Documentation ¶
Overview ¶
Package asserts implements snappy assertions and a database abstraction for managing and holding them.
Index ¶
- Variables
- func Encode(assert Assertion) []byte
- func EncodeDigest(hash crypto.Hash, hashDigest []byte) (string, error)
- func EncodePublicKey(pubKey PublicKey) ([]byte, error)
- type AccountKey
- func (ak *AccountKey) AccountID() string
- func (ab *AccountKey) AuthorityID() string
- func (ab *AccountKey) Body() []byte
- func (ak *AccountKey) Fingerprint() string
- func (ab *AccountKey) Header(name string) string
- func (ab *AccountKey) Revision() int
- func (ab *AccountKey) Signature() (content, signature []byte)
- func (ak *AccountKey) Since() time.Time
- func (ab *AccountKey) Type() AssertionType
- func (ak *AccountKey) Until() time.Time
- type Assertion
- type AssertionType
- type Database
- func (db *Database) Add(assert Assertion) error
- func (db *Database) Check(assert Assertion) error
- func (db *Database) Find(assertionType AssertionType, headers map[string]string) (Assertion, error)
- func (db *Database) FindMany(assertionType AssertionType, headers map[string]string) ([]Assertion, error)
- func (db *Database) GenerateKey(authorityID string) (fingerprint string, err error)
- func (db *Database) ImportKey(authorityID string, privKey PrivateKey) (fingerprint string, err error)
- func (db *Database) PublicKey(authorityID string, fingerprintSuffix string) (PublicKey, error)
- func (db *Database) Sign(assertType AssertionType, headers map[string]string, body []byte, ...) (Assertion, error)
- type DatabaseConfig
- type PrivateKey
- type PublicKey
- type Signature
- type SnapBuild
- func (ab *SnapBuild) AuthorityID() string
- func (ab *SnapBuild) Body() []byte
- func (snapdcl *SnapBuild) Grade() string
- func (ab *SnapBuild) Header(name string) string
- func (ab *SnapBuild) Revision() int
- func (ab *SnapBuild) Signature() (content, signature []byte)
- func (snapdcl *SnapBuild) SnapDigest() string
- func (snapdcl *SnapBuild) SnapID() string
- func (snapdcl *SnapBuild) SnapSize() uint64
- func (snapdcl *SnapBuild) Timestamp() time.Time
- func (ab *SnapBuild) Type() AssertionType
Constants ¶
This section is empty.
Variables ¶
var (
ErrNotFound = errors.New("assertion not found")
)
Well-known errors
Functions ¶
func EncodeDigest ¶
EncodeDigest encodes a hash algorithm and a digest to be put in an assertion header.
func EncodePublicKey ¶
EncodePublicKey serializes a public key, typically for embedding in an assertion.
Types ¶
type AccountKey ¶
type AccountKey struct {
// contains filtered or unexported fields
}
AccountKey holds an account-key assertion, asserting a public key belonging to the account.
func (*AccountKey) AccountID ¶
func (ak *AccountKey) AccountID() string
AccountID returns the account-id of this account-key.
func (*AccountKey) AuthorityID ¶
func (ab *AccountKey) AuthorityID() string
AuthorityID returns the authority-id a.k.a the signer id of the assertion.
func (*AccountKey) Body ¶
func (ab *AccountKey) Body() []byte
Body returns the body of the assertion.
func (*AccountKey) Fingerprint ¶
func (ak *AccountKey) Fingerprint() string
Fingerprint returns the fingerprint of the account key.
func (*AccountKey) Revision ¶
func (ab *AccountKey) Revision() int
Revision returns the assertion revision.
func (*AccountKey) Signature ¶
func (ab *AccountKey) Signature() (content, signature []byte)
Signature returns the signed content and its unprocessed signature.
func (*AccountKey) Since ¶
func (ak *AccountKey) Since() time.Time
Since returns the time when the account key starts being valid.
func (*AccountKey) Type ¶
func (ab *AccountKey) Type() AssertionType
Type returns the assertion type.
func (*AccountKey) Until ¶
func (ak *AccountKey) Until() time.Time
Until returns the time when the account key stops being valid.
type Assertion ¶
type Assertion interface { // Type returns the type of this assertion Type() AssertionType // Revision returns the revision of this assertion Revision() int // AuthorityID returns the authority that signed this assertion AuthorityID() string // Header retrieves the header with name Header(name string) string // Body returns the body of this assertion Body() []byte // Signature returns the signed content and its unprocessed signature Signature() (content, signature []byte) }
Assertion represents an assertion through its general elements.
func Decode ¶
Decode parses a serialized assertion.
The expected serialisation format looks like:
HEADER ("\n\n" BODY?)? "\n\n" SIGNATURE
where:
HEADER is a set of header lines separated by "\n" BODY can be arbitrary, SIGNATURE is the signature
A header line looks like:
NAME ": " VALUE
The following headers are mandatory:
type authority-id (the signer id)
The following headers expect integer values and if omitted otherwise are assumed to be 0:
revision (a positive int) body-length (expected to be equal to the length of BODY)
type AssertionType ¶
type AssertionType string
AssertionType labels assertions of a given type
const ( AccountKeyType AssertionType = "account-key" SnapBuildType AssertionType = "snap-build" )
Understood assertions
type Database ¶
type Database struct {
// contains filtered or unexported fields
}
Database holds assertions and can be used to sign or check further assertions.
func OpenDatabase ¶
func OpenDatabase(cfg *DatabaseConfig) (*Database, error)
OpenDatabase opens the assertion database based on the configuration.
func OpenSysDatabase ¶
OpenSysDatabase opens the installation-wide assertion database.
func (*Database) Add ¶
Add persists the assertion after ensuring it is properly signed and consistent with all the stored knowledge. It will return an error when trying to add an older revision of the assertion than the one currently stored.
func (*Database) Check ¶
Check tests whether the assertion is properly signed and consistent with all the stored knowledge.
func (*Database) Find ¶
Find an assertion based on arbitrary headers. Provided headers must contain the primary key for the assertion type. It returns ErrNotFound if the assertion cannot be found.
func (*Database) FindMany ¶
func (db *Database) FindMany(assertionType AssertionType, headers map[string]string) ([]Assertion, error)
FindMany finds assertions based on arbitrary headers. It returns ErrNotFound if no assertion can be found.
func (*Database) GenerateKey ¶
GenerateKey generates a private/public key pair for identity and stores it returning its fingerprint.
func (*Database) ImportKey ¶
func (db *Database) ImportKey(authorityID string, privKey PrivateKey) (fingerprint string, err error)
ImportKey stores the given private/public key pair for identity and returns its fingerprint
func (*Database) PublicKey ¶
PublicKey exports the public part of a stored key pair for identity by matching the given fingerprint suffix, it is an error if no or more than one key pair is found.
func (*Database) Sign ¶
func (db *Database) Sign(assertType AssertionType, headers map[string]string, body []byte, fingerprint string) (Assertion, error)
Sign builds an assertion with the provided information and signs it with the private key from `headers["authority-id"]` that has the provided fingerprint.
type DatabaseConfig ¶
type DatabaseConfig struct { // database backstore path Path string // trusted account keys TrustedKeys []*AccountKey }
DatabaseConfig for an assertion database.
type PrivateKey ¶
type PrivateKey interface { // PublicKey returns the public part of the pair. PublicKey() PublicKey // contains filtered or unexported methods }
PrivateKey is a cryptographic private/public key pair.
func OpenPGPPrivateKey ¶
func OpenPGPPrivateKey(privk *packet.PrivateKey) PrivateKey
OpenPGPPrivateKey returns a PrivateKey for database use out of a opengpg packet.PrivateKey.
type PublicKey ¶
type PublicKey interface { // Fingerprint returns the key fingerprint. Fingerprint() string // contains filtered or unexported methods }
PublicKey is the public part of a cryptographic private/public key pair.
func OpenPGPPublicKey ¶
OpenPGPPublicKey returns a database useable public key out of a opengpg packet.PulicKey.
type Signature ¶
type Signature interface { // KeyID() returns a suffix of the signing key fingerprint KeyID() string }
Signature is a cryptographic signature.
type SnapBuild ¶
type SnapBuild struct {
// contains filtered or unexported fields
}
SnapBuild holds a snap-build assertion, asserting the properties of a built snap by the builder.
func (*SnapBuild) AuthorityID ¶
func (ab *SnapBuild) AuthorityID() string
AuthorityID returns the authority-id a.k.a the signer id of the assertion.
func (*SnapBuild) Revision ¶
func (ab *SnapBuild) Revision() int
Revision returns the assertion revision.
func (*SnapBuild) Signature ¶
func (ab *SnapBuild) Signature() (content, signature []byte)
Signature returns the signed content and its unprocessed signature.
func (*SnapBuild) SnapDigest ¶
SnapDigest returns the digest of the built snap.