| 7c88e8f1 |
package trust
import (
"fmt"
"time"
|
| 6f4d8470 |
"github.com/Sirupsen/logrus" |
| 7c88e8f1 |
"github.com/docker/libtrust"
)
|
| 9e50bf62 |
type NotVerifiedError string |
| 7c88e8f1 |
|
| 9e50bf62 |
func (e NotVerifiedError) Error() string {
return string(e)
} |
| 7c88e8f1 |
|
| 9e50bf62 |
func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
if len(key) == 0 {
return false, fmt.Errorf("Missing PublicKey") |
| 7c88e8f1 |
} |
| 9e50bf62 |
pk, err := libtrust.UnmarshalPublicKeyJWK(key) |
| 7c88e8f1 |
if err != nil { |
| 9e50bf62 |
return false, fmt.Errorf("Error unmarshalling public key: %v", err) |
| 7c88e8f1 |
}
|
| 9e50bf62 |
if perm == 0 {
perm = 0x03 |
| 7c88e8f1 |
}
t.RLock()
defer t.RUnlock()
if t.graph == nil { |
| 9e50bf62 |
return false, NotVerifiedError("no graph") |
| 7c88e8f1 |
}
// Check if any expired grants |
| 9e50bf62 |
verified, err := t.graph.Verify(pk, ns, perm) |
| 7c88e8f1 |
if err != nil { |
| 9e50bf62 |
return false, fmt.Errorf("Error verifying key to namespace: %s", ns) |
| 7c88e8f1 |
}
if !verified { |
| 9e50bf62 |
logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID())
return false, NotVerifiedError("not verified") |
| 7c88e8f1 |
} |
| 9e50bf62 |
if t.expiration.Before(time.Now()) {
return false, NotVerifiedError("expired")
}
return true, nil |
| 7c88e8f1 |
}
|
| 9e50bf62 |
func (t *TrustStore) UpdateBase() { |
| 7c88e8f1 |
t.fetch()
} |