Move LoadOptions in a separate file

sigstore · Jan 25, 2024 · 357e336 · 357e336
1 parent ae10830
commit 357e336
Show file tree

Hide file tree

Showing 5 changed files with 76 additions and 54 deletions.
diff --git a/pkg/signature/options.go b/pkg/signature/options.go
@@ -18,7 +18,6 @@ package signature
 import (
 	"context"
 	"crypto"
-	"crypto/rsa"
 	"io"
 
 	"github.com/sigstore/sigstore/pkg/signature/options"
@@ -56,50 +55,3 @@ type VerifyOption interface {
 	RPCOption
 	MessageOption
 }
-
-type signerVerifierOpts struct {
-	hashFunc      crypto.Hash
-	useED25519ph  bool
-	rsaPSSOptions *rsa.PSSOptions
-}
-
-// SignerVerifierOption specifies options to be used when creating a SignerVerifier
-type SignerVerifierOption func(*signerVerifierOpts)
-
-// WithHash specifies the hash function to be used for the Signer/Verifier
-func WithHash(hashFunc crypto.Hash) SignerVerifierOption {
-	return func(o *signerVerifierOpts) {
-		o.hashFunc = hashFunc
-	}
-}
-
-// WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used
-func WithED25519ph() SignerVerifierOption {
-	return func(o *signerVerifierOpts) {
-		o.useED25519ph = true
-	}
-}
-
-// WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used
-func WithRSAPSS(opts *rsa.PSSOptions) SignerVerifierOption {
-	return func(o *signerVerifierOpts) {
-		o.rsaPSSOptions = opts
-	}
-}
-
-// GetSignerVerifierOptionHash returns the hash function specified in the options
-func GetSignerVerifierOptionHash(opts ...SignerVerifierOption) crypto.Hash {
-	o := makeSignerVerifierOpts(opts...)
-	return o.hashFunc
-}
-
-func makeSignerVerifierOpts(opts ...SignerVerifierOption) *signerVerifierOpts {
-	o := &signerVerifierOpts{
-		hashFunc: crypto.SHA256,
-	}
-
-	for _, opt := range opts {
-		opt(o)
-	}
-	return o
-}
diff --git a/pkg/signature/signer.go b/pkg/signature/signer.go
@@ -64,7 +64,7 @@ func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Signer, err
 
 // LoadSignerWithOpts returns a signature.Signer based on the algorithm of the private key
 // provided.
-func LoadSignerWithOpts(privateKey crypto.PrivateKey, opts ...SignerVerifierOption) (Signer, error) {
+func LoadSignerWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (Signer, error) {
 	o := makeSignerVerifierOpts(opts...)
 
 	switch pk := privateKey.(type) {
@@ -104,7 +104,7 @@ func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.Pas
 
 // LoadSignerFromPEMFileWithOpts returns a signature.Signer based on the algorithm of the private key
 // in the file. The Signer will use the hash function specified in the options when computing digests.
-func LoadSignerFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...SignerVerifierOption) (Signer, error) {
+func LoadSignerFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (Signer, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err

diff --git a/pkg/signature/signerverifier.go b/pkg/signature/signerverifier.go
@@ -44,7 +44,7 @@ func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash) (Sig
 
 // LoadSignerVerifierWithOpts returns a signature.SignerVerifier based on the
 // algorithm of the private key provided and the user's choice.
-func LoadSignerVerifierWithOpts(privateKey crypto.PrivateKey, opts ...SignerVerifierOption) (SignerVerifier, error) {
+func LoadSignerVerifierWithOpts(privateKey crypto.PrivateKey, opts ...LoadOption) (SignerVerifier, error) {
 	o := makeSignerVerifierOpts(opts...)
 
 	switch pk := privateKey.(type) {
@@ -84,7 +84,7 @@ func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptou
 
 // LoadSignerVerifierFromPEMFileWithOpts returns a signature.SignerVerifier based on the algorithm of the private key
 // in the file. The SignerVerifier will use the hash function specified in the options when computing digests.
-func LoadSignerVerifierFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...SignerVerifierOption) (SignerVerifier, error) {
+func LoadSignerVerifierFromPEMFileWithOpts(path string, pf cryptoutils.PassFunc, opts ...LoadOption) (SignerVerifier, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err

diff --git a/pkg/signature/signerverifier_options.go b/pkg/signature/signerverifier_options.go
@@ -0,0 +1,70 @@
+//
+// Copyright 2024 The Sigstore Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package signature
+
+import (
+	"crypto"
+	"crypto/rsa"
+)
+
+type loadOpts struct {
+	hashFunc      crypto.Hash
+	useED25519ph  bool
+	rsaPSSOptions *rsa.PSSOptions
+}
+
+// LoadOption specifies options to be used when creating a SignerVerifier
+type LoadOption func(*loadOpts)
+
+// WithHash specifies the hash function to be used for the Signer/Verifier
+func WithHash(hashFunc crypto.Hash) LoadOption {
+	return func(o *loadOpts) {
+		o.hashFunc = hashFunc
+	}
+}
+
+// WithED25519ph specifies that the ED25519ph algorithm should be used when a ED25519 key is used
+func WithED25519ph() LoadOption {
+	return func(o *loadOpts) {
+		o.useED25519ph = true
+	}
+}
+
+// WithRSAPSS specifies that the RSAPSS algorithm should be used when a RSA key is used
+// Note that the RSA PSSOptions contains an hash algorithm, which will override
+// the hash function specified with WithHash.
+func WithRSAPSS(opts *rsa.PSSOptions) LoadOption {
+	return func(o *loadOpts) {
+		o.rsaPSSOptions = opts
+	}
+}
+
+// GetSignerVerifierOptionHash returns the hash function specified in the options
+func GetSignerVerifierOptionHash(opts ...LoadOption) crypto.Hash {
+	o := makeSignerVerifierOpts(opts...)
+	return o.hashFunc
+}
+
+func makeSignerVerifierOpts(opts ...LoadOption) *loadOpts {
+	o := &loadOpts{
+		hashFunc: crypto.SHA256,
+	}
+
+	for _, opt := range opts {
+		opt(o)
+	}
+	return o
+}
diff --git a/pkg/signature/verifier.go b/pkg/signature/verifier.go
@@ -45,7 +45,7 @@ func LoadVerifier(publicKey crypto.PublicKey, hashFunc crypto.Hash) (Verifier, e
 
 // LoadVerifierWithOpts returns a signature.Verifier based on the algorithm of the public key
 // provided that will use the hash function specified when computing digests.
-func LoadVerifierWithOpts(publicKey crypto.PublicKey, opts ...SignerVerifierOption) (Verifier, error) {
+func LoadVerifierWithOpts(publicKey crypto.PublicKey, opts ...LoadOption) (Verifier, error) {
 	o := makeSignerVerifierOpts(opts...)
 
 	switch pk := publicKey.(type) {
@@ -115,7 +115,7 @@ func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash) (Verifier, error
 
 // LoadVerifierFromPEMFileWithOpts returns a signature.Verifier based on the contents of a
 // file located at path. The Verifier wil use the hash function specified in the options when computing digests.
-func LoadVerifierFromPEMFileWithOpts(path string, opts ...SignerVerifierOption) (Verifier, error) {
+func LoadVerifierFromPEMFileWithOpts(path string, opts ...LoadOption) (Verifier, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err