github.com/dougm/docker@v1.5.0/trust/service.go (about) 1 package trust 2 3 import ( 4 "fmt" 5 "time" 6 7 log "github.com/Sirupsen/logrus" 8 "github.com/docker/docker/engine" 9 "github.com/docker/libtrust" 10 ) 11 12 func (t *TrustStore) Install(eng *engine.Engine) error { 13 for name, handler := range map[string]engine.Handler{ 14 "trust_key_check": t.CmdCheckKey, 15 "trust_update_base": t.CmdUpdateBase, 16 } { 17 if err := eng.Register(name, handler); err != nil { 18 return fmt.Errorf("Could not register %q: %v", name, err) 19 } 20 } 21 return nil 22 } 23 24 func (t *TrustStore) CmdCheckKey(job *engine.Job) engine.Status { 25 if n := len(job.Args); n != 1 { 26 return job.Errorf("Usage: %s NAMESPACE", job.Name) 27 } 28 var ( 29 namespace = job.Args[0] 30 keyBytes = job.Getenv("PublicKey") 31 ) 32 33 if keyBytes == "" { 34 return job.Errorf("Missing PublicKey") 35 } 36 pk, err := libtrust.UnmarshalPublicKeyJWK([]byte(keyBytes)) 37 if err != nil { 38 return job.Errorf("Error unmarshalling public key: %s", err) 39 } 40 41 permission := uint16(job.GetenvInt("Permission")) 42 if permission == 0 { 43 permission = 0x03 44 } 45 46 t.RLock() 47 defer t.RUnlock() 48 if t.graph == nil { 49 job.Stdout.Write([]byte("no graph")) 50 return engine.StatusOK 51 } 52 53 // Check if any expired grants 54 verified, err := t.graph.Verify(pk, namespace, permission) 55 if err != nil { 56 return job.Errorf("Error verifying key to namespace: %s", namespace) 57 } 58 if !verified { 59 log.Debugf("Verification failed for %s using key %s", namespace, pk.KeyID()) 60 job.Stdout.Write([]byte("not verified")) 61 } else if t.expiration.Before(time.Now()) { 62 job.Stdout.Write([]byte("expired")) 63 } else { 64 job.Stdout.Write([]byte("verified")) 65 } 66 67 return engine.StatusOK 68 } 69 70 func (t *TrustStore) CmdUpdateBase(job *engine.Job) engine.Status { 71 t.fetch() 72 73 return engine.StatusOK 74 }