github.com/baptiste-b-pegasys/quorum/v22@v22.4.2/plugin/local_verifier.go

github.com/baptiste-b-pegasys/quorum/v22@v22.4.2/plugin/local_verifier.go (about)

     1  package plugin
     2  
     3  import (
     4  	"fmt"
     5  	"io/ioutil"
     6  	"os"
     7  	"path"
     8  )
     9  
    10  // For Cloudsmith, this references to the latest GPG key
    11  // being setup in the repo
    12  const DefaultPublicKeyFile = "gpg.key"
    13  
    14  // Local Implementation of plugin.Verifier
    15  type LocalVerifier struct {
    16  	PublicKeyPath    string // where to obtain PGP public key
    17  	SignatureBaseDir string // where to obtain plugin signature file
    18  }
    19  
    20  // Build a new LocalVerifier
    21  func NewLocalVerifier(publicKeyPath string, pluginSignatureBaseDir string) (*LocalVerifier, error) {
    22  	if _, err := os.Stat(publicKeyPath); os.IsNotExist(err) {
    23  		return nil, err
    24  	}
    25  	stat, err := os.Stat(pluginSignatureBaseDir)
    26  	if os.IsNotExist(err) {
    27  		return nil, err
    28  	}
    29  	if !stat.Mode().IsDir() {
    30  		return nil, fmt.Errorf("pluginSignatureBaseDir is not a directory")
    31  	}
    32  	verifier := &LocalVerifier{
    33  		PublicKeyPath:    publicKeyPath,
    34  		SignatureBaseDir: pluginSignatureBaseDir,
    35  	}
    36  	return verifier, nil
    37  }
    38  
    39  // Verify a plugin giving its name from Central
    40  func (v *LocalVerifier) VerifySignature(definition *PluginDefinition, checksum string) error {
    41  	pluginSigPath := path.Join(v.SignatureBaseDir, definition.SignatureFileName())
    42  	if _, err := os.Stat(pluginSigPath); os.IsNotExist(err) {
    43  		return err
    44  	}
    45  	pubkey, err := ioutil.ReadFile(v.PublicKeyPath)
    46  	if err != nil {
    47  		return err
    48  	}
    49  	sig, err := ioutil.ReadFile(pluginSigPath)
    50  	if err != nil {
    51  		return err
    52  	}
    53  	return verify(sig, pubkey, checksum)
    54  }