Allow to pass different types of options

sigstore · Jan 12, 2024 · ef70c23 · ef70c23
1 parent 6be14cc
commit ef70c23
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 34 deletions.
diff --git a/pkg/signature/signer.go b/pkg/signature/signer.go
@@ -53,25 +53,21 @@ func (s SignerOpts) HashFunc() crypto.Hash {
 	return s.Hash
 }
 
-// SignerOptions represents a generic interface for options needed by
-// different Signers. Each specific Signer can assert the type
-// of options it requires.
-type SignerOptions interface{}
+// LoadSignerOpts is a struct that contains options for creating Signers.
+type LoadSignerOpts struct {
+	RSAPSSOptions *rsa.PSSOptions
+}
 
 // LoadSigner returns a signature.Signer based on the algorithm of the private key
 // provided and the user's choice.
 //
 // The sType parameter determines the type of Signer to load. The opts parameter
 // is a generic interface for providing additional options needed by specific Signer.
-func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts SignerOptions) (Signer, error) {
+func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts *LoadSignerOpts) (Signer, error) {
 	switch pk := privateKey.(type) {
 	case *rsa.PrivateKey:
 		if svType&LoadRSAPSSSV != 0 {
-			pssOpts, ok := opts.(*rsa.PSSOptions)
-			if !ok {
-				return nil, errors.New("invalid options type for RSAPSSSigner")
-			}
-			return LoadRSAPSSSigner(pk, hashFunc, pssOpts)
+			return LoadRSAPSSSigner(pk, hashFunc, opts.RSAPSSOptions)
 		}
 		return LoadRSAPKCS1v15Signer(pk, hashFunc)
 	case *ecdsa.PrivateKey:
@@ -90,7 +86,7 @@ func LoadSigner(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svType LoadS
 //
 // The sType parameter determines the type of Signer to load. The opts parameter
 // is a generic interface for providing additional options needed by specific Signer.
-func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc, svType LoadSignerVerifierType, opts SignerOptions) (Signer, error) {
+func LoadSignerFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc, svType LoadSignerVerifierType, opts *LoadSignerOpts) (Signer, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err

diff --git a/pkg/signature/signerverifier.go b/pkg/signature/signerverifier.go
@@ -47,25 +47,21 @@ const (
 	LoadED25519phSV
 )
 
-// SignerVerifierOptions represents a generic interface for options needed by
-// different SignerVerifiers. Each specific SignerVerifier can assert the type
-// of options it requires.
-type SignerVerifierOptions interface{}
+// LoadSignerVerifierOpts is a struct that contains options for creating SignerVerifiers.
+type LoadSignerVerifierOpts struct {
+	RSAPSSOptions *rsa.PSSOptions
+}
 
 // LoadSignerVerifier returns a signature.SignerVerifier based on the algorithm of the private key
 // provided and the user's choice.
 //
 // The svType parameter determines the type of SignerVerifier to load. The opts parameter
 // is a generic interface for providing additional options needed by specific SignerVerifiers.
-func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts SignerVerifierOptions) (SignerVerifier, error) {
+func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts *LoadSignerVerifierOpts) (SignerVerifier, error) {
 	switch pk := privateKey.(type) {
 	case *rsa.PrivateKey:
 		if svType&LoadRSAPSSSV != 0 {
-			pssOpts, ok := opts.(*rsa.PSSOptions)
-			if !ok {
-				return nil, errors.New("invalid options type for RSAPSSSignerVerifier")
-			}
-			return LoadRSAPSSSignerVerifier(pk, hashFunc, pssOpts)
+			return LoadRSAPSSSignerVerifier(pk, hashFunc, opts.RSAPSSOptions)
 		}
 		return LoadRSAPKCS1v15SignerVerifier(pk, hashFunc)
 	case *ecdsa.PrivateKey:
@@ -84,7 +80,7 @@ func LoadSignerVerifier(privateKey crypto.PrivateKey, hashFunc crypto.Hash, svTy
 //
 // The svType parameter determines the type of SignerVerifier to load. The opts parameter
 // is a generic interface for providing additional options needed by specific SignerVerifiers.
-func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc, svType LoadSignerVerifierType, opts SignerVerifierOptions) (SignerVerifier, error) {
+func LoadSignerVerifierFromPEMFile(path string, hashFunc crypto.Hash, pf cryptoutils.PassFunc, svType LoadSignerVerifierType, opts *LoadSignerVerifierOpts) (SignerVerifier, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err

diff --git a/pkg/signature/signerverifier_test.go b/pkg/signature/signerverifier_test.go
@@ -33,7 +33,7 @@ func TestLoadRSAPSSSignerVerifier(t *testing.T) {
 	if err != nil {
 		t.Errorf("unexpected error unmarshalling private key: %v", err)
 	}
-	sv, err := LoadSignerVerifier(privateKey, crypto.SHA256, LoadRSAPSSSV|LoadED25519phSV, opts)
+	sv, err := LoadSignerVerifier(privateKey, crypto.SHA256, LoadRSAPSSSV|LoadED25519phSV, &LoadSignerVerifierOpts{RSAPSSOptions: opts})
 	if err != nil {
 		t.Errorf("unexpected error creating signer/verifier: %v", err)
 	}

diff --git a/pkg/signature/verifier.go b/pkg/signature/verifier.go
@@ -34,25 +34,21 @@ type Verifier interface {
 	VerifySignature(signature, message io.Reader, opts ...VerifyOption) error
 }
 
-// VerifierOptions represents a generic interface for options needed by
-// different Verifiers. Each specific Verifier can assert the type
-// of options it requires.
-type VerifierOptions interface{}
+// LoadVerifierOpts is a struct that contains options for creating Verifiers.
+type LoadVerifierOpts struct {
+	RSAPSSOptions *rsa.PSSOptions
+}
 
 // LoadVerifier returns a signature.Verifier based on the algorithm of the public key
 // provided that will use the hash function specified when computing digests.
 //
 // The vType parameter determines the type of Verifier to load. The opts parameter
 // is a generic interface for providing additional options needed by specific Verifiers.
-func LoadVerifier(publicKey crypto.PublicKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts VerifierOptions) (Verifier, error) {
+func LoadVerifier(publicKey crypto.PublicKey, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts *LoadVerifierOpts) (Verifier, error) {
 	switch pk := publicKey.(type) {
 	case *rsa.PublicKey:
 		if svType&LoadRSAPSSSV != 0 {
-			pssOpts, ok := opts.(*rsa.PSSOptions)
-			if !ok {
-				return nil, errors.New("invalid options type for RSAPSSVerifier")
-			}
-			return LoadRSAPSSVerifier(pk, hashFunc, pssOpts)
+			return LoadRSAPSSVerifier(pk, hashFunc, opts.RSAPSSOptions)
 		}
 		return LoadRSAPKCS1v15Verifier(pk, hashFunc)
 	case *ecdsa.PublicKey:
@@ -100,7 +96,7 @@ func LoadUnsafeVerifier(publicKey crypto.PublicKey) (Verifier, error) {
 //
 // The vType parameter determines the type of Verifier to load. The opts parameter
 // is a generic interface for providing additional options needed by specific Verifiers.
-func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts VerifierOptions) (Verifier, error) {
+func LoadVerifierFromPEMFile(path string, hashFunc crypto.Hash, svType LoadSignerVerifierType, opts *LoadVerifierOpts) (Verifier, error) {
 	fileBytes, err := os.ReadFile(filepath.Clean(path))
 	if err != nil {
 		return nil, err