Пример #1
0
func (s *signedSuite) SetUpSuite(c *gc.C) {
	var imageData = map[string]string{
		"/unsigned/streams/v1/index.json":          unsignedIndex,
		"/unsigned/streams/v1/image_metadata.json": unsignedProduct,
	}

	// Set up some signed data from the unsigned data.
	// Overwrite the product path to use the sjson suffix.
	rawUnsignedIndex := strings.Replace(
		unsignedIndex, "streams/v1/image_metadata.json", "streams/v1/image_metadata.sjson", -1)
	r := bytes.NewReader([]byte(rawUnsignedIndex))
	signedData, err := simplestreams.Encode(
		r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
	c.Assert(err, jc.ErrorIsNil)
	imageData["/signed/streams/v1/index.sjson"] = string(signedData)

	// Replace the image id in the unsigned data with a different one so we can test that the right
	// image id is used.
	rawUnsignedProduct := strings.Replace(
		unsignedProduct, "ami-26745463", "ami-123456", -1)
	r = bytes.NewReader([]byte(rawUnsignedProduct))
	signedData, err = simplestreams.Encode(
		r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
	c.Assert(err, jc.ErrorIsNil)
	imageData["/signed/streams/v1/image_metadata.sjson"] = string(signedData)
	sstesting.SetRoundTripperFiles(imageData, map[string]int{"test://unauth": http.StatusUnauthorized})
	s.origKey = imagemetadata.SetSigningPublicKey(sstesting.SignedMetadataPublicKey)
}
Пример #2
0
func (s *signedSuite) SetUpSuite(c *gc.C) {
	s.BaseSuite.SetUpSuite(c)
	var imageData = map[string]string{
		"/unsigned/streams/v1/index.json":          unsignedIndex,
		"/unsigned/streams/v1/tools_metadata.json": unsignedProduct,
	}

	// Set up some signed data from the unsigned data.
	// Overwrite the product path to use the sjson suffix.
	rawUnsignedIndex := strings.Replace(
		unsignedIndex, "streams/v1/tools_metadata.json", "streams/v1/tools_metadata.sjson", -1)
	r := bytes.NewReader([]byte(rawUnsignedIndex))
	signedData, err := simplestreams.Encode(
		r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
	c.Assert(err, jc.ErrorIsNil)
	imageData["/signed/streams/v1/index.sjson"] = string(signedData)

	// Replace the tools path in the unsigned data with a different one so we can test that the right
	// tools path is used.
	rawUnsignedProduct := strings.Replace(
		unsignedProduct, "juju-1.13.0", "juju-1.13.1", -1)
	r = bytes.NewReader([]byte(rawUnsignedProduct))
	signedData, err = simplestreams.Encode(
		r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
	c.Assert(err, jc.ErrorIsNil)
	imageData["/signed/streams/v1/tools_metadata.sjson"] = string(signedData)
	sstesting.SetRoundTripperFiles(imageData, map[string]int{"signedtest://unauth": http.StatusUnauthorized})
	s.PatchValue(&juju.JujuPublicKey, sstesting.SignedMetadataPublicKey)
}
Пример #3
0
func SignMetadata(fileName string, fileData []byte) (string, []byte, error) {
	signString := func(unsigned string) string {
		return strings.Replace(unsigned, UnsignedJsonSuffix, SignedJsonSuffix, -1)
	}

	// Make sure that contents point to signed files too.
	signedFileData := signString(string(fileData))
	signedBytes, err := simplestreams.Encode(strings.NewReader(signedFileData), SignedMetadataPrivateKey, PrivateKeyPassphrase)
	if err != nil {
		return "", nil, err
	}

	return signString(fileName), signedBytes, nil
}
Пример #4
0
func process(dir, key, passphrase string) error {
	logger.Debugf("processing directory %q", dir)
	// Do any json files in dir
	filenames, err := filepath.Glob(filepath.Join(dir, "*"+simplestreams.UnsignedSuffix))
	if len(filenames) > 0 {
		logger.Infof("signing %d file(s) in %q", len(filenames), dir)
	}
	for _, filename := range filenames {
		logger.Infof("signing file %q", filename)
		f, err := os.Open(filename)
		if err != nil {
			return fmt.Errorf("opening file %q: %v", filename, err)
		}
		encoded, err := simplestreams.Encode(f, key, passphrase)
		if err != nil {
			return fmt.Errorf("encoding file %q: %v", filename, err)
		}
		signedFilename := strings.Replace(filename, simplestreams.UnsignedSuffix, simplestreams.SignedSuffix, -1)
		if err = ioutil.WriteFile(signedFilename, encoded, 0644); err != nil {
			return fmt.Errorf("writing signed file %q: %v", signedFilename, err)
		}
	}
	// Now process any directories in dir.
	files, err := ioutil.ReadDir(dir)
	if err != nil {
		return err
	}
	for _, f := range files {
		if f.IsDir() {
			if err = process(filepath.Join(dir, f.Name()), key, passphrase); err != nil {
				return err
			}
		}
	}
	return nil
}