PR feedback.

Author: mitchell-as

pkg/platform/runtime/setup/setup.go

@@ -31,7 +31,6 @@ import (
 	apimodel "github.com/ActiveState/cli/pkg/platform/model"
 	"github.com/ActiveState/cli/pkg/platform/runtime/artifact"
 	"github.com/ActiveState/cli/pkg/platform/runtime/artifactcache"
-	"github.com/ActiveState/cli/pkg/platform/runtime/artifactvalidator"
 	"github.com/ActiveState/cli/pkg/platform/runtime/envdef"
 	"github.com/ActiveState/cli/pkg/platform/runtime/executor"
 	"github.com/ActiveState/cli/pkg/platform/runtime/model"
@@ -41,6 +40,7 @@ import (
 	"github.com/ActiveState/cli/pkg/platform/runtime/setup/implementations/camel"
 	"github.com/ActiveState/cli/pkg/platform/runtime/store"
 	"github.com/ActiveState/cli/pkg/platform/runtime/target"
+	"github.com/ActiveState/cli/pkg/platform/runtime/validate"
 	"github.com/ActiveState/cli/pkg/project"
 	"github.com/faiface/mainthread"
 	"github.com/gammazero/workerpool"
@@ -588,7 +588,7 @@ func (s *Setup) downloadArtifactWithProgress(unsignedURI string, targetFile stri
 // verifyArtifact verifies the checksum of the downloaded artifact matches the checksum given by the
 // platform, and returns an error if the verification fails.
 func (s *Setup) verifyArtifact(archivePath string, a artifact.ArtifactDownload) error {
-  return artifactvalidator.ValidateChecksum(archivePath, a.Checksum)
+  return validate.Checksum(archivePath, a.Checksum)
 }
 
 // downloadArtifact downloads an artifact and returns the local path to that artifact's archive.

…alidator/testdata/bzip2_attestation.json …validate/testdata/bzip2_attestation.jsonpkg/platform/runtime/artifactvalidator/testdata/bzip2_attestation.json renamed to pkg/platform/runtime/validate/testdata/bzip2_attestation.json pkg/platform/runtime/artifactvalidator/testdata/bzip2_attestation.json renamed to pkg/platform/runtime/validate/testdata/bzip2_attestation.json

@@ -0,0 +1 @@
+{"payloadType": "application/vnd.in-toto+json", "payload": "eyJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLCAiaW52b2NhdGlvbiI6IHsiY29uZmlnU291cmNlIjogeyJkaWdlc3QiOiB7InNoYTI1NiI6ICJhYjVhMDMxNzZlZTEwNmQzZjBmYTkwZTM4MWRhNDc4ZGRhZTQwNTkxODE1M2NjYTI0OGU2ODJjZDBjNGEyMjY5In0sICJlbnRyeVBvaW50IjogImJ1aWxkIiwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvc2hhcmVkL2FiNWEwMzE3NmVlMTA2ZDNmMGZhOTBlMzgxZGE0NzhkZGFlNDA1OTE4MTUzY2NhMjQ4ZTY4MmNkMGM0YTIyNjkvYnppcDItMS4wLjgtcHlzdm4udGFyLmd6In0sICJlbnZpcm9ubWVudCI6IHsiZW52Ijoge319LCAicGFyYW1ldGVycyI6IFsiLS1jbWFrZS1jYWNoZT1CVUlMRF9TSEFSRURfTElCUz10cnVlIl19LCAibWF0ZXJpYWxzIjogW3siZGlnZXN0IjogeyJzaGEyNTYiOiAiNjMyMGIwMDZiMjY4YzcyMTljNzFmNjA0NjJjNzlhMWZmMmM1MjJlZTY3ZWI1NzQzMTUxMDFiMmZiNWNiZDY3NSJ9LCAidXJpIjogInMzOi8vcGxhdGZvcm0tc291cmNlcy9idWlsZGVyLzYzMjBiMDA2YjI2OGM3MjE5YzcxZjYwNDYyYzc5YTFmZjJjNTIyZWU2N2ViNTc0MzE1MTAxYjJmYjVjYmQ2NzUvY29tbW9uLWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogIjdkNjg5MmRjZjE2ZWFkZmEwYjU4YjllNWQzM2NkMzUwNGY5YzI0Mzc1ZGUwZGY1MjdlNzVhMzU0ZTI1ZTE5OGMifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci83ZDY4OTJkY2YxNmVhZGZhMGI1OGI5ZTVkMzNjZDM1MDRmOWMyNDM3NWRlMGRmNTI3ZTc1YTM1NGUyNWUxOThjL2F1dG90b29scy1idWlsZGVyLWxpYi50YXIuZ3oifSwgeyJkaWdlc3QiOiB7InNoYTI1NiI6ICI4NGE4MTI4OGRiMDAzMWI2Y2MxOGRmMjUwNmJlNTU3MTAwMDk4MzY0NjFhMDg1OGUyMjcwMzFjYzgzYjFmYzg0In0sICJ1cmkiOiAiczM6Ly9wbGF0Zm9ybS1zb3VyY2VzL2J1aWxkZXIvODRhODEyODhkYjAwMzFiNmNjMThkZjI1MDZiZTU1NzEwMDA5ODM2NDYxYTA4NThlMjI3MDMxY2M4M2IxZmM4NC91bml4LWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogImRlZmY1ODc0ZjcxNmFlOGRkMGYzNzlkMDc0NjkyODFlZGMzMGJkOTUyMGZiZGZlZWUyZWVhNjVjYTM2NWRlNGMifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci9kZWZmNTg3NGY3MTZhZThkZDBmMzc5ZDA3NDY5MjgxZWRjMzBiZDk1MjBmYmRmZWVlMmVlYTY1Y2EzNjVkZTRjL2NtYWtlLWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogIjg3NzFlYWUyZTg0OTA3MTZlYTQ2MzczYmQ3MGZlMGY3NDkxNjZiODQ0ZWZlMDNjYjRlNTUwNDcxMTVjOGE5NGEifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci84NzcxZWFlMmU4NDkwNzE2ZWE0NjM3M2JkNzBmZTBmNzQ5MTY2Yjg0NGVmZTAzY2I0ZTU1MDQ3MTE1YzhhOTRhL2NtYWtlLWJ1aWxkZXIudGFyLmd6In0sIHsiZGlnZXN0IjogbnVsbCwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvcGF0Y2hlcy9jMGEzNTcxNjE4ODRiZjIzNGJlMjAyZGViNzZmMzcwYjIwYWRjYWI3Mzg4MDJmOWJkYTcyNjAyZGIwNWRhM2FhLzAwMDEtQWRkLUNNYWtlLWJ1aWxkZXItc3VwcG9ydC5wYXRjaCJ9XSwgInByZWRpY2F0ZSI6IHsiYnVpbGRDb25maWciOiB7InN0ZXBzIjogW3siY29tbWFuZCI6ICJidWlsZCIsICJwYXJhbWV0ZXJzIjogWyItLWNtYWtlLWNhY2hlPUJVSUxEX1NIQVJFRF9MSUJTPXRydWUiXX1dfSwgImJ1aWxkVHlwZSI6ICJodHRwczovL2FjdGl2ZXN0YXRlLmNvbS9wbGF0Zm9ybV9idWlsZGVyL3YwLjEiLCAiYnVpbGRlciI6IHsiaWQiOiAiaHR0cHM6Ly9hY3RpdmVzdGF0ZS5jb20vYnVpbGRlci9jbWFrZS1idWlsZGVyQDEuMC4wcjE3In0sICJtZXRhZGF0YSI6IHsiYnVpbGRGaW5pc2hlZE9uIjogIjIwMjItMDktMDZUMjI6MjM6NDQuMDI1NzU4WiIsICJidWlsZEludm9jYXRpb25JZCI6ICJCdWlsZGVyIGNtYWtlLWJ1aWxkZXIgMS4wLjAgYnVpbGRpbmcgc2hhcmVkIGJ6aXAyIDEuMC44IGZvciBhcnRpZmFjdCA4NWU4YThmZC03YzVkLTVmMzYtYWIwZi1lNDM0NzUzNTk0NmQiLCAiYnVpbGRTdGFydGVkT24iOiAiMjAyMi0wOS0wNlQyMjoyMzo0My44NTU3NThaIiwgImNvbXBsZXRlbmVzcyI6IHsiZW52aXJvbm1lbnQiOiB0cnVlLCAibWF0ZXJpYWxzIjogdHJ1ZSwgInBhcmFtZXRlcnMiOiB0cnVlfX0sICJyZXByb2R1Y2libGUiOiB0cnVlfSwgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YwLjIiLCAic3ViamVjdCI6IFt7ImRpZ2VzdCI6IHsic2hhMjU2IjogImQ0ZDdjMWUxN2EyNGJiZTg0ZDAwZjZiMmRiODNmOTJjYWFjNzM5ZGYyM2NkMjc2MTUwNzgxZTJjMmUyZGVhZjUifSwgInVyaSI6ICJzMzovL2FzLWJ1aWxkcy9wcm9kdWN0aW9uL3NoYXJlZC9iemlwMi8xLjAuOC85Lzg1ZThhOGZkLTdjNWQtNWYzNi1hYjBmLWU0MzQ3NTM1OTQ2ZC9hcnRpZmFjdC50YXIuZ3oifV19", "signatures": [{"sig": "jmXj6x1q6IIPfdcpgZXJc74E0nsKBxr/E8ZGk4dw5Nf7KJ84SWq+pyar3xqaSMyFZXn3ektiwBJtVZIVCUxLgXMzcVZTajOMueeV04LuLzy2P03iez8w6efPh3xSl8uPn63nUt2ugXKk4flOOAYBXNlES+QqgFjYZaU+NMpkePiWwyH7Hzjg4N9SiWYWGErobBpMfdewhKXmA5a7wozP1VtaBtVB922bccJqnTkQwst9UXBrMuuJbkA5tLFNoqyyaKoN4azSythZ8TC3StZAyo8Vigvy/r6grOeU86s3s/NgCIiyANH3piAyNZfXdLsoc3iGy2rm0d6UG3T5qdmRugt6H1hGs2RPg9QQi8gdfLVVTVdL5caJT30+L/zOIt7LH+JfbmjMvAc9XXqxgQD+t2Fq51ThSKG3Q3fY7Oix8R9rZHWX5sBfzKR39cqeEtzzvIMQLPcvPGifOwfLLaCVuJnbZYOv0FuQT4yI6QFu5vn/gVrm3fwgJ8jyVas9hckO+UfUuGBsx+EWI6qUI0jNsQ5qqTGwF5k163c4uId0gbNZpWnOTSmEY+9gikSB1iy3mgPC6nQzWL+i8mVd2KZ0mS715jcYmZdVSVI9e6L4NS/7++T5yDus8Did5gsjAPrjF1udLJmGrVO/wNHUDrSKI1aAwZ3hU8fO7FxqGgzpmYE=", "cert": "-----BEGIN CERTIFICATE-----\nTHISISABADCERTIFICATEN/ggKF1YLuvioWPMvCo/XgwDQYJKoZIhvcNAQEMBQAw\nVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UE\nAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNjAeFw0yMjA1MzAw\nMDAwMDBaFw0yNTA1MjkyMzU5NTlaMG4xCzAJBgNVBAYTAkNBMRkwFwYDVQQIDBBC\ncml0aXNoIENvbHVtYmlhMSEwHwYDVQQKDBhBY3RpdmVTdGF0ZSBTb2Z0d2FyZSBJ\nbmMxITAfBgNVBAMMGEFjdGl2ZVN0YXRlIFNvZnR3YXJlIEluYzCCAiIwDQYJKoZI\nhvcNAQEBBQADggIPADCCAgoCggIBAKbVI9jNHXKM6PB3zkdcO64/nnEUG97M1txD\nwK0aWVaMYOL/R3+JJ6BIaTSNN+NjJzrof/pGhbahwy1pbCDO9hQGBqkEFgjeswkS\n00B1oXiYxGIUIv2tqinROSrNu6uxzsiBtOSe9VC/Yc+370zW67d990h79Jg4aC8b\nglSsYSNQQOHlKmZIA5fYtVG2evyV0bR5sjFLXqkP82GfIcFGgucfFqQkojvr6wTE\nl2CHJ/kwxlxAVknocTb/4yrJ9Po3Db2t+Q6mjATiRgRyN7A5t4Qs6UZ8ItLKkfBV\nhaWZhamksSD0riO5jrDeaX/2KWsfKXD8QcRzIwEcZqbJVKN1qsF8boTQ+Q7Dtn0i\nZnPDugeTHK4+7c4OCUb6rTDG4vfbUVrvQdLLp7FJBElVa+Y6Fls3ohhkZQ8MZ6c8\nPZn/BFgo6Yb6j/iVKBQZ1D7Vzol8eZPsk3uBcC3YYZ03JYp3v27nfudfFqIaJi76\nKWvPkAc3GF8SSVLPTotxFNbKY+F4bkuMQQyoRgO5OxbJ9c90KxZSptwO+6jX16b8\nLD5GMbsYsXoMFTaWQ9Xn3vXTs3bKVIEIe8xiL9QwQHruArXgyj9PaadvzExJCZW0\nt5gFSdZDKF+8VgsZbscVJoQuDzTj+JyWe6p/q++1W1/vtqKITYu8dfvQKIXrdLP0\n7LTDSWOZAgMBAAGjggGJMIIBhTAfBgNVHSMEGDAWgBQPKssghyi47G9IritUpimq\nF6TNDDAdBgNVHQ4EFgQUQAAxgT6ilb56sYvs8HCO5xU3lwMwDgYDVR0PAQH/BAQD\nAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwSgYDVR0gBEMw\nQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdv\nLmNvbS9DUFMwCAYGZ4EMAQQBMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwu\nc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3JsMHkG\nCCsGAQUFBwEBBG0wazBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5zZWN0aWdvLmNv\nbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdDQVIzNi5jcnQwIwYIKwYBBQUHMAGG\nF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4IBgQCCSNSa\no7mSXjVrOC7K0Z7HlBTo8WyAA8BxLAQ7h+rCIWmuLEMoCBGRkYw/0fyfZaC4PCT8\nqh76RsjVhUDA6OsFVFV9I8YB/7S7praAJPX7P6ZTlTySCYp5hBT0gs1qzgA/M+dU\nVMN5E5jMbIFtssbd+yTkOE1Sxz3Xg+6PD92ruWs0X36WG/Q7+PDzTC9Gp2WYWifB\n3TXxv1b7POsmCUR8esJdqEOv5QkmmyI/YjMWDbCJ7xHOGs2OgPNv5rJbNM813+wk\nuriXqzRrVJU86HnQV9j3PNYEwPdsRjQvP3FSnqdRyo6IkRS1F5LJwN8fwt9fbb4r\n5A8vrBD/U7ntT9DRUd1ubVZy9dT43Wc7kmhjbnoB4RhTtHc5Bl6nZS/m8Yp1/X+k\n1CEvUoI6bHIgf2q0L7zn+o0Hd5h3n90SWmVM+fmTi62cObY0QwZN1TfwHZ6CezUJ\nHTPypB+BerbmSGdbUVKABgUSrBoMLwXzeHp33urpTPDXvoTohixbw3N2qe0=\n-----END CERTIFICATE-----\n"}]}

pkg/platform/runtime/validate/testdata/bzip2_attestation_bad_cert.json

@@ -0,0 +1 @@
+{"payloadType": "application/vnd.in-toto+json", "payload": "eyJfdHlwZSI6ICJodHRwczovL2luLXRvdG8uaW8vU3RhdGVtZW50L3YwLjEiLCAiaW52b2NhdGlvbiI6IHsiY29uZmlnU291cmNlIjogeyJkaWdlc3QiOiB7InNoYTI1NiI6ICJhYjVhMDMxNzZlZTEwNmQzZjBmYTkwZTM4MWRhNDc4ZGRhZTQwNTkxODE1M2NjYTI0OGU2ODJjZDBjNGEyMjY5In0sICJlbnRyeVBvaW50IjogImJ1aWxkIiwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvc2hhcmVkL2FiNWEwMzE3NmVlMTA2ZDNmMGZhOTBlMzgxZGE0NzhkZGFlNDA1OTE4MTUzY2NhMjQ4ZTY4MmNkMGM0YTIyNjkvYnppcDItMS4wLjgtcHlzdm4udGFyLmd6In0sICJlbnZpcm9ubWVudCI6IHsiZW52Ijoge319LCAicGFyYW1ldGVycyI6IFsiLS1jbWFrZS1jYWNoZT1CVUlMRF9TSEFSRURfTElCUz10cnVlIl19LCAibWF0ZXJpYWxzIjogW3siZGlnZXN0IjogeyJzaGEyNTYiOiAiNjMyMGIwMDZiMjY4YzcyMTljNzFmNjA0NjJjNzlhMWZmMmM1MjJlZTY3ZWI1NzQzMTUxMDFiMmZiNWNiZDY3NSJ9LCAidXJpIjogInMzOi8vcGxhdGZvcm0tc291cmNlcy9idWlsZGVyLzYzMjBiMDA2YjI2OGM3MjE5YzcxZjYwNDYyYzc5YTFmZjJjNTIyZWU2N2ViNTc0MzE1MTAxYjJmYjVjYmQ2NzUvY29tbW9uLWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogIjdkNjg5MmRjZjE2ZWFkZmEwYjU4YjllNWQzM2NkMzUwNGY5YzI0Mzc1ZGUwZGY1MjdlNzVhMzU0ZTI1ZTE5OGMifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci83ZDY4OTJkY2YxNmVhZGZhMGI1OGI5ZTVkMzNjZDM1MDRmOWMyNDM3NWRlMGRmNTI3ZTc1YTM1NGUyNWUxOThjL2F1dG90b29scy1idWlsZGVyLWxpYi50YXIuZ3oifSwgeyJkaWdlc3QiOiB7InNoYTI1NiI6ICI4NGE4MTI4OGRiMDAzMWI2Y2MxOGRmMjUwNmJlNTU3MTAwMDk4MzY0NjFhMDg1OGUyMjcwMzFjYzgzYjFmYzg0In0sICJ1cmkiOiAiczM6Ly9wbGF0Zm9ybS1zb3VyY2VzL2J1aWxkZXIvODRhODEyODhkYjAwMzFiNmNjMThkZjI1MDZiZTU1NzEwMDA5ODM2NDYxYTA4NThlMjI3MDMxY2M4M2IxZmM4NC91bml4LWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogImRlZmY1ODc0ZjcxNmFlOGRkMGYzNzlkMDc0NjkyODFlZGMzMGJkOTUyMGZiZGZlZWUyZWVhNjVjYTM2NWRlNGMifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci9kZWZmNTg3NGY3MTZhZThkZDBmMzc5ZDA3NDY5MjgxZWRjMzBiZDk1MjBmYmRmZWVlMmVlYTY1Y2EzNjVkZTRjL2NtYWtlLWJ1aWxkZXItbGliLnRhci5neiJ9LCB7ImRpZ2VzdCI6IHsic2hhMjU2IjogIjg3NzFlYWUyZTg0OTA3MTZlYTQ2MzczYmQ3MGZlMGY3NDkxNjZiODQ0ZWZlMDNjYjRlNTUwNDcxMTVjOGE5NGEifSwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvYnVpbGRlci84NzcxZWFlMmU4NDkwNzE2ZWE0NjM3M2JkNzBmZTBmNzQ5MTY2Yjg0NGVmZTAzY2I0ZTU1MDQ3MTE1YzhhOTRhL2NtYWtlLWJ1aWxkZXIudGFyLmd6In0sIHsiZGlnZXN0IjogbnVsbCwgInVyaSI6ICJzMzovL3BsYXRmb3JtLXNvdXJjZXMvcGF0Y2hlcy9jMGEzNTcxNjE4ODRiZjIzNGJlMjAyZGViNzZmMzcwYjIwYWRjYWI3Mzg4MDJmOWJkYTcyNjAyZGIwNWRhM2FhLzAwMDEtQWRkLUNNYWtlLWJ1aWxkZXItc3VwcG9ydC5wYXRjaCJ9XSwgInByZWRpY2F0ZSI6IHsiYnVpbGRDb25maWciOiB7InN0ZXBzIjogW3siY29tbWFuZCI6ICJidWlsZCIsICJwYXJhbWV0ZXJzIjogWyItLWNtYWtlLWNhY2hlPUJVSUxEX1NIQVJFRF9MSUJTPXRydWUiXX1dfSwgImJ1aWxkVHlwZSI6ICJodHRwczovL2FjdGl2ZXN0YXRlLmNvbS9wbGF0Zm9ybV9idWlsZGVyL3YwLjEiLCAiYnVpbGRlciI6IHsiaWQiOiAiaHR0cHM6Ly9hY3RpdmVzdGF0ZS5jb20vYnVpbGRlci9jbWFrZS1idWlsZGVyQDEuMC4wcjE3In0sICJtZXRhZGF0YSI6IHsiYnVpbGRGaW5pc2hlZE9uIjogIjIwMjItMDktMDZUMjI6MjM6NDQuMDI1NzU4WiIsICJidWlsZEludm9jYXRpb25JZCI6ICJCdWlsZGVyIGNtYWtlLWJ1aWxkZXIgMS4wLjAgYnVpbGRpbmcgc2hhcmVkIGJ6aXAyIDEuMC44IGZvciBhcnRpZmFjdCA4NWU4YThmZC03YzVkLTVmMzYtYWIwZi1lNDM0NzUzNTk0NmQiLCAiYnVpbGRTdGFydGVkT24iOiAiMjAyMi0wOS0wNlQyMjoyMzo0My44NTU3NThaIiwgImNvbXBsZXRlbmVzcyI6IHsiZW52aXJvbm1lbnQiOiB0cnVlLCAibWF0ZXJpYWxzIjogdHJ1ZSwgInBhcmFtZXRlcnMiOiB0cnVlfX0sICJyZXByb2R1Y2libGUiOiB0cnVlfSwgInByZWRpY2F0ZVR5cGUiOiAiaHR0cHM6Ly9zbHNhLmRldi9wcm92ZW5hbmNlL3YwLjIiLCAic3ViamVjdCI6IFt7ImRpZ2VzdCI6IHsic2hhMjU2IjogImQ0ZDdjMWUxN2EyNGJiZTg0ZDAwZjZiMmRiODNmOTJjYWFjNzM5ZGYyM2NkMjc2MTUwNzgxZTJjMmUyZGVhZjUifSwgInVyaSI6ICJzMzovL2FzLWJ1aWxkcy9wcm9kdWN0aW9uL3NoYXJlZC9iemlwMi8xLjAuOC85Lzg1ZThhOGZkLTdjNWQtNWYzNi1hYjBmLWU0MzQ3NTM1OTQ2ZC9hcnRpZmFjdC50YXIuZ3oifV19", "signatures": [{"sig": "THISISABADSIGNATUREJc74E0nsKBxr/E8ZGk4dw5Nf7KJ84SWq+pyar3xqaSMyFZXn3ektiwBJtVZIVCUxLgXMzcVZTajOMueeV04LuLzy2P03iez8w6efPh3xSl8uPn63nUt2ugXKk4flOOAYBXNlES+QqgFjYZaU+NMpkePiWwyH7Hzjg4N9SiWYWGErobBpMfdewhKXmA5a7wozP1VtaBtVB922bccJqnTkQwst9UXBrMuuJbkA5tLFNoqyyaKoN4azSythZ8TC3StZAyo8Vigvy/r6grOeU86s3s/NgCIiyANH3piAyNZfXdLsoc3iGy2rm0d6UG3T5qdmRugt6H1hGs2RPg9QQi8gdfLVVTVdL5caJT30+L/zOIt7LH+JfbmjMvAc9XXqxgQD+t2Fq51ThSKG3Q3fY7Oix8R9rZHWX5sBfzKR39cqeEtzzvIMQLPcvPGifOwfLLaCVuJnbZYOv0FuQT4yI6QFu5vn/gVrm3fwgJ8jyVas9hckO+UfUuGBsx+EWI6qUI0jNsQ5qqTGwF5k163c4uId0gbNZpWnOTSmEY+9gikSB1iy3mgPC6nQzWL+i8mVd2KZ0mS715jcYmZdVSVI9e6L4NS/7++T5yDus8Did5gsjAPrjF1udLJmGrVO/wNHUDrSKI1aAwZ3hU8fO7FxqGgzpmYE=", "cert": "-----BEGIN CERTIFICATE-----\nMIIGWDCCBMCgAwIBAgIRAN/ggKF1YLuvioWPMvCo/XgwDQYJKoZIhvcNAQEMBQAw\nVDELMAkGA1UEBhMCR0IxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDErMCkGA1UE\nAxMiU2VjdGlnbyBQdWJsaWMgQ29kZSBTaWduaW5nIENBIFIzNjAeFw0yMjA1MzAw\nMDAwMDBaFw0yNTA1MjkyMzU5NTlaMG4xCzAJBgNVBAYTAkNBMRkwFwYDVQQIDBBC\ncml0aXNoIENvbHVtYmlhMSEwHwYDVQQKDBhBY3RpdmVTdGF0ZSBTb2Z0d2FyZSBJ\nbmMxITAfBgNVBAMMGEFjdGl2ZVN0YXRlIFNvZnR3YXJlIEluYzCCAiIwDQYJKoZI\nhvcNAQEBBQADggIPADCCAgoCggIBAKbVI9jNHXKM6PB3zkdcO64/nnEUG97M1txD\nwK0aWVaMYOL/R3+JJ6BIaTSNN+NjJzrof/pGhbahwy1pbCDO9hQGBqkEFgjeswkS\n00B1oXiYxGIUIv2tqinROSrNu6uxzsiBtOSe9VC/Yc+370zW67d990h79Jg4aC8b\nglSsYSNQQOHlKmZIA5fYtVG2evyV0bR5sjFLXqkP82GfIcFGgucfFqQkojvr6wTE\nl2CHJ/kwxlxAVknocTb/4yrJ9Po3Db2t+Q6mjATiRgRyN7A5t4Qs6UZ8ItLKkfBV\nhaWZhamksSD0riO5jrDeaX/2KWsfKXD8QcRzIwEcZqbJVKN1qsF8boTQ+Q7Dtn0i\nZnPDugeTHK4+7c4OCUb6rTDG4vfbUVrvQdLLp7FJBElVa+Y6Fls3ohhkZQ8MZ6c8\nPZn/BFgo6Yb6j/iVKBQZ1D7Vzol8eZPsk3uBcC3YYZ03JYp3v27nfudfFqIaJi76\nKWvPkAc3GF8SSVLPTotxFNbKY+F4bkuMQQyoRgO5OxbJ9c90KxZSptwO+6jX16b8\nLD5GMbsYsXoMFTaWQ9Xn3vXTs3bKVIEIe8xiL9QwQHruArXgyj9PaadvzExJCZW0\nt5gFSdZDKF+8VgsZbscVJoQuDzTj+JyWe6p/q++1W1/vtqKITYu8dfvQKIXrdLP0\n7LTDSWOZAgMBAAGjggGJMIIBhTAfBgNVHSMEGDAWgBQPKssghyi47G9IritUpimq\nF6TNDDAdBgNVHQ4EFgQUQAAxgT6ilb56sYvs8HCO5xU3lwMwDgYDVR0PAQH/BAQD\nAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwMwSgYDVR0gBEMw\nQTA1BgwrBgEEAbIxAQIBAwIwJTAjBggrBgEFBQcCARYXaHR0cHM6Ly9zZWN0aWdv\nLmNvbS9DUFMwCAYGZ4EMAQQBMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6Ly9jcmwu\nc2VjdGlnby5jb20vU2VjdGlnb1B1YmxpY0NvZGVTaWduaW5nQ0FSMzYuY3JsMHkG\nCCsGAQUFBwEBBG0wazBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5zZWN0aWdvLmNv\nbS9TZWN0aWdvUHVibGljQ29kZVNpZ25pbmdDQVIzNi5jcnQwIwYIKwYBBQUHMAGG\nF2h0dHA6Ly9vY3NwLnNlY3RpZ28uY29tMA0GCSqGSIb3DQEBDAUAA4IBgQCCSNSa\no7mSXjVrOC7K0Z7HlBTo8WyAA8BxLAQ7h+rCIWmuLEMoCBGRkYw/0fyfZaC4PCT8\nqh76RsjVhUDA6OsFVFV9I8YB/7S7praAJPX7P6ZTlTySCYp5hBT0gs1qzgA/M+dU\nVMN5E5jMbIFtssbd+yTkOE1Sxz3Xg+6PD92ruWs0X36WG/Q7+PDzTC9Gp2WYWifB\n3TXxv1b7POsmCUR8esJdqEOv5QkmmyI/YjMWDbCJ7xHOGs2OgPNv5rJbNM813+wk\nuriXqzRrVJU86HnQV9j3PNYEwPdsRjQvP3FSnqdRyo6IkRS1F5LJwN8fwt9fbb4r\n5A8vrBD/U7ntT9DRUd1ubVZy9dT43Wc7kmhjbnoB4RhTtHc5Bl6nZS/m8Yp1/X+k\n1CEvUoI6bHIgf2q0L7zn+o0Hd5h3n90SWmVM+fmTi62cObY0QwZN1TfwHZ6CezUJ\nHTPypB+BerbmSGdbUVKABgUSrBoMLwXzeHp33urpTPDXvoTohixbw3N2qe0=\n-----END CERTIFICATE-----\n"}]}

pkg/platform/runtime/validate/testdata/bzip2_attestation_bad_sig.json

@@ -1,4 +1,4 @@
-package artifactvalidator
+package validate
 
 import (
 	"crypto"
@@ -28,10 +28,10 @@ type attestation struct {
 	Signatures []signature `json: "signatures"`
 }
 
-func ValidateAttestation(attestationFile string) error {
+func Attestation(attestationFile string) error {
 	data, err := fileutils.ReadFile(attestationFile)
 	if err != nil {
-		return errs.Wrap(err, "Could not read attestation: "+attestationFile)
+		return errs.Wrap(err, "Could not read attestation: %s", attestationFile)
 	}
 
 	att := attestation{}
@@ -56,7 +56,7 @@ func ValidateAttestation(attestationFile string) error {
 	}
 
 	intermediates := x509.NewCertPool()
-	addIntermediatesToPool(cert, intermediates)
+	addIntermediatesToPool(intermediates, cert)
 
 	opts := x509.VerifyOptions{
 		Roots:         nil, // use system root CAs
@@ -100,7 +100,7 @@ func ValidateAttestation(attestationFile string) error {
 	return nil
 }
 
-func addIntermediatesToPool(cert *x509.Certificate, pool *x509.CertPool) {
+func addIntermediatesToPool(pool *x509.CertPool, cert *x509.Certificate) {
 	for _, url := range cert.IssuingCertificateURL {
 		bytes, err := download.GetDirect(url)
 		if err != nil {
@@ -114,7 +114,7 @@ func addIntermediatesToPool(cert *x509.Certificate, pool *x509.CertPool) {
 				continue
 			}
 			pool.AddCert(cert)
-			addIntermediatesToPool(cert, pool)
+			addIntermediatesToPool(pool, cert)
 		} else {
 			p7, err := pkcs7.Parse(bytes)
 			if err != nil {
@@ -123,23 +123,22 @@ func addIntermediatesToPool(cert *x509.Certificate, pool *x509.CertPool) {
 			}
 			for _, cert := range p7.Certificates {
 				pool.AddCert(cert)
-				addIntermediatesToPool(cert, pool)
+				addIntermediatesToPool(pool, cert)
 			}
 		}
 	}
 }
 
-func ValidateChecksum(archivePath string, expectedChecksum string) error {
-	if expectedChecksum != "" {
-		logging.Debug("Validating checksum for %s", archivePath)
-	} else {
+func Checksum(archivePath string, expectedChecksum string) error {
+	if expectedChecksum == "" {
 		logging.Debug("Skipping checksum validation for %s because the Platform did not provide a checksum to validate against.")
 		return nil
 	}
+	logging.Debug("Validating checksum for %s", archivePath)
 
 	checksum, err := fileutils.Sha256Hash(archivePath)
 	if err != nil {
-		return errs.Wrap(err, "Failed to compute checksum for "+archivePath)
+		return errs.Wrap(err, "Failed to compute checksum for %s", archivePath)
 	}
 
 	if checksum != expectedChecksum {

…m/runtime/artifactvalidator/validator.go pkg/platform/runtime/validate/validate.gopkg/platform/runtime/artifactvalidator/validator.go renamed to pkg/platform/runtime/validate/validate.go pkg/platform/runtime/artifactvalidator/validator.go renamed to pkg/platform/runtime/validate/validate.go

@@ -1,4 +1,4 @@
-package artifactvalidator
+package validate
 
 import (
 	"path/filepath"
@@ -10,6 +10,6 @@ import (
 
 func TestValidate(t *testing.T) {
 	attestationFile := filepath.Join(osutil.GetTestDataDir(), "bzip2_attestation.json")
-	err := ValidateAttestation(attestationFile)
+	err := Attestation(attestationFile)
 	assert.NoError(t, err)
 }