func (h *Handler) Sign(bb *schema.Builder) (string, error) { bb.SetSigner(h.pubKeyBlobRef) unsigned, err := bb.JSON() if err != nil { return "", err } sreq := &jsonsign.SignRequest{ UnsignedJSON: unsigned, Fetcher: h.pubKeyFetcher, ServerMode: true, SecretKeyringPath: h.secretRing, } claimTime, err := bb.Blob().ClaimDate() if err != nil { if !schema.IsMissingField(err) { return "", err } } else { sreq.SignatureTime = claimTime } if err := h.uploadPublicKey(); err != nil { log.Printf("signing handler failed to upload public key: %v", err) } return sreq.Sign() }