...

Source file src/github.com/secure-systems-lab/go-securesystemslib/dsse/sign.go

Documentation: github.com/secure-systems-lab/go-securesystemslib/dsse 

     1  /*
     2  Package dsse implements the Dead Simple Signing Envelope (DSSE)
     3  https://github.com/secure-systems-lab/dsse
     4  */
     5  package dsse
     6  
     7  import (
     8  	"context"
     9  	"encoding/base64"
    10  	"errors"
    11  )
    12  
    13  // ErrNoSigners indicates that no signer was provided.
    14  var ErrNoSigners = errors.New("no signers provided")
    15  
    16  // EnvelopeSigner creates signed Envelopes.
    17  type EnvelopeSigner struct {
    18  	providers []Signer
    19  }
    20  
    21  /*
    22  NewEnvelopeSigner creates an EnvelopeSigner that uses 1+ Signer algorithms to
    23  sign the data.
    24  */
    25  func NewEnvelopeSigner(p ...Signer) (*EnvelopeSigner, error) {
    26  	var providers []Signer
    27  
    28  	for _, s := range p {
    29  		if s != nil {
    30  			providers = append(providers, s)
    31  		}
    32  	}
    33  
    34  	if len(providers) == 0 {
    35  		return nil, ErrNoSigners
    36  	}
    37  
    38  	return &EnvelopeSigner{
    39  		providers: providers,
    40  	}, nil
    41  }
    42  
    43  /*
    44  NewMultiEnvelopeSigner creates an EnvelopeSigner that uses 1+ Signer
    45  algorithms to sign the data. The threshold parameter is legacy and is ignored.
    46  
    47  Deprecated: This function simply calls NewEnvelopeSigner, and that function should
    48  be preferred.
    49  */
    50  func NewMultiEnvelopeSigner(threshold int, p ...Signer) (*EnvelopeSigner, error) {
    51  	return NewEnvelopeSigner(p...)
    52  }
    53  
    54  /*
    55  SignPayload signs a payload and payload type according to DSSE.
    56  Returned is an envelope as defined here:
    57  https://github.com/secure-systems-lab/dsse/blob/master/envelope.md
    58  One signature will be added for each Signer in the EnvelopeSigner.
    59  */
    60  func (es *EnvelopeSigner) SignPayload(ctx context.Context, payloadType string, body []byte) (*Envelope, error) {
    61  	var e = Envelope{
    62  		Payload:     base64.StdEncoding.EncodeToString(body),
    63  		PayloadType: payloadType,
    64  	}
    65  
    66  	paeEnc := PAE(payloadType, body)
    67  
    68  	for _, signer := range es.providers {
    69  		sig, err := signer.Sign(ctx, paeEnc)
    70  		if err != nil {
    71  			return nil, err
    72  		}
    73  		keyID, err := signer.KeyID()
    74  		if err != nil {
    75  			keyID = ""
    76  		}
    77  
    78  		e.Signatures = append(e.Signatures, Signature{
    79  			KeyID: keyID,
    80  			Sig:   base64.StdEncoding.EncodeToString(sig),
    81  		})
    82  	}
    83  
    84  	return &e, nil
    85  }
    86  

View as plain text