github.com/kisexp/xdchain@v0.0.0-20211206025815-490d6b732aa7/plugin/local_verifier.go (about) 1 package plugin 2 3 import ( 4 "fmt" 5 "io/ioutil" 6 "os" 7 "path" 8 ) 9 10 // For Cloudsmith, this references to the latest GPG key 11 // being setup in the repo 12 const DefaultPublicKeyFile = "gpg.key" 13 14 // Local Implementation of plugin.Verifier 15 type LocalVerifier struct { 16 PublicKeyPath string // where to obtain PGP public key 17 SignatureBaseDir string // where to obtain plugin signature file 18 } 19 20 // Build a new LocalVerifier 21 func NewLocalVerifier(publicKeyPath string, pluginSignatureBaseDir string) (*LocalVerifier, error) { 22 if _, err := os.Stat(publicKeyPath); os.IsNotExist(err) { 23 return nil, err 24 } 25 stat, err := os.Stat(pluginSignatureBaseDir) 26 if os.IsNotExist(err) { 27 return nil, err 28 } 29 if !stat.Mode().IsDir() { 30 return nil, fmt.Errorf("pluginSignatureBaseDir is not a directory") 31 } 32 verifier := &LocalVerifier{ 33 PublicKeyPath: publicKeyPath, 34 SignatureBaseDir: pluginSignatureBaseDir, 35 } 36 return verifier, nil 37 } 38 39 // Verify a plugin giving its name from Central 40 func (v *LocalVerifier) VerifySignature(definition *PluginDefinition, checksum string) error { 41 pluginSigPath := path.Join(v.SignatureBaseDir, definition.SignatureFileName()) 42 if _, err := os.Stat(pluginSigPath); os.IsNotExist(err) { 43 return err 44 } 45 pubkey, err := ioutil.ReadFile(v.PublicKeyPath) 46 if err != nil { 47 return err 48 } 49 sig, err := ioutil.ReadFile(pluginSigPath) 50 if err != nil { 51 return err 52 } 53 return verify(sig, pubkey, checksum) 54 }