forked from mouuff/go-rocket-update
/
verify.go
68 lines (58 loc) · 1.71 KB
/
verify.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
package main
import (
"errors"
"flag"
"fmt"
"io/ioutil"
"log"
"path/filepath"
"strings"
"github.com/mouuff/go-rocket-update/internal/constant"
"github.com/mouuff/go-rocket-update/internal/crypto"
)
// Verify describes the verify subcommand
// this command is used to verify if all files are signed within a folder
type Verify struct {
flagSet *flag.FlagSet
path string
publicKey string
}
// Name gets the name of the command
func (cmd *Verify) Name() string {
return "verify"
}
// Init initializes the command
func (cmd *Verify) Init(args []string) error {
cmd.flagSet = flag.NewFlagSet(cmd.Name(), flag.ExitOnError)
cmd.flagSet.StringVar(&cmd.path, "path", "", "path to the package directory to verify (required)")
cmd.flagSet.StringVar(&cmd.publicKey, "publicKey", "", "path to the public key (required)")
return cmd.flagSet.Parse(args)
}
// Run runs the command
func (cmd *Verify) Run() error {
log.Println("Reading public key...")
pubkeyBytes, err := ioutil.ReadFile(cmd.publicKey)
if err != nil {
return err
}
publicKey, err := crypto.ParsePemPublicKey(pubkeyBytes)
if err != nil {
return err
}
signaturesPath := filepath.Join(cmd.path, constant.SignatureRelPath)
log.Println("Reading " + signaturesPath + " ...")
signatures, err := crypto.LoadSignaturesFromJSON(signaturesPath)
if err != nil {
return err
}
unverifiedFiles, err := signatures.VerifyFolder(publicKey, cmd.path)
if err != nil {
return err
}
if len(unverifiedFiles) <= 1 {
// <= 1 because it is normal to have one unverified file because signatures file isnt verified
fmt.Println("All files verified!")
return nil
}
return errors.New("Some files could not be verified:\n" + strings.Join(unverifiedFiles, "\n"))
}