github.com/lusis/distribution@v2.0.1+incompatible/manifest/sign.go (about) 1 package manifest 2 3 import ( 4 "crypto/x509" 5 "encoding/json" 6 7 "github.com/docker/libtrust" 8 ) 9 10 // Sign signs the manifest with the provided private key, returning a 11 // SignedManifest. This typically won't be used within the registry, except 12 // for testing. 13 func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) { 14 p, err := json.MarshalIndent(m, "", " ") 15 if err != nil { 16 return nil, err 17 } 18 19 js, err := libtrust.NewJSONSignature(p) 20 if err != nil { 21 return nil, err 22 } 23 24 if err := js.Sign(pk); err != nil { 25 return nil, err 26 } 27 28 pretty, err := js.PrettySignature("signatures") 29 if err != nil { 30 return nil, err 31 } 32 33 return &SignedManifest{ 34 Manifest: *m, 35 Raw: pretty, 36 }, nil 37 } 38 39 // SignWithChain signs the manifest with the given private key and x509 chain. 40 // The public key of the first element in the chain must be the public key 41 // corresponding with the sign key. 42 func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) { 43 p, err := json.MarshalIndent(m, "", " ") 44 if err != nil { 45 return nil, err 46 } 47 48 js, err := libtrust.NewJSONSignature(p) 49 if err != nil { 50 return nil, err 51 } 52 53 if err := js.SignWithChain(key, chain); err != nil { 54 return nil, err 55 } 56 57 pretty, err := js.PrettySignature("signatures") 58 if err != nil { 59 return nil, err 60 } 61 62 return &SignedManifest{ 63 Manifest: *m, 64 Raw: pretty, 65 }, nil 66 }