//make token core
func makeTokenCore(issuer, subject, audience string, expiration int,
access []*token.ResourceActions, signingKey libtrust.PrivateKey) (t *token.Token, expiresIn int, issuedAt *time.Time, err error) {
joseHeader := &token.Header{
Type: "JWT",
SigningAlg: "RS256",
KeyID: signingKey.KeyID(),
}
jwtID, err := randString(16)
if err != nil {
return nil, 0, nil, fmt.Errorf("Error to generate jwt id: %s", err)
}
now := time.Now().UTC()
issuedAt = &now
expiresIn = expiration * 60
claimSet := &token.ClaimSet{
Issuer: issuer,
Subject: subject,
Audience: audience,
Expiration: now.Add(time.Duration(expiration) * time.Minute).Unix(),
NotBefore: now.Unix(),
IssuedAt: now.Unix(),
JWTID: jwtID,
Access: access,
}
var joseHeaderBytes, claimSetBytes []byte
if joseHeaderBytes, err = json.Marshal(joseHeader); err != nil {
return nil, 0, nil, fmt.Errorf("unable to marshal jose header: %s", err)
}
if claimSetBytes, err = json.Marshal(claimSet); err != nil {
return nil, 0, nil, fmt.Errorf("unable to marshal claim set: %s", err)
}
encodedJoseHeader := base64UrlEncode(joseHeaderBytes)
encodedClaimSet := base64UrlEncode(claimSetBytes)
payload := fmt.Sprintf("%s.%s", encodedJoseHeader, encodedClaimSet)
var signatureBytes []byte
if signatureBytes, _, err = signingKey.Sign(strings.NewReader(payload), crypto.SHA256); err != nil {
return nil, 0, nil, fmt.Errorf("unable to sign jwt payload: %s", err)
}
signature := base64UrlEncode(signatureBytes)
tokenString := fmt.Sprintf("%s.%s", payload, signature)
t, err = token.NewToken(tokenString)
return
}
func outputManifestFor(target string) {
var pkey trust.PrivateKey
if key != "" {
var err error
pkey, err = trust.LoadKeyFile(key)
if err != nil {
fmt.Printf("error loading key: %s\n", err.Error())
return
}
}
if verbose {
fmt.Errorf("signing with: %s\n", pkey.KeyID())
}
f, err := os.Open(target)
if err != nil {
fmt.Printf("error opening file: %s\n", err.Error())
return
}
defer func() {
if err := f.Close(); err != nil {
panic(err)
}
}()
var (
repo, tag string
)
layers := LayerMap{}
t := tar.NewReader(bufio.NewReader(f))
for {
hdr, err := t.Next()
if err == io.EOF {
break
}
if strings.HasSuffix(hdr.Name, "layer.tar") {
id := getLayerPrefix(hdr.Name)
sum, _ := blobSumLayer(t)
if _, ok := layers[id]; !ok {
layers[id] = &Layer{Id: id}
} else {
layers[id].BlobSum = sum
}
}
if strings.HasSuffix(hdr.Name, "json") {
data, _ := ioutil.ReadAll(t)
parent, id, _ := getLayerInfo(data)
if _, ok := layers[id]; !ok {
layers[id] = &Layer{Id: id, Parent: parent}
} else {
layers[id].Parent = parent
}
var img image.Image
json.Unmarshal(data, &img)
b, _ := json.Marshal(img)
layers[id].Data = string(b) + "\n"
}
if hdr.Name == "repositories" {
r, _ := ioutil.ReadAll(t)
var raw map[string]interface{}
if err := json.Unmarshal(r, &raw); err != nil {
return
}
repo, tag = getRepoInfo(raw)
if !strings.Contains(repo, "/") {
repo = "library/" + repo
}
}
}
m := manifest.Manifest{
Versioned: versioned.Versioned{
SchemaVersion: 1,
},
Name: repo, Tag: tag, Architecture: "amd64"}
ll := getLayersFromMap(layers)
for _, l := range getLayersInOrder(ll) {
m.FSLayers = append(m.FSLayers, manifest.FSLayer{BlobSum: l.BlobSum})
m.History = append(m.History, manifest.History{V1Compatibility: l.Data})
}
var x []byte
if pkey != nil {
var sm *manifest.SignedManifest
sm, err = manifest.Sign(&m, pkey)
x, err = sm.MarshalJSON()
} else {
x, err = json.MarshalIndent(m, "", " ")
}
if print_digest {
dgstr, _ := digest.FromBytes(x)
fmt.Println(string(dgstr))
}
fmt.Println(string(x))
}
