Support for intermediate certificates #2
Conversation
pkcs7/sign.go
Outdated
| // Create Signature of message | ||
| // message must be of type io.Reader or []byte | ||
| // Returns signature and any error encountered. | ||
| func Sign(message interface{}, certificate *x509.Certificate, privateKey *rsa.PrivateKey) ([]byte, error) { |
There was a problem hiding this comment.
I don't think message should be changed to interface{}.
Instead, I'd suggest that Sign continues using io.Reader and the calling application can use bytes.NewReader() if it needs to pass in []bytes.
There was a problem hiding this comment.
I agree with you that interface{} is not the best solution.
Instead of using io.Reader I suggest to introduce an interface Hashable Yannic@77cdc19
There was a problem hiding this comment.
I'm not clear on how this would work. Do you intend to change Sign to accept Hashable instead of io.Reader then?
There was a problem hiding this comment.
I don't think replacing is an option because it wouldn't be compatible with the current version.
func Sign(reader io.Reader, certificate *x509.Certificate, privateKey *rsa.PrivateKey) ([]byte, error) {}
func SignIntermediate(reader io.Reader, certificate *x509.Certificate, privateKey *rsa.PrivateKey, intermediateCertificates []*x509.Certificate) ([]byte, error) {}
func SignData(hashable Hashable, certificate *x509.Certificate, privateKey *rsa.PrivateKey) ([]byte, error) {}
func SignDataIntermediate(hashable Hashable, certificate *x509.Certificate, privateKey *rsa.PrivateKey, intermediateCertificates []*x509.Certificate) ([]byte, error) {}There was a problem hiding this comment.
Agreed. But I'm not sure if I see the advantage of of Hashable over using bytes.NewReader() from the std library? Maybe I just need to see an example of how it would be used.
There was a problem hiding this comment.
You are right that there is no advantage when using []byte, but someone may have some kind of type struct{} he needs to sign. With Hashable, he has the opportunity to compute a checksum without having to serialize it first.
pkcs7/sign.go
Outdated
| signedData := SignedData{ | ||
| // Copy intermediateCertificates to certificate stack | ||
| raw := certificate.Raw | ||
| if intermediateCertificates != nil { |
There was a problem hiding this comment.
This nil check is unnecessary:
https://play.golang.org/p/4AJfaL9rNu
For more on nil, check out https://www.youtube.com/watch?v=ynoY2xz-F8s
There was a problem hiding this comment.
Thank you for your explanation, I will remove it.
Add interface Hashable
|
Ping? |
2 participants
No description provided.