github.com/hailaz/selfupdate@v0.0.0-20231214083445-ff94a6158680/minisign.go (about) 1 package selfupdate 2 3 import ( 4 "errors" 5 "io" 6 "net/http" 7 8 "aead.dev/minisign" 9 ) 10 11 type Verifier struct { 12 publicKey minisign.PublicKey 13 signature minisign.Signature 14 } 15 16 func (v *Verifier) LoadFromURL(signatureURL string, passphrase string, transport http.RoundTripper) error { 17 var publicKey minisign.PublicKey 18 if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil { 19 return err 20 } 21 22 client := &http.Client{Transport: transport} 23 req, err := http.NewRequest(http.MethodGet, signatureURL, nil) 24 if err != nil { 25 return err 26 } 27 resp, err := client.Do(req) 28 if err != nil { 29 return err 30 } 31 defer resp.Body.Close() 32 if resp.StatusCode != http.StatusOK { 33 return errors.New(resp.Status) 34 } 35 36 const MaxSize = 1 << 20 37 b, err := io.ReadAll(io.LimitReader(resp.Body, MaxSize)) 38 if err != nil { 39 return err 40 } 41 var signature minisign.Signature 42 if err = signature.UnmarshalText(b); err != nil { 43 return err 44 } 45 v.publicKey, v.signature = publicKey, signature 46 return nil 47 } 48 49 func (v *Verifier) LoadFromFile(signaturePath string, passphrase string) error { 50 var publicKey minisign.PublicKey 51 if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil { 52 return err 53 } 54 signature, err := minisign.SignatureFromFile(signaturePath) 55 if err != nil { 56 return err 57 } 58 v.publicKey, v.signature = publicKey, signature 59 return nil 60 } 61 62 func NewVerifier() *Verifier { 63 return &Verifier{} 64 } 65 66 func (v *Verifier) Verify(bin []byte) error { 67 signature, err := v.signature.MarshalText() 68 if err != nil { 69 return err 70 } 71 if !minisign.Verify(v.publicKey, bin, signature) { 72 return errors.New("selfupdate: signature verification failed") 73 } 74 return nil 75 }