refactor:clean code

Signed-off-by: zaihaoyin <[email protected]>

Author: zaihaoyin

go.mod

@@ -4,7 +4,7 @@ go 1.18
 
 require (
 	github.com/go-ldap/ldap/v3 v3.4.4
-	github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921042126-b9264de6f2c9
+	github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e
 	github.com/opencontainers/go-digest v1.0.0
 	github.com/opencontainers/image-spec v1.0.2
 	github.com/oras-project/artifacts-spec v1.0.0-rc.2

go.sum

@@ -8,8 +8,8 @@ github.com/go-ldap/ldap/v3 v3.4.4 h1:qPjipEpt+qDa6SI/h1fzuGWoRUY+qqQ9sOZq67/PYUs
 github.com/go-ldap/ldap/v3 v3.4.4/go.mod h1:fe1MsuN5eJJ1FeLT/LEBVdWfNWKh459R7aXgXtJC+aI=
 github.com/golang-jwt/jwt/v4 v4.4.2 h1:rcc4lwaZgFMCZ5jxF9ABolDcIHdBytAFgqFPbSJQAYs=
 github.com/golang-jwt/jwt/v4 v4.4.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0=
-github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921042126-b9264de6f2c9 h1:XX6d8zEwuW+TLzxU1bGJ16fS2w8SWf5udR8Lt6n7+fQ=
-github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921042126-b9264de6f2c9/go.mod h1:mM4M9wPdu0CGgh8f3wOcu0XMiXwEKWQurjBG4nmqQ4g=
+github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e h1:n3wJRhIVbEGg497rtKV3IMaZJv2hFKYHCOtNIOAyLYw=
+github.com/notaryproject/notation-core-go v0.1.0-alpha.3.0.20220921054535-009c09a9628e/go.mod h1:mM4M9wPdu0CGgh8f3wOcu0XMiXwEKWQurjBG4nmqQ4g=
 github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86 h1:Oumw+lPnO8qNLTY2mrqPJZMoGExLi/0h/DdikoLTXVU=
 github.com/opencontainers/distribution-spec/specs-go v0.0.0-20220620172159-4ab4752c3b86/go.mod h1:aA4vdXRS8E1TG7pLZOz85InHi3BiPdErh8IpJN6E0x4=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=

notation.go

@@ -9,13 +9,11 @@ import (
 	"github.com/opencontainers/go-digest"
 )
 
-const (
-	// SigningAgent is the unprotected header field used by signature.
-	SigningAgent = "Notation/1.0.0"
+// MediaTypePayloadV1 is the supported content type for signature's payload.
+const MediaTypePayloadV1 = "application/vnd.cncf.notary.payload.v1+json"
 
-	// MediaTypePayloadV1 is the supported content type for signature's payload.
-	MediaTypePayloadV1 = "application/vnd.cncf.notary.payload.v1+json"
-)
+// SigningAgent is the unprotected header field used by signature.
+var SigningAgent = "Notation/1.0.0"
 
 // Descriptor describes the artifact that needs to be signed.
 type Descriptor struct {

signature/algorithm.go plugin/algorithm.go

@@ -1,4 +1,4 @@
-package signature
+package plugin
 
 import (
 	"errors"
@@ -39,11 +39,8 @@ const (
 	RSASSA_PSS_SHA_512 = "RSASSA-PSS-SHA-512"
 )
 
-// InvalidKeySpec is the invalid value of keySpec.
-var InvalidKeySpec = signature.KeySpec{}
-
 // KeySpecName returns the name of a keySpec according to the spec.
-func KeySpecName(k signature.KeySpec) string {
+func KeySpecString(k signature.KeySpec) string {
 	switch k.Type {
 	case signature.KeyTypeEC:
 		switch k.Size {
@@ -68,7 +65,7 @@ func KeySpecName(k signature.KeySpec) string {
 }
 
 // KeySpecHashName returns the name of hash function according to the spec.
-func KeySpecHashName(k signature.KeySpec) string {
+func KeySpecHashString(k signature.KeySpec) string {
 	switch k.Type {
 	case signature.KeyTypeEC:
 		switch k.Size {
@@ -93,7 +90,7 @@ func KeySpecHashName(k signature.KeySpec) string {
 }
 
 // ParseKeySpecFromName parses keySpec name to a signature.keySpec type.
-func ParseKeySpecFromName(raw string) (keySpec signature.KeySpec, err error) {
+func ParseKeySpec(raw string) (keySpec signature.KeySpec, err error) {
 	switch raw {
 	case RSA_2048:
 		keySpec.Size = 2048
@@ -114,14 +111,14 @@ func ParseKeySpecFromName(raw string) (keySpec signature.KeySpec, err error) {
 		keySpec.Size = 521
 		keySpec.Type = signature.KeyTypeEC
 	default:
-		keySpec = InvalidKeySpec
-		err = errors.New("parse KeySpec error, keySpec not supported")
+		keySpec = signature.KeySpec{}
+		err = errors.New("unknown key spec")
 	}
 	return
 }
 
 // SigningAlgorithmName returns the signing algorithm name of an algorithm according to the spec.
-func SigningAlgorithmName(alg signature.Algorithm) string {
+func SigningAlgorithmString(alg signature.Algorithm) string {
 	switch alg {
 	case signature.AlgorithmES256:
 		return ECDSA_SHA_256
@@ -140,7 +137,7 @@ func SigningAlgorithmName(alg signature.Algorithm) string {
 }
 
 // ParseSigningAlgorithFromName parses the signing algorithm name from a given string.
-func ParseSigningAlgorithFromName(raw string) (signature.Algorithm, error) {
+func ParseSigningAlgorithm(raw string) (signature.Algorithm, error) {
 	switch raw {
 	case ECDSA_SHA_256:
 		return signature.AlgorithmES256, nil
@@ -155,5 +152,5 @@ func ParseSigningAlgorithFromName(raw string) (signature.Algorithm, error) {
 	case RSASSA_PSS_SHA_512:
 		return signature.AlgorithmPS512, nil
 	}
-	return 0, errors.New("parse Signing algorithm error, signing algorithm not supported")
+	return 0, errors.New("unknown signing algorithm")
 }

plugin/plugin.go

@@ -129,13 +129,12 @@ type DescribeKeyResponse struct {
 }
 
 // GenerateSignatureRequest contains the parameters passed in a generate-signature request.
-// do we still need keyspec and hash?
 type GenerateSignatureRequest struct {
 	ContractVersion string            `json:"contractVersion"`
 	KeyID           string            `json:"keyId"`
-	Payload         []byte            `json:"payload"`
 	KeySpec         string            `json:"keySpec"`
 	Hash            string            `json:"hashAlgorithm"`
+	Payload         []byte            `json:"payload"`
 	PluginConfig    map[string]string `json:"pluginConfig,omitempty"`
 }
 

signature/envelope.go

@@ -4,33 +4,14 @@ import (
 	"errors"
 
 	"github.com/notaryproject/notation-core-go/signature"
-	// "github.com/notaryproject/notation-core-go/signature/cose"
-
-	"github.com/notaryproject/notation-core-go/signature/jws"
 )
 
-// SpeculateSignatureEnvelopeFormat speculates envelope format by looping all builtin envelope format.
-//
-// TODO: find a better way to inspect the type of envelope.
-// TODO: support inspecting cose format
-func SpeculateSignatureEnvelopeFormat(raw []byte) (string, error) {
-	// var msg gcose.Sign1Message
-	// if err := msg.UnmarshalCBOR(raw); err == nil {
-	// 	return cose.MediaTypeEnvelope, nil
-	// }
-	if len(raw) == 0 || raw[0] != '{' {
-		// very certain
-		return "", errors.New("unsupported signature format")
-	}
-	return jws.MediaTypeEnvelope, nil
-}
-
 // ValidateEnvelopeMediaType validetes envelope media type is supported by notation-core-go.
 func ValidateEnvelopeMediaType(mediaType string) error {
 	for _, types := range signature.RegisteredEnvelopeTypes() {
 		if mediaType == types {
 			return nil
 		}
 	}
-	return errors.New("signing mediaTypeEnvelope invalid")
+	return errors.New("invalid envelope media type")
 }

signature/envelope_test.go

@@ -1,29 +1,12 @@
 package signature
 
 import (
-	"encoding/json"
 	"errors"
 	"testing"
 
 	"github.com/notaryproject/notation-core-go/signature/jws"
-	// gcose "github.com/veraison/go-cose"
 )
 
-var (
-	validJwsSignatureEnvelope, _ = json.Marshal(struct{}{})
-	validCoseSignatureEnvelope   []byte
-	invalidSignatureEnvelope     = []byte("invalid")
-)
-
-func init() {
-	// msg := gcose.Sign1Message{
-	// 	Headers:   gcose.NewSign1Message().Headers,
-	// 	Payload:   []byte("valid"),
-	// 	Signature: []byte("valid"),
-	// }
-	// validCoseSignatureEnvelope, _ = msg.MarshalCBOR()
-}
-
 const invalidMediaType = "invalid"
 
 func checkErrorEqual(expected, got error) bool {
@@ -36,45 +19,6 @@ func checkErrorEqual(expected, got error) bool {
 	return false
 }
 
-func TestSpeculateSignatureEnvelopeFormat(t *testing.T) {
-	tests := []struct {
-		name         string
-		raw          []byte
-		expectedType string
-		expectedErr  error
-	}{
-		{
-			name:         "jws signature media type",
-			raw:          validJwsSignatureEnvelope,
-			expectedType: jws.MediaTypeEnvelope,
-			expectedErr:  nil,
-		},
-		// {
-		// 	name:         "cose signature media type",
-		// 	raw:          validCoseSignatureEnvelope,
-		// 	expectedType: cose.MediaTypeEnvelope,
-		// 	expectedErr:  nil,
-		// },
-		{
-			name:         "invalid signature media type",
-			raw:          invalidSignatureEnvelope,
-			expectedType: "",
-			expectedErr:  errors.New("unsupported signature format"),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			eType, err := SpeculateSignatureEnvelopeFormat(tt.raw)
-			if !checkErrorEqual(tt.expectedErr, err) {
-				t.Fatalf("expected speculate signature envelope format err: %v, got: %v", tt.expectedErr, err)
-			}
-			if eType != tt.expectedType {
-				t.Fatalf("expected signature envelopeType: %v, got: %v", tt.expectedType, eType)
-			}
-		})
-	}
-}
-
 func TestValidateEnvelopeMediaType(t *testing.T) {
 	tests := []struct {
 		name        string
@@ -86,15 +30,10 @@ func TestValidateEnvelopeMediaType(t *testing.T) {
 			mediaType:   jws.MediaTypeEnvelope,
 			expectedErr: nil,
 		},
-		// {
-		// 	name:        "cose signature media type",
-		// 	mediaType:   cose.MediaTypeEnvelope,
-		// 	expectedErr: nil,
-		// },
 		{
 			name:        "invalid media type",
 			mediaType:   invalidMediaType,
-			expectedErr: errors.New("signing mediaTypeEnvelope invalid"),
+			expectedErr: errors.New("invalid envelope media type"),
 		},
 	}
 	for _, tt := range tests {

signature/plugin_test.go

@@ -17,7 +17,6 @@ import (
 
 	"github.com/notaryproject/notation-go"
 	"github.com/notaryproject/notation-go/plugin"
-	// gcose "github.com/veraison/go-cose"
 )
 
 const unsupported = "unsupported"
@@ -32,11 +31,10 @@ var (
 	}
 	validSignDescriptor, validSignOpts = generateSigningContent(nil)
 	invalidJwsEnvelope, _              = json.Marshal(struct{}{})
-	// invalidCoseEnvelope, _             = gcose.NewSign1Message().MarshalCBOR()
-	envelopeTypeToData = map[string][]byte{
+	envelopeTypeToData                 = map[string][]byte{
 		jws.MediaTypeEnvelope: invalidJwsEnvelope,
-		// cose.MediaTypeEnvelope: invalidCoseEnvelope,
 	}
+	invalidSignatureEnvelope = []byte("invalid")
 )
 
 var (
@@ -179,7 +177,7 @@ func (p *mockProvider) Run(ctx context.Context, req plugin.Request) (interface{}
 		}
 		return &plugin.DescribeKeyResponse{
 			KeyID:   p.keyID,
-			KeySpec: KeySpecName(keySpec),
+			KeySpec: plugin.KeySpecString(keySpec),
 		}, nil
 	case plugin.CommandGenerateSignature:
 		if p.generateSignature != nil {
@@ -201,7 +199,7 @@ func (p *mockProvider) Run(ctx context.Context, req plugin.Request) (interface{}
 		return &plugin.GenerateSignatureResponse{
 			KeyID:            p.keyID,
 			Signature:        sig,
-			SigningAlgorithm: SigningAlgorithmName(keySpec.SignatureAlgorithm()),
+			SigningAlgorithm: plugin.SigningAlgorithmString(keySpec.SignatureAlgorithm()),
 			CertificateChain: certs,
 		}, nil
 	case plugin.CommandGenerateEnvelope:

signature/provider.go

@@ -10,7 +10,7 @@ import (
 	"github.com/notaryproject/notation-go/plugin"
 )
 
-// builtInPluginMetaData is the builtin metadata used by builtinProvider.
+// builtInPluginMetaData is the metadata used by builtinProvider.
 var builtInPluginMetaData = plugin.Metadata{
 	SupportedContractVersions: []string{plugin.ContractVersion},
 	Capabilities:              []plugin.Capability{plugin.CapabilitySignatureGenerator},
@@ -80,7 +80,7 @@ func (p *builtinProvider) Run(_ context.Context, req plugin.Request) (interface{
 //
 // The detail implementation depends on the underlying plugin.
 //
-// It wraps a signature.Signature to support external signing.
+// It wraps a signature.Signer to support external signing.
 type externalProvider struct {
 	plugin.Runner
 	keyID   string
@@ -129,8 +129,8 @@ func (p *externalProvider) Sign(payload []byte) ([]byte, []*x509.Certificate, er
 	req := &plugin.GenerateSignatureRequest{
 		ContractVersion: plugin.ContractVersion,
 		KeyID:           p.keyID,
-		KeySpec:         KeySpecName(keySpec),
-		Hash:            KeySpecHashName(keySpec),
+		KeySpec:         plugin.KeySpecString(keySpec),
+		Hash:            plugin.KeySpecHashString(keySpec),
 		Payload:         payload,
 		PluginConfig:    p.config,
 	}
@@ -159,7 +159,7 @@ func (p *externalProvider) Sign(payload []byte) ([]byte, []*x509.Certificate, er
 
 // KeySpec returns the keySpec of a keyID by calling describeKey and do some keySpec validation.
 func (p *externalProvider) KeySpec() (signature.KeySpec, error) {
-	if p.keySpec != InvalidKeySpec {
+	if p.keySpec != (signature.KeySpec{}) {
 		return p.keySpec, nil
 	}
 	keyResp, err := p.describeKey(context.Background())
@@ -171,6 +171,6 @@ func (p *externalProvider) KeySpec() (signature.KeySpec, error) {
 	if p.keyID != keyResp.KeyID {
 		return signature.KeySpec{}, fmt.Errorf("keyID in describeKey response %q does not match request %q", keyResp.KeyID, p.keyID)
 	}
-	p.keySpec, err = ParseKeySpecFromName(keyResp.KeySpec)
+	p.keySpec, err = plugin.ParseKeySpec(keyResp.KeySpec)
 	return p.keySpec, err
 }

signature/signer_test.go

@@ -20,6 +20,7 @@ import (
 	"github.com/notaryproject/notation-core-go/testhelper"
 	"github.com/notaryproject/notation-go"
 	"github.com/notaryproject/notation-go/crypto/timestamp/timestamptest"
+	"github.com/notaryproject/notation-go/plugin"
 	"github.com/opencontainers/go-digest"
 )
 
@@ -45,7 +46,7 @@ func setUpKeyCertPairCollections() []*keyCertPair {
 			panic(fmt.Sprintf("setUpKeyCertPairCollections() failed, invalid keySpec: %v", err))
 		}
 		keyCertPairs = append(keyCertPairs, &keyCertPair{
-			keySpecName: KeySpecName(keySpec),
+			keySpecName: plugin.KeySpecString(keySpec),
 			key:         certTuple.PrivateKey,
 			certs:       []*x509.Certificate{certTuple.Cert, rsaRoot.Cert},
 		})
@@ -60,7 +61,7 @@ func setUpKeyCertPairCollections() []*keyCertPair {
 			panic(fmt.Sprintf("setUpKeyCertPairCollections() failed, invalid keySpec: %v", err))
 		}
 		keyCertPairs = append(keyCertPairs, &keyCertPair{
-			keySpecName: KeySpecName(keySpec),
+			keySpecName: plugin.KeySpecString(keySpec),
 			key:         certTuple.PrivateKey,
 			certs:       []*x509.Certificate{certTuple.Cert, ecdsaRoot.Cert},
 		})