github.com/lusis/distribution@v2.0.1+incompatible/manifest/verify.go (about)

     1  package manifest
     2  
     3  import (
     4  	"crypto/x509"
     5  
     6  	"github.com/Sirupsen/logrus"
     7  	"github.com/docker/libtrust"
     8  )
     9  
    10  // Verify verifies the signature of the signed manifest returning the public
    11  // keys used during signing.
    12  func Verify(sm *SignedManifest) ([]libtrust.PublicKey, error) {
    13  	js, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
    14  	if err != nil {
    15  		logrus.WithField("err", err).Debugf("(*SignedManifest).Verify")
    16  		return nil, err
    17  	}
    18  
    19  	return js.Verify()
    20  }
    21  
    22  // VerifyChains verifies the signature of the signed manifest against the
    23  // certificate pool returning the list of verified chains. Signatures without
    24  // an x509 chain are not checked.
    25  func VerifyChains(sm *SignedManifest, ca *x509.CertPool) ([][]*x509.Certificate, error) {
    26  	js, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
    27  	if err != nil {
    28  		return nil, err
    29  	}
    30  
    31  	return js.VerifyChains(ca)
    32  }