cipd/appengine/impl/cas/signer.go - infra/luci/luci-go - Git at Google

 // Copyright 2017 The LUCI Authors.
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //      http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package cas

 import (
 	"context"

 	"go.chromium.org/luci/common/errors"
 	"go.chromium.org/luci/server/auth"
 )

 // signerFactory produces a signer on demand.
 type signerFactory func(context.Context) (*signer, error)

 // signer can RSA-sign blobs the way Google Storage likes it.
 //
 // Mocked in tests.
 type signer struct {
 	Email     string
 	SignBytes func(context.Context, []byte) (key string, sig []byte, err error)
 }

 // defaultSigner uses the default server account for signing.
 func defaultSigner(ctx context.Context) (*signer, error) {
 	s := auth.GetSigner(ctx)
 	if s == nil {
 		return nil, errors.Reason("a default signer is not available").Err()
 	}
 	info, err := s.ServiceInfo(ctx)
 	if err != nil {
 		return nil, errors.Annotate(err, "failed to grab the signer info").Err()
 	}
 	return &signer{
 		Email:     info.ServiceAccountName,
 		SignBytes: s.SignBytes,
 	}, nil
 }
	// Copyright 2017 The LUCI Authors.
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package cas

	import (
	"context"

	"go.chromium.org/luci/common/errors"
	"go.chromium.org/luci/server/auth"
	)

	// signerFactory produces a signer on demand.
	type signerFactory func(context.Context) (*signer, error)

	// signer can RSA-sign blobs the way Google Storage likes it.
	//
	// Mocked in tests.
	type signer struct {
	Email string
	SignBytes func(context.Context, []byte) (key string, sig []byte, err error)
	}

	// defaultSigner uses the default server account for signing.
	func defaultSigner(ctx context.Context) (*signer, error) {
	s := auth.GetSigner(ctx)
	if s == nil {
	return nil, errors.Reason("a default signer is not available").Err()
	}
	info, err := s.ServiceInfo(ctx)
	if err != nil {
	return nil, errors.Annotate(err, "failed to grab the signer info").Err()
	}
	return &signer{
	Email: info.ServiceAccountName,
	SignBytes: s.SignBytes,
	}, nil
	}