in net/JetBrains.DownloadPgpVerifier/src/PgpSignaturesVerifier.cs [17:78]
public static bool Verify(
Stream masterPublicKeyStream,
Stream publicKeysStream,
Stream signaturesStream,
Stream dataStream,
ILogger logger)
{
if (dataStream == null) throw new ArgumentNullException(nameof(dataStream));
if (logger == null) throw new ArgumentNullException(nameof(logger));
var pos = dataStream.CanSeek ? dataStream.Position : throw new ArgumentException("The data stream must be seek-able", nameof(dataStream));
logger.Info("Verify");
var masterPublicKey = GetTrustedMasterPublicKey(masterPublicKeyStream);
var publicKeyRingBundle = GetUntrustedPublicKeyRingBundle(publicKeysStream);
var buffer = new byte[16 * 1024];
foreach (var signature in GetSignatures(signaturesStream))
if (signature.SignatureType is PgpSignature.BinaryDocument)
{
void LogWarning(string str) => logger.Warning($"The signature SignKeyID={signature.KeyId:X16} was skipped: {str}");
if (!CheckSignatureFormat(signature, LogWarning))
continue;
var publicKey = publicKeyRingBundle.GetPublicKey(signature.KeyId);
if (publicKey == null)
{
LogWarning("No public key for signature");
continue;
}
if (!CheckPublicKeyFormat(publicKey, LogWarning))
continue;
if (!IsSubKeyForSigning(masterPublicKey, publicKey, LogWarning))
continue;
if (!IsSubKeyRevoked(masterPublicKey, publicKey, signature, LogWarning))
continue;
signature.InitVerify(publicKey);
dataStream.Position = pos;
while (true)
{
var received = dataStream.Read(buffer, 0, buffer.Length);
if (received == 0)
break;
signature.Update(buffer, 0, received);
}
if (!signature.Verify())
{
LogWarning("Invalid signature verification.");
continue;
}
logger.Info($"Success for SignKeyID={signature.KeyId:X16}");
return true;
}
logger.Error("Failed to verify signature");
return false;
}