blob: 96bd1bfce07008d2a4fb1a69f3969063945f0f8b [file] [log] [blame]
// Copyright 2017 The LUCI Authors.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package iam
import "context"
// Signer implements SignBytes interface on top of IAM Credentials client.
//
// It signs blobs using some service account's private key via 'signBlob' IAM
// call.
type Signer struct {
Client *CredentialsClient
ServiceAccount string
}
// SignBytes signs the blob with some active private key.
//
// Hashes the blob using SHA256 and then calculates RSASSA-PKCS1-v1_5 signature
// using the currently active signing key.
//
// Returns the signature and name of the key used.
func (s *Signer) SignBytes(c context.Context, blob []byte) (string, []byte, error) {
return s.Client.SignBlob(c, s.ServiceAccount, blob)
}