1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
|
package selfupdate
import (
"errors"
"io"
"net/http"
"github.com/aead/minisign"
)
type Verifier struct {
publicKey minisign.PublicKey
signature minisign.Signature
}
func (v *Verifier) LoadFromURL(signatureURL string, passphrase string, transport http.RoundTripper) error {
var publicKey minisign.PublicKey
if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil {
return err
}
client := &http.Client{Transport: transport}
req, err := http.NewRequest(http.MethodGet, signatureURL, nil)
if err != nil {
return err
}
resp, err := client.Do(req)
if err != nil {
return err
}
defer resp.Body.Close()
if resp.StatusCode != http.StatusOK {
return errors.New(resp.Status)
}
const MaxSize = 1 << 20
b, err := io.ReadAll(io.LimitReader(resp.Body, MaxSize))
if err != nil {
return err
}
var signature minisign.Signature
if err = signature.UnmarshalText(b); err != nil {
return err
}
v.publicKey, v.signature = publicKey, signature
return nil
}
func (v *Verifier) LoadFromFile(signaturePath string, passphrase string) error {
var publicKey minisign.PublicKey
if err := publicKey.UnmarshalText([]byte(passphrase)); err != nil {
return err
}
signature, err := minisign.SignatureFromFile(signaturePath)
if err != nil {
return err
}
v.publicKey, v.signature = publicKey, signature
return nil
}
func NewVerifier() *Verifier {
return &Verifier{}
}
func (v *Verifier) Verify(bin []byte) error {
signature, err := v.signature.MarshalText()
if err != nil {
return err
}
if !minisign.Verify(v.publicKey, bin, signature) {
return errors.New("selfupdate: signature verification failed")
}
return nil
}
|
