asserts

package
v0.0.0-...-48d87d0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2015 License: GPL-3.0 Imports: 23 Imported by: 0

Documentation

Overview

Package asserts implements snappy assertions and a database abstraction for managing and holding them.

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotFound = errors.New("assertion not found")
)

Well-known errors

Functions

func Encode 

func Encode(assert Assertion) []byte

Encode serializes an assertion.

func EncodeDigest 

func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)

EncodeDigest encodes a hash algorithm and a digest to be put in an assertion header.

func EncodePublicKey 

func EncodePublicKey(pubKey PublicKey) ([]byte, error)

EncodePublicKey serializes a public key, typically for embedding in an assertion.

Types

type AccountKey 

type AccountKey struct {
	// contains filtered or unexported fields
}

AccountKey holds an account-key assertion, asserting a public key belonging to the account.

func (*AccountKey) AccountID 

func (ak *AccountKey) AccountID() string

AccountID returns the account-id of this account-key.

func (*AccountKey) AuthorityID 

func (ab *AccountKey) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*AccountKey) Body 

func (ab *AccountKey) Body() []byte

Body returns the body of the assertion.

func (*AccountKey) Fingerprint 

func (ak *AccountKey) Fingerprint() string

Fingerprint returns the fingerprint of the account key.

func (*AccountKey) Header 

func (ab *AccountKey) Header(name string) string

Header returns the value of an header by name.

func (*AccountKey) Revision 

func (ab *AccountKey) Revision() int

Revision returns the assertion revision.

func (*AccountKey) Signature 

func (ab *AccountKey) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*AccountKey) Since 

func (ak *AccountKey) Since() time.Time

Since returns the time when the account key starts being valid.

func (*AccountKey) Type 

func (ab *AccountKey) Type() AssertionType

Type returns the assertion type.

func (*AccountKey) Until 

func (ak *AccountKey) Until() time.Time

Until returns the time when the account key stops being valid.

type Assertion 

type Assertion interface {
	// Type returns the type of this assertion
	Type() AssertionType
	// Revision returns the revision of this assertion
	Revision() int
	// AuthorityID returns the authority that signed this assertion
	AuthorityID() string

	// Header retrieves the header with name
	Header(name string) string

	// Body returns the body of this assertion
	Body() []byte

	// Signature returns the signed content and its unprocessed signature
	Signature() (content, signature []byte)
}

Assertion represents an assertion through its general elements.

func Decode 

func Decode(serializedAssertion []byte) (Assertion, error)

Decode parses a serialized assertion.

The expected serialisation format looks like: 

HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE

where: 

HEADER is a set of header lines separated by "\n"
BODY can be arbitrary,
SIGNATURE is the signature

A header line looks like: 

NAME ": " VALUE

The following headers are mandatory: 

type
authority-id (the signer id)

The following headers expect integer values and if omitted otherwise are assumed to be 0: 

revision (a positive int)
body-length (expected to be equal to the length of BODY)

type AssertionType 

type AssertionType string

AssertionType labels assertions of a given type 

const (
	AccountKeyType AssertionType = "account-key"
	SnapBuildType  AssertionType = "snap-build"
)

Understood assertions

type Database 

type Database struct {
	// contains filtered or unexported fields
}

Database holds assertions and can be used to sign or check further assertions.

func OpenDatabase 

func OpenDatabase(cfg *DatabaseConfig) (*Database, error)

OpenDatabase opens the assertion database based on the configuration.

func OpenSysDatabase 

func OpenSysDatabase() (*Database, error)

OpenSysDatabase opens the installation-wide assertion database.

func (*Database) Add 

func (db *Database) Add(assert Assertion) error

Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.

func (*Database) Check 

func (db *Database) Check(assert Assertion) error

Check tests whether the assertion is properly signed and consistent with all the stored knowledge.

func (*Database) Find 

func (db *Database) Find(assertionType AssertionType, headers map[string]string) (Assertion, error)

Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns ErrNotFound if the assertion cannot be found.

func (*Database) FindMany 

func (db *Database) FindMany(assertionType AssertionType, headers map[string]string) ([]Assertion, error)

FindMany finds assertions based on arbitrary headers. It returns ErrNotFound if no assertion can be found.

func (*Database) GenerateKey 

func (db *Database) GenerateKey(authorityID string) (fingerprint string, err error)

GenerateKey generates a private/public key pair for identity and stores it returning its fingerprint.

func (*Database) ImportKey 

func (db *Database) ImportKey(authorityID string, privKey PrivateKey) (fingerprint string, err error)

ImportKey stores the given private/public key pair for identity and returns its fingerprint

func (*Database) PublicKey 

func (db *Database) PublicKey(authorityID string, fingerprintSuffix string) (PublicKey, error)

PublicKey exports the public part of a stored key pair for identity by matching the given fingerprint suffix, it is an error if no or more than one key pair is found.

func (*Database) Sign 

func (db *Database) Sign(assertType AssertionType, headers map[string]string, body []byte, fingerprint string) (Assertion, error)

Sign builds an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided fingerprint.

type DatabaseConfig 

type DatabaseConfig struct {
	// database backstore path
	Path string
	// trusted account keys
	TrustedKeys []*AccountKey
}

DatabaseConfig for an assertion database.

type PrivateKey 

type PrivateKey interface {
	// PublicKey returns the public part of the pair.
	PublicKey() PublicKey
	// contains filtered or unexported methods
}

PrivateKey is a cryptographic private/public key pair.

func OpenPGPPrivateKey 

func OpenPGPPrivateKey(privk *packet.PrivateKey) PrivateKey

OpenPGPPrivateKey returns a PrivateKey for database use out of a opengpg packet.PrivateKey.

type PublicKey 

type PublicKey interface {
	// Fingerprint returns the key fingerprint.
	Fingerprint() string
	// contains filtered or unexported methods
}

PublicKey is the public part of a cryptographic private/public key pair.

func OpenPGPPublicKey 

func OpenPGPPublicKey(pubKey *packet.PublicKey) PublicKey

OpenPGPPublicKey returns a database useable public key out of a opengpg packet.PulicKey.

type Signature 

type Signature interface {
	// KeyID() returns a suffix of the signing key fingerprint
	KeyID() string
}

Signature is a cryptographic signature.

type SnapBuild 

type SnapBuild struct {
	// contains filtered or unexported fields
}

SnapBuild holds a snap-build assertion, asserting the properties of a built snap by the builder.

func (*SnapBuild) AuthorityID 

func (ab *SnapBuild) AuthorityID() string

AuthorityID returns the authority-id a.k.a the signer id of the assertion.

func (*SnapBuild) Body 

func (ab *SnapBuild) Body() []byte

Body returns the body of the assertion.

func (*SnapBuild) Grade 

func (snapdcl *SnapBuild) Grade() string

Grade returns the grade of the built snap: devel|stable

func (*SnapBuild) Header 

func (ab *SnapBuild) Header(name string) string

Header returns the value of an header by name.

func (*SnapBuild) Revision 

func (ab *SnapBuild) Revision() int

Revision returns the assertion revision.

func (*SnapBuild) Signature 

func (ab *SnapBuild) Signature() (content, signature []byte)

Signature returns the signed content and its unprocessed signature.

func (*SnapBuild) SnapDigest 

func (snapdcl *SnapBuild) SnapDigest() string

SnapDigest returns the digest of the built snap.

func (*SnapBuild) SnapID 

func (snapdcl *SnapBuild) SnapID() string

SnapID returns the snap id of the built snap.

func (*SnapBuild) SnapSize 

func (snapdcl *SnapBuild) SnapSize() uint64

SnapSize returns the size of the built snap.

func (*SnapBuild) Timestamp 

func (snapdcl *SnapBuild) Timestamp() time.Time

Timestamp returns the snap-build assertion timestamp.

func (*SnapBuild) Type 

func (ab *SnapBuild) Type() AssertionType

Type returns the assertion type.

Source Files

View all Source files

Directories

Path Synopsis
Tool to create assertions for testing/playing purpose.
 Tool to create assertions for testing/playing purpose.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.