From 1ecb988046028e75891e039a2b1d90974b15310f Mon Sep 17 00:00:00 2001
From: Sunny <me@darkowlzz.space>
Date: Wed, 22 Nov 2017 23:51:54 +0530
Subject: plumbing: object, add Commit.Verify method

Commit.Verify() performs PGP verification of a signed commit given an
armored keyring.
---
 plumbing/object/commit.go | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/plumbing/object/commit.go b/plumbing/object/commit.go
index b2f1f15..e54eb7d 100644
--- a/plumbing/object/commit.go
+++ b/plumbing/object/commit.go
@@ -8,6 +8,8 @@ import (
 	"io"
 	"strings"
 
+	"golang.org/x/crypto/openpgp"
+
 	"gopkg.in/src-d/go-git.v4/plumbing"
 	"gopkg.in/src-d/go-git.v4/plumbing/storer"
 	"gopkg.in/src-d/go-git.v4/utils/ioutil"
@@ -311,6 +313,34 @@ func (c *Commit) String() string {
 	)
 }
 
+// Verify performs PGP verification of the commit with a provided armored
+// keyring and returns openpgp.Entity associated with verifying key on success.
+func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) {
+	keyRingReader := strings.NewReader(armoredKeyRing)
+	keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader)
+	if err != nil {
+		return nil, err
+	}
+
+	// Extract signature.
+	signature := strings.NewReader(c.PGPSignature)
+
+	// Remove signature. Keep only the commit components.
+	c.PGPSignature = ""
+
+	// Encode commit and get a reader object.
+	encoded := &plumbing.MemoryObject{}
+	if err := c.Encode(encoded); err != nil {
+		return nil, err
+	}
+	er, err := encoded.Reader()
+	if err != nil {
+		return nil, err
+	}
+
+	return openpgp.CheckArmoredDetachedSignature(keyring, er, signature)
+}
+
 func indent(t string) string {
 	var output []string
 	for _, line := range strings.Split(t, "\n") {
-- 
cgit