address feedbacks

Signed-off-by: Pritesh Bandi <[email protected]>
notaryproject · Jul 11, 2022 · 953f860 · 953f860
1 parent 3b5638e
commit 953f860
Showing 1 changed file with 7 additions and 6 deletions.
diff --git a/signature/plugin.go b/signature/plugin.go
@@ -119,16 +119,16 @@ func (s *pluginSigner) generateSignature(ctx context.Context, desc notation.Desc
 		SignatureProvider:   psp,
 		SigningTime:         time.Now(),
 		ExtendedSignedAttrs: nil,
-		SigningAgent:        "Notation/1.0.0",
+		SigningAgent:        "Notation/1.0.0",  // TODO: include external signing plugin's name and version.
 	}
 	if !opts.Expiry.IsZero() {
 		signReq.Expiry = opts.Expiry
 	}
 
-	// perform signing plugin signature provider
+	// perform signing using pluginSigProvider
 	sigEnv, err := signer.NewSignatureEnvelope(signer.MediaTypeJWSJson)
 	if err != nil {
-		return nil, fmt.Errorf("failed to marshal signing payload: %v", err)
+		return nil, err
 	}
 
 	sig, err := sigEnv.Sign(signReq)
@@ -160,15 +160,15 @@ func (s *pluginSigner) mergeConfig(config map[string]string) map[string]string {
 
 func (s *pluginSigner) generateSignatureEnvelope(ctx context.Context, desc notation.Descriptor, opts notation.SignOptions) ([]byte, error) {
 	payload := notation.Payload{TargetArtifact: desc}
-	rawDesc, err := json.Marshal(payload)
+	payloadBytes, err := json.Marshal(payload)
 	if err != nil {
-		return nil, err
+		return nil, fmt.Errorf("envelope payload can't be marshaled: %w", err)
 	}
 	// Execute plugin sign command.
 	req := &plugin.GenerateEnvelopeRequest{
 		ContractVersion:       plugin.ContractVersion,
 		KeyID:                 s.keyID,
-		Payload:               rawDesc,
+		Payload:               payloadBytes,
 		SignatureEnvelopeType: string(signer.MediaTypeJWSJson),
 		PayloadType:           notation.MediaTypePayload,
 		PluginConfig:          s.mergeConfig(opts.PluginConfig),
@@ -205,6 +205,7 @@ func (s *pluginSigner) generateSignatureEnvelope(ctx context.Context, desc notat
 		return nil, fmt.Errorf("signed envelope payload can't be unmarshaled: %w", err)
 	}
 
+	// TODO: Verify plugin didnot add any additional top level payload attributes.
 	if !descriptorPartialEqual(desc, signedPayload.TargetArtifact) {
 		return nil, errors.New("descriptor subject has changed")
 	}