From 1ecb988046028e75891e039a2b1d90974b15310f Mon Sep 17 00:00:00 2001 From: Sunny Date: Wed, 22 Nov 2017 23:51:54 +0530 Subject: plumbing: object, add Commit.Verify method Commit.Verify() performs PGP verification of a signed commit given an armored keyring. --- plumbing/object/commit.go | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) (limited to 'plumbing/object/commit.go') diff --git a/plumbing/object/commit.go b/plumbing/object/commit.go index b2f1f15..e54eb7d 100644 --- a/plumbing/object/commit.go +++ b/plumbing/object/commit.go @@ -8,6 +8,8 @@ import ( "io" "strings" + "golang.org/x/crypto/openpgp" + "gopkg.in/src-d/go-git.v4/plumbing" "gopkg.in/src-d/go-git.v4/plumbing/storer" "gopkg.in/src-d/go-git.v4/utils/ioutil" @@ -311,6 +313,34 @@ func (c *Commit) String() string { ) } +// Verify performs PGP verification of the commit with a provided armored +// keyring and returns openpgp.Entity associated with verifying key on success. +func (c *Commit) Verify(armoredKeyRing string) (*openpgp.Entity, error) { + keyRingReader := strings.NewReader(armoredKeyRing) + keyring, err := openpgp.ReadArmoredKeyRing(keyRingReader) + if err != nil { + return nil, err + } + + // Extract signature. + signature := strings.NewReader(c.PGPSignature) + + // Remove signature. Keep only the commit components. + c.PGPSignature = "" + + // Encode commit and get a reader object. + encoded := &plumbing.MemoryObject{} + if err := c.Encode(encoded); err != nil { + return nil, err + } + er, err := encoded.Reader() + if err != nil { + return nil, err + } + + return openpgp.CheckArmoredDetachedSignature(keyring, er, signature) +} + func indent(t string) string { var output []string for _, line := range strings.Split(t, "\n") { -- cgit