68 lines
2.0 KiB
C#
68 lines
2.0 KiB
C#
namespace StellaOps.AirGap.Bundle.Services;
|
|
|
|
public sealed partial class SnapshotBundleReader
|
|
{
|
|
private async Task<SnapshotBundleReadResult> ApplySignatureVerificationAsync(
|
|
SnapshotBundleReadRequest request,
|
|
string tempDir,
|
|
ManifestReadResult manifestResult,
|
|
SnapshotBundleReadResult result,
|
|
CancellationToken cancellationToken)
|
|
{
|
|
if (!request.VerifySignature)
|
|
{
|
|
return result;
|
|
}
|
|
|
|
var signaturePath = Path.Combine(tempDir, "manifest.sig");
|
|
if (!File.Exists(signaturePath))
|
|
{
|
|
if (request.RequireValidSignature)
|
|
{
|
|
return result with
|
|
{
|
|
Success = false,
|
|
Error = "Signature file not found but signature is required"
|
|
};
|
|
}
|
|
|
|
return result;
|
|
}
|
|
|
|
if (manifestResult.ManifestBytes is null)
|
|
{
|
|
return result with
|
|
{
|
|
Success = false,
|
|
Error = "Manifest payload missing for signature verification"
|
|
};
|
|
}
|
|
|
|
var signatureBytes = await File.ReadAllBytesAsync(signaturePath, cancellationToken).ConfigureAwait(false);
|
|
var signatureResult = await VerifySignatureAsync(
|
|
manifestResult.ManifestBytes,
|
|
signatureBytes,
|
|
request.PublicKey,
|
|
cancellationToken)
|
|
.ConfigureAwait(false);
|
|
|
|
result = result with
|
|
{
|
|
SignatureVerified = signatureResult.Verified,
|
|
SignatureKeyId = signatureResult.KeyId,
|
|
SignatureError = signatureResult.Error
|
|
};
|
|
|
|
if (!signatureResult.Verified && request.RequireValidSignature)
|
|
{
|
|
return result with
|
|
{
|
|
Success = false,
|
|
Error = $"Signature verification failed: {signatureResult.Error}"
|
|
};
|
|
}
|
|
|
|
return result;
|
|
}
|
|
}
|