Abstract out signature generation and verification to SignatureEnvelope #7
Conversation
priteshbandi
changed the title
priteshbandi
force-pushed
the
core-refactor
branch
from
2736ea7 to
400bd7c
Compare
priteshbandi
force-pushed
the
core-refactor
branch
5 times, most recently
from
8236b81 to
a33fae5
Compare
priteshbandi
force-pushed
the
core-refactor
branch
8 times, most recently
from
223b44e to
cb4fca4
Compare
There was a problem hiding this comment.
General comment before doing an in-depth review:
Could you take a look at notaryproject/notation-go#62? I've changes the data model of several notation types to fit the new signing spec and moved away from jwt.Token, which simplifies the encoding/decoding logic. I think this PR would also benefit from taking that approach, as I guess it is using that many maps just because jwt.Token.Header is a map instead of a typed struct.
priteshbandi
force-pushed
the
core-refactor
branch
from
cb4fca4 to
79c5b73
Compare
| // GetRSARootCertificate returns root certificate signed using RSA algorithm | ||
| func GetRSARootCertificate() CertTuple { | ||
| return rsaRoot | ||
| } | ||
|
|
||
| // GetRSALeafCertificate returns leaf certificate signed using RSA algorithm | ||
| func GetRSALeafCertificate() CertTuple { | ||
| return rsaLeaf | ||
| } | ||
|
|
||
| // GetECRootCertificate returns root certificate signed using EC algorithm | ||
| func GetECRootCertificate() ECCertTuple { | ||
| return ecdsaRoot | ||
| } | ||
|
|
||
| // GetECLeafCertificate returns leaf certificate signed using EC algorithm | ||
| func GetECLeafCertificate() ECCertTuple { | ||
| return ecdsaLeaf | ||
| } | ||
|
|
||
| // GetUnsupportedCertificate returns certificate signed using RSA algorithm with key size of 1024 bits | ||
| // which is not supported by notary. | ||
| func GetUnsupportedCertificate() CertTuple { | ||
| return unsupported | ||
| } |
There was a problem hiding this comment.
There is no need to define all these getters. Just use the global variables wherever necessary.
There was a problem hiding this comment.
Having global gives less control than the function, because anyone can read or change the global variable at any time. Also, having function will allow us to change variable name/representation internally without affecting callers.
priteshbandi
force-pushed
the
core-refactor
branch
from
4796426 to
8ff4d62
Compare
priteshbandi
force-pushed
the
core-refactor
branch
2 times, most recently
from
92f5064 to
f03bbc8
Compare
priteshbandi
force-pushed
the
core-refactor
branch
from
f03bbc8 to
b9efa08
Compare
| Sign([]byte) ([]byte, error) | ||
| } | ||
|
|
||
| type SignatureEnvelope struct { |
There was a problem hiding this comment.
Why not make SignatureEnvelope an interface lile
type SignatureEnvelope interface {
Sign(req SignRequest) ([]byte, error)
Verify(trustedCerts []*x509.Certificate) (*x509.Certificate, *SignerInfo, error)
GetSignerInfo() (*SignerInfo, error)
}Then we can have stuffs simplified like
// NewSignatureEnvelope is used for signature generation workflow
func NewSignatureEnvelope(envelopeMediaType SignatureMediaType) (SignatureEnvelope, error) {
switch envelopeMediaType {
case MediaTypeJWSJSON:
return &jwsEnvelope{}, nil
case MediaTypeCOSE:
return &coseEnvelope{}, nil
}
return nil, &ErrorUnsupportedSignatureFormat{mediaType: string(envelopeMediaType)}
}There was a problem hiding this comment.
So basically we want to implement common validations(like input validations, cert chain validations, trust anchor related code, timestamping related code) in SignatureEnvelope's sign and verify method and let specific implementation only do the work of encoding/decoding/integrity validation signature format.
With the interface above things are not possible. Although there can be a workaround by creating helper methods then we need to make sure each implementation is calling them.
There was a problem hiding this comment.
Then we can still have
// NewSignatureEnvelope is used for signature generation workflow
func NewSignatureEnvelope(envelopeMediaType SignatureMediaType) (SignatureEnvelope, error) {
switch envelopeMediaType {
case MediaTypeJWSJSON:
return &someGenericValidation{&jwsEnvelope{}}, nil
case MediaTypeCOSE:
return &someGenericValidation{&coseEnvelope{}}, nil
}
return nil, &UnsupportedSignatureFormatError{mediaType: string(envelopeMediaType)}
}That still works. With interfaces, it is easier to decouple code and do unit testing.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
priteshbandi
force-pushed
the
core-refactor
branch
3 times, most recently
from
a4a21be to
8b4ea2e
Compare
| Sign([]byte) ([]byte, error) | ||
| } | ||
|
|
||
| type SignatureEnvelope struct { |
There was a problem hiding this comment.
Then we can still have
// NewSignatureEnvelope is used for signature generation workflow
func NewSignatureEnvelope(envelopeMediaType SignatureMediaType) (SignatureEnvelope, error) {
switch envelopeMediaType {
case MediaTypeJWSJSON:
return &someGenericValidation{&jwsEnvelope{}}, nil
case MediaTypeCOSE:
return &someGenericValidation{&coseEnvelope{}}, nil
}
return nil, &UnsupportedSignatureFormatError{mediaType: string(envelopeMediaType)}
}That still works. With interfaces, it is easier to decouple code and do unit testing.
priteshbandi
force-pushed
the
core-refactor
branch
from
4b70201 to
82d8dfc
Compare
Signed-off-by: Pritesh Bandi <[email protected]>
priteshbandi
force-pushed
the
core-refactor
branch
from
82d8dfc to
f836b0e
Compare
|
|
||
| // Verify performs integrity and other signature specification related validations | ||
| // Returns the SignerInfo object containing the information about the signature. | ||
| func (s *SignatureEnvelope) Verify() (*SignerInfo, error) { |
There was a problem hiding this comment.
Typo singerInfo, can be addressed in subsequent PR.
|
LGTM! |
| // *********************************************************************** | ||
| const ( | ||
| // PayloadContentTypeJWSV1 describes the media type of the jwsEnvelope envelope. | ||
| PayloadContentTypeJWSV1 = "application/vnd.cncf.notary.v2.jws.v1" |
There was a problem hiding this comment.
If this is the Notary v2 payload type, it's signature format agnostic and should be set to application/vnd.cncf.notary.payload.v1+json
https://github.com/notaryproject/notaryproject/blob/main/signature-specification.md#payload
Change Log: