Skip to content

Commit ecb2b80

Browse files
phsymphsym
committed
fix: always use raw signature format on crypto.Signer impl
Signed-off-by: Pierre-Henri Symoneaux <[email protected]>
1 parent 1b7fb4b commit ecb2b80

File tree

4 files changed

+8
-29
lines changed

4 files changed

+8
-29
lines changed

examples/sign_verify.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ func signVerify(ctx context.Context, kmsClient *okms.Client) {
4343
fmt.Println("Is valid:", result)
4444

4545
// You can also instantiate an stdlib crypto.Signer
46-
signer, err := kmsClient.NewSigner(ctx, respECDSA.Id, &format)
46+
signer, err := kmsClient.NewSigner(ctx, respECDSA.Id)
4747
if err != nil {
4848
panic(err)
4949
}

examples/utils.go

-14
This file was deleted.

sign_test.go

+2-3
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,7 @@ func TestSigner_RSA(t *testing.T) {
3737
}, nil).
3838
Once()
3939

40-
signFormat := types.Raw
41-
signer, err := client.NewSigner(context.Background(), keyId, &signFormat)
40+
signer, err := client.NewSigner(context.Background(), keyId)
4241
require.NoError(t, err)
4342
require.Equal(t, pKey.Public(), signer.Public())
4443

@@ -99,7 +98,7 @@ func TestSigner_ECDSA(t *testing.T) {
9998
}, nil).
10099
Once()
101100

102-
signer, err := client.NewSigner(context.Background(), keyId, nil)
101+
signer, err := client.NewSigner(context.Background(), keyId)
103102
require.NoError(t, err)
104103
require.Equal(t, pKey.Public(), signer.Public())
105104

signer.go

+5-11
Original file line numberDiff line numberDiff line change
@@ -27,19 +27,19 @@ import (
2727
// NewSigner creates a new [crypto.Signer] for the given key-pair.
2828
//
2929
// NewSigner cannot be used with symetric keys.
30-
func (client *Client) NewSigner(ctx context.Context, serviceKeyID uuid.UUID, format *types.SignatureFormats) (crypto.Signer, error) {
30+
func (client *Client) NewSigner(ctx context.Context, serviceKeyID uuid.UUID) (crypto.Signer, error) {
3131
k, err := client.ExportJwkPublicKey(ctx, serviceKeyID)
3232
if err != nil {
3333
return nil, err
3434
}
35-
return newSigner(client, k, format)
35+
return newSigner(client, k)
3636
}
3737

3838
// newSigner creates a new [crypto.Signer] using the given public JsonWebKey and
3939
// its remote private key.
4040
//
4141
// newSigner cannot be used with symetric keys.
42-
func newSigner(api SignatureApi, jwk *types.JsonWebKeyResponse, format *types.SignatureFormats) (crypto.Signer, error) {
42+
func newSigner(api SignatureApi, jwk *types.JsonWebKeyResponse) (crypto.Signer, error) {
4343
pubKey, err := jwk.PublicKey()
4444
if err != nil {
4545
return nil, err
@@ -49,15 +49,13 @@ func newSigner(api SignatureApi, jwk *types.JsonWebKeyResponse, format *types.Si
4949
JsonWebKeyResponse: jwk,
5050
api: api,
5151
pubKey: pubKey,
52-
format: format,
5352
}, nil
5453
}
5554

5655
type jwkSigner struct {
5756
*types.JsonWebKeyResponse
5857
api SignatureApi
5958
pubKey crypto.PublicKey
60-
format *types.SignatureFormats
6159
}
6260

6361
// Public returns the public key corresponding to the opaque,
@@ -130,12 +128,8 @@ func (sign *jwkSigner) doSign(digest []byte, hash crypto.Hash, algPrefix string)
130128
if err != nil {
131129
return nil, fmt.Errorf("Key ID %q is not a valid UUID", sign.Kid)
132130
}
133-
format := sign.format
134-
if format == nil {
135-
rawFormat := types.Raw
136-
format = &rawFormat
137-
}
138-
resp, err := sign.api.Sign(context.Background(), keyId, format, alg, true, digest)
131+
rawFormat := types.Raw
132+
resp, err := sign.api.Sign(context.Background(), keyId, &rawFormat, alg, true, digest)
139133
if err != nil {
140134
return nil, err
141135
}

0 commit comments

Comments
 (0)