MCPcopy
hub / github.com/perkeep/perkeep / NewSigner

Function NewSigner

pkg/schema/sign.go:62–107  ·  view source on GitHub ↗

NewSigner returns an Signer given an armored public key's blobref, its armored content, and its associated private key entity. The privateKeySource must be either an *openpgp.Entity or a string filename to a secret key.

(pubKeyRef blob.Ref, armoredPubKey io.Reader, privateKeySource interface{})

Source from the content-addressed store, hash-verified

60// its armored content, and its associated private key entity.
61// The privateKeySource must be either an *openpgp.Entity or a string filename to a secret key.
62func NewSigner(pubKeyRef blob.Ref, armoredPubKey io.Reader, privateKeySource interface{}) (*Signer, error) {
63 hash := pubKeyRef.Hash()
64 fingerprint, armoredPubKeyString, err := jsonsign.ParseArmoredPublicKey(io.TeeReader(armoredPubKey, hash))
65 if err != nil {
66 return nil, err
67 }
68 if !pubKeyRef.HashMatches(hash) {
69 return nil, fmt.Errorf("pubkey ref of %v doesn't match provided armored public key", pubKeyRef)
70 }
71
72 var privateKey *openpgp.Entity
73 switch v := privateKeySource.(type) {
74 case *openpgp.Entity:
75 privateKey = v
76 case string:
77 privateKey, err = jsonsign.EntityFromSecring(fingerprint, v)
78 if err != nil {
79 return nil, err
80 }
81 default:
82 return nil, fmt.Errorf("invalid privateKeySource type %T", v)
83 }
84 if privateKey == nil {
85 return nil, errors.New("nil privateKey")
86 }
87
88 return &Signer{
89 pubref: pubKeyRef,
90 privEntity: privateKey,
91 baseSigReq: jsonsign.SignRequest{
92 ServerMode: true, // shouldn't matter, since we're supplying the rest of the fields
93 Fetcher: memoryBlobFetcher{
94 pubKeyRef: func() (uint32, io.ReadCloser) {
95 return uint32(len(armoredPubKeyString)), io.NopCloser(strings.NewReader(armoredPubKeyString))
96 },
97 },
98 EntityFetcher: entityFetcherFunc(func(wantFingerprint string) (*openpgp.Entity, error) {
99 if fingerprint != wantFingerprint {
100 return nil, fmt.Errorf("jsonsign code unexpectedly requested fingerprint %q; only have %q",
101 wantFingerprint, fingerprint)
102 }
103 return privateKey, nil
104 }),
105 },
106 }, nil
107}
108
109// SignJSON signs the provided json at the optional time t.
110// If t is the zero Time, the current time is used.

Callers 7

buildSignerMethod · 0.92
newSignerFunction · 0.92
testSignerFunction · 0.92
newJSONSignFromConfigFunction · 0.92
newSignerFunction · 0.92
TestSignerFunction · 0.85
TestClaimDateFunction · 0.85

Calls 5

ParseArmoredPublicKeyFunction · 0.92
EntityFromSecringFunction · 0.92
entityFetcherFuncFuncType · 0.85
HashMethod · 0.65
HashMatchesMethod · 0.45

Tested by 5

newSignerFunction · 0.74
testSignerFunction · 0.74
newSignerFunction · 0.74
TestSignerFunction · 0.68
TestClaimDateFunction · 0.68