-
Notifications
You must be signed in to change notification settings - Fork 18
/
convenience.go
57 lines (49 loc) · 1.55 KB
/
convenience.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
package signing
import (
"github.com/mandelsoft/goutils/errors"
"github.com/open-component-model/ocm/pkg/contexts/ocm"
"github.com/open-component-model/ocm/pkg/contexts/ocm/attrs/signingattr"
metav1 "github.com/open-component-model/ocm/pkg/contexts/ocm/compdesc/meta/v1"
"github.com/open-component-model/ocm/pkg/signing/handlers/rsa"
)
func SignComponentVersion(cv ocm.ComponentVersionAccess, name string, optlist ...Option) (*metav1.DigestSpec, error) {
var opts Options
opts.Eval(
SignatureName(name),
Update(),
Recursive(),
VerifyDigests(),
)
opts.Eval(optlist...)
if opts.VerifySignature {
return nil, errors.Newf("impossible verification option set for signing")
}
if opts.Signer == nil {
opts.Signer = signingattr.Get(cv.GetContext()).GetSigner(rsa.Algorithm)
}
err := opts.Complete(cv.GetContext())
if err != nil {
return nil, errors.Wrapf(err, "inconsistent options for signing")
}
return Apply(nil, nil, cv, &opts)
}
func VerifyComponentVersion(cv ocm.ComponentVersionAccess, name string, optlist ...Option) (*metav1.DigestSpec, error) {
var opts Options
if len(cv.GetDescriptor().Signatures) == 1 && name == "" {
name = cv.GetDescriptor().Signatures[0].Name
}
opts.Eval(
VerifyDigests(),
VerifySignature(name),
Recursive(),
)
opts.Eval(optlist...)
if opts.Signer != nil {
return nil, errors.Newf("impossible signer option set for verification")
}
err := opts.Complete(cv.GetContext())
if err != nil {
return nil, errors.Wrapf(err, "inconsistent options for verification")
}
return Apply(nil, nil, cv, &opts)
}