package trust import ( "fmt" "time" "github.com/Sirupsen/logrus" "github.com/docker/libtrust" ) type NotVerifiedError string func (e NotVerifiedError) Error() string { return string(e) } func (t *TrustStore) CheckKey(ns string, key []byte, perm uint16) (bool, error) { if len(key) == 0 { return false, fmt.Errorf("Missing PublicKey") } pk, err := libtrust.UnmarshalPublicKeyJWK(key) if err != nil { return false, fmt.Errorf("Error unmarshalling public key: %v", err) } if perm == 0 { perm = 0x03 } t.RLock() defer t.RUnlock() if t.graph == nil { return false, NotVerifiedError("no graph") } // Check if any expired grants verified, err := t.graph.Verify(pk, ns, perm) if err != nil { return false, fmt.Errorf("Error verifying key to namespace: %s", ns) } if !verified { logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID()) return false, NotVerifiedError("not verified") } if t.expiration.Before(time.Now()) { return false, NotVerifiedError("expired") } return true, nil } func (t *TrustStore) UpdateBase() { t.fetch() }