// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
logrus.Debugf("sign called with %d keys", len(keys))
signatures := make([]data.Signature, 0, len(s.Signatures)+1)
keyIDMemb := make(map[string]struct{})
keyIDs := make([]string, 0, len(keys))
for _, key := range keys {
keyIDMemb[key.ID()] = struct{}{}
keyIDs = append(keyIDs, key.ID())
}
logrus.Debugf("Generated list of signing IDs: %s", strings.Join(keyIDs, ", "))
for _, sig := range s.Signatures {
if _, ok := keyIDMemb[sig.KeyID]; ok {
continue
}
signatures = append(signatures, sig)
}
newSigs, err := service.Sign(keyIDs, s.Signed)
if err != nil {
return err
}
if len(newSigs) < 1 {
return errors.ErrInsufficientSignatures{
Name: fmt.Sprint("Cryptoservice failed to produce any signatures for keys with IDs: %s", strings.Join(keyIDs, ", ")),
Err: nil,
}
}
logrus.Debugf("appending %d new signatures", len(newSigs))
s.Signatures = append(signatures, newSigs...)
return nil
}
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...*data.PublicKey) error {
logrus.Debugf("sign called with %d keys", len(keys))
signatures := make([]data.Signature, 0, len(s.Signatures)+1)
keyIDMemb := make(map[string]struct{})
keyIDs := make([]string, 0, len(keys))
for _, key := range keys {
keyIDMemb[key.ID()] = struct{}{}
keyIDs = append(keyIDs, key.ID())
}
logrus.Debugf("Generated list of signing IDs: %v", keyIDs)
for _, sig := range s.Signatures {
if _, ok := keyIDMemb[sig.KeyID]; ok {
continue
}
signatures = append(signatures, sig)
}
newSigs, err := service.Sign(keyIDs, s.Signed)
if err != nil {
return err
}
logrus.Debugf("appending %d new signatures", len(newSigs))
s.Signatures = append(signatures, newSigs...)
return nil
}
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func (signer *Signer) Sign(s *data.Signed, keys ...*data.PublicKey) error {
logrus.Debug("signed/sign.go:Sign")
signatures := make([]data.Signature, 0, len(s.Signatures)+1)
keyIDMemb := make(map[string]struct{})
keyIDs := make([]string, 0, len(keys))
logrus.Debug("Generate list of signing IDs")
for _, key := range keys {
keyIDMemb[key.ID()] = struct{}{}
keyIDs = append(keyIDs, key.ID())
}
logrus.Debug("Filter out sigs we will be resigning")
for _, sig := range s.Signatures {
if _, ok := keyIDMemb[sig.KeyID]; ok {
continue
}
signatures = append(signatures, sig)
}
logrus.Debug("Performing Signing")
newSigs, err := signer.service.Sign(keyIDs, s.Signed)
if err != nil {
return err
}
logrus.Debug("Updating signatures slice")
s.Signatures = append(signatures, newSigs...)
return nil
}
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
logrus.Debugf("sign called with %d keys", len(keys))
signatures := make([]data.Signature, 0, len(s.Signatures)+1)
keyIDMemb := make(map[string]struct{})
keyIDs := make(
[]idPair,
0,
len(keys),
)
for _, key := range keys {
keyID, err := utils.CanonicalKeyID(key)
if err != nil {
continue
}
keyIDMemb[key.ID()] = struct{}{}
keyIDs = append(keyIDs, idPair{
scopedKeyID: key.ID(),
canonicalKeyID: keyID,
})
}
// we need to ask the signer to sign with the canonical key ID
// (ID of the TUF key's public key bytes only), but
// we need to translate back to the scoped key ID (the hash of the TUF key
// with the full PEM bytes) before giving the
// signature back to TUF.
for _, pair := range keyIDs {
newSigs, err := service.Sign([]string{pair.canonicalKeyID}, s.Signed)
if err != nil {
return err
}
// we only asked to sign with 1 key ID, so there will either be 1
// or zero signatures
if len(newSigs) == 1 {
newSig := newSigs[0]
newSig.KeyID = pair.scopedKeyID
signatures = append(signatures, newSig)
}
}
if len(signatures) < 1 {
return errors.ErrInsufficientSignatures{
Name: fmt.Sprintf("Cryptoservice failed to produce any signatures for keys with IDs: %v", keyIDs),
Err: nil,
}
}
for _, sig := range s.Signatures {
if _, ok := keyIDMemb[sig.KeyID]; ok {
continue
}
signatures = append(signatures, sig)
}
s.Signatures = signatures
return nil
}