// EXP_ProduceSigma produces a sigma as []byte and returns in response
func (d *Devops) EXP_ProduceSigma(ctx context.Context, sigmaInput *pb.SigmaInput) (*pb.Response, error) {
var sec crypto.Client
var err error
var sigma []byte
secret := sigmaInput.Secret
type RBACMetatdata struct {
Cert []byte
Sigma []byte
}
if d.isSecurityEnabled {
if devopsLogger.IsEnabledFor(logging.DEBUG) {
devopsLogger.Debug("Initializing secure devops using context %s", secret.EnrollId)
}
sec, err = crypto.InitClient(secret.EnrollId, nil)
defer crypto.CloseClient(sec)
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
devopsLogger.Debug("Getting TCertHandler for id: %s, from DER = %s", secret.EnrollId, sigmaInput.AppTCert)
tcertHandler, err := sec.GetTCertificateHandlerFromDER(sigmaInput.AppTCert)
//tcertHandler, err := sec.GetTCertificateHandlerNext()
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error getting TCertHandler from DER: %s", err).Error())}, nil
}
tcert := sigmaInput.AppTCert //tcertHandler.GetCertificate()
sigma, err = tcertHandler.Sign(append(tcert, sigmaInput.Data...))
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(fmt.Errorf("Error signing with TCertHandler from DER: %s", err).Error())}, nil
}
// Produce the SigmaOutput
asn1Encoding, err := asn1.Marshal(RBACMetatdata{Cert: tcert, Sigma: sigma})
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
sigmaOutput := &pb.SigmaOutput{Tcert: tcert, Sigma: sigma, Asn1Encoding: asn1Encoding}
sigmaOutputBytes, err := proto.Marshal(sigmaOutput)
if nil != err {
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte(err.Error())}, nil
}
return &pb.Response{Status: pb.Response_SUCCESS, Msg: sigmaOutputBytes}, nil
}
devopsLogger.Warning("Security NOT enabled")
return &pb.Response{Status: pb.Response_FAILURE, Msg: []byte("Security NOT enabled")}, nil
}
