in server/signedcontainer/verify.go [41:84]
func Verify(imageDigest string, signatures []*ImageSignature) (*VerifyResult, error) {
numSignatures := len(signatures)
if numSignatures == 0 {
return &VerifyResult{}, nil
} else if numSignatures > maxSignatureCount {
return &VerifyResult{}, fmt.Errorf("got %v signatures, should be less than the limit %d", numSignatures, maxSignatureCount)
}
validSigs := make([]*VerifiedSignature, numSignatures)
validationErrs := make([]error, numSignatures)
// Perform signature verification.
var wg sync.WaitGroup
for i, sig := range signatures {
wg.Add(1)
go func(index int, s *ImageSignature) {
defer wg.Done()
verified, err := verifySignature(imageDigest, s)
if err != nil {
validationErrs[index] = err
} else {
validSigs[index] = verified
}
}(i, sig)
}
wg.Wait()
var sigs []*VerifiedSignature
for _, sig := range validSigs {
if sig != nil {
sigs = append(sigs, sig)
}
}
var errs []error
for _, err := range validationErrs {
if err != nil {
errs = append(errs, err)
}
}
return &VerifyResult{sigs, errs}, nil
}