From ad29d5841335e110ec47378468dada919df540e9 Mon Sep 17 00:00:00 2001
From: Bruce Leidl <bruce@subgraph.com>
Date: Thu, 17 Jan 2019 09:02:57 -0500
Subject: [PATCH] Split signature verification into two steps: get pubkey,
 verify

---
 libcitadel/src/header.rs | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

diff --git a/libcitadel/src/header.rs b/libcitadel/src/header.rs
index 748b2f7..9354d8b 100644
--- a/libcitadel/src/header.rs
+++ b/libcitadel/src/header.rs
@@ -8,7 +8,7 @@ use failure::ResultExt;
 use toml;
 
 use blockdev::AlignedBuffer;
-use {BlockDev,Result,public_key_for_channel};
+use {BlockDev,Result,public_key_for_channel,PublicKey};
 
 /// Expected magic value in header
 const MAGIC: &[u8] = b"SGOS";
@@ -226,16 +226,13 @@ impl ImageHeader {
         Ok(())
     }
 
-    pub fn verify_signature(&self) -> Result<()> {
+    pub fn public_key(&self) -> Result<Option<PublicKey>> {
         let metainfo = self.metainfo()?;
+        public_key_for_channel(metainfo.channel())
+    }
 
-        if let Some(pubkey) = public_key_for_channel(metainfo.channel())? {
-            if !pubkey.verify(&self.metainfo_bytes(), &self.signature()) {
-                bail!("Header signature verification failed");
-            }
-            return Ok(())
-        }
-        Err(format_err!("Cannot verify signature because no public key found for channel '{}'", metainfo.channel()))
+    pub fn verify_signature(&self, pubkey: PublicKey) -> bool {
+        pubkey.verify(&self.metainfo_bytes(), &self.signature())
     }
 
     pub fn write_header<W: Write>(&self, mut writer: W) -> Result<()> {