// EXP_ProduceSigma produces a sigma as []byte and returns in response func (d *Devops) EXP_ProduceSigma(ctx context.Context, sigmaInput *pb.SigmaInput) (*pb.Response, error) { var sec crypto.Client var err error var sigma []byte secret := sigmaInput.Secret type RBACMetatdata struct { Cert []byte Sigma []byte } if d.isSecurityEnabled { if devopsLogger.IsEnabledFor(logging.DEBUG) { devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId) } sec, err = crypto.InitClient(secret.EnrollId, nil) defer crypto.CloseClient(sec) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } devopsLogger.Debug("Getting TCertHandler for id: %s, from DER = %s", secret.EnrollId, sigmaInput.AppTCert) tcertHandler, err := sec.GetTCertificateHandlerFromDER(sigmaInput.AppTCert) //tcertHandler, err := sec.GetTCertificateHandlerNext() if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error getting TCertHandler from DER: %s", err).Error())}, nil } tcert := sigmaInput.AppTCert //tcertHandler.GetCertificate() sigma, err = tcertHandler.Sign(append(tcert, sigmaInput.Data...)) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error signing with TCertHandler from DER: %s", err).Error())}, nil } // Produce the SigmaOutput asn1Encoding, err := asn1.Marshal(RBACMetatdata{Cert: tcert, Sigma: sigma}) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } sigmaOutput := &pb.SigmaOutput{Tcert: tcert, Sigma: sigma, Asn1Encoding: asn1Encoding} sigmaOutputBytes, err := proto.Marshal(sigmaOutput) if nil != err { return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil } return &pb.Response{Status: pb.Response_SUCCESS, Msg: sigmaOutputBytes}, nil } devopsLogger.Warning("Security NOT enabled") return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil }