func (s *signedSuite) SetUpSuite(c *gc.C) {
var imageData = map[string]string{
"/unsigned/streams/v1/index.json": unsignedIndex,
"/unsigned/streams/v1/image_metadata.json": unsignedProduct,
}
// Set up some signed data from the unsigned data.
// Overwrite the product path to use the sjson suffix.
rawUnsignedIndex := strings.Replace(
unsignedIndex, "streams/v1/image_metadata.json", "streams/v1/image_metadata.sjson", -1)
r := bytes.NewReader([]byte(rawUnsignedIndex))
signedData, err := simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/index.sjson"] = string(signedData)
// Replace the image id in the unsigned data with a different one so we can test that the right
// image id is used.
rawUnsignedProduct := strings.Replace(
unsignedProduct, "ami-26745463", "ami-123456", -1)
r = bytes.NewReader([]byte(rawUnsignedProduct))
signedData, err = simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/image_metadata.sjson"] = string(signedData)
sstesting.SetRoundTripperFiles(imageData, map[string]int{"test://unauth": http.StatusUnauthorized})
s.origKey = imagemetadata.SetSigningPublicKey(sstesting.SignedMetadataPublicKey)
}
func (s *signedSuite) SetUpSuite(c *gc.C) {
s.BaseSuite.SetUpSuite(c)
var imageData = map[string]string{
"/unsigned/streams/v1/index.json": unsignedIndex,
"/unsigned/streams/v1/tools_metadata.json": unsignedProduct,
}
// Set up some signed data from the unsigned data.
// Overwrite the product path to use the sjson suffix.
rawUnsignedIndex := strings.Replace(
unsignedIndex, "streams/v1/tools_metadata.json", "streams/v1/tools_metadata.sjson", -1)
r := bytes.NewReader([]byte(rawUnsignedIndex))
signedData, err := simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/index.sjson"] = string(signedData)
// Replace the tools path in the unsigned data with a different one so we can test that the right
// tools path is used.
rawUnsignedProduct := strings.Replace(
unsignedProduct, "juju-1.13.0", "juju-1.13.1", -1)
r = bytes.NewReader([]byte(rawUnsignedProduct))
signedData, err = simplestreams.Encode(
r, sstesting.SignedMetadataPrivateKey, sstesting.PrivateKeyPassphrase)
c.Assert(err, jc.ErrorIsNil)
imageData["/signed/streams/v1/tools_metadata.sjson"] = string(signedData)
sstesting.SetRoundTripperFiles(imageData, map[string]int{"signedtest://unauth": http.StatusUnauthorized})
s.PatchValue(&juju.JujuPublicKey, sstesting.SignedMetadataPublicKey)
}
func SignMetadata(fileName string, fileData []byte) (string, []byte, error) {
signString := func(unsigned string) string {
return strings.Replace(unsigned, UnsignedJsonSuffix, SignedJsonSuffix, -1)
}
// Make sure that contents point to signed files too.
signedFileData := signString(string(fileData))
signedBytes, err := simplestreams.Encode(strings.NewReader(signedFileData), SignedMetadataPrivateKey, PrivateKeyPassphrase)
if err != nil {
return "", nil, err
}
return signString(fileName), signedBytes, nil
}
func process(dir, key, passphrase string) error {
logger.Debugf("processing directory %q", dir)
// Do any json files in dir
filenames, err := filepath.Glob(filepath.Join(dir, "*"+simplestreams.UnsignedSuffix))
if len(filenames) > 0 {
logger.Infof("signing %d file(s) in %q", len(filenames), dir)
}
for _, filename := range filenames {
logger.Infof("signing file %q", filename)
f, err := os.Open(filename)
if err != nil {
return fmt.Errorf("opening file %q: %v", filename, err)
}
encoded, err := simplestreams.Encode(f, key, passphrase)
if err != nil {
return fmt.Errorf("encoding file %q: %v", filename, err)
}
signedFilename := strings.Replace(filename, simplestreams.UnsignedSuffix, simplestreams.SignedSuffix, -1)
if err = ioutil.WriteFile(signedFilename, encoded, 0644); err != nil {
return fmt.Errorf("writing signed file %q: %v", signedFilename, err)
}
}
// Now process any directories in dir.
files, err := ioutil.ReadDir(dir)
if err != nil {
return err
}
for _, f := range files {
if f.IsDir() {
if err = process(filepath.Join(dir, f.Name()), key, passphrase); err != nil {
return err
}
}
}
return nil
}
