...

Source file src/github.com/sigstore/timestamp-authority/pkg/signer/file.go

Documentation: github.com/sigstore/timestamp-authority/pkg/signer 

     1  // Copyright 2022 The Sigstore Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package signer
    16  
    17  import (
    18  	"crypto"
    19  	"crypto/ecdsa"
    20  	"crypto/ed25519"
    21  	"crypto/rsa"
    22  	"fmt"
    23  
    24  	"github.com/sigstore/sigstore/pkg/signature"
    25  	"go.step.sm/crypto/pemutil"
    26  )
    27  
    28  // File returns a file-based signer and verifier, used for local testing
    29  type File struct {
    30  	crypto.Signer
    31  }
    32  
    33  func NewFileSigner(keyPath, keyPass string, hash crypto.Hash) (*File, error) {
    34  	opaqueKey, err := pemutil.Read(keyPath, pemutil.WithPassword([]byte(keyPass)))
    35  	if err != nil {
    36  		return nil, fmt.Errorf("file: provide a valid signer, %s is not valid: %w", keyPath, err)
    37  	}
    38  	// Cannot use signature.LoadSignerVerifier because the SignerVerifier interface does not extend crypto.Signer
    39  	switch pk := opaqueKey.(type) {
    40  	case *rsa.PrivateKey:
    41  		signer, err := signature.LoadRSAPKCS1v15SignerVerifier(pk, hash)
    42  		if err != nil {
    43  			return nil, err
    44  		}
    45  		return &File{signer}, nil
    46  	case *ecdsa.PrivateKey:
    47  		signer, err := signature.LoadECDSASignerVerifier(pk, hash)
    48  		if err != nil {
    49  			return nil, err
    50  		}
    51  		return &File{signer}, nil
    52  	case ed25519.PrivateKey:
    53  		signer, err := signature.LoadED25519SignerVerifier(pk)
    54  		if err != nil {
    55  			return nil, err
    56  		}
    57  		return &File{signer}, nil
    58  	default:
    59  		return nil, fmt.Errorf("unsupported private key type, must be RSA, ECDSA, or ED25519")
    60  	}
    61  }
    62  

View as plain text