github.com/nf/docker@v1.8.1/trust/service.go

github.com/nf/docker@v1.8.1/trust/service.go (about)

     1  package trust
     2  
     3  import (
     4  	"fmt"
     5  	"time"
     6  
     7  	"github.com/Sirupsen/logrus"
     8  	"github.com/docker/libtrust"
     9  )
    10  
    11  type NotVerifiedError string
    12  
    13  func (e NotVerifiedError) Error() string {
    14  	return string(e)
    15  }
    16  
    17  func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
    18  	if len(key) == 0 {
    19  		return false, fmt.Errorf("Missing PublicKey")
    20  	}
    21  	pk, err := libtrust.UnmarshalPublicKeyJWK(key)
    22  	if err != nil {
    23  		return false, fmt.Errorf("Error unmarshalling public key: %v", err)
    24  	}
    25  
    26  	if perm == 0 {
    27  		perm = 0x03
    28  	}
    29  
    30  	t.RLock()
    31  	defer t.RUnlock()
    32  	if t.graph == nil {
    33  		return false, NotVerifiedError("no graph")
    34  	}
    35  
    36  	// Check if any expired grants
    37  	verified, err := t.graph.Verify(pk, ns, perm)
    38  	if err != nil {
    39  		return false, fmt.Errorf("Error verifying key to namespace: %s", ns)
    40  	}
    41  	if !verified {
    42  		logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID())
    43  		return false, NotVerifiedError("not verified")
    44  	}
    45  	if t.expiration.Before(time.Now()) {
    46  		return false, NotVerifiedError("expired")
    47  	}
    48  	return true, nil
    49  }
    50  
    51  func (t *TrustStore) UpdateBase() {
    52  	t.fetch()
    53  }