From 3dc762312e9fd4f0cc223c3ae4160239ef0cb5af Mon Sep 17 00:00:00 2001
From: Shiwei Zhang <shizh@microsoft.com>
Date: Tue, 1 Sep 2020 20:21:08 +0800
Subject: [PATCH] Fix bug for registry names with ports

Signed-off-by: Shiwei Zhang <shizh@microsoft.com>
---
 cmd/nv2/main.go                | 2 +-
 pkg/signature/scheme.go        | 2 +-
 pkg/signature/x509/verifier.go | 4 +++-
 pkg/tuf/local/verifier.go      | 4 +++-
 4 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/cmd/nv2/main.go b/cmd/nv2/main.go
index 09a317d74..ecff19177 100644
--- a/cmd/nv2/main.go
+++ b/cmd/nv2/main.go
@@ -13,7 +13,7 @@ func main() {
 	app := &cli.App{
 		Name:    "nv2",
 		Usage:   "Notary V2 - Prototype",
-		Version: "0.3.1",
+		Version: "0.3.2",
 		Authors: []*cli.Author{
 			{
 				Name:  "Shiwei Zhang",
diff --git a/pkg/signature/scheme.go b/pkg/signature/scheme.go
index d4140bf50..055150f0c 100644
--- a/pkg/signature/scheme.go
+++ b/pkg/signature/scheme.go
@@ -50,7 +50,7 @@ func (s *Scheme) SignRaw(signerID string, content []byte) (string, error) {
 
 	signed, sig, err := signer.Sign(EncodeSegment(content))
 	if err != nil {
-		return "", nil
+		return "", err
 	}
 
 	return strings.Join([]string{
diff --git a/pkg/signature/x509/verifier.go b/pkg/signature/x509/verifier.go
index 574a2059f..1d49d1966 100644
--- a/pkg/signature/x509/verifier.go
+++ b/pkg/signature/x509/verifier.go
@@ -144,8 +144,10 @@ func verifyReferences(seg string, cert *x509.Certificate) error {
 	roots := x509.NewCertPool()
 	roots.AddCert(cert)
 	for _, reference := range claims.Manifest.References {
+		domain := strings.SplitN(reference, "/", 2)[0]
+		domain = strings.SplitN(domain, ":", 2)[0]
 		if _, err := cert.Verify(x509.VerifyOptions{
-			DNSName: strings.SplitN(reference, "/", 2)[0],
+			DNSName: domain,
 			Roots:   roots,
 		}); err != nil {
 			return err
diff --git a/pkg/tuf/local/verifier.go b/pkg/tuf/local/verifier.go
index e6f2f64c2..a2cac441c 100644
--- a/pkg/tuf/local/verifier.go
+++ b/pkg/tuf/local/verifier.go
@@ -144,8 +144,10 @@ func verifyReferences(raw []byte, cert *x509.Certificate) error {
 	roots := x509.NewCertPool()
 	roots.AddCert(cert)
 	for reference := range targets.Targets {
+		domain := strings.SplitN(reference, "/", 2)[0]
+		domain = strings.SplitN(domain, ":", 2)[0]
 		if _, err := cert.Verify(x509.VerifyOptions{
-			DNSName: strings.SplitN(reference, "/", 2)[0],
+			DNSName: domain,
 			Roots:   roots,
 		}); err != nil {
 			return err