Verifying a signature?

["Emanuele "∞" Vulcano"]

Wow, we can sign code in Leopard!
Except:
  - anyone knows how to verify a code signing programmatically?  
Forking codesign seems the only way to do that, and I have to parse  
the output to distinguish between an unsigned plug-in (acceptable) and  
a signed plug-in with a broken signature (which I don't want to load).  
codesign returns 1 in both cases.
  - the docs hint to a fabled requirement description language of  
which there are only hints, but no real documentation, in the Code  
Signing Guide. Anyone know where to look for this?

  - ∞