func (tr TufRepo) sign(signed *data.Signed, role data.Role, signer *signed.Signer) (*data.Signed, error) {
ks := make([]*data.PublicKey, 0, len(role.KeyIDs))
for _, kid := range role.KeyIDs {
k := tr.keysDB.GetKey(kid)
if k == nil {
continue
}
ks = append(ks, k)
}
if len(ks) < 1 {
return nil, keys.ErrInvalidKey
}
if signer != nil {
err := signer.Sign(signed, ks...)
if err != nil {
return nil, err
}
} else {
err := tr.signer.Sign(signed, ks...)
if err != nil {
return nil, err
}
}
return signed, nil
}
// createTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func createTimestamp(gun string, prev *data.SignedTimestamp, store storage.MetaStore, signer *signed.Signer) (*data.Signed, int, error) {
cipher, public, err := store.GetTimestampKey(gun)
if err != nil {
// owner of gun must have generated a timestamp key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(cipher, public)
snapshot, err := store.GetCurrent(gun, "snapshot")
if err != nil {
return nil, 0, err
}
sn := &data.Signed{}
err = json.Unmarshal(snapshot, sn)
if err != nil {
// couldn't parse snapshot
return nil, 0, err
}
ts, err := data.NewTimestamp(sn)
if err != nil {
return nil, 0, err
}
if prev != nil {
ts.Signed.Version = prev.Signed.Version + 1
}
sgndTs, err := cjson.Marshal(ts.Signed)
if err != nil {
return nil, 0, err
}
out := &data.Signed{
Signatures: ts.Signatures,
Signed: sgndTs,
}
err = signer.Sign(out, key)
if err != nil {
return nil, 0, err
}
return out, ts.Signed.Version, nil
}
func initRepo(t *testing.T, signer *signed.Signer, keyDB *keys.KeyDB) *TufRepo {
rootKey, err := signer.Create("root")
if err != nil {
t.Fatal(err)
}
targetsKey, err := signer.Create("targets")
if err != nil {
t.Fatal(err)
}
snapshotKey, err := signer.Create("snapshot")
if err != nil {
t.Fatal(err)
}
timestampKey, err := signer.Create("timestamp")
if err != nil {
t.Fatal(err)
}
keyDB.AddKey(rootKey)
keyDB.AddKey(targetsKey)
keyDB.AddKey(snapshotKey)
keyDB.AddKey(timestampKey)
rootRole := &data.Role{
Name: "root",
RootRole: data.RootRole{
KeyIDs: []string{rootKey.ID()},
Threshold: 1,
},
}
targetsRole := &data.Role{
Name: "targets",
RootRole: data.RootRole{
KeyIDs: []string{targetsKey.ID()},
Threshold: 1,
},
}
snapshotRole := &data.Role{
Name: "snapshot",
RootRole: data.RootRole{
KeyIDs: []string{snapshotKey.ID()},
Threshold: 1,
},
}
timestampRole := &data.Role{
Name: "timestamp",
RootRole: data.RootRole{
KeyIDs: []string{timestampKey.ID()},
Threshold: 1,
},
}
keyDB.AddRole(rootRole)
keyDB.AddRole(targetsRole)
keyDB.AddRole(snapshotRole)
keyDB.AddRole(timestampRole)
repo := NewTufRepo(keyDB, signer)
err = repo.InitRepo(false)
if err != nil {
t.Fatal(err)
}
return repo
}