From 9c33c624bf01926627ab076005e27b9b74a029eb Mon Sep 17 00:00:00 2001
From: mshanemc <shane.mclaughlin@salesforce.com>
Date: Wed, 6 Dec 2023 17:40:30 -0600
Subject: [PATCH] refactor: shared code uses shared messages

---
 messages/verify.md                     |  2 +-
 src/shared/installationVerification.ts | 11 +++++------
 2 files changed, 6 insertions(+), 7 deletions(-)

diff --git a/messages/verify.md b/messages/verify.md
index 8c1aabf7..712efb44 100644
--- a/messages/verify.md
+++ b/messages/verify.md
@@ -22,7 +22,7 @@ The registry name. The behavior is the same as npm.
 
 # NotSigned
 
-The plugin is not digitally signed.
+The plugin isn't digitally signed.
 
 # SignatureCheckSuccess
 
diff --git a/src/shared/installationVerification.ts b/src/shared/installationVerification.ts
index f1cf0cda..bcb9ab68 100644
--- a/src/shared/installationVerification.ts
+++ b/src/shared/installationVerification.ts
@@ -446,8 +446,10 @@ export async function doInstallationCodeSigningVerification(
   plugin: { plugin: string; tag: string },
   verificationConfig: VerificationConfig
 ): Promise<void> {
+  const messages = Messages.loadMessages('@salesforce/plugin-trust', 'verify');
+
   if (await verificationConfig.verifier?.isAllowListed()) {
-    verificationConfig.log(`The plugin [${plugin.plugin}] is allow-listed, skipping digital signature verification.`);
+    verificationConfig.log(messages.getMessage('SkipSignatureCheck', [plugin.plugin]));
     return;
   }
   try {
@@ -456,13 +458,10 @@ export async function doInstallationCodeSigningVerification(
     }
     const meta = await verificationConfig.verifier.verify();
     if (!meta.verified) {
-      const err = new SfError(
-        "A digital signature is specified for this plugin but it didn't verify against the certificate.",
-        'FailedDigitalSignatureVerification'
-      );
+      const err = messages.createError('FailedDigitalSignatureVerification');
       throw setErrorName(err, 'FailedDigitalSignatureVerification');
     }
-    verificationConfig.log(`Successfully validated digital signature for ${plugin.plugin}.`);
+    verificationConfig.log(messages.getMessage('SignatureCheckSuccess', [plugin.plugin]));
   } catch (err) {
     if (err instanceof Error) {
       if (err.name === 'NotSigned' || err.message?.includes('Response code 403')) {