Documentation ¶
Overview ¶
Package tofu implements trust on first use using hosts and fingerprints.
Index ¶
- type Fingerprint
- type Host
- type HostWriter
- type KnownHosts
- func (k *KnownHosts) Add(h Host)
- func (k *KnownHosts) Entries() []Host
- func (k *KnownHosts) Load(path string) error
- func (k *KnownHosts) Lookup(hostname string) (Host, bool)
- func (k *KnownHosts) Parse(r io.Reader) error
- func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error
- func (k *KnownHosts) WriteTo(w io.Writer) (int64, error)
- type PersistentHosts
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Fingerprint ¶
type Fingerprint []byte
Fingerprint represents a fingerprint.
func (Fingerprint) String ¶ added in v0.1.12
func (f Fingerprint) String() string
String returns a string representation of the fingerprint.
type Host ¶ added in v0.1.12
type Host struct { Hostname string // hostname Algorithm string // fingerprint algorithm e.g. SHA-512 Fingerprint Fingerprint // fingerprint Expires time.Time // unix time of the fingerprint expiration date }
Host represents a host entry with a fingerprint using a certain algorithm.
func NewHost ¶ added in v0.1.12
NewHost returns a new host with a SHA-512 fingerprint of the provided raw data.
func (*Host) UnmarshalText ¶ added in v0.1.12
UnmarshalText unmarshals the host from the provided text.
type HostWriter ¶ added in v0.1.12
type HostWriter struct {
// contains filtered or unexported fields
}
HostWriter writes host entries to an io.WriteCloser.
HostWriter is safe for concurrent use by multiple goroutines.
func NewHostWriter ¶ added in v0.1.12
func NewHostWriter(w io.WriteCloser) *HostWriter
NewHostWriter returns a new host writer that writes to the provided io.WriteCloser.
func OpenHostsFile ¶ added in v0.1.14
func OpenHostsFile(path string) (*HostWriter, error)
OpenHostsFile returns a new host writer that appends to the file at the given path. The file is created if it does not exist.
func (*HostWriter) Close ¶ added in v0.1.12
func (h *HostWriter) Close() error
Close closes the underlying io.Closer.
func (*HostWriter) WriteHost ¶ added in v0.1.12
func (h *HostWriter) WriteHost(host Host) error
WriteHost writes the host to the underlying io.Writer.
type KnownHosts ¶
type KnownHosts struct {
// contains filtered or unexported fields
}
KnownHosts represents a list of known hosts. The zero value for KnownHosts represents an empty list ready to use.
KnownHosts is safe for concurrent use by multiple goroutines.
func (*KnownHosts) Add ¶ added in v0.1.12
func (k *KnownHosts) Add(h Host)
Add adds a host to the list of known hosts.
func (*KnownHosts) Entries ¶ added in v0.1.12
func (k *KnownHosts) Entries() []Host
Entries returns the known host entries sorted by hostname.
func (*KnownHosts) Load ¶ added in v0.1.12
func (k *KnownHosts) Load(path string) error
Load loads the known hosts entries from the provided path.
func (*KnownHosts) Lookup ¶ added in v0.1.12
func (k *KnownHosts) Lookup(hostname string) (Host, bool)
Lookup returns the known host entry corresponding to the given hostname.
func (*KnownHosts) Parse ¶ added in v0.1.12
func (k *KnownHosts) Parse(r io.Reader) error
Parse parses the provided io.Reader and adds the parsed hosts to the list. Invalid entries are ignored.
For more control over errors encountered during parsing, use bufio.Scanner in combination with ParseHost. For example:
var knownHosts tofu.KnownHosts scanner := bufio.NewScanner(r) for scanner.Scan() { host, err := tofu.ParseHost(scanner.Bytes()) if err != nil { // handle error } else { knownHosts.Add(host) } } err := scanner.Err() if err != nil { // handle error }
func (*KnownHosts) TOFU ¶ added in v0.1.12
func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error
TOFU implements basic trust on first use.
If the host is not on file, it is added to the list. If the host on file is expired, a new entry is added to the list. If the fingerprint does not match the one on file, an error is returned.
type PersistentHosts ¶ added in v0.1.14
type PersistentHosts struct {
// contains filtered or unexported fields
}
PersistentHosts represents a persistent set of known hosts.
func LoadPersistentHosts ¶ added in v0.1.14
func LoadPersistentHosts(path string) (*PersistentHosts, error)
LoadPersistentHosts loads persistent hosts from the file at the given path.
func NewPersistentHosts ¶ added in v0.1.14
func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts
NewPersistentHosts returns a new persistent set of known hosts that stores known hosts in hosts and writes new hosts to writer.
func (*PersistentHosts) Add ¶ added in v0.1.14
func (p *PersistentHosts) Add(h Host) error
Add adds a host to the list of known hosts. It returns an error if the host could not be persisted.
func (*PersistentHosts) Close ¶ added in v0.1.14
func (p *PersistentHosts) Close() error
Close closes the underlying HostWriter.
func (*PersistentHosts) Entries ¶ added in v0.1.14
func (p *PersistentHosts) Entries() []Host
Entries returns the known host entries sorted by hostname.
func (*PersistentHosts) Lookup ¶ added in v0.1.14
func (p *PersistentHosts) Lookup(hostname string) (Host, bool)
Lookup returns the known host entry corresponding to the given hostname.
func (*PersistentHosts) TOFU ¶ added in v0.1.14
func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error
TOFU implements trust on first use with a persistent set of known hosts.
If the host is not on file, it is added to the list. If the host on file is expired, a new entry is added to the list. If the fingerprint does not match the one on file, an error is returned.