58 lines
1.8 KiB
C#
58 lines
1.8 KiB
C#
using System.Text.Json;
|
|
|
|
namespace StellaOps.AirGap.Bundle.Services;
|
|
|
|
public sealed partial class SnapshotManifestSigner
|
|
{
|
|
/// <summary>
|
|
/// Verifies a DSSE envelope signature.
|
|
/// </summary>
|
|
public async Task<ManifestVerificationResult> VerifyAsync(
|
|
ManifestVerificationRequest request,
|
|
CancellationToken cancellationToken = default)
|
|
{
|
|
ArgumentNullException.ThrowIfNull(request);
|
|
ArgumentNullException.ThrowIfNull(request.EnvelopeBytes);
|
|
|
|
try
|
|
{
|
|
using var envelope = JsonDocument.Parse(request.EnvelopeBytes);
|
|
var root = envelope.RootElement;
|
|
|
|
if (!TryReadEnvelope(root, out var parts, out var error))
|
|
{
|
|
return new ManifestVerificationResult
|
|
{
|
|
Success = false,
|
|
Error = error
|
|
};
|
|
}
|
|
|
|
var payloadDigest = ComputeSha256(parts.PayloadBytes);
|
|
var verifiedSignatures = await VerifySignaturesAsync(
|
|
parts.SignaturesElement,
|
|
request.PublicKey,
|
|
parts.PaeBytes,
|
|
cancellationToken)
|
|
.ConfigureAwait(false);
|
|
|
|
return new ManifestVerificationResult
|
|
{
|
|
Success = true,
|
|
PayloadDigest = payloadDigest,
|
|
SignatureCount = parts.SignatureCount,
|
|
VerifiedSignatures = verifiedSignatures,
|
|
PayloadType = parts.PayloadType
|
|
};
|
|
}
|
|
catch (JsonException ex)
|
|
{
|
|
return new ManifestVerificationResult
|
|
{
|
|
Success = false,
|
|
Error = $"Failed to parse envelope: {ex.Message}"
|
|
};
|
|
}
|
|
}
|
|
}
|