Add GoDocs for public API

Signed-off-by: Noah Stride <noah.stride@goteleport.com>
spiffe · Oct 18, 2024 · 33be15f · 33be15f
1 parent a15c0da
commit 33be15f
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/signer.go b/signer.go
@@ -20,10 +20,15 @@ type X509SVIDSigner struct {
 	SVID *x509svid.SVID
 }
 
+// Public returns the public key of the keypair associated with the signer's
+// X509 SVID. Implements the crypto.Signer interface.
 func (s *X509SVIDSigner) Public() crypto.PublicKey {
 	return s.SVID.PrivateKey.Public()
 }
 
+// Sign creates a signature of the given input using the keypair associated with
+// the signer's X509 SVID.
+// Implements the aws_signing_helper.Signer and crypto.Signer interfaces.
 func (s *X509SVIDSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
 	// Note(strideynet):
 	// As of the time of writing, it looks like the AWS signing helper will
@@ -94,17 +99,26 @@ func (s *X509SVIDSigner) SignatureAlgorithm() (string, error) {
 	}
 }
 
+// Certificate returns the leaf certificate e.g the one identifying the
+// workload.
+// Implements the aws_signing_helper.Signer interface.
 func (s *X509SVIDSigner) Certificate() (*x509.Certificate, error) {
 	return s.SVID.Certificates[0], nil
 }
 
+// CertificateChain returns any certificates needed to chain the leaf to
+// the trust anchor.
+// Implements the aws_signing_helper.Signer interface.
 func (s *X509SVIDSigner) CertificateChain() ([]*x509.Certificate, error) {
 	if len(s.SVID.Certificates) < 1 {
 		return s.SVID.Certificates[1:], nil
 	}
 	return nil, nil
 }
 
+// Close should be called when the signer is no longer needed. It is a no-op
+// for this implementation.
+// Implements the aws_signing_helper.Signer interface.
 func (s *X509SVIDSigner) Close() {
 	// Nothing to do here...
 }