github.com/mika/distribution@v2.2.2-0.20160108133430-a75790e3d8e0+incompatible/manifest/schema1/sign.go (about) 1 package schema1 2 3 import ( 4 "crypto/x509" 5 "encoding/json" 6 7 "github.com/docker/libtrust" 8 ) 9 10 // Sign signs the manifest with the provided private key, returning a 11 // SignedManifest. This typically won't be used within the registry, except 12 // for testing. 13 func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) { 14 p, err := json.MarshalIndent(m, "", " ") 15 if err != nil { 16 return nil, err 17 } 18 19 js, err := libtrust.NewJSONSignature(p) 20 if err != nil { 21 return nil, err 22 } 23 24 if err := js.Sign(pk); err != nil { 25 return nil, err 26 } 27 28 pretty, err := js.PrettySignature("signatures") 29 if err != nil { 30 return nil, err 31 } 32 33 return &SignedManifest{ 34 Manifest: *m, 35 all: pretty, 36 Canonical: p, 37 }, nil 38 } 39 40 // SignWithChain signs the manifest with the given private key and x509 chain. 41 // The public key of the first element in the chain must be the public key 42 // corresponding with the sign key. 43 func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) { 44 p, err := json.MarshalIndent(m, "", " ") 45 if err != nil { 46 return nil, err 47 } 48 49 js, err := libtrust.NewJSONSignature(p) 50 if err != nil { 51 return nil, err 52 } 53 54 if err := js.SignWithChain(key, chain); err != nil { 55 return nil, err 56 } 57 58 pretty, err := js.PrettySignature("signatures") 59 if err != nil { 60 return nil, err 61 } 62 63 return &SignedManifest{ 64 Manifest: *m, 65 all: pretty, 66 Canonical: p, 67 }, nil 68 }