github.com/ld86/docker@v1.7.1-rc3/trust/service.go (about) 1 package trust 2 3 import ( 4 "fmt" 5 "time" 6 7 "github.com/Sirupsen/logrus" 8 "github.com/docker/libtrust" 9 ) 10 11 type NotVerifiedError string 12 13 func (e NotVerifiedError) Error() string { 14 return string(e) 15 } 16 17 func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) { 18 if len(key) == 0 { 19 return false, fmt.Errorf("Missing PublicKey") 20 } 21 pk, err := libtrust.UnmarshalPublicKeyJWK(key) 22 if err != nil { 23 return false, fmt.Errorf("Error unmarshalling public key: %v", err) 24 } 25 26 if perm == 0 { 27 perm = 0x03 28 } 29 30 t.RLock() 31 defer t.RUnlock() 32 if t.graph == nil { 33 return false, NotVerifiedError("no graph") 34 } 35 36 // Check if any expired grants 37 verified, err := t.graph.Verify(pk, ns, perm) 38 if err != nil { 39 return false, fmt.Errorf("Error verifying key to namespace: %s", ns) 40 } 41 if !verified { 42 logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID()) 43 return false, NotVerifiedError("not verified") 44 } 45 if t.expiration.Before(time.Now()) { 46 return false, NotVerifiedError("expired") 47 } 48 return true, nil 49 } 50 51 func (t *TrustStore) UpdateBase() { 52 t.fetch() 53 }