MCPcopy
hub / github.com/helm/helm / ClearSign

Method ClearSign

pkg/provenance/sign.go:200–237  ·  view source on GitHub ↗

ClearSign signs package data with the given key and pre-marshalled metadata. This is the core signing method that works with data in memory. The Signatory must have a valid Entity.PrivateKey for this to work.

(archiveData []byte, filename string, metadataBytes []byte)

Source from the content-addressed store, hash-verified

198// This is the core signing method that works with data in memory.
199// The Signatory must have a valid Entity.PrivateKey for this to work.
200func (s *Signatory) ClearSign(archiveData []byte, filename string, metadataBytes []byte) (string, error) {
201 if s.Entity == nil {
202 return "", errors.New("private key not found")
203 } else if s.Entity.PrivateKey == nil {
204 return "", errors.New("provided key is not a private key. Try providing a keyring with secret keys")
205 }
206
207 out := bytes.NewBuffer(nil)
208
209 b, err := messageBlock(archiveData, filename, metadataBytes)
210 if err != nil {
211 return "", err
212 }
213
214 // Sign the buffer
215 w, err := clearsign.Encode(out, s.Entity.PrivateKey, &defaultPGPConfig)
216 if err != nil {
217 return "", err
218 }
219
220 _, err = io.Copy(w, b)
221
222 if err != nil {
223 // NB: We intentionally don't call `w.Close()` here! `w.Close()` is the method which
224 // actually does the PGP signing, and therefore is the part which uses the private key.
225 // In other words, if we call Close here, there's a risk that there's an attempt to use the
226 // private key to sign garbage data (since we know that io.Copy failed, `w` won't contain
227 // anything useful).
228 return "", fmt.Errorf("failed to write to clearsign encoder: %w", err)
229 }
230
231 err = w.Close()
232 if err != nil {
233 return "", fmt.Errorf("failed to either sign or armor message block: %w", err)
234 }
235
236 return out.String(), nil
237}
238
239// Verify checks a signature and verifies that it is legit for package data.
240// This is the core verification method that works with data in memory.

Callers 5

TestClearSignFunction · 0.80
TestClearSignErrorFunction · 0.80
ClearsignMethod · 0.80
SignPluginFunction · 0.80

Calls 5

messageBlockFunction · 0.85
EncodeMethod · 0.80
CopyMethod · 0.80
CloseMethod · 0.80
StringMethod · 0.45

Tested by 3

TestClearSignFunction · 0.64
TestClearSignErrorFunction · 0.64