func GetSigner()

in aws_signing_helper/signer.go [326:427]

• 95 lines of code
• 23 McCabe index (conditional complexity)

func GetSigner(opts *CredentialsOpts) (signer Signer, signatureAlgorithm string, err error) {
	var (
		certificate      *x509.Certificate
		certificateChain []*x509.Certificate
	)

	privateKeyId := opts.PrivateKeyId
	if privateKeyId == "" {
		if opts.CertificateId == "" {
			if Debug {
				log.Println("attempting to use CertStoreSigner")
			}
			return GetCertStoreSigner(opts.CertIdentifier, opts.UseLatestExpiringCertificate)
		}
		privateKeyId = opts.CertificateId
	}

	if opts.CertificateId != "" && !strings.HasPrefix(opts.CertificateId, "pkcs11:") {
		_, cert, err := ReadCertificateData(opts.CertificateId)
		if err == nil {
			certificate = cert
		} else if opts.PrivateKeyId == "" {
			if Debug {
				log.Println("not a PEM certificate, so trying PKCS#12")
			}
			if opts.CertificateBundleId != "" {
				return nil, "", errors.New("can't specify certificate chain when" +
					" using PKCS#12 files; certificate bundle should be provided" +
					" within the PKCS#12 file")
			}
			// Not a PEM certificate? Try PKCS#12
			_, _, err = ReadPKCS12Data(opts.CertificateId)
			if err != nil {
				return nil, "", err
			}
			return GetFileSystemSigner(opts.PrivateKeyId, opts.CertificateId, opts.CertificateBundleId, true)
		} else {
			return nil, "", err
		}
	}

	if opts.CertificateBundleId != "" {
		certificateChain, err = GetCertChain(opts.CertificateBundleId)
		if err != nil {
			return nil, "", err
		}
	}

	if strings.HasPrefix(privateKeyId, "pkcs11:") {
		if Debug {
			log.Println("attempting to use PKCS11Signer")
		}
		if certificate != nil {
			opts.CertificateId = ""
		}
		return GetPKCS11Signer(opts.LibPkcs11, certificate, certificateChain, opts.PrivateKeyId, opts.CertificateId, opts.ReusePin)
	} else if strings.HasPrefix(privateKeyId, "handle:") {
		if Debug {
			log.Println("attempting to use TPMv2Signer")
		}
		return GetTPMv2Signer(
			GetTPMv2SignerOpts{
				certificate,
				certificateChain,
				nil,
				opts.TpmKeyPassword,
				opts.NoTpmKeyPassword,
				opts.PrivateKeyId,
			},
		)
	} else {
		tpmKey, err := parseDERFromPEM(privateKeyId, "TSS2 PRIVATE KEY")
		if err == nil {
			if Debug {
				log.Println("attempting to use TPMv2Signer")
			}
			return GetTPMv2Signer(
				GetTPMv2SignerOpts{
					certificate,
					certificateChain,
					tpmKey,
					opts.TpmKeyPassword,
					opts.NoTpmKeyPassword,
					"",
				},
			)
		}

		_, err = ReadPrivateKeyData(privateKeyId)
		if err != nil {
			return nil, "", err
		}

		if certificate == nil {
			return nil, "", errors.New("undefined certificate value")
		}
		if Debug {
			log.Println("attempting to use FileSystemSigner")
		}
		return GetFileSystemSigner(privateKeyId, opts.CertificateId, opts.CertificateBundleId, false)
	}
}