diff options
| author | Yoav Amit <yoav@squareup.com> | 2024-08-20 18:37:02 -0400 |
|---|---|---|
| committer | Yoav Amit <yoav@squareup.com> | 2024-08-20 18:37:02 -0400 |
| commit | 970c5307bdf728c9fb3d338be99d419139f4ecec (patch) | |
| tree | e133f66065081584a53880f25a91a16e4bfee88c | |
| parent | 4fd9979d5c2940e72bdd6946fec21e02d959f0f6 (diff) | |
| download | go-git-970c5307bdf728c9fb3d338be99d419139f4ecec.tar.gz | |
plumbing: signature, support the same x509 signature formats as git
Commits and tags signed with x509 certificates may be encoded with the `SIGNED MESSAGE` PEM label.
This behavior is consistent in [git](https://github.com/git/git/blob/master/gpg-interface.c\#L63) and [gpgsm](https://github.com/gpg/gnupg/blob/master/sm/sign.c\#L650) which is commonly used to produce these types of signatures.
| -rw-r--r-- | plumbing/object/signature.go | 1 | ||||
| -rw-r--r-- | plumbing/object/signature_test.go | 15 |
2 files changed, 15 insertions, 1 deletions
diff --git a/plumbing/object/signature.go b/plumbing/object/signature.go index 91cf371..f9c3d30 100644 --- a/plumbing/object/signature.go +++ b/plumbing/object/signature.go @@ -19,6 +19,7 @@ var ( // a PKCS#7 (S/MIME) signature. x509SignatureFormat = signatureFormat{ []byte("-----BEGIN CERTIFICATE-----"), + []byte("-----BEGIN SIGNED MESSAGE-----"), } // sshSignatureFormat is the format of an SSH signature. diff --git a/plumbing/object/signature_test.go b/plumbing/object/signature_test.go index 3b20cde..732aa09 100644 --- a/plumbing/object/signature_test.go +++ b/plumbing/object/signature_test.go @@ -33,7 +33,7 @@ MKEQruIQWJb+8HVXwssA4= want: signatureTypeSSH, }, { - name: "known signature format (X509)", + name: "known signature format (X509) CERTIFICATE", b: []byte(`-----BEGIN CERTIFICATE----- MIIDZjCCAk6gAwIBAgIJALZ9Z3Z9Z3Z9MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD VQQGEwJTRTEOMAwGA1UECAwFVGV4YXMxDjAMBgNVBAcMBVRleGFzMQ4wDAYDVQQK @@ -46,6 +46,19 @@ ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZ9Z3Z9Z3Z9Z3Z9Z3Z9Z3 want: signatureTypeX509, }, { + name: "known signature format (x509) SIGNED MESSAGE", + b: []byte(`-----BEGIN SIGNED MESSAGE----- +MIIDZjCCAk6gAwIBAgIJALZ9Z3Z9Z3Z9MA0GCSqGSIb3DQEBCwUAMIGIMQswCQYD +VQQGEwJTRTEOMAwGA1UECAwFVGV4YXMxDjAMBgNVBAcMBVRleGFzMQ4wDAYDVQQK +DAVUZXhhczEOMAwGA1UECwwFVGV4YXMxGDAWBgNVBAMMD1RleGFzIENlcnRpZmlj +YXRlMB4XDTE3MDUyNjE3MjY0MloXDTI3MDUyNDE3MjY0MlowgYgxCzAJBgNVBAYT +AlNFMQ4wDAYDVQQIDAVUZXhhczEOMAwGA1UEBwwFVGV4YXMxDjAMBgNVBAoMBVRl +eGFzMQ4wDAYDVQQLDAVUZXhhczEYMBYGA1UEAwwPVGV4YXMgQ2VydGlmaWNhdGUw +ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQZ9Z3Z9Z3Z9Z3Z9Z3Z9Z3 +-----END SIGNED MESSAGE-----`), + want: signatureTypeX509, + }, + { name: "unknown signature format", b: []byte(`-----BEGIN ARBITRARY SIGNATURE----- U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgij/EfHS8tCjolj5uEANXgKzFfp |