git.stella-ops.org/src/AirGap/__Libraries/StellaOps.AirGap.Bundle/Services/SnapshotBundleReader.Verify.Signature.Verify.cs

using System.Security.Cryptography;

namespace StellaOps.AirGap.Bundle.Services;

public sealed partial class SnapshotBundleReader
{
    private static async Task<SignatureVerificationResult> VerifySignatureAsync(
        byte[] manifestBytes,
        byte[] signatureEnvelopeBytes,
        AsymmetricAlgorithm? publicKey,
        CancellationToken cancellationToken)
    {
        try
        {
            var signer = new SnapshotManifestSigner();
            var result = await signer.VerifyAsync(
                    new ManifestVerificationRequest
                    {
                        EnvelopeBytes = signatureEnvelopeBytes,
                        PublicKey = publicKey
                    },
                    cancellationToken)
                .ConfigureAwait(false);

            if (!result.Success)
            {
                return new SignatureVerificationResult
                {
                    Verified = false,
                    Error = result.Error
                };
            }

            var manifestDigest = ComputeSha256(manifestBytes);
            if (result.PayloadDigest != manifestDigest)
            {
                return new SignatureVerificationResult
                {
                    Verified = false,
                    Error = "Manifest digest does not match signed payload"
                };
            }

            var keyId = result.VerifiedSignatures?.FirstOrDefault()?.KeyId;

            return new SignatureVerificationResult
            {
                Verified = publicKey is null
                    || (result.VerifiedSignatures?.Any(s => s.Verified == true) ?? false),
                KeyId = keyId
            };
        }
        catch (Exception ex)
        {
            return new SignatureVerificationResult
            {
                Verified = false,
                Error = ex.Message
            };
        }
    }
}