func (tr TufRepo) sign(signed *data.Signed, role data.Role, signer *signed.Signer) (*data.Signed, error) { ks := make([]*data.PublicKey, 0, len(role.KeyIDs)) for _, kid := range role.KeyIDs { k := tr.keysDB.GetKey(kid) if k == nil { continue } ks = append(ks, k) } if len(ks) < 1 { return nil, keys.ErrInvalidKey } if signer != nil { err := signer.Sign(signed, ks...) if err != nil { return nil, err } } else { err := tr.signer.Sign(signed, ks...) if err != nil { return nil, err } } return signed, nil }
// createTimestamp creates a new timestamp. If a prev timestamp is provided, it // is assumed this is the immediately previous one, and the new one will have a // version number one higher than prev. The store is used to lookup the current // snapshot, this function does not save the newly generated timestamp. func createTimestamp(gun string, prev *data.SignedTimestamp, store storage.MetaStore, signer *signed.Signer) (*data.Signed, int, error) { cipher, public, err := store.GetTimestampKey(gun) if err != nil { // owner of gun must have generated a timestamp key otherwise // we won't proceed with generating everything. return nil, 0, err } key := data.NewPublicKey(cipher, public) snapshot, err := store.GetCurrent(gun, "snapshot") if err != nil { return nil, 0, err } sn := &data.Signed{} err = json.Unmarshal(snapshot, sn) if err != nil { // couldn't parse snapshot return nil, 0, err } ts, err := data.NewTimestamp(sn) if err != nil { return nil, 0, err } if prev != nil { ts.Signed.Version = prev.Signed.Version + 1 } sgndTs, err := cjson.Marshal(ts.Signed) if err != nil { return nil, 0, err } out := &data.Signed{ Signatures: ts.Signatures, Signed: sgndTs, } err = signer.Sign(out, key) if err != nil { return nil, 0, err } return out, ts.Signed.Version, nil }