2015-08-21 06:24:30 +02:00
|
|
|
package schema1
|
2015-01-03 00:46:47 +01:00
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/x509"
|
|
|
|
|
|
|
|
"github.com/docker/libtrust"
|
2017-06-23 21:45:04 +02:00
|
|
|
"github.com/sirupsen/logrus"
|
2015-01-03 00:46:47 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
// Verify verifies the signature of the signed manifest returning the public
|
|
|
|
// keys used during signing.
|
|
|
|
func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error) {
|
2015-08-21 06:50:15 +02:00
|
|
|
js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
|
2015-01-03 00:46:47 +01:00
|
|
|
if err != nil {
|
|
|
|
logrus.WithField("err", err).Debugf("(*SignedManifest).Verify")
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return js.Verify()
|
|
|
|
}
|
|
|
|
|
|
|
|
// VerifyChains verifies the signature of the signed manifest against the
|
|
|
|
// certificate pool returning the list of verified chains. Signatures without
|
|
|
|
// an x509 chain are not checked.
|
|
|
|
func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error) {
|
2015-08-21 06:50:15 +02:00
|
|
|
js, err := libtrust.ParsePrettySignature(sm.all, "signatures")
|
2015-01-03 00:46:47 +01:00
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
|
|
|
return js.VerifyChains(ca)
|
|
|
|
}
|