Add payload and signatures method to SignedManifest

To provide easier access to digestible content, the paylaod has been made
accessible on the signed manifest type. This hides the specifics of the
interaction with libtrust with the caveat that signatures may be parsed twice.

We'll have to have a future look at the interface for manifest as we may be
making problematic architectural decisions. We'll visit this after the initial
release.

Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
Stephen J Day 2015-01-28 14:54:09 -08:00
parent af7eb42793
commit 14fb80d6c3
3 changed files with 33 additions and 7 deletions

View File

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"github.com/docker/distribution/digest" "github.com/docker/distribution/digest"
"github.com/docker/libtrust"
) )
// Versioned provides a struct with just the manifest schemaVersion. Incoming // Versioned provides a struct with just the manifest schemaVersion. Incoming
@ -62,6 +63,31 @@ func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
return nil return nil
} }
// Payload returns the raw, signed content of the signed manifest. The
// contents can be used to calculate the content identifier.
func (sm *SignedManifest) Payload() ([]byte, error) {
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
if err != nil {
return nil, err
}
// Resolve the payload in the manifest.
return jsig.Payload()
}
// Signatures returns the signatures as provided by
// (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws
// signatures.
func (sm *SignedManifest) Signatures() ([][]byte, error) {
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
if err != nil {
return nil, err
}
// Resolve the payload in the manifest.
return jsig.Signatures()
}
// MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner // MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner
// contents. Applications requiring a marshaled signed manifest should simply // contents. Applications requiring a marshaled signed manifest should simply
// use Raw directly, since the the content produced by json.Marshal will be // use Raw directly, since the the content produced by json.Marshal will be

View File

@ -94,6 +94,11 @@ func (ms *manifestStore) Get(tag string) (*manifest.SignedManifest, error) {
} }
func (ms *manifestStore) Put(tag string, manifest *manifest.SignedManifest) error { func (ms *manifestStore) Put(tag string, manifest *manifest.SignedManifest) error {
// TODO(stevvooe): Add check here to see if the revision is already
// present in the repository. If it is, we should merge the signatures, do
// a shallow verify (or a full one, doesn't matter) and return an error
// indicating what happened.
// Verify the manifest. // Verify the manifest.
if err := ms.verifyManifest(tag, manifest); err != nil { if err := ms.verifyManifest(tag, manifest); err != nil {
return err return err

View File

@ -79,13 +79,8 @@ func (rs *revisionStore) get(revision digest.Digest) (*manifest.SignedManifest,
// put stores the manifest in the repository, if not already present. Any // put stores the manifest in the repository, if not already present. Any
// updated signatures will be stored, as well. // updated signatures will be stored, as well.
func (rs *revisionStore) put(sm *manifest.SignedManifest) (digest.Digest, error) { func (rs *revisionStore) put(sm *manifest.SignedManifest) (digest.Digest, error) {
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
if err != nil {
return "", err
}
// Resolve the payload in the manifest. // Resolve the payload in the manifest.
payload, err := jsig.Payload() payload, err := sm.Payload()
if err != nil { if err != nil {
return "", err return "", err
} }
@ -103,7 +98,7 @@ func (rs *revisionStore) put(sm *manifest.SignedManifest) (digest.Digest, error)
} }
// Grab each json signature and store them. // Grab each json signature and store them.
signatures, err := jsig.Signatures() signatures, err := sm.Signatures()
if err != nil { if err != nil {
return "", err return "", err
} }