| 123 | } |
| 124 | |
| 125 | func signAction(ctx *cli.Context) error { |
| 126 | if err := errs.MinMaxNumberOfArguments(ctx, 0, 1); err != nil { |
| 127 | return err |
| 128 | } |
| 129 | |
| 130 | keyFile := ctx.String("key") |
| 131 | if keyFile == "" { |
| 132 | return errs.RequiredFlag(ctx, "key") |
| 133 | } |
| 134 | |
| 135 | var input string |
| 136 | switch ctx.NArg() { |
| 137 | case 0: |
| 138 | input = "-" |
| 139 | case 1: |
| 140 | input = ctx.Args().First() |
| 141 | default: |
| 142 | return errs.TooManyArguments(ctx) |
| 143 | } |
| 144 | |
| 145 | b, err := utils.ReadFile(input) |
| 146 | if err != nil { |
| 147 | return errs.FileError(err, input) |
| 148 | } |
| 149 | |
| 150 | key, err := pemutil.Read(keyFile) |
| 151 | if err != nil { |
| 152 | return err |
| 153 | } |
| 154 | |
| 155 | signer, ok := key.(crypto.Signer) |
| 156 | if !ok { |
| 157 | return errors.Errorf("key %s is not a signer", keyFile) |
| 158 | } |
| 159 | |
| 160 | var digest []byte |
| 161 | var opts crypto.SignerOpts |
| 162 | switch k := key.(type) { |
| 163 | case *ecdsa.PrivateKey: |
| 164 | opts = crypto.Hash(0) |
| 165 | switch k.Curve { |
| 166 | case elliptic.P224(): |
| 167 | digest = hash(crypto.SHA224, b) |
| 168 | case elliptic.P256(): |
| 169 | digest = hash(crypto.SHA256, b) |
| 170 | case elliptic.P384(): |
| 171 | digest = hash(crypto.SHA384, b) |
| 172 | case elliptic.P521(): |
| 173 | digest = hash(crypto.SHA512, b) |
| 174 | default: |
| 175 | return errors.Errorf("unsupported elliptic curve %s", k.Params().Name) |
| 176 | } |
| 177 | case *rsa.PrivateKey: |
| 178 | opts, err = rsaHash(ctx) |
| 179 | if err != nil { |
| 180 | return err |
| 181 | } |
| 182 | digest = hash(opts.HashFunc(), b) |