/**
* Verify the Ed25519 signature of the update file against the
* supplier's public key.
*
* Dear future security auditors: This is important.
*
* @param UpdateInfo $info
* @param UpdateFile $file
* @return bool
*/
public function verifyUpdateSignature(UpdateInfo $info, UpdateFile $file) : bool
{
$debugArgs = ['path' => $file->getPath(), 'supplier' => $info->getSupplierName(), 'name' => $info->getPackageName()];
$this->log('Checking update signature...', LogLevel::DEBUG, $debugArgs);
$ret = false;
foreach ($this->supplier->getSigningKeys() as $key) {
if ($key['type'] !== 'signing') {
continue;
}
$ret = $ret || File::verify($file->getPath(), $key['key'], $info->getSignature(true));
}
$this->log('Signature result: ' . ($ret ? 'true' : 'false'), LogLevel::DEBUG, $debugArgs);
return $ret;
}
