/** * Check that the signature is valid for this supplier's * public keys. * * @param bool $fastExit * @return bool */ public function signatureIsValid(bool $fastExit = false) : bool { $result = false; foreach ($this->supplier->getSigningKeys() as $key) { $result = $result || File::verify($this->path, $key['key'], $this->releaseInfo['signature']); if ($result && $fastExit) { return true; } } return $result; }
/** * Verify the Ed25519 signature of the update file against the * supplier's public key. * * Dear future security auditors: This is important. * * @param UpdateInfo $info * @param UpdateFile $file * @return bool */ public function verifyUpdateSignature(UpdateInfo $info, UpdateFile $file) : bool { $debugArgs = ['path' => $file->getPath(), 'supplier' => $info->getSupplierName(), 'name' => $info->getPackageName()]; $this->log('Checking update signature...', LogLevel::DEBUG, $debugArgs); $ret = false; foreach ($this->supplier->getSigningKeys() as $key) { if ($key['type'] !== 'signing') { continue; } $ret = $ret || File::verify($file->getPath(), $key['key'], $info->getSignature(true)); } $this->log('Signature result: ' . ($ret ? 'true' : 'false'), LogLevel::DEBUG, $debugArgs); return $ret; }