From d2f6a03454c34789f537ec979ec971ca7f31e14b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Mart=C3=AD?= <mvdan@mvdan.cc>
Date: Sat, 13 Jun 2015 20:46:25 +0200
Subject: [PATCH] Start signature verification support for jar indexes

---
 cmd/fdroidcl/main.go |  2 +-
 jar.go               | 53 +++++++++++++++++++++++++++++++++++---------
 2 files changed, 44 insertions(+), 11 deletions(-)

diff --git a/cmd/fdroidcl/main.go b/cmd/fdroidcl/main.go
index cbccfff..a4d0611 100644
--- a/cmd/fdroidcl/main.go
+++ b/cmd/fdroidcl/main.go
@@ -176,7 +176,7 @@ func indexPath(repoName string) string {
 	if err != nil {
 		log.Fatalf("Could not determine cache dir: %v", err)
 	}
-	return filepath.Join(appSubdir(cache), repoName + ".jar")
+	return filepath.Join(appSubdir(cache), repoName+".jar")
 }
 
 func updateIndex(repoName, repoURL string) error {
diff --git a/jar.go b/jar.go
index f5367ca..b22cde9 100644
--- a/jar.go
+++ b/jar.go
@@ -5,25 +5,58 @@ package fdroidcl
 
 import (
 	"archive/zip"
+	"errors"
 	"io"
+	"regexp"
 )
 
+const indexPath = "index.xml"
+
+var (
+	sigRegex = regexp.MustCompile(`^META-INF/.*\.(DSA|EC|RSA)$`)
+
+	ErrNoIndex     = errors.New("no xml index found inside jar")
+	ErrNoSigs      = errors.New("no jar signatures found")
+	ErrTooManySigs = errors.New("multiple jar signatures found")
+)
+
+func verifySignature(sig io.Reader) error {
+	return nil
+}
+
 func LoadIndexJar(r io.ReaderAt, size int64) (*Index, error) {
 	reader, err := zip.NewReader(r, size)
 	if err != nil {
 		return nil, err
 	}
-	var rc io.ReadCloser
+	var index io.ReadCloser
+	var sig io.ReadCloser
 	for _, f := range reader.File {
-		if f.Name != "index.xml" {
-			continue
+		if f.Name == indexPath {
+			index, err = f.Open()
+			if err != nil {
+				return nil, err
+			}
+		} else if sigRegex.MatchString(f.Name) {
+			if sig != nil {
+				return nil, ErrTooManySigs
+			}
+			sig, err = f.Open()
+			if err != nil {
+				return nil, err
+			}
 		}
-		rc, err = f.Open()
-		if err != nil {
-			return nil, err
-		}
-		break
 	}
-	defer rc.Close()
-	return LoadIndexXml(rc)
+	if index == nil {
+		return nil, ErrNoIndex
+	}
+	defer index.Close()
+	if sig == nil {
+		return nil, ErrNoSigs
+	}
+	defer sig.Close()
+	if err := verifySignature(sig); err != nil {
+		return nil, err
+	}
+	return LoadIndexXml(index)
 }