More PR feedback.

Author: mitchell-as

pkg/platform/runtime/validate/validate.go

@@ -47,7 +47,7 @@ func Attestation(attestationFile string) error {
 	// Verify signing certificate.
 	pemBlock, _ := pem.Decode([]byte(att.Signatures[0].Cert))
 	if pemBlock == nil {
-		return errs.Wrap(err, "Unable to decode attestation certificate")
+		return locale.NewError("validate_attestation_fail_decode_cert", "Unable to decode attestation certificate")
 	}
 
 	cert, err := x509.ParseCertificate(pemBlock.Bytes)
@@ -95,8 +95,6 @@ func Attestation(attestationFile string) error {
 		return errs.Wrap(err, "Unable to validate signature")
 	}
 
-	// TODO: read payload artifact SHAs and validate them against downloaded artifact SHAs.
-
 	return nil
 }
 

pkg/platform/runtime/validate/validate_test.go

@@ -12,4 +12,12 @@ func TestValidate(t *testing.T) {
 	attestationFile := filepath.Join(osutil.GetTestDataDir(), "bzip2_attestation.json")
 	err := Attestation(attestationFile)
 	assert.NoError(t, err)
+
+	attestationFile = filepath.Join(osutil.GetTestDataDir(), "bzip2_attestation_bad_cert.json")
+	err = Attestation(attestationFile)
+	assert.Error(t, err)
+
+	attestationFile = filepath.Join(osutil.GetTestDataDir(), "bzip2_attestation_bad_sig.json")
+	err = Attestation(attestationFile)
+	assert.Error(t, err)
 }