Add payload and signatures method to SignedManifest
To provide easier access to digestible content, the paylaod has been made accessible on the signed manifest type. This hides the specifics of the interaction with libtrust with the caveat that signatures may be parsed twice. We'll have to have a future look at the interface for manifest as we may be making problematic architectural decisions. We'll visit this after the initial release. Signed-off-by: Stephen J Day <stephen.day@docker.com>
This commit is contained in:
parent
af7eb42793
commit
14fb80d6c3
3 changed files with 33 additions and 7 deletions
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
|
||||
"github.com/docker/distribution/digest"
|
||||
"github.com/docker/libtrust"
|
||||
)
|
||||
|
||||
// Versioned provides a struct with just the manifest schemaVersion. Incoming
|
||||
|
@ -62,6 +63,31 @@ func (sm *SignedManifest) UnmarshalJSON(b []byte) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// Payload returns the raw, signed content of the signed manifest. The
|
||||
// contents can be used to calculate the content identifier.
|
||||
func (sm *SignedManifest) Payload() ([]byte, error) {
|
||||
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Resolve the payload in the manifest.
|
||||
return jsig.Payload()
|
||||
}
|
||||
|
||||
// Signatures returns the signatures as provided by
|
||||
// (*libtrust.JSONSignature).Signatures. The byte slices are opaque jws
|
||||
// signatures.
|
||||
func (sm *SignedManifest) Signatures() ([][]byte, error) {
|
||||
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
// Resolve the payload in the manifest.
|
||||
return jsig.Signatures()
|
||||
}
|
||||
|
||||
// MarshalJSON returns the contents of raw. If Raw is nil, marshals the inner
|
||||
// contents. Applications requiring a marshaled signed manifest should simply
|
||||
// use Raw directly, since the the content produced by json.Marshal will be
|
||||
|
|
|
@ -94,6 +94,11 @@ func (ms *manifestStore) Get(tag string) (*manifest.SignedManifest, error) {
|
|||
}
|
||||
|
||||
func (ms *manifestStore) Put(tag string, manifest *manifest.SignedManifest) error {
|
||||
// TODO(stevvooe): Add check here to see if the revision is already
|
||||
// present in the repository. If it is, we should merge the signatures, do
|
||||
// a shallow verify (or a full one, doesn't matter) and return an error
|
||||
// indicating what happened.
|
||||
|
||||
// Verify the manifest.
|
||||
if err := ms.verifyManifest(tag, manifest); err != nil {
|
||||
return err
|
||||
|
|
|
@ -79,13 +79,8 @@ func (rs *revisionStore) get(revision digest.Digest) (*manifest.SignedManifest,
|
|||
// put stores the manifest in the repository, if not already present. Any
|
||||
// updated signatures will be stored, as well.
|
||||
func (rs *revisionStore) put(sm *manifest.SignedManifest) (digest.Digest, error) {
|
||||
jsig, err := libtrust.ParsePrettySignature(sm.Raw, "signatures")
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
||||
// Resolve the payload in the manifest.
|
||||
payload, err := jsig.Payload()
|
||||
payload, err := sm.Payload()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
@ -103,7 +98,7 @@ func (rs *revisionStore) put(sm *manifest.SignedManifest) (digest.Digest, error)
|
|||
}
|
||||
|
||||
// Grab each json signature and store them.
|
||||
signatures, err := jsig.Signatures()
|
||||
signatures, err := sm.Signatures()
|
||||
if err != nil {
|
||||
return "", err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue