func generateStatement(grants []*Grant, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error) { var statement Statement statement.Grants = make([]*jsonGrant, len(grants)) for i, grant := range grants { statement.Grants[i] = &jsonGrant{ Subject: grant.Subject, Permission: grant.Permission, Grantee: grant.Grantee, } } statement.IssuedAt = time.Now() statement.Expiration = time.Now().Add(testStatementExpiration) statement.Revocations = make([]*jsonRevocation, 0) marshalled, err := json.MarshalIndent(statement.jsonStatement, "", " ") if err != nil { return nil, err } sig, err := libtrust.NewJSONSignature(marshalled) if err != nil { return nil, err } err = sig.SignWithChain(key, chain) if err != nil { return nil, err } statement.signature = sig return &statement, nil }
// Sign signs the manifest with the provided private key, returning a // SignedManifest. This typically won't be used within the registry, except // for testing. func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) { p, err := json.MarshalIndent(m, "", " ") if err != nil { return nil, err } js, err := libtrust.NewJSONSignature(p) if err != nil { return nil, err } if err := js.Sign(pk); err != nil { return nil, err } pretty, err := js.PrettySignature("signatures") if err != nil { return nil, err } return &SignedManifest{ Manifest: *m, Raw: pretty, }, nil }
// SignWithChain signs the manifest with the given private key and x509 chain. // The public key of the first element in the chain must be the public key // corresponding with the sign key. func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) { p, err := json.MarshalIndent(m, "", " ") if err != nil { return nil, err } js, err := libtrust.NewJSONSignature(p) if err != nil { return nil, err } if err := js.SignWithChain(key, chain); err != nil { return nil, err } pretty, err := js.PrettySignature("signatures") if err != nil { return nil, err } return &SignedManifest{ Manifest: *m, Raw: pretty, }, nil }
// CreateStatements creates and signs a statement from a stream of grants // and revocations in a JSON array. func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error) { var statement Statement err := json.NewDecoder(grants).Decode(&statement.jsonStatement.Grants) if err != nil { return nil, err } err = json.NewDecoder(revocations).Decode(&statement.jsonStatement.Revocations) if err != nil { return nil, err } statement.jsonStatement.Expiration = time.Now().UTC().Add(expiration) statement.jsonStatement.IssuedAt = time.Now().UTC() b, err := json.MarshalIndent(&statement.jsonStatement, "", " ") if err != nil { return nil, err } statement.signature, err = libtrust.NewJSONSignature(b) if err != nil { return nil, err } err = statement.signature.SignWithChain(key, chain) if err != nil { return nil, err } return &statement, nil }