Skip to content

Commit

Permalink
chore: add additional debug logging during verify
Browse files Browse the repository at this point in the history 
Adds some debug logging when an envelope is skipped due to signature
verification or marshalling errors during witness verify.

Signed-off-by: Mikhail Swift <[email protected]>
  • Loading branch information
@mikhailswift @colek42
mikhailswift authored and colek42 committed Feb 27, 2022
1 parent bbfe5a2 commit 422d9b8
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/verify.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"github.com/testifysec/witness/pkg/cryptoutil"
"github.com/testifysec/witness/pkg/dsse"
"github.com/testifysec/witness/pkg/intoto"
"github.com/testifysec/witness/pkg/log"
"github.com/testifysec/witness/pkg/policy"
)

Expand Down Expand Up @@ -96,11 +97,13 @@ func Verify(policyEnvelope dsse.Envelope, policyVerifiers []cryptoutil.Verifier,
for _, env := range vo.collectionEnvelopes {
passedVerifiers, err := env.Verify(dsse.WithVerifiers(pubkeys), dsse.WithRoots(roots), dsse.WithIntermediates(intermediates))
if err != nil {
log.Debugf("(verify) skipping envelope: couldn't verify enveloper's signature with the policy's verifiers: %+v", err)
continue
}

statement := intoto.Statement{}
if err := json.Unmarshal(env.Payload, &statement); err != nil {
log.Debugf("(verify) skipping envelope: couldn't unmarshal envelope payload into in-toto statement: %+v", err)
continue
}

Expand Down

0 comments on commit 422d9b8

Please sign in to comment.