From ccc403cf8944dafebfd2edcdb4cb210d0a5efbf0 Mon Sep 17 00:00:00 2001
From: Mariano Cano <mariano@smallstep.com>
Date: Wed, 18 Nov 2020 17:50:21 -0800
Subject: [PATCH] Fix comments, and return an error instead of fatal.

---
 go.sum                         |  1 +
 kms/sshagentkms/sshagentkms.go | 15 ++++++++++-----
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/go.sum b/go.sum
index d5aac68d..09b050b4 100644
--- a/go.sum
+++ b/go.sum
@@ -307,6 +307,7 @@ golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de h1:ikNHVSjEfnvz6sxdSPCaPt
 golang.org/x/crypto v0.0.0-20200728195943-123391ffb6de/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897 h1:pLI5jrR7OSLijeIDcmRxNmw2api+jEfxLoykJVice/E=
 golang.org/x/crypto v0.0.0-20201016220609-9e8e0b390897/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20201117144127-c1f2f97bffc9 h1:phUcVbl53swtrUN8kQEXFhUxPlIlWyBfKmidCu7P95o=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
diff --git a/kms/sshagentkms/sshagentkms.go b/kms/sshagentkms/sshagentkms.go
index fd37051b..b3627a08 100644
--- a/kms/sshagentkms/sshagentkms.go
+++ b/kms/sshagentkms/sshagentkms.go
@@ -8,7 +8,6 @@ import (
 	"crypto/rsa"
 	"crypto/x509"
 	"io"
-	"log"
 	"net"
 	"os"
 	"strings"
@@ -32,7 +31,7 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) {
 	socket := os.Getenv("SSH_AUTH_SOCK")
 	conn, err := net.Dial("unix", socket)
 	if err != nil {
-		log.Fatalf("Failed to open SSH_AUTH_SOCK: %v", err)
+		return nil, errors.Wrap(err, "failed to open SSH_AUTH_SOCK")
 	}
 
 	agentClient := agent.NewClient(conn)
@@ -42,7 +41,8 @@ func New(ctx context.Context, opts apiv1.Options) (*SSHAgentKMS, error) {
 	}, nil
 }
 
-// For testing
+// NewFromAgent initializes an SSHAgentKMS from a given agent, this method is
+// used for testing purposes.
 func NewFromAgent(ctx context.Context, opts apiv1.Options, agentClient agent.Agent) (*SSHAgentKMS, error) {
 	return &SSHAgentKMS{
 		agentClient: agentClient,
@@ -55,20 +55,23 @@ func init() {
 	})
 }
 
+// Close closes the agent. This is a noop for the SSHAgentKMS.
 func (k *SSHAgentKMS) Close() error {
-	// TODO: Is there any cleanup in Agent we can do?
 	return nil
 }
 
-// Utility class to wrap a ssh.Signer as a crypto.Signer
+// WrappedSSHSigner is a utility type to wrap a ssh.Signer as a crypto.Signer
 type WrappedSSHSigner struct {
 	Sshsigner ssh.Signer
 }
 
+// Public returns the agent public key. The type of this public key is
+// *agent.Key.
 func (s *WrappedSSHSigner) Public() crypto.PublicKey {
 	return s.Sshsigner.PublicKey()
 }
 
+// Sign signs the given digest using the ssh agent and returns the signature.
 func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) (signature []byte, err error) {
 	sig, err := s.Sshsigner.Sign(rand, digest)
 	if err != nil {
@@ -77,6 +80,8 @@ func (s *WrappedSSHSigner) Sign(rand io.Reader, digest []byte, opts crypto.Signe
 	return sig.Blob, nil
 }
 
+// NewWrappedSignerFromSSHSigner returns a new crypto signer wrapping the given
+// one.
 func NewWrappedSignerFromSSHSigner(signer ssh.Signer) crypto.Signer {
 	return &WrappedSSHSigner{signer}
 }