plumbing: object, add Commit.Verify method

Commit.Verify() performs PGP verification of a signed commit given an
armored keyring.

1 files changed, 30 insertions, 0 deletions

diff --git a/plumbing/object/commit.go b/plumbing/object/commit.go
index b2f1f15..e54eb7d 100644
--- a/plumbing/object/commit.go
+++ b/plumbing/object/commit.go
@@ -8,6 +8,8 @@ import (
 	"io"
 	"strings"
 
+	"golang.org/x/crypto/openpgp"
+
 	"gopkg.in/src-d/go-git.v4/plumbing"
 	"gopkg.in/src-d/go-git.v4/plumbing/storer"
 	"gopkg.in/src-d/go-git.v4/utils/ioutil"
@@ -311,6 +313,34 @@ func (c *Commit) String() string {
 	)
 }
 
+// Verify performs PGP verification of the commit with a provided armored
+// keyring and returns openpgp.Entity associated with verifying key on success.
+func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
+	keyRingReader := strings.NewReader(armoredKeyRing)
+	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
+	if err != nil {
+		return nil, err
+	}
+
+	// Extract signature.
+	signature := strings.NewReader(c.PGPSignature)
+
+	// Remove signature. Keep only the commit components.
+	c.PGPSignature = ""
+
+	// Encode commit and get a reader object.
+	encoded := &plumbing.MemoryObject{}
+	if err := c.Encode(encoded); err != nil {
+		return nil, err
+	}
+	er, err := encoded.Reader()
+	if err != nil {
+		return nil, err
+	}
+
+	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature)
+}
+
 func indent(t string) string {
 	var output []string
 	for _, line := range strings.Split(t, "\n") {