func()

in aws_signing_helper/cert_store_signer_darwin.go [312:367]

• 45 lines of code
• 10 McCabe index (conditional complexity)

func (signer *DarwinCertStoreSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error) {
	var hash []byte
	switch opts.HashFunc() {
	case crypto.SHA256:
		sum := sha256.Sum256(digest)
		hash = sum[:]
	case crypto.SHA384:
		sum := sha512.Sum384(digest)
		hash = sum[:]
	case crypto.SHA512:
		sum := sha512.Sum512(digest)
		hash = sum[:]
	default:
		return nil, ErrUnsupportedHash
	}

	keyRef, err := signer.getKeyRef()
	if err != nil {
		return nil, err
	}

	chash, err := bytesToCFData(hash)
	if err != nil {
		return nil, err
	}
	defer C.CFRelease(C.CFTypeRef(chash))

	cert, err := signer.Certificate()
	if err != nil {
		return nil, err
	}

	algo, err := getAlgo(cert, opts.HashFunc())
	if err != nil {
		return nil, err
	}

	// sign the digest
	var cfErrRef C.CFErrorRef
	cSig := C.SecKeyCreateSignature(keyRef, algo, chash, &cfErrRef)

	if err := cfErrorError(cfErrRef); err != nil {
		C.CFRelease(C.CFTypeRef(cfErrRef))

		return nil, err
	}

	if cSig == 0 {
		return nil, errors.New("nil signature from SecKeyCreateSignature")
	}
	defer C.CFRelease(C.CFTypeRef(cSig))

	sig := cfDataToBytes(cSig)

	return sig, nil
}