func ValidateSignature()

in pkg/signature/manifest.go [149:178]

• 27 lines of code
• 7 McCabe index (conditional complexity)

func ValidateSignature(manifest Manifest, domain Domain) (valid bool, digest [32]byte, yml []byte, err error) {
	metaSig, _, err := GetMetadataInformation(manifest, domain)
	if err != nil {
		return false, [32]byte{}, yml, err
	}
	if metaSig == "" {
		return false, [32]byte{}, yml, errors.New("Missing signature")
	}

	digest, yml, err = GetDigest(manifest, domain)
	if err != nil {
		return false, [32]byte{}, yml, err
	}

	sig, err := base64.StdEncoding.DecodeString(metaSig)
	if err != nil {
		return false, digest, yml, errors.New("signature in metadata isn't base64 encoded")
	}
	pubdecoded, err := base64.StdEncoding.DecodeString(domain.Pubkey)
	if err != nil {
		return false, digest, yml, errors.New("unable to decode the public key (not base 64)")
	}
	pubparsed, err := x509.ParsePKIXPublicKey(pubdecoded)
	if err != nil {
		return false, digest, yml, errors.New("unable parse the public key (not PKIX)")
	}
	pubkey := pubparsed.(*ecdsa.PublicKey)

	return ecdsa.VerifyASN1(pubkey, digest[:], sig), digest, yml, nil
}