updated per code review

Signed-off-by: Patrick Zheng <[email protected]>
Two-Hearts · Sep 18, 2023 · 628df5a · 628df5a
1 parent 2fe40b3
commit 628df5a
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 24 deletions.
diff --git a/notation.go b/notation.go
@@ -396,9 +396,6 @@ func Verify(ctx context.Context, verifier Verifier, repo registry.Repository, ve
 			return errDoneVerification
 		}
 
-		// at this point, the verification process is failed
-		verificationFailedErr = errors.Join(verificationFailedErrorArray...)
-
 		if numOfSignatureProcessed >= verifyOpts.MaxSignatureAttempts {
 			return errExceededMaxVerificationLimit
 		}
@@ -421,6 +418,7 @@ func Verify(ctx context.Context, verifier Verifier, repo registry.Repository, ve
 	// Verification Failed
 	if !verificationSucceeded {
 		logger.Debugf("Signature verification failed for all the signatures associated with artifact %v", artifactDescriptor.Digest)
+		verificationFailedErr = errors.Join(verificationFailedErrorArray...)
 		return ocispec.Descriptor{}, verificationOutcomes, verificationFailedErr
 	}
 

diff --git a/verifier/helpers.go b/verifier/helpers.go
@@ -58,7 +58,7 @@ func loadX509TrustStores(ctx context.Context, scheme signature.SigningScheme, po
 	case signature.SigningSchemeX509SigningAuthority:
 		typeToLoad = truststore.TypeSigningAuthority
 	default:
-		return nil, truststore.ErrorTrustStore{Msg: fmt.Sprintf("error while loading the trust store, unrecognized signing scheme %q", scheme)}
+		return nil, truststore.TrustStoreError{Msg: fmt.Sprintf("error while loading the trust store, unrecognized signing scheme %q", scheme)}
 	}
 
 	processedStoreSet := set.New[string]()
@@ -71,7 +71,7 @@ func loadX509TrustStores(ctx context.Context, scheme signature.SigningScheme, po
 
 		storeType, name, found := strings.Cut(trustStore, ":")
 		if !found {
-			return nil, truststore.ErrorTrustStore{Msg: fmt.Sprintf("error while loading the trust store, trust policy statement %q is missing separator in trust store value %q. The required format is <TrustStoreType>:<TrustStoreName>", policy.Name, trustStore)}
+			return nil, truststore.TrustStoreError{Msg: fmt.Sprintf("error while loading the trust store, trust policy statement %q is missing separator in trust store value %q. The required format is <TrustStoreType>:<TrustStoreName>", policy.Name, trustStore)}
 		}
 		if typeToLoad != truststore.Type(storeType) {
 			continue

diff --git a/verifier/truststore/errors.go b/verifier/truststore/errors.go
@@ -13,13 +13,13 @@
 
 package truststore
 
-// ErrorTrustStore is used when accessing specified trust store failed
-type ErrorTrustStore struct {
+// TrustStoreError is used when accessing specified trust store failed
+type TrustStoreError struct {
 	Msg        string
 	InnerError error
 }
 
-func (e ErrorTrustStore) Error() string {
+func (e TrustStoreError) Error() string {
 	if e.Msg != "" {
 		return e.Msg
 	}
@@ -29,17 +29,17 @@ func (e ErrorTrustStore) Error() string {
 	return "unable to access the trust store"
 }
 
-func (e ErrorTrustStore) Unwrap() error {
+func (e TrustStoreError) Unwrap() error {
 	return e.InnerError
 }
 
-// ErrorCertificate is used when reading a certificate failed
-type ErrorCertificate struct {
+// CertificateError is used when reading a certificate failed
+type CertificateError struct {
 	Msg        string
 	InnerError error
 }
 
-func (e ErrorCertificate) Error() string {
+func (e CertificateError) Error() string {
 	if e.Msg != "" {
 		return e.Msg
 	}
@@ -49,6 +49,6 @@ func (e ErrorCertificate) Error() string {
 	return "unable to read the certificate"
 }
 
-func (e ErrorCertificate) Unwrap() error {
+func (e CertificateError) Unwrap() error {
 	return e.InnerError
 }
diff --git a/verifier/truststore/truststore.go b/verifier/truststore/truststore.go
@@ -64,49 +64,49 @@ type x509TrustStore struct {
 // GetCertificates returns certificates under storeType/namedStore
 func (trustStore *x509TrustStore) GetCertificates(ctx context.Context, storeType Type, namedStore string) ([]*x509.Certificate, error) {
 	if !isValidStoreType(storeType) {
-		return nil, ErrorTrustStore{Msg: fmt.Sprintf("unsupported trust store type: %s", storeType)}
+		return nil, TrustStoreError{Msg: fmt.Sprintf("unsupported trust store type: %s", storeType)}
 	}
 	if !file.IsValidFileName(namedStore) {
-		return nil, ErrorTrustStore{Msg: fmt.Sprintf("named store name needs to follow [a-zA-Z0-9_.-]+ format: %s is invalid", namedStore)}
+		return nil, TrustStoreError{Msg: fmt.Sprintf("named store name needs to follow [a-zA-Z0-9_.-]+ format: %s is invalid", namedStore)}
 	}
 	path, err := trustStore.trustStorefs.SysPath(dir.X509TrustStoreDir(string(storeType), namedStore))
 	if err != nil {
-		return nil, ErrorTrustStore{InnerError: fmt.Errorf("failed to get path of trust store %s with type %s: %w", namedStore, storeType, err)}
+		return nil, TrustStoreError{InnerError: fmt.Errorf("failed to get path of trust store %s with type %s: %w", namedStore, storeType, err)}
 	}
 	// throw error if path is not a directory or is a symlink or does not exist.
 	fileInfo, err := os.Lstat(path)
 	if err != nil {
 		if os.IsNotExist(err) {
-			return nil, ErrorTrustStore{InnerError: err, Msg: fmt.Sprintf("the trust store %q of type %q doesn't exist", namedStore, storeType)}
+			return nil, TrustStoreError{InnerError: err, Msg: fmt.Sprintf("the trust store %q of type %q doesn't exist", namedStore, storeType)}
 		}
-		return nil, ErrorTrustStore{InnerError: fmt.Errorf("failed to access the trust store %q: %w", path, err)}
+		return nil, TrustStoreError{InnerError: fmt.Errorf("failed to access the trust store %q: %w", path, err)}
 	}
 	mode := fileInfo.Mode()
 	if !mode.IsDir() || mode&fs.ModeSymlink != 0 {
-		return nil, ErrorTrustStore{Msg: fmt.Sprintf("trust store %q is not a regular directory (symlinks are not supported)", path)}
+		return nil, TrustStoreError{Msg: fmt.Sprintf("trust store %q is not a regular directory (symlinks are not supported)", path)}
 	}
 	files, err := os.ReadDir(path)
 	if err != nil {
-		return nil, ErrorTrustStore{InnerError: fmt.Errorf("failed to access the trust store %q: %w", path, err)}
+		return nil, TrustStoreError{InnerError: fmt.Errorf("failed to access the trust store %q: %w", path, err)}
 	}
 
 	var certificates []*x509.Certificate
 	for _, file := range files {
 		joinedPath := filepath.Join(path, file.Name())
 		if file.IsDir() || file.Type()&fs.ModeSymlink != 0 {
-			return nil, ErrorCertificate{Msg: fmt.Sprintf("trusted certificate %q is not a regular file (directories or symlinks are not supported)", joinedPath)}
+			return nil, CertificateError{Msg: fmt.Sprintf("trusted certificate %q is not a regular file (directories or symlinks are not supported)", joinedPath)}
 		}
 		certs, err := corex509.ReadCertificateFile(joinedPath)
 		if err != nil {
-			return nil, ErrorCertificate{InnerError: fmt.Errorf("failed to read the trusted certificate %q: %w", joinedPath, err)}
+			return nil, CertificateError{InnerError: fmt.Errorf("failed to read the trusted certificate %q: %w", joinedPath, err)}
 		}
 		if err := ValidateCertificates(certs); err != nil {
-			return nil, ErrorCertificate{InnerError: fmt.Errorf("failed to validate the trusted certificate %q: %w", joinedPath, err)}
+			return nil, CertificateError{InnerError: fmt.Errorf("failed to validate the trusted certificate %q: %w", joinedPath, err)}
 		}
 		certificates = append(certificates, certs...)
 	}
 	if len(certificates) < 1 {
-		return nil, ErrorCertificate{InnerError: fs.ErrNotExist, Msg: fmt.Sprintf("no x509 certificates were found in trust store %q of type %q", namedStore, storeType)}
+		return nil, CertificateError{InnerError: fs.ErrNotExist, Msg: fmt.Sprintf("no x509 certificates were found in trust store %q of type %q", namedStore, storeType)}
 	}
 	return certificates, nil
 }