verify cose

Signed-off-by: Shiwei Zhang <[email protected]>
chloeyin · Feb 15, 2022 · e097c70 · e097c70
1 parent 4d949b9
commit e097c70
Showing 1 changed file with 33 additions and 1 deletion.
diff --git a/cmd/notation-cose/verify.go b/cmd/notation-cose/verify.go
@@ -1,9 +1,14 @@
 package main
 
 import (
+	"crypto/x509"
 	"encoding/json"
 	"errors"
+	"os"
 
+	"github.com/notaryproject/notation-go-lib"
+	"github.com/notaryproject/notation-go-lib/crypto/cryptoutil"
+	"github.com/shizhMSFT/notation-cose/pkg/cose"
 	"github.com/shizhMSFT/notation-cose/pkg/protocol"
 	"github.com/urfave/cli/v2"
 )
@@ -29,7 +34,34 @@ func runVerify(ctx *cli.Context) error {
 	}
 
 	// verify signature
+	verifier, err := getVerifier(req.KMSProfile)
+	if err != nil {
+		return err
+	}
+	desc, err := verifier.Verify(ctx.Context, req.Signature, req.VerifyOptions)
+	if err != nil {
+		return err
+	}
+	out, err := json.Marshal(desc)
+	if err != nil {
+		return err
+	}
 
 	// write response
-	return nil
+	_, err = os.Stdout.Write(out)
+	return err
+}
+
+func getVerifier(profile protocol.KMSProfileSuite) (notation.Verifier, error) {
+	bundledCerts, err := cryptoutil.ReadCertificateFile(profile.ID)
+	if err != nil {
+		return nil, err
+	}
+	roots := x509.NewCertPool()
+	for _, cert := range bundledCerts {
+		roots.AddCert(cert)
+	}
+	verifier := cose.NewVerifier()
+	verifier.VerifyOptions.Roots = roots
+	return verifier, nil
 }