refactor:add envelope type as sign/verify parameter

Signed-off-by: zaihaoyin <[email protected]>

Author: zaihaoyin

notation.go

@@ -69,6 +69,9 @@ type Signer interface {
 
 // VerifyOptions contains parameters for Verifier.Verify.
 type VerifyOptions struct {
+	// SignatureMediaType is the envelope type of the signature.
+	// Currently only `application/jose+json`` is supported.
+	// TODO: in the future, application/cose will also be supported.
 	SignatureMediaType string
 }
 

signature/plugin.go

@@ -9,7 +9,6 @@ import (
 	"time"
 
 	"github.com/notaryproject/notation-core-go/signature"
-	"github.com/notaryproject/notation-core-go/signature/jws"
 	"github.com/notaryproject/notation-go"
 	"github.com/notaryproject/notation-go/plugin"
 )
@@ -26,16 +25,14 @@ type pluginSigner struct {
 // by delegating the one or more operations to the named plugin,
 // as defined in
 // https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md#signing-interfaces.
-func NewSignerPlugin(runner plugin.Runner, keyID string, pluginConfig map[string]string) (notation.Signer, error) {
+func NewSignerPlugin(runner plugin.Runner, keyID string, pluginConfig map[string]string, envelopeMediaType string) (notation.Signer, error) {
 	if runner == nil {
 		return nil, errors.New("nil plugin runner")
 	}
 	if keyID == "" {
 		return nil, errors.New("nil signing keyID")
 	}
 
-	// TODO: pass media type as a parameter.
-	envelopeMediaType := jws.MediaTypeEnvelope
 	if err := ValidateEnvelopeMediaType(envelopeMediaType); err != nil {
 		return nil, err
 	}

signature/provider.go

@@ -11,7 +11,7 @@ import (
 )
 
 // builtInPluginMetaData is the metadata used by builtinProvider.
-var builtInPluginMetaData = plugin.Metadata{
+var builtInPluginMetaData = &plugin.Metadata{
 	SupportedContractVersions: []string{plugin.ContractVersion},
 	Capabilities:              []plugin.Capability{plugin.CapabilitySignatureGenerator},
 	Name:                      "built-in",
@@ -49,7 +49,7 @@ func (*builtinProvider) metadata() *plugin.Metadata {
 	// The only properties that are really relevant
 	// are the supported contract version and the capabilities.
 	// All other are just filled with meaningful data.
-	return &builtInPluginMetaData
+	return builtInPluginMetaData
 }
 
 // Run implements the plugin workflow.

signature/signer.go

@@ -7,13 +7,12 @@ import (
 	"errors"
 	"fmt"
 
-	"github.com/notaryproject/notation-core-go/signature/jws"
 	"github.com/notaryproject/notation-go"
 )
 
 // NewSignerFromFiles creates a signer from key, certificate files
 // TODO: Add tests for this method. https://github.com/notaryproject/notation-go/issues/80
-func NewSignerFromFiles(keyPath, certPath string) (notation.Signer, error) {
+func NewSignerFromFiles(keyPath, certPath, envelopeMediaType string) (notation.Signer, error) {
 	if keyPath == "" {
 		return nil, errors.New("key path not specified")
 	}
@@ -40,17 +39,14 @@ func NewSignerFromFiles(keyPath, certPath string) (notation.Signer, error) {
 	}
 
 	// create signer
-	return NewSigner(cert.PrivateKey, certs)
+	return NewSigner(cert.PrivateKey, certs, envelopeMediaType)
 }
 
 // NewSigner creates a signer with the recommended signing method and a signing key bundled
 // with a certificate chain.
 // The relation of the provided signing key and its certificate chain is not verified,
 // and should be verified by the caller.
-func NewSigner(key crypto.PrivateKey, certChain []*x509.Certificate) (notation.Signer, error) {
-	// TODO: pass media type as a parameter
-	envelopeMediaType := jws.MediaTypeEnvelope
-
+func NewSigner(key crypto.PrivateKey, certChain []*x509.Certificate, envelopeMediaType string) (notation.Signer, error) {
 	builtinProvider, err := newBuiltinProvider(key, certChain)
 	if err != nil {
 		return nil, err

signature/signer_test.go

@@ -118,7 +118,7 @@ func testSignerFromFile(t *testing.T, keyCert *keyCertPair, envelopeType, dir st
 	if err != nil {
 		t.Fatalf("prepareTestKeyCertFile() failed: %v", err)
 	}
-	s, err := NewSignerFromFiles(keyPath, certPath)
+	s, err := NewSignerFromFiles(keyPath, certPath, envelopeType)
 	if err != nil {
 		t.Fatalf("NewSignerFromFiles() failed: %v", err)
 	}
@@ -161,7 +161,7 @@ func TestSignWithTimestamp(t *testing.T) {
 	for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
 		for _, keyCert := range keyCertPairCollections {
 			t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
-				s, err := NewSigner(keyCert.key, keyCert.certs)
+				s, err := NewSigner(keyCert.key, keyCert.certs, envelopeType)
 				if err != nil {
 					t.Fatalf("NewSigner() error = %v", err)
 				}
@@ -192,7 +192,7 @@ func TestSignWithoutExpiry(t *testing.T) {
 	for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
 		for _, keyCert := range keyCertPairCollections {
 			t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
-				s, err := NewSigner(keyCert.key, keyCert.certs)
+				s, err := NewSigner(keyCert.key, keyCert.certs, envelopeType)
 				if err != nil {
 					t.Fatalf("NewSigner() error = %v", err)
 				}
@@ -246,7 +246,7 @@ func TestExternalSigner_Sign(t *testing.T) {
 	for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
 		for _, keyCert := range keyCertPairCollections {
 			externalRunner := newMockProvider(keyCert.key, keyCert.certs, testKeyID)
-			s, err := NewSignerPlugin(externalRunner, testKeyID, nil)
+			s, err := NewSignerPlugin(externalRunner, testKeyID, nil, envelopeType)
 			if err != nil {
 				t.Fatalf("NewSigner() error = %v", err)
 			}
@@ -266,7 +266,7 @@ func TestExternalSigner_SignEnvelope(t *testing.T) {
 			t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
 				externalRunner := newMockEnvelopeProvider(keyCert.key, keyCert.certs, testKeyID)
 				p := newExternalProvider(externalRunner, testKeyID)
-				s, err := NewSignerPlugin(p, testKeyID, nil)
+				s, err := NewSignerPlugin(p, testKeyID, nil, envelopeType)
 				if err != nil {
 					t.Fatalf("NewSigner() error = %v", err)
 				}
@@ -338,7 +338,7 @@ func basicVerification(t *testing.T, sig []byte, envelopeType string, trust *x50
 }
 
 func validateSignWithCerts(t *testing.T, envelopeType string, key crypto.PrivateKey, certs []*x509.Certificate) {
-	s, err := NewSigner(key, certs)
+	s, err := NewSigner(key, certs, envelopeType)
 	if err != nil {
 		t.Fatalf("NewSigner() error = %v", err)
 	}

signature/verifier_test.go

@@ -22,7 +22,7 @@ func testVerifierFromFile(t *testing.T, keyCert *keyCertPair, envelopeType, dir
 	if err != nil {
 		t.Fatalf("prepare key cert file failed: %v", err)
 	}
-	s, err := NewSignerFromFiles(keyPath, certPath)
+	s, err := NewSignerFromFiles(keyPath, certPath, envelopeType)
 	if err != nil {
 		t.Fatalf("NewSignerFromFiles() failed: %v", err)
 	}
@@ -67,7 +67,7 @@ func TestVerifyWithCertChain(t *testing.T) {
 	for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
 		for _, keyCert := range keyCertPairCollections {
 			t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
-				s, err := NewSigner(keyCert.key, keyCert.certs)
+				s, err := NewSigner(keyCert.key, keyCert.certs, envelopeType)
 				if err != nil {
 					t.Fatalf("NewSigner() error = %v", err)
 				}