Add more comments

Author: Emyrk

extensionsign/sigmanifest.go

@@ -23,7 +23,8 @@ func (a SignatureManifest) String() string {
 	return fmt.Sprintf("Package %q with Entries: %d", a.Package.Digests.SHA256, len(a.Entries))
 }
 
-// Equal is helpful for debugging
+// Equal is helpful for debugging to know if two manifests are equal.
+// They can change if any file is removed/added/edited to an extension.
 func (a SignatureManifest) Equal(b SignatureManifest) error {
 	var err error
 	if err := a.Package.Equal(b.Package); err != nil {
@@ -82,7 +83,8 @@ type Digests struct {
 }
 
 // GenerateSignatureManifest generates a signature manifest for a VSIX file.
-// It does not sign the manifest.
+// It does not sign the manifest. The manifest is the base64 encoded file path
+// followed by the sha256 hash of the file, and it's size.
 func GenerateSignatureManifest(vsixFile []byte) (SignatureManifest, error) {
 	pkgManifest, err := FileManifest(bytes.NewReader(vsixFile))
 	if err != nil {

extensionsign/sigzip.go

@@ -28,7 +28,6 @@ func ExtractSignatureManifest(zip []byte) (SignatureManifest, error) {
 }
 
 // SignAndZipManifest signs a manifest and zips it up
-// Sign
 func SignAndZipManifest(secret crypto.Signer, manifest json.RawMessage) ([]byte, error) {
 	var buf bytes.Buffer
 	w := zip.NewWriter(&buf)

storage/signature.go

@@ -4,7 +4,6 @@ import (
 	"context"
 	"crypto"
 	"encoding/json"
-	"fmt"
 	"io"
 	"io/fs"
 	"path/filepath"
@@ -76,16 +75,24 @@ func (s *Signature) Manifest(ctx context.Context, publisher, name string, versio
 	return manifest, nil
 }
 
+// Open will intercept requests for signed extensions payload.
+// It does this by looking for 'sigzipFilename' or p7s.sig.
+//
+// The signed payload and signing process is taken from:
+// https://github.com/filiptronicek/node-ovsx-sign
 func (s *Signature) Open(ctx context.Context, fp string) (fs.File, error) {
 	if s.SigningEnabled() && filepath.Base(fp) == "p7s.sig" {
 		// This file must exist, and it is always empty
 		return mem.NewFileHandle(mem.CreateFile("p7s.sig")), nil
 	}
+
 	if s.SigningEnabled() && filepath.Base(fp) == sigzipFilename {
 		// hijack this request, sign the sig manifest
 		manifest, err := s.Storage.Open(ctx, filepath.Join(filepath.Dir(fp), sigManifestName))
 		if err != nil {
-			fmt.Println(err)
+			// If this file is missing, it means the extension was added before
+			// signatures were handled by the marketplace.
+			// TODO: Generate the sig manifest payload and insert it?
 			return nil, xerrors.Errorf("open signature manifest: %w", err)
 		}
 		defer manifest.Close()