示例#1
0
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
	logrus.Debugf("sign called with %d keys", len(keys))
	signatures := make([]data.Signature, 0, len(s.Signatures)+1)
	keyIDMemb := make(map[string]struct{})
	keyIDs := make([]string, 0, len(keys))

	for _, key := range keys {
		keyIDMemb[key.ID()] = struct{}{}
		keyIDs = append(keyIDs, key.ID())
	}
	logrus.Debugf("Generated list of signing IDs: %s", strings.Join(keyIDs, ", "))
	for _, sig := range s.Signatures {
		if _, ok := keyIDMemb[sig.KeyID]; ok {
			continue
		}
		signatures = append(signatures, sig)
	}
	newSigs, err := service.Sign(keyIDs, s.Signed)
	if err != nil {
		return err
	}
	if len(newSigs) < 1 {
		return errors.ErrInsufficientSignatures{
			Name: fmt.Sprint("Cryptoservice failed to produce any signatures for keys with IDs: %s", strings.Join(keyIDs, ", ")),
			Err:  nil,
		}
	}
	logrus.Debugf("appending %d new signatures", len(newSigs))
	s.Signatures = append(signatures, newSigs...)
	return nil
}
示例#2
0
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...*data.PublicKey) error {
	logrus.Debugf("sign called with %d keys", len(keys))
	signatures := make([]data.Signature, 0, len(s.Signatures)+1)
	keyIDMemb := make(map[string]struct{})
	keyIDs := make([]string, 0, len(keys))

	for _, key := range keys {
		keyIDMemb[key.ID()] = struct{}{}
		keyIDs = append(keyIDs, key.ID())
	}
	logrus.Debugf("Generated list of signing IDs: %v", keyIDs)
	for _, sig := range s.Signatures {
		if _, ok := keyIDMemb[sig.KeyID]; ok {
			continue
		}
		signatures = append(signatures, sig)
	}
	newSigs, err := service.Sign(keyIDs, s.Signed)
	if err != nil {
		return err
	}
	logrus.Debugf("appending %d new signatures", len(newSigs))
	s.Signatures = append(signatures, newSigs...)
	return nil
}
示例#3
0
文件: sign.go 项目: progrium/notary
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func (signer *Signer) Sign(s *data.Signed, keys ...*data.PublicKey) error {
	logrus.Debug("signed/sign.go:Sign")
	signatures := make([]data.Signature, 0, len(s.Signatures)+1)
	keyIDMemb := make(map[string]struct{})
	keyIDs := make([]string, 0, len(keys))
	logrus.Debug("Generate list of signing IDs")
	for _, key := range keys {
		keyIDMemb[key.ID()] = struct{}{}
		keyIDs = append(keyIDs, key.ID())
	}
	logrus.Debug("Filter out sigs we will be resigning")
	for _, sig := range s.Signatures {
		if _, ok := keyIDMemb[sig.KeyID]; ok {
			continue
		}
		signatures = append(signatures, sig)
	}
	logrus.Debug("Performing Signing")
	newSigs, err := signer.service.Sign(keyIDs, s.Signed)
	if err != nil {
		return err
	}

	logrus.Debug("Updating signatures slice")
	s.Signatures = append(signatures, newSigs...)
	return nil
}
示例#4
0
文件: sign.go 项目: diogomonica/gotuf
// Sign takes a data.Signed and a key, calculated and adds the signature
// to the data.Signed
func Sign(service CryptoService, s *data.Signed, keys ...data.PublicKey) error {
	logrus.Debugf("sign called with %d keys", len(keys))
	signatures := make([]data.Signature, 0, len(s.Signatures)+1)
	keyIDMemb := make(map[string]struct{})
	keyIDs := make(
		[]idPair,
		0,
		len(keys),
	)

	for _, key := range keys {
		keyID, err := utils.CanonicalKeyID(key)
		if err != nil {
			continue
		}
		keyIDMemb[key.ID()] = struct{}{}
		keyIDs = append(keyIDs, idPair{
			scopedKeyID:    key.ID(),
			canonicalKeyID: keyID,
		})
	}

	// we need to ask the signer to sign with the canonical key ID
	// (ID of the TUF key's public key bytes only), but
	// we need to translate back to the scoped key ID (the hash of the TUF key
	// with the full PEM bytes) before giving the
	// signature back to TUF.
	for _, pair := range keyIDs {
		newSigs, err := service.Sign([]string{pair.canonicalKeyID}, s.Signed)
		if err != nil {
			return err
		}
		// we only asked to sign with 1 key ID, so there will either be 1
		// or zero signatures
		if len(newSigs) == 1 {
			newSig := newSigs[0]
			newSig.KeyID = pair.scopedKeyID
			signatures = append(signatures, newSig)
		}
	}
	if len(signatures) < 1 {
		return errors.ErrInsufficientSignatures{
			Name: fmt.Sprintf("Cryptoservice failed to produce any signatures for keys with IDs: %v", keyIDs),
			Err:  nil,
		}
	}
	for _, sig := range s.Signatures {
		if _, ok := keyIDMemb[sig.KeyID]; ok {
			continue
		}
		signatures = append(signatures, sig)
	}
	s.Signatures = signatures
	return nil
}