Skip to content

Commit

Permalink
fixes
Browse files Browse the repository at this point in the history
Signed-off-by: Pritesh Bandi <[email protected]>
  • Loading branch information
priteshbandi committed Mar 11, 2024
1 parent 88d7269 commit 446557c
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 22 deletions.
36 changes: 19 additions & 17 deletions notation.go
Original file line number Diff line number Diff line change
Expand Up @@ -192,21 +192,7 @@ func SignBlob(ctx context.Context, signer BlobSigner, blobReader io.Reader, sign
return nil, nil, fmt.Errorf("invalid content media-type '%s': %v", signBlobOpts.ContentMediaType, err)
}

getDescFunc := func(hashAlgo digest.Algorithm) (ocispec.Descriptor, error) {
h := hashAlgo.Hash()
bytes, err := io.Copy(hashAlgo.Hash(), blobReader)
if err != nil {
return ocispec.Descriptor{}, err
}

targetDesc := ocispec.Descriptor{
MediaType: signBlobOpts.ContentMediaType,
Digest: digest.NewDigest(hashAlgo, h),
Size: bytes,
}
return addUserMetadataToDescriptor(ctx, targetDesc, signBlobOpts.UserMetadata)
}

getDescFunc := getDescriptorFunc(ctx, blobReader, signBlobOpts.ContentMediaType, signBlobOpts.UserMetadata)
return signer.SignBlob(ctx, getDescFunc, signBlobOpts.SignerSignOptions)
}

Expand Down Expand Up @@ -315,7 +301,7 @@ func (outcome *VerificationOutcome) UserMetadata() (map[string]string, error) {

// VerifierVerifyOptions contains parameters for Verifier.Verify.
type VerifierVerifyOptions struct {
// ArtifactReference is the reference of the artifact that is been
// ArtifactReference is the reference of the artifact that is being
// verified against to. It must be a full reference.
ArtifactReference string

Expand Down Expand Up @@ -349,7 +335,7 @@ type verifySkipper interface {

// VerifyOptions contains parameters for notation.Verify.
type VerifyOptions struct {
// ArtifactReference is the reference of the artifact that is been
// ArtifactReference is the reference of the artifact that is being
// verified against to.
ArtifactReference string

Expand Down Expand Up @@ -528,3 +514,19 @@ func generateAnnotations(signerInfo *signature.SignerInfo, annotations map[strin
annotations[ocispec.AnnotationCreated] = signingTime.Format(time.RFC3339)
return annotations, nil
}

func getDescriptorFunc(ctx context.Context, reader io.Reader, contentMediaType string, userMetadata map[string]string) BlobDescriptorGenerator {
return func(hashAlgo digest.Algorithm) (ocispec.Descriptor, error) {
h := hashAlgo.Hash()
bytes, err := io.Copy(hashAlgo.Hash(), reader)
if err != nil {
return ocispec.Descriptor{}, err
}
targetDesc := ocispec.Descriptor{
MediaType: contentMediaType,
Digest: digest.NewDigest(hashAlgo, h),
Size: bytes,
}
return addUserMetadataToDescriptor(ctx, targetDesc, userMetadata)
}
}
9 changes: 8 additions & 1 deletion signer/plugin.go
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,14 @@ var algorithms = map[crypto.Hash]digest.Algorithm{
// NewFromPlugin creates a notation.Signer that signs artifacts and generates
// signatures by delegating the one or more operations to the named plugin,
// as defined in https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md#signing-interfaces.
func NewFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (*PluginSigner, error) {
func NewFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (notation.Signer, error) {
return NewPluginSignerFromPlugin(plugin, keyID, pluginConfig)
}

// NewPluginSignerFromPlugin creates a notation.Signer that signs artifacts and generates
// signatures by delegating the one or more operations to the named plugin,
// as defined in https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md#signing-interfaces.
func NewPluginSignerFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (*PluginSigner, error) {
if plugin == nil {
return nil, errors.New("nil plugin")
}
Expand Down
16 changes: 13 additions & 3 deletions signer/signer.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,12 @@ type GenericSigner struct {
}

// New returns a builtinSigner given key and cert chain
func New(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner, error) {
func New(key crypto.PrivateKey, certChain []*x509.Certificate) (notation.Signer, error) {
return NewGenericSigner(key, certChain)
}

// NewGenericSigner returns a builtinSigner given key and cert chain
func NewGenericSigner(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner, error) {
localSigner, err := signature.NewLocalSigner(certChain, key)
if err != nil {
return nil, err
Expand All @@ -53,7 +58,12 @@ func New(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner,
}

// NewFromFiles returns a builtinSigner given key and certChain paths.
func NewFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
func NewFromFiles(keyPath, certChainPath string) (notation.Signer, error) {
return NewGenericSignerFromFiles(keyPath, certChainPath)
}

// NewGenericSignerFromFiles returns a builtinSigner given key and certChain paths.
func NewGenericSignerFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
if keyPath == "" {
return nil, errors.New("key path not specified")
}
Expand All @@ -80,7 +90,7 @@ func NewFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
}

// create signer
return New(cert.PrivateKey, certs)
return NewGenericSigner(cert.PrivateKey, certs)
}

// Sign signs the artifact described by its descriptor and returns the
Expand Down
2 changes: 1 addition & 1 deletion signer/signer_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -219,7 +219,7 @@ func TestSignBlobWithCertChain(t *testing.T) {
for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
for _, keyCert := range keyCertPairCollections {
t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
s, err := New(keyCert.key, keyCert.certs)
s, err := NewGenericSigner(keyCert.key, keyCert.certs)
if err != nil {
t.Fatalf("NewSigner() error = %v", err)
}
Expand Down

0 comments on commit 446557c

Please sign in to comment.