(ld blobserver.Loader, conf jsonconfig.Obj)
| 79 | } |
| 80 | |
| 81 | func newJSONSignFromConfig(ld blobserver.Loader, conf jsonconfig.Obj) (http.Handler, error) { |
| 82 | var ( |
| 83 | // either a short form ("26F5ABDA") or one the longer forms. |
| 84 | keyId = conf.RequiredString("keyId") |
| 85 | |
| 86 | pubKeyDestPrefix = conf.OptionalString("publicKeyDest", "") |
| 87 | secretRing = conf.OptionalString("secretRing", "") |
| 88 | ) |
| 89 | if err := conf.Validate(); err != nil { |
| 90 | return nil, err |
| 91 | } |
| 92 | |
| 93 | h := &Handler{ |
| 94 | secretRing: secretRing, |
| 95 | } |
| 96 | |
| 97 | var err error |
| 98 | h.entity, err = jsonsign.EntityFromSecring(keyId, h.secretRingPath()) |
| 99 | if err != nil { |
| 100 | return nil, err |
| 101 | } |
| 102 | |
| 103 | h.pubKey, err = jsonsign.ArmoredPublicKey(h.entity) |
| 104 | if err != nil { |
| 105 | return nil, err |
| 106 | } |
| 107 | |
| 108 | ctx := context.Background() // TODO: 15 second or global-configurable start-up limit? |
| 109 | |
| 110 | ms := &memory.Storage{} |
| 111 | h.pubKeyBlobRef = blob.RefFromString(h.pubKey) |
| 112 | if _, err := ms.ReceiveBlob(ctx, h.pubKeyBlobRef, strings.NewReader(h.pubKey)); err != nil { |
| 113 | return nil, fmt.Errorf("could not store pub key blob: %v", err) |
| 114 | } |
| 115 | h.pubKeyFetcher = ms |
| 116 | |
| 117 | if pubKeyDestPrefix != "" { |
| 118 | sto, err := ld.GetStorage(pubKeyDestPrefix) |
| 119 | if err != nil { |
| 120 | return nil, err |
| 121 | } |
| 122 | h.pubKeyDest = sto |
| 123 | } |
| 124 | h.pubKeyBlobRefServeSuffix = "camli/" + h.pubKeyBlobRef.String() |
| 125 | h.pubKeyHandler = &gethandler.Handler{ |
| 126 | Fetcher: ms, |
| 127 | } |
| 128 | |
| 129 | h.signer, err = schema.NewSigner(h.pubKeyBlobRef, strings.NewReader(h.pubKey), h.entity) |
| 130 | if err != nil { |
| 131 | return nil, err |
| 132 | } |
| 133 | |
| 134 | return h, nil |
| 135 | } |
| 136 | |
| 137 | // UploadPublicKey writes the public key to the destination blobserver |
| 138 | // defined for the handler, if needed. |
nothing calls this directly
no test coverage detected