| 238 | } |
| 239 | |
| 240 | func (h *Handler) handleSign(rw http.ResponseWriter, req *http.Request) { |
| 241 | req.ParseForm() |
| 242 | |
| 243 | badReq := func(s string) { |
| 244 | http.Error(rw, s, http.StatusBadRequest) |
| 245 | log.Printf("bad request: %s", s) |
| 246 | } |
| 247 | |
| 248 | jsonStr := req.FormValue("json") |
| 249 | if jsonStr == "" { |
| 250 | badReq("missing \"json\" parameter") |
| 251 | return |
| 252 | } |
| 253 | if len(jsonStr) > maxJSONLength { |
| 254 | badReq("parameter \"json\" too large") |
| 255 | return |
| 256 | } |
| 257 | |
| 258 | sreq := &jsonsign.SignRequest{ |
| 259 | UnsignedJSON: jsonStr, |
| 260 | Fetcher: h.pubKeyFetcher, |
| 261 | ServerMode: true, |
| 262 | SecretKeyringPath: h.secretRing, |
| 263 | } |
| 264 | ctx := req.Context() // TODO: restrict time to 30 seconds? |
| 265 | signedJSON, err := sreq.Sign(ctx) |
| 266 | if err != nil { |
| 267 | // TODO: some aren't really a "bad request" |
| 268 | badReq(fmt.Sprintf("%v", err)) |
| 269 | return |
| 270 | } |
| 271 | if err := h.UploadPublicKey(ctx); err != nil { |
| 272 | log.Printf("signing handler failed to upload public key: %v", err) |
| 273 | } |
| 274 | rw.Write([]byte(signedJSON)) |
| 275 | } |
| 276 | |
| 277 | func (h *Handler) Sign(ctx context.Context, bb *schema.Builder) (string, error) { |
| 278 | bb.SetSigner(h.pubKeyBlobRef) |