aff3daab19
--- type: change message: |- Modify how SignifierInterface is produced so it always sets AccountID on Credentials Previously it was the responsibility of the caller of the Sign method to set the AccountID on the produced Credential, but this didn't really make sense. This commit makes it so that all SignifierInterface's produced by Signifier implicitly set the AccountID field. The solution here is still a bit hacky, and ultimately the real solution will probably be to refactor the structore of Credential, so that it doesn't have AccountID. change_hash: ADPuz04GuyxWwjo/0/jc7DcsPMl5rK0osSpaqmUxv818 credentials: - type: pgp_signature pub_key_id: 95C46FA6A41148AC body: iQIzBAABAgAdFiEEJ6tQKp6olvZKJ0lwlcRvpqQRSKwFAl5r+hgACgkQlcRvpqQRSKzwYBAAsY4tj+E5xtJSZ1TvrS0mwJ/lSHYWE4rS3eDMY3JUJLE1tr5k3OTRtUhh2UHCsArXSVF4sU8cBSCtf2noaThQm8KQghPMgoZ1LnPd4BnxxlE2gPik4FMcv+mCv9OgUh0AUO+rSXeYJA3oWunaW9kYollUdX/mVTQTmmbLBqBpeXF/TQO/bJTEEzA853j5QDT8//onfSIlzUw0UB57IZZZImp5/XrggHBbKdfhUTJ75LGMgDEDvDNIdV8lBys+RnMzK0Yj6EvLQhsw426+0Sf9vX3jtzj6WKhmi8QyYvcxIbcrWUScEfA/RAgf0A8KhqKq91bicSHjvyK1TZRSSWcS43ewamgvVWx0KSYYoIn7PPwOTmpHP8u6RzGEQFjOhP1EaGytQJKMXidU6CPTh+pYVtPZc8oLAwk+DyMquqfUSbzN/63t90HpTm7uycuzOnQxilYe2HKlbMJCId0a0DyAFrA+0pNRz0tyd3DvF4svCdEy82rzlUGEhq7aIJKoXIut+fKGEBd6Znz6oX15CyQq0oPthZcCqgFR0oTqufvV2iWo+26cd9dVTPVbJA9kSbaFchgdAqCkPA5wDVuNJJtMftf7STW8Lm6dnU6q9YFjZVdR55WtvUCINxBUtOirRzG1jcS0VNhhtb+SMNATEvDGJmt6neHM6Z17MAdwGS+s/hA= account: mediocregopher
72 lines
2.4 KiB
Go
72 lines
2.4 KiB
Go
package sigcred
|
|
|
|
import (
|
|
"dehub/fs"
|
|
"dehub/typeobj"
|
|
)
|
|
|
|
// Signifier reprsents a single signing method being defined in the Config. Only
|
|
// one field should be set on each Signifier.
|
|
type Signifier struct {
|
|
PGPPublicKey *SignifierPGP `type:"pgp_public_key"`
|
|
PGPPublicKeyFile *SignifierPGPFile `type:"pgp_public_key_file"`
|
|
}
|
|
|
|
// MarshalYAML implements the yaml.Marshaler interface.
|
|
func (s Signifier) MarshalYAML() (interface{}, error) {
|
|
return typeobj.MarshalYAML(s)
|
|
}
|
|
|
|
// UnmarshalYAML implements the yaml.Unmarshaler interface.
|
|
func (s *Signifier) UnmarshalYAML(unmarshal func(interface{}) error) error {
|
|
return typeobj.UnmarshalYAML(s, unmarshal)
|
|
}
|
|
|
|
// Interface returns the SignifierInterface instance encapsulated by this
|
|
// Signifier object.
|
|
//
|
|
// accountID is given so as to automatically fill the AccountID field of
|
|
// Credentials returned from Sign, since the underlying implementation doesn't
|
|
// know what account it's signing for.
|
|
func (s Signifier) Interface(accountID string) (SignifierInterface, error) {
|
|
el, _, err := typeobj.Element(s)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return accountSignifier{accountID, el.(SignifierInterface)}, nil
|
|
}
|
|
|
|
// SignifierInterface describes the methods that all Signifiers must implement.
|
|
type SignifierInterface interface {
|
|
// Sign returns a Credential containing a signature of the given data.
|
|
//
|
|
// tree can be used to find the Signifier at a particular snapshot.
|
|
Sign(fs fs.FS, data []byte) (Credential, error)
|
|
|
|
// Signed returns true if the Signifier was used to sign the Credential.
|
|
Signed(fs fs.FS, cred Credential) (bool, error)
|
|
|
|
// Verify asserts that the Signifier produced the given Credential for the
|
|
// given data set, or returns an error.
|
|
//
|
|
// tree can be used to find the Signifier at a particular snapshot.
|
|
Verify(fs fs.FS, data []byte, cred Credential) error
|
|
}
|
|
|
|
// accountSignifier wraps a SignifierInterface to always set the accountID field
|
|
// on Credentials it produces via the Sign method.
|
|
//
|
|
// TODO accountSignifier shouldn't be necessary, it's very ugly. Which indicates
|
|
// that Credential probably shouldn't have AccountID on it, which makes sense.
|
|
// Some refactoring is required here.
|
|
type accountSignifier struct {
|
|
accountID string
|
|
SignifierInterface
|
|
}
|
|
|
|
func (as accountSignifier) Sign(fs fs.FS, data []byte) (Credential, error) {
|
|
cred, err := as.SignifierInterface.Sign(fs, data)
|
|
cred.AccountID = as.accountID
|
|
return cred, err
|
|
}
|