@@ -422,13 +422,18 @@ def verify_dsse(
422422 # Instead, we manually pick apart the entry body below and verify
423423 # the parts we can (namely the payload hash and signature list).
424424 entry = bundle .log_entry
425- if (
426- entry ._kind_version .kind == "dsse"
427- and entry ._kind_version .version == "0.0.2"
428- ):
425+ if entry ._kind_version .kind != "dsse" :
426+ raise VerificationError (
427+ f"Expected entry type dsse, got { entry ._kind_version .kind }
428+ )
429+ if entry ._kind_version .version == "0.0.2" :
429430 _validate_dsse_v002_entry_body (bundle )
430- else :
431+ elif entry . _kind_version . version == "0.0.1" :
431432 _validate_dsse_v001_entry_body (bundle )
433+ else :
434+ raise VerificationError (
435+ f"Unsupported dsse version { entry ._kind_version .version }
436+ )
432437
433438 return (envelope ._inner .payload_type , envelope ._inner .payload )
434439
@@ -473,13 +478,19 @@ def verify_artifact(
473478 # (8): verify the consistency of the log entry's body against
474479 # the other bundle materials (and input being verified).
475480 entry = bundle .log_entry
476- if (
477- entry ._kind_version .kind == "hashedrekord"
478- and entry ._kind_version .version == "0.0.2"
479- ):
481+ if entry ._kind_version .kind != "hashedrekord" :
482+ raise VerificationError (
483+ f"Expected entry type hashedrekord, got { entry ._kind_version .kind }
484+ )
485+
486+ if entry ._kind_version .version == "0.0.2" :
480487 _validate_hashedrekord_v002_entry_body (bundle )
481- else :
488+ elif entry . _kind_version . version == "0.0.1" :
482489 _validate_hashedrekord_v001_entry_body (bundle , hashed_input )
490+ else :
491+ raise VerificationError (
492+ f"Unsupported hashedrekord version { entry ._kind_version .version }
493+ )
483494
484495
485496def _validate_dsse_v001_entry_body (bundle : Bundle ) -> None :
0 commit comments