func (r *Repo) Sign(name string) error {
role := strings.TrimSuffix(name, ".json")
if !keys.ValidRole(role) {
return ErrInvalidRole{role}
}
s, err := r.signedMeta(name)
if err != nil {
return err
}
keys, err := r.getKeys(role)
if err != nil {
return err
}
if len(keys) == 0 {
return ErrInsufficientKeys{name}
}
for _, k := range keys {
signed.Sign(s, k)
}
b, err := json.Marshal(s)
if err != nil {
return err
}
r.meta[name] = b
return r.local.SetMeta(name, b)
}
func (r *Repo) GenKeyWithExpires(keyRole string, expires time.Time) (string, error) {
if !keys.ValidRole(keyRole) {
return "", ErrInvalidRole{keyRole}
}
if !validExpires(expires) {
return "", ErrInvalidExpires{expires}
}
root, err := r.root()
if err != nil {
return "", err
}
key, err := keys.NewKey()
if err != nil {
return "", err
}
if err := r.local.SaveKey(keyRole, key.SerializePrivate()); err != nil {
return "", err
}
role, ok := root.Roles[keyRole]
if !ok {
role = &data.Role{KeyIDs: []string{}, Threshold: 1}
root.Roles[keyRole] = role
}
role.KeyIDs = append(role.KeyIDs, key.ID)
root.Keys[key.ID] = key.Serialize()
root.Expires = expires.Round(time.Second)
root.Version++
return key.ID, r.setMeta("root.json", root)
}
func (r *Repo) RevokeKeyWithExpires(keyRole, id string, expires time.Time) error {
if !keys.ValidRole(keyRole) {
return ErrInvalidRole{keyRole}
}
if !validExpires(expires) {
return ErrInvalidExpires{expires}
}
root, err := r.root()
if err != nil {
return err
}
if _, ok := root.Keys[id]; !ok {
return ErrKeyNotFound{keyRole, id}
}
role, ok := root.Roles[keyRole]
if !ok {
return ErrKeyNotFound{keyRole, id}
}
keyIDs := make([]string, 0, len(role.KeyIDs))
for _, keyID := range role.KeyIDs {
if keyID == id {
continue
}
keyIDs = append(keyIDs, keyID)
}
if len(keyIDs) == len(role.KeyIDs) {
return ErrKeyNotFound{keyRole, id}
}
role.KeyIDs = keyIDs
delete(root.Keys, id)
root.Roles[keyRole] = role
root.Expires = expires.Round(time.Second)
root.Version++
return r.setMeta("root.json", root)
}