mirror of https://github.com/perkeep/perkeep.git
124 lines
3.1 KiB
Go
124 lines
3.1 KiB
Go
package jsonsign
|
|
|
|
import (
|
|
"camli/blobref"
|
|
"exec"
|
|
"flag"
|
|
"fmt"
|
|
"io/ioutil"
|
|
"json"
|
|
"log"
|
|
"os"
|
|
"strings"
|
|
"unicode"
|
|
)
|
|
|
|
var gpgPath *string = flag.String("gpg-path", "/usr/bin/gpg", "Path to the gpg binary.")
|
|
|
|
var flagRing *string = flag.String("keyring", "./test/test-keyring.gpg",
|
|
"GnuPG public keyring file to use.")
|
|
|
|
var flagSecretRing *string = flag.String("secret-keyring", "./test/test-secring.gpg",
|
|
"GnuPG secret keyring file to use.")
|
|
|
|
|
|
type SignRequest struct {
|
|
UnsignedJson string
|
|
Fetcher blobref.Fetcher
|
|
}
|
|
|
|
func (sr *SignRequest) Sign() (signedJson string, err os.Error) {
|
|
trimmedJson := strings.TrimRightFunc(sr.UnsignedJson, unicode.IsSpace)
|
|
|
|
// TODO: make sure these return different things
|
|
inputfail := func(msg string) (string, os.Error) {
|
|
return "", os.NewError(msg)
|
|
}
|
|
execfail := func(msg string) (string, os.Error) {
|
|
return "", os.NewError(msg)
|
|
}
|
|
|
|
jmap := make(map[string]interface{})
|
|
if err := json.Unmarshal([]byte(trimmedJson), &jmap); err != nil {
|
|
return inputfail("json parse error")
|
|
}
|
|
|
|
camliSigner, hasSigner := jmap["camliSigner"]
|
|
if !hasSigner {
|
|
return inputfail("json lacks \"camliSigner\" key with public key blobref")
|
|
}
|
|
|
|
signerBlob := blobref.Parse(camliSigner.(string))
|
|
if signerBlob == nil {
|
|
return inputfail("json \"camliSigner\" key is malformed or unsupported")
|
|
}
|
|
|
|
pubkeyReader, _, err := sr.Fetcher.Fetch(signerBlob)
|
|
if err != nil {
|
|
// TODO: not really either an inputfail or an execfail.. but going
|
|
// with exec for now.
|
|
return execfail(fmt.Sprintf("failed to find public key %s", signerBlob.String()))
|
|
}
|
|
|
|
pk, err := openArmoredPublicKeyFile(pubkeyReader)
|
|
if err != nil {
|
|
return execfail(fmt.Sprintf("failed to parse public key from blobref %s", signerBlob.String()))
|
|
}
|
|
|
|
// This check should be redundant if the above JSON parse succeeded, but
|
|
// for explicitness...
|
|
if len(trimmedJson) == 0 || trimmedJson[len(trimmedJson)-1] != '}' {
|
|
return inputfail("json parameter lacks trailing '}'")
|
|
}
|
|
trimmedJson = trimmedJson[0:len(trimmedJson)-1]
|
|
|
|
cmd, err := exec.Run(
|
|
*gpgPath,
|
|
[]string{
|
|
"--no-default-keyring",
|
|
"--keyring", *flagRing, // TODO: needed for signing?
|
|
"--secret-keyring", *flagSecretRing,
|
|
"--local-user", pk.KeyIdString(),
|
|
"--detach-sign",
|
|
"--armor",
|
|
"-"},
|
|
os.Environ(),
|
|
".",
|
|
exec.Pipe, // stdin
|
|
exec.Pipe, // stdout
|
|
exec.Pipe) // stderr
|
|
if err != nil {
|
|
return execfail("Failed to run gpg.")
|
|
}
|
|
|
|
_, err = cmd.Stdin.WriteString(trimmedJson)
|
|
if err != nil {
|
|
return execfail("Failed to write to gpg.")
|
|
}
|
|
cmd.Stdin.Close()
|
|
|
|
outputBytes, err := ioutil.ReadAll(cmd.Stdout)
|
|
if err != nil {
|
|
return execfail("Failed to read from gpg.")
|
|
}
|
|
output := string(outputBytes)
|
|
|
|
errOutput, err := ioutil.ReadAll(cmd.Stderr)
|
|
if len(errOutput) > 0 {
|
|
log.Printf("Got error: %q", string(errOutput))
|
|
}
|
|
|
|
cmd.Close()
|
|
|
|
index1 := strings.Index(output, "\n\n")
|
|
index2 := strings.Index(output, "\n-----")
|
|
if (index1 == -1 || index2 == -1) {
|
|
return execfail("Failed to parse signature from gpg.")
|
|
}
|
|
inner := output[index1+2:index2]
|
|
signature := strings.Replace(inner, "\n", "", -1)
|
|
|
|
return fmt.Sprintf("%s,\"camliSig\":\"%s\"}\n", trimmedJson, signature), nil
|
|
}
|
|
|