1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
moby--moby/trust/service.go
Sevki Hasirci 5572148477 golint: trust
contributes to #14756

Signed-off-by: Sevki Hasirci <s@sevki.org>
2015-08-27 11:40:27 +02:00

58 lines
1.3 KiB
Go

package trust
import (
"fmt"
"time"
"github.com/Sirupsen/logrus"
"github.com/docker/libtrust"
)
// NotVerifiedError implements the error interface
type NotVerifiedError string
func (e NotVerifiedError) Error() string {
return string(e)
}
// CheckKey verifies that the given public key is allowed to perform
// the given action on the given node according to the trust graph.
func (t *Store) CheckKey(ns string, key []byte, perm uint16) (bool, error) {
if len(key) == 0 {
return false, fmt.Errorf("Missing PublicKey")
}
pk, err := libtrust.UnmarshalPublicKeyJWK(key)
if err != nil {
return false, fmt.Errorf("Error unmarshalling public key: %v", err)
}
if perm == 0 {
perm = 0x03
}
t.RLock()
defer t.RUnlock()
if t.graph == nil {
return false, NotVerifiedError("no graph")
}
// Check if any expired grants
verified, err := t.graph.Verify(pk, ns, perm)
if err != nil {
return false, fmt.Errorf("Error verifying key to namespace: %s", ns)
}
if !verified {
logrus.Debugf("Verification failed for %s using key %s", ns, pk.KeyID())
return false, NotVerifiedError("not verified")
}
if t.expiration.Before(time.Now()) {
return false, NotVerifiedError("expired")
}
return true, nil
}
// UpdateBase retrieves updated base graphs. This function cannot error, it
// should only log errors
func (t *Store) UpdateBase() {
t.fetch()
}