Skip to content

fix: error message of SignatureAuthenticityError #269

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
4 commits merged into from Apr 16, 2025
Merged

fix: error message of SignatureAuthenticityError #269

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ac9ded7
error msg enhancement
Apr 15, 2025
590926f
error msg enhancement
Apr 15, 2025
6c18ce1
error msg enhancement
Apr 15, 2025
5902cbc
update
Apr 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion signature/errors.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ type SignatureAuthenticityError struct{}

// Error returns the default error message.
func (e *SignatureAuthenticityError) Error() string {
return "signature is not produced by a trusted signer"
return "the signature's certificate chain does not contain any trusted certificate"
}

// UnsupportedSigningKeyError is used when a signing key is not supported.
Expand Down
2 changes: 1 addition & 1 deletion signature/errors_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ func TestSignatureEnvelopeNotFoundError(t *testing.T) {

func TestSignatureAuthenticityError(t *testing.T) {
err := &SignatureAuthenticityError{}
expectMsg := "signature is not produced by a trusted signer"
expectMsg := "the signature's certificate chain does not contain any trusted certificate"

if err.Error() != expectMsg {
t.Errorf("Expected %v but got %v", expectMsg, err.Error())
Expand Down
13 changes: 6 additions & 7 deletions signature/signer.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,22 +122,21 @@ func (s *localSigner) PrivateKey() crypto.PrivateKey {
return s.key
}

// VerifyAuthenticity verifies the certificate chain in the given SignerInfo
// with one of the trusted certificates and returns a certificate that matches
// with one of the certificates in the SignerInfo.
// VerifyAuthenticity iterates the certificate chain in signerInfo, for each
// certificate in the chain, it checks if the certificate matches with one of
// the trusted certificates in trustedCerts. It returns the first matching
// certificate. If no match is found, it returns an error.
//
// Reference: https://github.com/notaryproject/notaryproject/blob/main/specs/trust-store-trust-policy.md#steps
func VerifyAuthenticity(signerInfo *SignerInfo, trustedCerts []*x509.Certificate) (*x509.Certificate, error) {
if len(trustedCerts) == 0 {
return nil, &InvalidArgumentError{Param: "trustedCerts"}
}

if signerInfo == nil {
return nil, &InvalidArgumentError{Param: "signerInfo"}
}

for _, trust := range trustedCerts {
for _, cert := range signerInfo.CertificateChain {
for _, cert := range signerInfo.CertificateChain {
for _, trust := range trustedCerts {
if trust.Equal(cert) {
return trust, nil
}
Expand Down
Loading