func (s *signedSuite) SetUpSuite(c *gc.C) { var imageData = map[string]string{ "/unsigned/streams/v1/index.json": unsignedIndex, "/unsigned/streams/v1/image_metadata.json": unsignedProduct, } // Set up some signed data from the unsigned data. // Overwrite the product path to use the sjson suffix. rawUnsignedIndex := strings.Replace( unsignedIndex, "streams/v1/image_metadata.json", "streams/v1/image_metadata.sjson", -1) r := bytes.NewReader([]byte(rawUnsignedIndex)) signedData, err := simplestreams.Encode( r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase) c.Assert(err, jc.ErrorIsNil) imageData["/signed/streams/v1/index.sjson"] = string(signedData) // Replace the image id in the unsigned data with a different one so we can test that the right // image id is used. rawUnsignedProduct := strings.Replace( unsignedProduct, "ami-26745463", "ami-123456", -1) r = bytes.NewReader([]byte(rawUnsignedProduct)) signedData, err = simplestreams.Encode( r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase) c.Assert(err, jc.ErrorIsNil) imageData["/signed/streams/v1/image_metadata.sjson"] = string(signedData) sstesting.SetRoundTripperFiles(imageData, map[string]int{"test://unauth": http.StatusUnauthorized}) s.origKey = imagemetadata.SetSigningPublicKey(sstesting.SignedMetadataPublicKey) }
func (s *signedSuite) SetUpSuite(c *gc.C) { s.BaseSuite.SetUpSuite(c) var imageData = map[string]string{ "/unsigned/streams/v1/index.json": unsignedIndex, "/unsigned/streams/v1/tools_metadata.json": unsignedProduct, } // Set up some signed data from the unsigned data. // Overwrite the product path to use the sjson suffix. rawUnsignedIndex := strings.Replace( unsignedIndex, "streams/v1/tools_metadata.json", "streams/v1/tools_metadata.sjson", -1) r := bytes.NewReader([]byte(rawUnsignedIndex)) signedData, err := simplestreams.Encode( r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase) c.Assert(err, jc.ErrorIsNil) imageData["/signed/streams/v1/index.sjson"] = string(signedData) // Replace the tools path in the unsigned data with a different one so we can test that the right // tools path is used. rawUnsignedProduct := strings.Replace( unsignedProduct, "juju-1.13.0", "juju-1.13.1", -1) r = bytes.NewReader([]byte(rawUnsignedProduct)) signedData, err = simplestreams.Encode( r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase) c.Assert(err, jc.ErrorIsNil) imageData["/signed/streams/v1/tools_metadata.sjson"] = string(signedData) sstesting.SetRoundTripperFiles(imageData, map[string]int{"signedtest://unauth": http.StatusUnauthorized}) s.PatchValue(&juju.JujuPublicKey, sstesting.SignedMetadataPublicKey) }
func SignMetadata(fileName string, fileData []byte) (string, []byte, error) { signString := func(unsigned string) string { return strings.Replace(unsigned, UnsignedJsonSuffix, SignedJsonSuffix, -1) } // Make sure that contents point to signed files too. signedFileData := signString(string(fileData)) signedBytes, err := simplestreams.Encode(strings.NewReader(signedFileData), SignedMetadataPrivateKey, PrivateKeyPassphrase) if err != nil { return "", nil, err } return signString(fileName), signedBytes, nil }
func process(dir, key, passphrase string) error { logger.Debugf("processing directory %q", dir) // Do any json files in dir filenames, err := filepath.Glob(filepath.Join(dir, "*"+simplestreams.UnsignedSuffix)) if len(filenames) > 0 { logger.Infof("signing %d file(s) in %q", len(filenames), dir) } for _, filename := range filenames { logger.Infof("signing file %q", filename) f, err := os.Open(filename) if err != nil { return fmt.Errorf("opening file %q: %v", filename, err) } encoded, err := simplestreams.Encode(f, key, passphrase) if err != nil { return fmt.Errorf("encoding file %q: %v", filename, err) } signedFilename := strings.Replace(filename, simplestreams.UnsignedSuffix, simplestreams.SignedSuffix, -1) if err = ioutil.WriteFile(signedFilename, encoded, 0644); err != nil { return fmt.Errorf("writing signed file %q: %v", signedFilename, err) } } // Now process any directories in dir. files, err := ioutil.ReadDir(dir) if err != nil { return err } for _, f := range files { if f.IsDir() { if err = process(filepath.Join(dir, f.Name()), key, passphrase); err != nil { return err } } } return nil }