本文整理匯總了Golang中github.com/docker/libtrust.NewJSONSignature函數的典型用法代碼示例。如果您正苦於以下問題:Golang NewJSONSignature函數的具體用法?Golang NewJSONSignature怎麽用?Golang NewJSONSignature使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了NewJSONSignature函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: Unmarshal
func (ms *signedManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
context.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Unmarshal")
var (
signatures [][]byte
err error
)
jsig, err := libtrust.NewJSONSignature(content, signatures...)
if err != nil {
return nil, err
}
if ms.repository.schema1SigningKey != nil {
if err := jsig.Sign(ms.repository.schema1SigningKey); err != nil {
return nil, err
}
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm schema1.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, nil
}示例2: createSignedManifest
func createSignedManifest(raw []byte, m *manifest.Manifest, keys []trust.PrivateKey) (*manifest.SignedManifest, error) {
var sigs []*trust.JSONSignature
for _, k := range keys {
js, err := trust.NewJSONSignature(raw)
if err != nil {
return nil, err
}
if err := js.Sign(k); err != nil {
return nil, err
}
sigs = append(sigs, js)
}
sg := sigs[0]
if err := sg.Merge(sigs[1:]...); err != nil {
return nil, err
}
bts, err := sg.PrettySignature("signatures")
if err != nil {
return nil, err
}
sm := &manifest.SignedManifest{Manifest: *m, Raw: bts}
return sm, nil
}示例3: CreateStatement
// CreateStatements creates and signs a statement from a stream of grants
// and revocations in a JSON array.
func CreateStatement(grants, revocations io.Reader, expiration time.Duration, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error) {
var statement Statement
err := json.NewDecoder(grants).Decode(&statement.jsonStatement.Grants)
if err != nil {
return nil, err
}
err = json.NewDecoder(revocations).Decode(&statement.jsonStatement.Revocations)
if err != nil {
return nil, err
}
statement.jsonStatement.Expiration = time.Now().UTC().Add(expiration)
statement.jsonStatement.IssuedAt = time.Now().UTC()
b, err := json.MarshalIndent(&statement.jsonStatement, "", " ")
if err != nil {
return nil, err
}
statement.signature, err = libtrust.NewJSONSignature(b)
if err != nil {
return nil, err
}
err = statement.signature.SignWithChain(key, chain)
if err != nil {
return nil, err
}
return &statement, nil
}示例4: SignWithChain
// SignWithChain signs the manifest with the given private key and x509 chain.
// The public key of the first element in the chain must be the public key
// corresponding with the sign key.
func SignWithChain(m *Manifest, key libtrust.PrivateKey, chain []*x509.Certificate) (*SignedManifest, error) {
p, err := json.MarshalIndent(m, "", " ")
if err != nil {
return nil, err
}
js, err := libtrust.NewJSONSignature(p)
if err != nil {
return nil, err
}
if err := js.SignWithChain(key, chain); err != nil {
return nil, err
}
pretty, err := js.PrettySignature("signatures")
if err != nil {
return nil, err
}
return &SignedManifest{
Manifest: *m,
Raw: pretty,
}, nil
}示例5: Sign
// Sign signs the manifest with the provided private key, returning a
// SignedManifest. This typically won't be used within the registry, except
// for testing.
func Sign(m *Manifest, pk libtrust.PrivateKey) (*SignedManifest, error) {
p, err := json.MarshalIndent(m, "", " ")
if err != nil {
return nil, err
}
js, err := libtrust.NewJSONSignature(p)
if err != nil {
return nil, err
}
if err := js.Sign(pk); err != nil {
return nil, err
}
pretty, err := js.PrettySignature("signatures")
if err != nil {
return nil, err
}
return &SignedManifest{
Manifest: *m,
Raw: pretty,
}, nil
}示例6: Sign
func (s *Instance) Sign() error {
payload, err := s.Payload.ToJSON()
if err != nil {
log.Println("Could not encode payload")
return err
}
js, err := libtrust.NewJSONSignature(payload)
if err != nil {
log.Println("Could not create jsign")
return err
}
jwk, err := s.Owner.GetPrivateKey()
if err != nil {
return err
}
err = js.Sign(jwk)
if err != nil {
log.Println("Could not sign payload")
return err
}
jsJSON, err := js.JWS()
if err != nil {
return err
}
tempJSONSignature := JSONSignature{}
err = json.Unmarshal(jsJSON, &tempJSONSignature)
if err != nil {
return err
}
s.Payload.Signatures = tempJSONSignature.Signatures
return nil
}示例7: generateStatement
func generateStatement(grants []*Grant, key libtrust.PrivateKey, chain []*x509.Certificate) (*Statement, error) {
var statement Statement
statement.Grants = make([]*jsonGrant, len(grants))
for i, grant := range grants {
statement.Grants[i] = &jsonGrant{
Subject: grant.Subject,
Permission: grant.Permission,
Grantee: grant.Grantee,
}
}
statement.IssuedAt = time.Now()
statement.Expiration = time.Now().Add(testStatementExpiration)
statement.Revocations = make([]*jsonRevocation, 0)
marshalled, err := json.MarshalIndent(statement.jsonStatement, "", " ")
if err != nil {
return nil, err
}
sig, err := libtrust.NewJSONSignature(marshalled)
if err != nil {
return nil, err
}
err = sig.SignWithChain(key, chain)
if err != nil {
return nil, err
}
statement.signature = sig
return &statement, nil
}示例8: manifestFromImage
// manifestFromImage converts an Image to a SignedManifest.
func (r *repository) manifestFromImage(image *imageapi.Image) (*manifest.SignedManifest, error) {
dgst, err := digest.ParseDigest(image.Name)
if err != nil {
return nil, err
}
// Fetch the signatures for the manifest
signatures, err := r.Signatures().Get(dgst)
if err != nil {
return nil, err
}
jsig, err := libtrust.NewJSONSignature([]byte(image.DockerImageManifest), signatures...)
if err != nil {
return nil, err
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm manifest.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, err
}示例9: Unmarshal
func (ms *signedManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
context.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Unmarshal")
// Fetch the signatures for the manifest
signatures, err := ms.signatures.Get(dgst)
if err != nil {
return nil, err
}
jsig, err := libtrust.NewJSONSignature(content, signatures...)
if err != nil {
return nil, err
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm schema1.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, nil
}示例10: Get
func (ms *manifestStore) Get(ctx context.Context, dgst digest.Digest, options ...distribution.ManifestServiceOption) (distribution.Manifest, error) {
context.GetLogger(ms.ctx).Debug("(*manifestStore).Get")
// Ensure that this revision is available in this repository.
_, err := ms.blobStore.Stat(ctx, dgst)
if err != nil {
if err == distribution.ErrBlobUnknown {
return nil, distribution.ErrManifestUnknownRevision{
Name: ms.repository.Name(),
Revision: dgst,
}
}
return nil, err
}
// TODO(stevvooe): Need to check descriptor from above to ensure that the
// mediatype is as we expect for the manifest store.
content, err := ms.blobStore.Get(ctx, dgst)
if err != nil {
if err == distribution.ErrBlobUnknown {
return nil, distribution.ErrManifestUnknownRevision{
Name: ms.repository.Name(),
Revision: dgst,
}
}
return nil, err
}
// Fetch the signatures for the manifest
signatures, err := ms.signatures.Get(dgst)
if err != nil {
return nil, err
}
jsig, err := libtrust.NewJSONSignature(content, signatures...)
if err != nil {
return nil, err
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm schema1.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, nil
}示例11: signedManifestFromImage
// signedManifestFromImage converts an Image to a SignedManifest.
func (r *repository) signedManifestFromImage(image *imageapi.Image) (*schema1.SignedManifest, error) {
if image.DockerImageManifestMediaType == schema2.MediaTypeManifest {
context.GetLogger(r.ctx).Errorf("old client pulling new image %s", image.DockerImageReference)
return nil, fmt.Errorf("unable to convert new image to old one")
}
raw := []byte(image.DockerImageManifest)
// prefer signatures from the manifest
if _, err := libtrust.ParsePrettySignature(raw, "signatures"); err == nil {
sm := schema1.SignedManifest{Canonical: raw}
if err = json.Unmarshal(raw, &sm); err == nil {
return &sm, nil
}
}
dgst, err := digest.ParseDigest(image.Name)
if err != nil {
return nil, err
}
var signBytes [][]byte
if len(image.DockerImageSignatures) == 0 {
// Fetch the signatures for the manifest
signatures, errSign := r.getSignatures(dgst)
if errSign != nil {
return nil, errSign
}
for _, signatureDigest := range signatures {
signBytes = append(signBytes, []byte(signatureDigest))
}
} else {
for _, sign := range image.DockerImageSignatures {
signBytes = append(signBytes, sign)
}
}
jsig, err := libtrust.NewJSONSignature(raw, signBytes...)
if err != nil {
return nil, err
}
// Extract the pretty JWS
raw, err = jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm schema1.SignedManifest
if err = json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, err
}示例12: get
// get retrieves the manifest, keyed by revision digest.
func (rs *revisionStore) get(ctx context.Context, revision digest.Digest) (*manifest.SignedManifest, error) {
// Ensure that this revision is available in this repository.
_, err := rs.blobStore.Stat(ctx, revision)
if err != nil {
if err == distribution.ErrBlobUnknown {
return nil, distribution.ErrManifestUnknownRevision{
Name: rs.repository.Name(),
Revision: revision,
}
}
return nil, err
}
// TODO(stevvooe): Need to check descriptor from above to ensure that the
// mediatype is as we expect for the manifest store.
content, err := rs.blobStore.Get(ctx, revision)
if err != nil {
if err == distribution.ErrBlobUnknown {
return nil, distribution.ErrManifestUnknownRevision{
Name: rs.repository.Name(),
Revision: revision,
}
}
return nil, err
}
// Fetch the signatures for the manifest
signatures, err := rs.repository.Signatures().Get(revision)
if err != nil {
return nil, err
}
jsig, err := libtrust.NewJSONSignature(content, signatures...)
if err != nil {
return nil, err
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm manifest.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, nil
}示例13: AddDummyV2S1Signature
// AddDummyV2S1Signature adds an JWS signature with a temporary key (i.e. useless) to a v2s1 manifest.
// This is useful to make the manifest acceptable to a Docker Registry (even though nothing needs or wants the JWS signature).
func AddDummyV2S1Signature(manifest []byte) ([]byte, error) {
key, err := libtrust.GenerateECP256PrivateKey()
if err != nil {
return nil, err // Coverage: This can fail only if rand.Reader fails.
}
js, err := libtrust.NewJSONSignature(manifest)
if err != nil {
return nil, err
}
if err := js.Sign(key); err != nil { // Coverage: This can fail basically only if rand.Reader fails.
return nil, err
}
return js.PrettySignature("signatures")
}示例14: signedManifest
func signedManifest(name string) ([]byte, digest.Digest, error) {
key, err := libtrust.GenerateECP256PrivateKey()
if err != nil {
return []byte{}, "", fmt.Errorf("error generating EC key: %s", err)
}
mappingManifest := manifest.Manifest{
Versioned: manifest.Versioned{
SchemaVersion: 1,
},
Name: name,
Tag: imageapi.DefaultImageTag,
Architecture: "amd64",
History: []manifest.History{
{
V1Compatibility: `{"id": "foo"}`,
},
},
}
manifestBytes, err := json.MarshalIndent(mappingManifest, "", " ")
if err != nil {
return []byte{}, "", fmt.Errorf("error marshaling manifest: %s", err)
}
dgst, err := digest.FromBytes(manifestBytes)
if err != nil {
return []byte{}, "", fmt.Errorf("error calculating manifest digest: %s", err)
}
jsonSignature, err := libtrust.NewJSONSignature(manifestBytes)
if err != nil {
return []byte{}, "", fmt.Errorf("error creating json signature: %s", err)
}
if err = jsonSignature.Sign(key); err != nil {
return []byte{}, "", fmt.Errorf("error signing manifest: %s", err)
}
signedBytes, err := jsonSignature.PrettySignature("signatures")
if err != nil {
return []byte{}, "", fmt.Errorf("error invoking PrettySignature: %s", err)
}
return signedBytes, dgst, nil
}示例15: Unmarshal
func (ms *signedManifestHandler) Unmarshal(ctx context.Context, dgst digest.Digest, content []byte) (distribution.Manifest, error) {
context.GetLogger(ms.ctx).Debug("(*signedManifestHandler).Unmarshal")
var (
signatures [][]byte
err error
)
if ms.repository.schema1SignaturesEnabled {
// Fetch the signatures for the manifest
signatures, err = ms.signatures.Get(dgst)
if err != nil {
return nil, err
}
}
jsig, err := libtrust.NewJSONSignature(content, signatures...)
if err != nil {
return nil, err
}
if ms.repository.schema1SigningKey != nil {
if err := jsig.Sign(ms.repository.schema1SigningKey); err != nil {
return nil, err
}
} else if !ms.repository.schema1SignaturesEnabled {
return nil, fmt.Errorf("missing signing key with signature store disabled")
}
// Extract the pretty JWS
raw, err := jsig.PrettySignature("signatures")
if err != nil {
return nil, err
}
var sm schema1.SignedManifest
if err := json.Unmarshal(raw, &sm); err != nil {
return nil, err
}
return &sm, nil
}