fixes

notation.go

@@ -192,21 +192,7 @@ func SignBlob(ctx context.Context, signer BlobSigner, blobReader io.Reader, sign
 		return nil, nil, fmt.Errorf("invalid content media-type '%s': %v", signBlobOpts.ContentMediaType, err)
 	}
 
-	getDescFunc := func(hashAlgo digest.Algorithm) (ocispec.Descriptor, error) {
-		h := hashAlgo.Hash()
-		bytes, err := io.Copy(hashAlgo.Hash(), blobReader)
-		if err != nil {
-			return ocispec.Descriptor{}, err
-		}
-
-		targetDesc := ocispec.Descriptor{
-			MediaType: signBlobOpts.ContentMediaType,
-			Digest:    digest.NewDigest(hashAlgo, h),
-			Size:      bytes,
-		}
-		return addUserMetadataToDescriptor(ctx, targetDesc, signBlobOpts.UserMetadata)
-	}
-
+	getDescFunc := getDescriptorFunc(ctx, blobReader, signBlobOpts.ContentMediaType, signBlobOpts.UserMetadata)
 	return signer.SignBlob(ctx, getDescFunc, signBlobOpts.SignerSignOptions)
 }
 
@@ -315,7 +301,7 @@ func (outcome *VerificationOutcome) UserMetadata() (map[string]string, error) {
 
 // VerifierVerifyOptions contains parameters for Verifier.Verify.
 type VerifierVerifyOptions struct {
-	// ArtifactReference is the reference of the artifact that is been
+	// ArtifactReference is the reference of the artifact that is being
 	// verified against to. It must be a full reference.
 	ArtifactReference string
 
@@ -349,7 +335,7 @@ type verifySkipper interface {
 
 // VerifyOptions contains parameters for notation.Verify.
 type VerifyOptions struct {
-	// ArtifactReference is the reference of the artifact that is been
+	// ArtifactReference is the reference of the artifact that is being
 	// verified against to.
 	ArtifactReference string
 
@@ -528,3 +514,19 @@ func generateAnnotations(signerInfo *signature.SignerInfo, annotations map[strin
 	annotations[ocispec.AnnotationCreated] = signingTime.Format(time.RFC3339)
 	return annotations, nil
 }
+
+func getDescriptorFunc(ctx context.Context, reader io.Reader, contentMediaType string, userMetadata map[string]string) BlobDescriptorGenerator {
+	return func(hashAlgo digest.Algorithm) (ocispec.Descriptor, error) {
+		h := hashAlgo.Hash()
+		bytes, err := io.Copy(hashAlgo.Hash(), reader)
+		if err != nil {
+			return ocispec.Descriptor{}, err
+		}
+		targetDesc := ocispec.Descriptor{
+			MediaType: contentMediaType,
+			Digest:    digest.NewDigest(hashAlgo, h),
+			Size:      bytes,
+		}
+		return addUserMetadataToDescriptor(ctx, targetDesc, userMetadata)
+	}
+}

signer/plugin.go

@@ -52,7 +52,14 @@ var algorithms = map[crypto.Hash]digest.Algorithm{
 // NewFromPlugin creates a notation.Signer that signs artifacts and generates
 // signatures by delegating the one or more operations to the named plugin,
 // as defined in https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md#signing-interfaces.
-func NewFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (*PluginSigner, error) {
+func NewFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (notation.Signer, error) {
+	return NewPluginSignerFromPlugin(plugin, keyID, pluginConfig)
+}
+
+// NewPluginSignerFromPlugin creates a notation.Signer that signs artifacts and generates
+// signatures by delegating the one or more operations to the named plugin,
+// as defined in https://github.com/notaryproject/notaryproject/blob/main/specs/plugin-extensibility.md#signing-interfaces.
+func NewPluginSignerFromPlugin(plugin plugin.SignPlugin, keyID string, pluginConfig map[string]string) (*PluginSigner, error) {
 	if plugin == nil {
 		return nil, errors.New("nil plugin")
 	}

signer/signer.go

@@ -42,7 +42,12 @@ type GenericSigner struct {
 }
 
 // New returns a builtinSigner given key and cert chain
-func New(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner, error) {
+func New(key crypto.PrivateKey, certChain []*x509.Certificate) (notation.Signer, error) {
+	return NewGenericSigner(key, certChain)
+}
+
+// NewGenericSigner returns a builtinSigner given key and cert chain
+func NewGenericSigner(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner, error) {
 	localSigner, err := signature.NewLocalSigner(certChain, key)
 	if err != nil {
 		return nil, err
@@ -53,7 +58,12 @@ func New(key crypto.PrivateKey, certChain []*x509.Certificate) (*GenericSigner,
 }
 
 // NewFromFiles returns a builtinSigner given key and certChain paths.
-func NewFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
+func NewFromFiles(keyPath, certChainPath string) (notation.Signer, error) {
+	return NewGenericSignerFromFiles(keyPath, certChainPath)
+}
+
+// NewGenericSignerFromFiles returns a builtinSigner given key and certChain paths.
+func NewGenericSignerFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
 	if keyPath == "" {
 		return nil, errors.New("key path not specified")
 	}
@@ -80,7 +90,7 @@ func NewFromFiles(keyPath, certChainPath string) (*GenericSigner, error) {
 	}
 
 	// create signer
-	return New(cert.PrivateKey, certs)
+	return NewGenericSigner(cert.PrivateKey, certs)
 }
 
 // Sign signs the artifact described by its descriptor and returns the

signer/signer_test.go

@@ -219,7 +219,7 @@ func TestSignBlobWithCertChain(t *testing.T) {
 	for _, envelopeType := range signature.RegisteredEnvelopeTypes() {
 		for _, keyCert := range keyCertPairCollections {
 			t.Run(fmt.Sprintf("envelopeType=%v_keySpec=%v", envelopeType, keyCert.keySpecName), func(t *testing.T) {
-				s, err := New(keyCert.key, keyCert.certs)
+				s, err := NewGenericSigner(keyCert.key, keyCert.certs)
 				if err != nil {
 					t.Fatalf("NewSigner() error = %v", err)
 				}