go.chromium.org/luci@v0.0.0-20240309015107-7cdc2e660f33/cipd/appengine/impl/cas/signer.go (about)

     1  // Copyright 2017 The LUCI Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //      http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  package cas
    16  
    17  import (
    18  	"context"
    19  
    20  	"go.chromium.org/luci/common/errors"
    21  	"go.chromium.org/luci/server/auth"
    22  )
    23  
    24  // signerFactory produces a signer on demand.
    25  type signerFactory func(context.Context) (*signer, error)
    26  
    27  // signer can RSA-sign blobs the way Google Storage likes it.
    28  //
    29  // Mocked in tests.
    30  type signer struct {
    31  	Email     string
    32  	SignBytes func(context.Context, []byte) (key string, sig []byte, err error)
    33  }
    34  
    35  // defaultSigner uses the default server account for signing.
    36  func defaultSigner(ctx context.Context) (*signer, error) {
    37  	s := auth.GetSigner(ctx)
    38  	if s == nil {
    39  		return nil, errors.Reason("a default signer is not available").Err()
    40  	}
    41  	info, err := s.ServiceInfo(ctx)
    42  	if err != nil {
    43  		return nil, errors.Annotate(err, "failed to grab the signer info").Err()
    44  	}
    45  	return &signer{
    46  		Email:     info.ServiceAccountName,
    47  		SignBytes: s.SignBytes,
    48  	}, nil
    49  }