verifier/verify/verify_vsa.go
@@ -56,10 +56,10 @@ func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID,
 		return nil, err
 	}
 	vsaOpts := &options.VSAOpts{
-		ExpectedDigests:        *c.SubjectDigests,
-		ExpectedVerifierID:     *c.VerifierID,
-		ExpectedResourceURI:    *c.ResourceURI,
-		ExpectedVerifiedLevels: *c.VerifiedLevels,
+		ExpectedDigests:        c.SubjectDigests,
+		ExpectedVerifierID:     c.VerifierID,
+		ExpectedResourceURI:    c.ResourceURI,
+		ExpectedVerifiedLevels: c.VerifiedLevels,
 	}
 	pubKeyBytes, err := os.ReadFile(*c.PublicKeyPath)
 	if err != nil {
@@ -79,9 +79,9 @@ func (c *VerifyVSACommand) Exec(ctx context.Context) (*utils.TrustedAttesterID,
 		return nil, err
 	}
 	VerificationOpts := &options.VerificationOpts{
-		PublicKey:         pubKey,
-		PublicKeyID:       *c.PublicKeyID,
-		PublicKeyHashAlgo: hashHalgo,
+		PublicKey:         &pubKey,
+		PublicKeyID:       c.PublicKeyID,
+		PublicKeyHashAlgo: &hashHalgo,
 	}
 	attestations, err := os.ReadFile(*c.AttestationsPath)
 	if err != nil {
--- a/options/options.go
+++ b/options/options.go
@@ -43,25 +43,25 @@ type BuilderOpts struct {
 // VSAOpts are the options for checking the VSA.
 type VSAOpts struct {
 	//ExpectedDigests are the digests expected to be in the VSA
-	ExpectedDigests []string
+	ExpectedDigests *[]string

 	// ExpectedVerifierID is the verifier ID that is passed from user and not verified
-	ExpectedVerifierID string
+	ExpectedVerifierID *string

 	// ExpectedResourceURI is the resource URI that is passed from user and not verified
-	ExpectedResourceURI string
+	ExpectedResourceURI *string

 	// ExpectedVerifiedLevels is the levels of verification that are passed from user and not verified
-	ExpectedVerifiedLevels []string
+	ExpectedVerifiedLevels *[]string
 }

 type VerificationOpts struct {
 	// PublicKey is the public key used to verify the signature on the Envelope
-	PublicKey crypto.PublicKey
+	PublicKey *crypto.PublicKey

 	// PublicKeyID is the ID of the public key
-	PublicKeyID string
+	PublicKeyID *string

 	// PublicKeyHashAlgo is the hash algorithm used to hash the signature
-	PublicKeyHashAlgo crypto.Hash
+	PublicKeyHashAlgo *crypto.Hash
 }
--- a/verifiers/internal/vsa/verifier.go
+++ b/verifiers/internal/vsa/verifier.go
@@ -72,14 +72,14 @@ func VerifyVSA(ctx context.Context,

 // verifyEnvelopeSignature verifies the signature of the envelope.
 func verifyEnvelopeSignature(ctx context.Context, sigstoreEnvelope *sigstoreBundle.Envelope, verificationOpts *options.VerificationOpts) error {
-	signatureVerifier, err := sigstoreSignature.LoadVerifier(verificationOpts.PublicKey, verificationOpts.PublicKeyHashAlgo)
+	signatureVerifier, err := sigstoreSignature.LoadVerifier(*verificationOpts.PublicKey, *verificationOpts.PublicKeyHashAlgo)
 	if err != nil {
 		return fmt.Errorf("%w: loading sigstore DSSE envolope verifier %w", serrors.ErrorInvalidPublicKey, err)
 	}
 	envelopeVerifier, err := dsse.NewEnvelopeVerifier(&sigstoreDSSE.VerifierAdapter{
 		SignatureVerifier: signatureVerifier,
 		Pub:               verificationOpts.PublicKey,
-		PubKeyID:          verificationOpts.PublicKeyID,
+		PubKeyID:          *verificationOpts.PublicKeyID,
 	})
 	if err != nil {
 		return fmt.Errorf("%w: creating sigstore DSSE envelope verifier %w", serrors.ErrorInvalidPublicKey, err)
@@ -139,7 +139,7 @@ func matchExepectedSubjectDigests(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) erro
 		}
 	}
 	// search for the expected digests in the VSA
-	for _, expectedDigest := range vsaOpts.ExpectedDigests {
+	for _, expectedDigest := range *vsaOpts.ExpectedDigests {
 		parts := strings.SplitN(expectedDigest, ":", 2)
 		if len(parts) != 2 {
 			return fmt.Errorf("%w: expected digest %s is not in the format <digest type>:<digest value>", serrors.ErrorInvalidDssePayload, expectedDigest)
@@ -158,7 +158,7 @@ func matchExepectedSubjectDigests(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) erro

 // matchVerifierID checks if the verifier ID in the VSA matches the expected value.
 func matchVerifierID(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) error {
-	if vsa.Predicate.Verifier.ID != vsaOpts.ExpectedVerifierID {
+	if vsa.Predicate.Verifier.ID != *vsaOpts.ExpectedVerifierID {
 		return fmt.Errorf("%w: verifier ID mismatch: expected %s, got %s", serrors.ErrorInvalidDssePayload, vsa.Predicate.Verifier.ID, vsa.Predicate.Verifier.ID)
 	}
 	return nil
@@ -166,7 +166,7 @@ func matchVerifierID(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) error {

 // matchResourceURI checks if the resource URI in the VSA matches the expected value.
 func matchResourceURI(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) error {
-	if vsa.Predicate.ResourceURI != vsaOpts.ExpectedResourceURI {
+	if vsa.Predicate.ResourceURI != *vsaOpts.ExpectedResourceURI {
 		return fmt.Errorf("%w: resource URI mismatch: expected %s, got %s", serrors.ErrorInvalidDssePayload, vsa.Predicate.ResourceURI, vsaOpts.ExpectedResourceURI)
 	}
 	return nil
@@ -186,7 +186,7 @@ func matchVerifiedLevels(vsa *vsa10.VSA, vsaOpts *options.VSAOpts) error {
 	for _, level := range vsa.Predicate.VerifiedLevels {
 		vsaLevels[level] = true
 	}
-	for _, expectedLevel := range vsaOpts.ExpectedVerifiedLevels {
+	for _, expectedLevel := range *vsaOpts.ExpectedVerifiedLevels {
 		if _, ok := vsaLevels[normalizeString(expectedLevel)]; !ok {
 			return fmt.Errorf("%w: expected verified level not found: %s", serrors.ErrorInvalidDssePayload, expectedLevel)
 		}