Skip to content

feat(plugin): introduce signing handler plugin support#885

Merged
jakobmoellerdev merged 8 commits into
open-component-model:mainfrom
jakobmoellerdev:signing-plugin-handler
Sep 19, 2025
Merged

feat(plugin): introduce signing handler plugin support#885
jakobmoellerdev merged 8 commits into
open-component-model:mainfrom
jakobmoellerdev:signing-plugin-handler

Conversation

@jakobmoellerdev

@jakobmoellerdev jakobmoellerdev commented Sep 15, 2025

Copy link
Copy Markdown
Member

What this does

  • Added a new SigningRegistry to manage signing handler plugins.
  • Integrated signing handler support into the plugin manager and registries.
  • Updated dependencies in go.mod and go.sum to include the signing library.
  • Adjusted test cases to align with the new signing plugin functionality.

Note: I have made it so that Signing and Verification expect the same Config Type right now. Technically this is a bit of a conflict with the SigStore ADR Proposal because it would have two different configs for signing and verifications but I think having one type that can be used with different fields would also work, and its significantly easier to implement here

Why this change is needed

  • Expands the plugin framework capabilities to include signing handlers for enhanced security and verification processes.

part of adopting the RSA handler implemented for open-component-model/ocm-project#648 in #859. It would be registered as an internal handler via RegisterInternalComponentSignatureHandler in the CLI

@jakobmoellerdev
feat(plugin): introduce signing handler plugin support
17a25dc 
#### What this does
- Added a new `SigningRegistry` to manage signing handler plugins.
- Integrated signing handler support into the plugin manager and registries.
- Updated dependencies in `go.mod` and `go.sum` to include the signing library.
- Adjusted test cases to align with the new signing plugin functionality.

#### Why this change is needed
- Expands the plugin framework capabilities to include signing handlers for enhanced security and verification processes.
- Improves extensibility by enabling seamless integration and management of signing plugins.
- Ensures alignment with the evolving requirements for cryptographic operations on component descriptors.

Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@github-actions github-actions Bot added kind/feature new feature, enhancement, improvement, extension size/l Large labels Sep 15, 2025
@jakobmoellerdev
chore(deps): update runtime descriptor dependency in Go module
ca7de24 
### What this does
- Upgraded `ocm.software/open-component-model/bindings/go/descriptor/runtime` from `v0.0.0-20250909064434-e1a06fe74668` to `v0.0.0-20250915165427-710b0c881b3c`.
- Updated `go.mod` and `go.sum` to reflect the newer version.

Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@jakobmoellerdev
chore(deps): bump plugin once more
c731012 
Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@jakobmoellerdev
chore(deps): bump plugin once more
a0f3b06 
Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@jakobmoellerdev
feat(plugin): add test signing handler plugin
5a8af63 
### What this does
- Introduced a new Go-based test signing handler plugin under `plugin/internal/testplugin-signinghandler`.
- Implements basic signing and verifying capabilities with dummy data for testing purposes:
  - `Sign` and `Verify` operations.
  - Retrieval of signer and verifier identities.
- Added plugin initialization logic with logging, configuration parsing, and capability registration.

### Why this change is needed
- Provides a foundation for testing signing plugin functionality within the Open Component Model ecosystem.
- Supports the development and verification of plugin-based cryptographic operations with minimal overhead.

Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@jakobmoellerdev jakobmoellerdev marked this pull request as ready for review September 16, 2025 15:28
@jakobmoellerdev jakobmoellerdev requested a review from a team as a code owner September 16, 2025 15:28
@Skarlso Skarlso self-assigned this Sep 17, 2025
@jakobmoellerdev jakobmoellerdev mentioned this pull request Sep 17, 2025
Merged
Skarlso
Skarlso reviewed Sep 17, 2025
View reviewed changes

@Skarlso Skarlso left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a quick question first.

Comment thread bindings/go/plugin/manager/registries/signinghandler/endpoints_function.go
Skarlso
Skarlso reviewed Sep 17, 2025
View reviewed changes
Comment thread bindings/go/plugin/manager/registries/signinghandler/endpoints_function.go Outdated
Skarlso
Skarlso reviewed Sep 17, 2025
View reviewed changes
Comment thread bindings/go/plugin/manager/registries/signinghandler/implementations.go Outdated
@jakobmoellerdev
fix(plugin): add credential extraction from Authorization header
c262c5b 
Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
fabianburth
fabianburth requested changes Sep 18, 2025
View reviewed changes
Comment thread bindings/go/plugin/manager/registries/signinghandler/handlers_test.go Outdated
Comment thread bindings/go/plugin/manager/contracts/signing/v1/contracts.go
Comment thread bindings/go/plugin/manager/registries/signinghandler/registry.go
Comment thread bindings/go/plugin/manager/manager.go
Comment thread bindings/go/plugin/manager/registries/signinghandler/converter.go Outdated
Comment thread bindings/go/plugin/manager/registries/signinghandler/converter.go Outdated
Comment thread bindings/go/plugin/manager/registries/signinghandler/converter.go Outdated
Comment thread bindings/go/plugin/manager/registries/signinghandler/endpoints_function.go Outdated
Comment thread bindings/go/plugin/manager/registries/signinghandler/endpoints_function.go Outdated
@jakobmoellerdev
chore: pr review
b9b91c8 
Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
@jakobmoellerdev jakobmoellerdev enabled auto-merge (squash) September 19, 2025 06:30
@jakobmoellerdev jakobmoellerdev merged commit 9ba3663 into open-component-model:main Sep 19, 2025
16 checks passed
jakobmoellerdev added a commit that referenced this pull request Oct 1, 2025
@jakobmoellerdev @matthiasbruns
feat(cli): sign/verify support (#895)
bce087a 
### What this does

adds `ocm sign cv` / `ocm verify cv` support to OCM CLI.

### Why this change is needed

This actually uses the handlers prepared before for OCM signing support
in open-component-model/ocm-project#648

Needs
#885

fix open-component-model/ocm-project#649

---------

Signed-off-by: Jakob Möller <jakob.moeller@sap.com>
Co-authored-by: Matthias Bruns <github@matthiasbruns.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabianburth fabianburth fabianburth approved these changes

@Skarlso Skarlso Skarlso approved these changes

Assignees

@Skarlso Skarlso

Labels

kind/feature new feature, enhancement, improvement, extension size/l Large

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jakobmoellerdev @Skarlso @fabianburth