Skip to content

Commit

Permalink
Move verification logic to function, use single "signatures" key
Browse files Browse the repository at this point in the history
  • Loading branch information
@dmcgowan
dmcgowan committed Sep 8, 2014
1 parent 9553257 commit a9007c9
Show file tree
Hide file tree
Showing 2 changed files with 27 additions and 12 deletions.
2 changes: 1 addition & 1 deletion api/client/commands.go
View file
Expand Up @@ -1169,7 +1169,7 @@ func (cli *DockerCli) CmdPush(args ...string) error {
return err
}

signedBody, err := js.PrettySignature("buildSignatures")
signedBody, err := js.PrettySignature("signatures")
if err != nil {
return err
}
Expand Down
37 changes: 26 additions & 11 deletions graph/pull.go
View file
Expand Up @@ -18,6 +18,30 @@ import (
"github.com/docker/libtrust"
)

func (s *TagStore) verifyManifest(manifestBytes []byte) (*registry.ManifestData, error) {
sig, err := libtrust.ParsePrettySignature(manifestBytes, "signatures")
if err != nil {
return nil, fmt.Errorf("error parsing payload: %s", err)
}
_, err = sig.Verify()
if err != nil {
return nil, fmt.Errorf("error verifying payload: %s", err)
}

payload, err := sig.Payload()
if err != nil {
return nil, fmt.Errorf("error retrieving payload: %s", err)
}

var manifest registry.ManifestData
err = json.Unmarshal(payload, &manifest)
if err != nil {
return nil, fmt.Errorf("error unmarshalling manifest: %s", err)
}

return &manifest, nil
}

func (s *TagStore) CmdPull(job *engine.Job) engine.Status {
if n := len(job.Args); n != 1 && n != 2 {
return job.Errorf("Usage: %s IMAGE [TAG]", job.Name)
Expand Down Expand Up @@ -85,21 +109,12 @@ func (s *TagStore) CmdPull(job *engine.Job) engine.Status {
if err != nil {
return job.Error(err)
}
var manifest registry.ManifestData

sig, err := libtrust.ParsePrettySignature(manifestBytes, "buildSignatures")
manifest, err := s.verifyManifest(manifestBytes)
if err != nil {
return job.Errorf("error parsing signature: %s", err)
}
_, err = sig.Verify()
if err != nil {
return job.Errorf("error verifying signature: %s", err)
return job.Errorf("error verifying manifest: %s", err)
}

err = json.Unmarshal(manifestBytes, &manifest)
if err != nil {
return job.Errorf("error unmarshalling manifest: %s", err)
}
if len(manifest.BlobSums) != len(manifest.History) {
return job.Errorf("length of history not equal to number of layers")
}
Expand Down

0 comments on commit a9007c9

Please sign in to comment.