func()

in pkg/controller/common/license/verifier.go [45:103]

• 55 lines of code
• 13 McCabe index (conditional complexity)

func (v *Verifier) ValidSignature(l EnterpriseLicense) error {
	allParts := make([]byte, base64.StdEncoding.DecodedLen(len(l.License.Signature)))
	_, err := base64.StdEncoding.Decode(allParts, []byte(l.License.Signature))
	if err != nil {
		return errors2.Wrap(err, "failed to base64 decode signature")
	}
	buf := bytes.NewBuffer(allParts)
	maxLen := uint32(len(allParts))

	var version uint32
	if err := readInt(buf, &version); err != nil {
		return errors2.Wrap(err, "failed to read version")
	}

	var magicLen uint32
	if err := readInt(buf, &magicLen); err != nil {
		return errors2.Wrap(err, "failed to read magic length")
	}
	if magicLen > maxLen {
		return errors.New("magic exceeds max length")
	}
	magic := make([]byte, magicLen)
	_, err = buf.Read(magic)
	if err != nil {
		return errors2.Wrap(err, "failed to read magic")
	}

	var hashLen uint32
	if err := readInt(buf, &hashLen); err != nil {
		return errors2.Wrap(err, "failed to read hash length")
	}
	if hashLen > maxLen {
		return errors.New("hash exceeds max len")
	}
	pubKeyFingerprint := make([]byte, hashLen)
	_, err = buf.Read(pubKeyFingerprint)
	if err != nil {
		return err
	}
	var signedContentLen uint32
	if err := readInt(buf, &signedContentLen); err != nil {
		return errors2.Wrap(err, "failed to read signed content length")
	}
	if signedContentLen > maxLen {
		return errors.New("signed content exceeds max length")
	}
	signedContentSig := make([]byte, signedContentLen)
	_, err = buf.Read(signedContentSig)
	if err != nil {
		return err
	}
	contentBytes, err := l.SignableContentBytes()
	if err != nil {
		return err
	}
	// TODO optional pubkey fingerprint check
	hashed := sha512.Sum512(contentBytes)
	return rsa.VerifyPKCS1v15(v.PublicKey, crypto.SHA512, hashed[:], signedContentSig)
}