chaoticsmol · August 8, 2018 22:42
diff --git a/auth.go b/auth.go
 package auth

 // AuthSchemeId is used to identify authentication schemes supported by MIG.
 type AuthSchemeId string

 // Fingerprint is a details-agnostic identifier for a key.
 // Implementations of `CryptoAuth` will store keys and which one should be used
 // to produce or verify a signature can be specified by indicating the fingerprint
 // of the key to use.
 type Fingerprint string

 const (
 	AuthSchemePGP     AuthSchemeId = "auth-scheme-pgp"
 	AuthSchemeEd25519 AuthSchemeId = "auth-scheme-ed25519"
 )

 // CryptoAuth implementations provide the following services:
 // 1. Self-identification for runtime selection and inspection,
 // 2. Public and private key management,
 // 3. Signing messages with public keys and
 // 4. Signature verification using private keys.
 type CryptoAuth interface {
 	// Identifier retrieves what should be a unique ID associated with the implementation.
 	Identifier() AuthSchemeId

 	// Sign will attempt to produce a signature over a message with a public key managed
 	// by the implementation.
 	Sign(Fingerprint, []byte) ([]byte, error)

 	// Verify will attempt to use a private key identified by its fingerprint to verify a
 	// signature over a message.
 	// A return value of `nil` indicates that the signature is valid.
 	Verify(Fingerprint, []byte, []byte) error
 }

 // TryMultipleKeyVerification will attempt to verify a signature over a message using an
 // auth scheme and multiple keys.
 // As with `CryptoAuth.Verify`, this function will return an error value of `nil` if one
 // of the designated keys successfully validates the signature. It will also return that
 // key's fingerprint.
 func TryMultipleKeyVerification(
 	auth CryptoAuth,
 	keys []Fingerprint,
 	signature []byte,
 	message []byte,
 ) (Fingerprint, error) {
 	var err error

 	for _, fingerprint := range keys {
 		err = auth.Verify(fingerprint, signature, message)
 		if err == nil {
 			return fingerprint, nil
 		}
 	}
 	return Fingerprint(""), err
 }

 // Supported can be used to verify that an `AuthSchemeId` is known by MIG
 // rather than having been constructed accidentally by calling `AuthSchemeId(someString)`.
 func (scheme AuthSchemeId) Supported() bool {
 	supported := []AuthSchemeId{
 		AuthSchemePGP,
 		AuthSchemeEd25519,
 	}
 	for _, sup := range supported {
 		if scheme == sup {
 			return true
 		}
 	}
 	return false
 }
	package auth

	// AuthSchemeId is used to identify authentication schemes supported by MIG.
	type AuthSchemeId string

	// Fingerprint is a details-agnostic identifier for a key.
	// Implementations of `CryptoAuth` will store keys and which one should be used
	// to produce or verify a signature can be specified by indicating the fingerprint
	// of the key to use.
	type Fingerprint string

	const (
	AuthSchemePGP AuthSchemeId = "auth-scheme-pgp"
	AuthSchemeEd25519 AuthSchemeId = "auth-scheme-ed25519"
	)

	// CryptoAuth implementations provide the following services:
	// 1. Self-identification for runtime selection and inspection,
	// 2. Public and private key management,
	// 3. Signing messages with public keys and
	// 4. Signature verification using private keys.
	type CryptoAuth interface {
	// Identifier retrieves what should be a unique ID associated with the implementation.
	Identifier() AuthSchemeId

	// Sign will attempt to produce a signature over a message with a public key managed
	// by the implementation.
	Sign(Fingerprint, []byte) ([]byte, error)

	// Verify will attempt to use a private key identified by its fingerprint to verify a
	// signature over a message.
	// A return value of `nil` indicates that the signature is valid.
	Verify(Fingerprint, []byte, []byte) error
	}

	// TryMultipleKeyVerification will attempt to verify a signature over a message using an
	// auth scheme and multiple keys.
	// As with `CryptoAuth.Verify`, this function will return an error value of `nil` if one
	// of the designated keys successfully validates the signature. It will also return that
	// key's fingerprint.
	func TryMultipleKeyVerification(
	auth CryptoAuth,
	keys []Fingerprint,
	signature []byte,
	message []byte,
	) (Fingerprint, error) {
	var err error

	for _, fingerprint := range keys {
	err = auth.Verify(fingerprint, signature, message)
	if err == nil {
	return fingerprint, nil
	}
	}
	return Fingerprint(""), err
	}

	// Supported can be used to verify that an `AuthSchemeId` is known by MIG
	// rather than having been constructed accidentally by calling `AuthSchemeId(someString)`.
	func (scheme AuthSchemeId) Supported() bool {
	supported := []AuthSchemeId{
	AuthSchemePGP,
	AuthSchemeEd25519,
	}
	for _, sup := range supported {
	if scheme == sup {
	return true
	}
	}
	return false
	}