NewSigner returns an Signer given an armored public key's blobref, its armored content, and its associated private key entity. The privateKeySource must be either an *openpgp.Entity or a string filename to a secret key.
(pubKeyRef blob.Ref, armoredPubKey io.Reader, privateKeySource interface{})
| 60 | // its armored content, and its associated private key entity. |
| 61 | // The privateKeySource must be either an *openpgp.Entity or a string filename to a secret key. |
| 62 | func NewSigner(pubKeyRef blob.Ref, armoredPubKey io.Reader, privateKeySource interface{}) (*Signer, error) { |
| 63 | hash := pubKeyRef.Hash() |
| 64 | fingerprint, armoredPubKeyString, err := jsonsign.ParseArmoredPublicKey(io.TeeReader(armoredPubKey, hash)) |
| 65 | if err != nil { |
| 66 | return nil, err |
| 67 | } |
| 68 | if !pubKeyRef.HashMatches(hash) { |
| 69 | return nil, fmt.Errorf("pubkey ref of %v doesn't match provided armored public key", pubKeyRef) |
| 70 | } |
| 71 | |
| 72 | var privateKey *openpgp.Entity |
| 73 | switch v := privateKeySource.(type) { |
| 74 | case *openpgp.Entity: |
| 75 | privateKey = v |
| 76 | case string: |
| 77 | privateKey, err = jsonsign.EntityFromSecring(fingerprint, v) |
| 78 | if err != nil { |
| 79 | return nil, err |
| 80 | } |
| 81 | default: |
| 82 | return nil, fmt.Errorf("invalid privateKeySource type %T", v) |
| 83 | } |
| 84 | if privateKey == nil { |
| 85 | return nil, errors.New("nil privateKey") |
| 86 | } |
| 87 | |
| 88 | return &Signer{ |
| 89 | pubref: pubKeyRef, |
| 90 | privEntity: privateKey, |
| 91 | baseSigReq: jsonsign.SignRequest{ |
| 92 | ServerMode: true, // shouldn't matter, since we're supplying the rest of the fields |
| 93 | Fetcher: memoryBlobFetcher{ |
| 94 | pubKeyRef: func() (uint32, io.ReadCloser) { |
| 95 | return uint32(len(armoredPubKeyString)), io.NopCloser(strings.NewReader(armoredPubKeyString)) |
| 96 | }, |
| 97 | }, |
| 98 | EntityFetcher: entityFetcherFunc(func(wantFingerprint string) (*openpgp.Entity, error) { |
| 99 | if fingerprint != wantFingerprint { |
| 100 | return nil, fmt.Errorf("jsonsign code unexpectedly requested fingerprint %q; only have %q", |
| 101 | wantFingerprint, fingerprint) |
| 102 | } |
| 103 | return privateKey, nil |
| 104 | }), |
| 105 | }, |
| 106 | }, nil |
| 107 | } |
| 108 | |
| 109 | // SignJSON signs the provided json at the optional time t. |
| 110 | // If t is the zero Time, the current time is used. |