mirror of
https://github.com/distribution/distribution.git
synced 2025-10-24 13:21:57 +00:00
It was probably ill-advised to couple manifest signing and verification to their respective types. This changeset simply changes them from methods to functions. These might not even be in this package in the future. Signed-off-by: Stephen J Day <stephen.day@docker.com>
33 lines
877 B
Go
33 lines
877 B
Go
package manifest
|
|
|
|
import (
|
|
"crypto/x509"
|
|
|
|
"github.com/Sirupsen/logrus"
|
|
"github.com/docker/libtrust"
|
|
)
|
|
|
|
// Verify verifies the signature of the signed manifest returning the public
|
|
// keys used during signing.
|
|
func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error) {
|
|
js, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
|
|
if err != nil {
|
|
logrus.WithField("err", err).Debugf("(*SignedManifest).Verify")
|
|
return nil, err
|
|
}
|
|
|
|
return js.Verify()
|
|
}
|
|
|
|
// VerifyChains verifies the signature of the signed manifest against the
|
|
// certificate pool returning the list of verified chains. Signatures without
|
|
// an x509 chain are not checked.
|
|
func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error) {
|
|
js, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return js.VerifyChains(ca)
|
|
}
|