From 85eb4983bc976238d7732b9a1c65913c469d11c0 Mon Sep 17 00:00:00 2001
From: Max Goedjen <max.goedjen@gmail.com>
Date: Wed, 18 Mar 2020 20:04:24 -0700
Subject: [PATCH] Split witness call (fixes #62)

---
 SecretAgent/Notifier.swift          | 3 +++
 SecretAgentKit/Agent.swift          | 6 +++++-
 SecretAgentKit/SigningWitness.swift | 1 +
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/SecretAgent/Notifier.swift b/SecretAgent/Notifier.swift
index a558e77..1f12f98 100644
--- a/SecretAgent/Notifier.swift
+++ b/SecretAgent/Notifier.swift
@@ -24,6 +24,9 @@ class Notifier {
 
 extension Notifier: SigningWitness {
 
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
+    }
+
     func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
         notify(accessTo: secret, by: provenance)
     }
diff --git a/SecretAgentKit/Agent.swift b/SecretAgentKit/Agent.swift
index 2da04fd..ad46ecf 100644
--- a/SecretAgentKit/Agent.swift
+++ b/SecretAgentKit/Agent.swift
@@ -87,7 +87,7 @@ extension Agent {
 
         let provenance = requestTracer.provenance(from: pid)
         if let witness = witness {
-            try witness.witness(accessTo: secret, by: provenance)
+            try witness.speakNowOrForeverHoldYourPeace(forAccessTo: secret, by: provenance)
         }
 
         let dataToSign = try reader.readNextChunk()
@@ -122,6 +122,10 @@ extension Agent {
         sub.append(writer.lengthAndData(of: signatureChunk))
         signedData.append(writer.lengthAndData(of: sub))
 
+        if let witness = witness {
+            try witness.witness(accessTo: secret, by: provenance)
+        }
+
         os_log(.debug, "Agent signed request")
 
         return signedData
diff --git a/SecretAgentKit/SigningWitness.swift b/SecretAgentKit/SigningWitness.swift
index ffc73e3..d85467c 100644
--- a/SecretAgentKit/SigningWitness.swift
+++ b/SecretAgentKit/SigningWitness.swift
@@ -3,6 +3,7 @@ import SecretKit
 
 public protocol SigningWitness {
 
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
     func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
 
 }