本文整理汇总了Golang中github.com/docker/go/canonical/json.MarshalCanonical函数的典型用法代码示例。如果您正苦于以下问题:Golang MarshalCanonical函数的具体用法?Golang MarshalCanonical怎么用?Golang MarshalCanonical使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了MarshalCanonical函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: ExpireMetadata
// ExpireMetadata expires the metadata, which would make it invalid - don't do anything if
// we don't have the timestamp key
func (m *MetadataSwizzler) ExpireMetadata(role string) error {
signedThing, err := signedFromStore(m.MetadataCache, role)
if err != nil {
return err
}
var unmarshalled map[string]interface{}
if err := json.Unmarshal(*signedThing.Signed, &unmarshalled); err != nil {
return err
}
unmarshalled["expires"] = time.Now().AddDate(-1, -1, -1)
metaBytes, err := json.MarshalCanonical(unmarshalled)
if err != nil {
return err
}
signedThing.Signed = (*json.RawMessage)(&metaBytes)
pubKeys, err := getPubKeys(m.CryptoService, signedThing, role)
if err == nil {
metaBytes, err = serializeMetadata(m.CryptoService, signedThing, role, pubKeys...)
}
if err != nil {
return err
}
return m.MetadataCache.Set(role, metaBytes)
}
示例2: TestMoreThanEnoughSigs
func TestMoreThanEnoughSigs(t *testing.T) {
cs := NewEd25519()
k1, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
k2, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole(
"root",
1,
[]string{k1.ID(), k2.ID()},
nil,
nil,
)
assert.NoError(t, err)
db := keys.NewDB()
assert.NoError(t, err)
db.AddKey(k1)
db.AddKey(k2)
err = db.AddRole(r)
assert.NoError(t, err)
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k1, k2)
assert.Equal(t, 2, len(s.Signatures))
err = Verify(s, "root", 1, db)
assert.NoError(t, err)
}
示例3: SetInvalidMetadataType
// SetInvalidMetadataType unmarshallable, but has the wrong metadata type (not
// actually a metadata type)
func (m *MetadataSwizzler) SetInvalidMetadataType(role string) error {
signedThing, err := signedFromStore(m.MetadataCache, role)
if err != nil {
return err
}
var unmarshalled map[string]interface{}
if err := json.Unmarshal(*signedThing.Signed, &unmarshalled); err != nil {
return err
}
unmarshalled["_type"] = "not_real"
metaBytes, err := json.MarshalCanonical(unmarshalled)
if err != nil {
return err
}
signedThing.Signed = (*json.RawMessage)(&metaBytes)
pubKeys, err := getPubKeys(m.CryptoService, signedThing, role)
if err == nil {
metaBytes, err = serializeMetadata(m.CryptoService, signedThing, role, pubKeys...)
}
if err != nil {
return err
}
return m.MetadataCache.Set(role, metaBytes)
}
示例4: OffsetMetadataVersion
// OffsetMetadataVersion updates the metadata version
func (m *MetadataSwizzler) OffsetMetadataVersion(role string, offset int) error {
signedThing, err := signedFromStore(m.MetadataCache, role)
if err != nil {
return err
}
var unmarshalled map[string]interface{}
if err := json.Unmarshal(*signedThing.Signed, &unmarshalled); err != nil {
return err
}
oldVersion, ok := unmarshalled["version"].(float64)
if !ok {
oldVersion = float64(0) // just ignore the error and set it to 0
}
unmarshalled["version"] = int(oldVersion) + offset
metaBytes, err := json.MarshalCanonical(unmarshalled)
if err != nil {
return err
}
signedThing.Signed = (*json.RawMessage)(&metaBytes)
pubKeys, err := getPubKeys(m.CryptoService, signedThing, role)
if err == nil {
metaBytes, err = serializeMetadata(m.CryptoService, signedThing, role, pubKeys...)
}
if err != nil {
return err
}
return m.MetadataCache.Set(role, metaBytes)
}
示例5: CreateTimestamp
// CreateTimestamp creates a new timestamp. If a prev timestamp is provided, it
// is assumed this is the immediately previous one, and the new one will have a
// version number one higher than prev. The store is used to lookup the current
// snapshot, this function does not save the newly generated timestamp.
func CreateTimestamp(gun string, prev *data.SignedTimestamp, snapshot []byte, store storage.MetaStore, cryptoService signed.CryptoService) (*data.Signed, int, error) {
algorithm, public, err := store.GetKey(gun, data.CanonicalTimestampRole)
if err != nil {
// owner of gun must have generated a timestamp key otherwise
// we won't proceed with generating everything.
return nil, 0, err
}
key := data.NewPublicKey(algorithm, public)
sn := &data.Signed{}
err = json.Unmarshal(snapshot, sn)
if err != nil {
// couldn't parse snapshot
return nil, 0, err
}
ts, err := data.NewTimestamp(sn)
if err != nil {
return nil, 0, err
}
if prev != nil {
ts.Signed.Version = prev.Signed.Version + 1
}
sgndTs, err := json.MarshalCanonical(ts.Signed)
if err != nil {
return nil, 0, err
}
out := &data.Signed{
Signatures: ts.Signatures,
Signed: sgndTs,
}
err = signed.Sign(cryptoService, out, key)
if err != nil {
return nil, 0, err
}
return out, ts.Signed.Version, nil
}
示例6: SetInvalidSignedMeta
// SetInvalidSignedMeta corrupts the metadata into something that is unmarshallable
// as a Signed object, but not unmarshallable into a SignedMeta object
func (m *MetadataSwizzler) SetInvalidSignedMeta(role string) error {
signedThing, err := signedFromStore(m.MetadataCache, role)
if err != nil {
return err
}
pubKeys, err := getPubKeys(m.CryptoService, signedThing, role)
if err != nil {
return err
}
var unmarshalled map[string]interface{}
if err := json.Unmarshal(*signedThing.Signed, &unmarshalled); err != nil {
return err
}
unmarshalled["_type"] = []string{"not a string"}
unmarshalled["version"] = "string not int"
unmarshalled["expires"] = "cannot be parsed as time"
metaBytes, err := json.MarshalCanonical(unmarshalled)
if err != nil {
return err
}
signedThing.Signed = (*json.RawMessage)(&metaBytes)
metaBytes, err = serializeMetadata(m.CryptoService, signedThing, role, pubKeys...)
if err != nil {
return err
}
return m.MetadataCache.Set(role, metaBytes)
}
示例7: TestUnknownKeyBelowThreshold
func TestUnknownKeyBelowThreshold(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", "", data.ED25519Key)
require.NoError(t, err)
unknown, err := cs.Create("root", "", data.ED25519Key)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k.ID(): k}, Threshold: 2}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
require.NoError(t, err)
s := &data.Signed{Signed: (*json.RawMessage)(&b)}
require.NoError(t, Sign(cs, s, []data.PublicKey{k, unknown}, 2, nil))
s.Signatures = append(s.Signatures)
err = VerifySignatures(s, roleWithKeys)
require.IsType(t, ErrRoleThreshold{}, err)
require.Len(t, s.Signatures, 2)
for _, signature := range s.Signatures {
if signature.KeyID == k.ID() {
require.True(t, signature.IsValid)
} else {
require.False(t, signature.IsValid)
}
}
}
示例8: setUpRepo
// initialize a repo with keys, so they can be rotated
func setUpRepo(t *testing.T, tempBaseDir, gun string, ret passphrase.Retriever) (
*httptest.Server, map[string]string) {
// server that always returns 200 (and a key)
key, err := trustmanager.GenerateECDSAKey(rand.Reader)
assert.NoError(t, err)
pubKey := data.PublicKeyFromPrivate(key)
jsonBytes, err := json.MarshalCanonical(&pubKey)
assert.NoError(t, err)
keyJSON := string(jsonBytes)
ts := httptest.NewServer(http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
fmt.Fprint(w, keyJSON)
}))
repo, err := client.NewNotaryRepository(
tempBaseDir, gun, ts.URL, http.DefaultTransport, ret)
assert.NoError(t, err, "error creating repo: %s", err)
rootPubKey, err := repo.CryptoService.Create("root", data.ECDSAKey)
assert.NoError(t, err, "error generating root key: %s", err)
err = repo.Initialize(rootPubKey.ID())
assert.NoError(t, err)
return ts, repo.CryptoService.ListAllKeys()
}
示例9: TestDuplicateSigs
func TestDuplicateSigs(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", data.ED25519Key)
assert.NoError(t, err)
r, err := data.NewRole(
"root",
2,
[]string{k.ID()},
nil,
nil,
)
assert.NoError(t, err)
db := keys.NewDB()
assert.NoError(t, err)
db.AddKey(k)
err = db.AddRole(r)
assert.NoError(t, err)
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
assert.NoError(t, err)
s := &data.Signed{Signed: b}
Sign(cs, s, k)
s.Signatures = append(s.Signatures, s.Signatures[0])
err = Verify(s, "root", 1, db)
assert.IsType(t, ErrRoleThreshold{}, err)
}
示例10: VerifySignatures
// VerifySignatures checks the we have sufficient valid signatures for the given role
func VerifySignatures(s *data.Signed, role string, db *keys.KeyDB) error {
if len(s.Signatures) == 0 {
return ErrNoSignatures
}
roleData := db.GetRole(role)
if roleData == nil {
return ErrUnknownRole
}
if roleData.Threshold < 1 {
return ErrRoleThreshold{}
}
logrus.Debugf("%s role has key IDs: %s", role, strings.Join(roleData.KeyIDs, ","))
var decoded map[string]interface{}
if err := json.Unmarshal(s.Signed, &decoded); err != nil {
return err
}
msg, err := json.MarshalCanonical(decoded)
if err != nil {
return err
}
valid := make(map[string]struct{})
for _, sig := range s.Signatures {
logrus.Debug("verifying signature for key ID: ", sig.KeyID)
if !roleData.ValidKey(sig.KeyID) {
logrus.Debugf("continuing b/c keyid was invalid: %s for roledata %s\n", sig.KeyID, roleData)
continue
}
key := db.GetKey(sig.KeyID)
if key == nil {
logrus.Debugf("continuing b/c keyid lookup was nil: %s\n", sig.KeyID)
continue
}
// method lookup is consistent due to Unmarshal JSON doing lower case for us.
method := sig.Method
verifier, ok := Verifiers[method]
if !ok {
logrus.Debugf("continuing b/c signing method is not supported: %s\n", sig.Method)
continue
}
if err := verifier.Verify(key, sig.Signature, msg); err != nil {
logrus.Debugf("continuing b/c signature was invalid\n")
continue
}
valid[sig.KeyID] = struct{}{}
}
if len(valid) < roleData.Threshold {
return ErrRoleThreshold{}
}
return nil
}
示例11: TestIsValidNotExported
func TestIsValidNotExported(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create(data.CanonicalRootRole, "", data.ED25519Key)
require.NoError(t, err)
meta := &data.SignedCommon{Type: data.TUFTypes[data.CanonicalRootRole], Version: 1,
Expires: data.DefaultExpires(data.CanonicalRootRole)}
b, err := json.MarshalCanonical(meta)
require.NoError(t, err)
s := &data.Signed{Signed: (*json.RawMessage)(&b)}
require.NoError(t, Sign(cs, s, []data.PublicKey{k}, 1, nil))
require.Equal(t, 1, len(s.Signatures))
before, err := json.MarshalCanonical(s.Signatures[0])
require.NoError(t, err)
require.False(t, s.Signatures[0].IsValid)
require.NoError(t, VerifySignature(b, &(s.Signatures[0]), k))
// the IsValid field changed
require.True(t, s.Signatures[0].IsValid)
after, err := json.MarshalCanonical(s.Signatures[0])
require.NoError(t, err)
// but the marshalled byte strings stay the same since IsValid is not exported
require.Equal(t, before, after)
}
示例12: SetInvalidSigned
// SetInvalidSigned corrupts the metadata into something that is valid JSON,
// but not unmarshallable into signed JSON
func (m *MetadataSwizzler) SetInvalidSigned(role string) error {
signedThing, err := signedFromStore(m.MetadataCache, role)
if err != nil {
return err
}
metaBytes, err := json.MarshalCanonical(map[string]interface{}{
"signed": signedThing.Signed,
"signatures": "not list",
})
if err != nil {
return err
}
return m.MetadataCache.Set(role, metaBytes)
}
示例13: TestNoSigs
func TestNoSigs(t *testing.T) {
cs := NewEd25519()
k, err := cs.Create("root", "", data.ED25519Key)
require.NoError(t, err)
require.NoError(t, err)
roleWithKeys := data.BaseRole{Name: "root", Keys: data.Keys{k.ID(): k}, Threshold: 2}
meta := &data.SignedCommon{Type: "Root", Version: 1, Expires: data.DefaultExpires("root")}
b, err := json.MarshalCanonical(meta)
require.NoError(t, err)
s := &data.Signed{Signed: (*json.RawMessage)(&b)}
require.Equal(t, ErrNoSignatures, VerifySignatures(s, roleWithKeys))
}
示例14: VerifySignatures
// VerifySignatures checks the we have sufficient valid signatures for the given role
func VerifySignatures(s *data.Signed, roleData data.BaseRole) error {
if len(s.Signatures) == 0 {
return ErrNoSignatures
}
if roleData.Threshold < 1 {
return ErrRoleThreshold{}
}
logrus.Debugf("%s role has key IDs: %s", roleData.Name, strings.Join(roleData.ListKeyIDs(), ","))
// remarshal the signed part so we can verify the signature, since the signature has
// to be of a canonically marshalled signed object
var decoded map[string]interface{}
if err := json.Unmarshal(s.Signed, &decoded); err != nil {
return err
}
msg, err := json.MarshalCanonical(decoded)
if err != nil {
return err
}
valid := make(map[string]struct{})
for _, sig := range s.Signatures {
logrus.Debug("verifying signature for key ID: ", sig.KeyID)
key, ok := roleData.Keys[sig.KeyID]
if !ok {
logrus.Debugf("continuing b/c keyid lookup was nil: %s\n", sig.KeyID)
continue
}
// method lookup is consistent due to Unmarshal JSON doing lower case for us.
method := sig.Method
verifier, ok := Verifiers[method]
if !ok {
logrus.Debugf("continuing b/c signing method is not supported: %s\n", sig.Method)
continue
}
if err := verifier.Verify(key, sig.Signature, msg); err != nil {
logrus.Debugf("continuing b/c signature was invalid\n")
continue
}
valid[sig.KeyID] = struct{}{}
}
if len(valid) < roleData.Threshold {
return ErrRoleThreshold{}
}
return nil
}
示例15: TestRootToSignedMarshalsSignedPortionWithCanonicalJSON
func TestRootToSignedMarshalsSignedPortionWithCanonicalJSON(t *testing.T) {
r := SignedRoot{Signed: Root{Type: "root", Version: 2, Expires: time.Now()}}
signedCanonical, err := r.ToSigned()
require.NoError(t, err)
canonicalSignedPortion, err := cjson.MarshalCanonical(r.Signed)
require.NoError(t, err)
castedCanonical := rjson.RawMessage(canonicalSignedPortion)
// don't bother testing regular JSON because it might not be different
require.True(t, bytes.Equal(signedCanonical.Signed, castedCanonical),
"expected %v == %v", signedCanonical.Signed, castedCanonical)
}