Versions in this module Expand all Collapse all v0 v0.0.2 Mar 3, 2021 Changes in this version + func GetTrustBundle(ctx context.Context, socketPath string) []*x509.Certificate + func VerifyCertificateTrust(key Key, rootCertPool, intermediateCertPool *x509.CertPool) error type Key + func GetSVID(ctx context.Context, socketPath string) Key + func (k *Key) LoadKeyDefaults(path string) error + func (k *Key) LoadKeyReaderDefaults(r io.Reader) error v0.0.1 Feb 24, 2021 Changes in this version + const AllowAllConstraint + const ISO8601DateSchema + const LinkGlobFormat + const LinkNameFormat + const LinkNameFormatShort + const PreliminaryLinkNameFormat + const SublayoutLinkDirFormat + var ErrCurveSizeSchemeMismatch = errors.New("the scheme does not match the curve size") + var ErrEmptyKeyField = errors.New("empty field in key") + var ErrFailedPEMParsing = errors.New("failed parsing the PEM block: unsupported PEM type") + var ErrInvalidHexString = errors.New("invalid hex string") + var ErrInvalidKey = errors.New("invalid key") + var ErrInvalidSignature = errors.New("invalid signature") + var ErrKeyKeyTypeMismatch = errors.New("the given key does not match its key type") + var ErrNoPEMBlock = errors.New("failed to decode the data as PEM block (are you sure this is a pem file?)") + var ErrNoPublicKey = errors.New("the given key is not a public key") + var ErrSchemeKeyTypeMismatch = errors.New("the scheme and key type are not supported together") + var ErrSymCycle = errors.New("symlink cycle detected") + var ErrUnsupportedHashAlgorithm = errors.New("unsupported hash algorithm detected") + var ErrUnsupportedKeyIDHashAlgorithms = errors.New("the given keyID hash algorithm is not supported") + var ErrUnsupportedKeyType = errors.New("unsupported key type") + func EncodeCanonical(obj interface{}) ([]byte, error) + func InterfaceKeyStrings(m map[string]interface{}) []string + func LoadLayoutCertificates(layout Layout, intermediatePems [][]byte) (*x509.CertPool, *x509.CertPool, error) + func LoadLinksForLayout(layout Layout, linkDir string) (map[string]map[string]Metablock, error) + func RecordArtifact(path string, hashAlgorithms []string) (map[string]interface{}, error) + func RecordArtifacts(paths []string, hashAlgorithms []string, gitignorePatterns []string) (evalArtifacts map[string]interface{}, err error) + func ReduceStepsMetadata(layout Layout, stepsMetadata map[string]map[string]Metablock) (map[string]Metablock, error) + func RunCommand(cmdArgs []string) (map[string]interface{}, error) + func RunInspections(layout Layout) (map[string]Metablock, error) + func UnpackRule(rule []string) (map[string]string, error) + func VerifyArtifacts(items []interface{}, itemsMetadata map[string]Metablock) error + func VerifyLayoutExpiration(layout Layout) error + func VerifyLayoutSignatures(layoutMb Metablock, layoutKeys map[string]Key) error + func VerifyLinkSignatureThesholds(layout Layout, stepsMetadata map[string]map[string]Metablock, ...) (map[string]map[string]Metablock, error) + func VerifySignature(key Key, sig Signature, unverified []byte) error + func VerifyStepCommandAlignment(layout Layout, stepsMetadata map[string]map[string]Metablock) + func VerifySublayouts(layout Layout, stepsMetadataVerified map[string]map[string]Metablock, ...) (map[string]map[string]Metablock, error) + type CertificateConstraint struct + CommonName string + URIs []string + func (cc CertificateConstraint) Check(cert *x509.Certificate) bool + type Inspection struct + Run []string + Type string + type Key struct + KeyID string + KeyIDHashAlgorithms []string + KeyType string + KeyVal KeyVal + Scheme string + func (k *Key) LoadKey(path string, scheme string, KeyIDHashAlgorithms []string) error + func (k *Key) LoadKeyReader(r io.Reader, scheme string, KeyIDHashAlgorithms []string) error + type KeyVal struct + Certificate string + Private string + Public string + type Layout struct + Expires string + Inspect []Inspection + IntermediateCas []string + Keys map[string]Key + Readme string + RootCas []string + Steps []Step + Type string + func SubstituteParameters(layout Layout, parameterDictionary map[string]string) (Layout, error) + type Link struct + ByProducts map[string]interface{} + Command []string + Environment map[string]interface{} + Materials map[string]interface{} + Name string + Products map[string]interface{} + Type string + type Metablock struct + Signatures []Signature + Signed interface{} + func GetSummaryLink(layout Layout, stepsMetadataReduced map[string]Metablock, stepName string) (Metablock, error) + func InTotoRecordStart(name string, materialPaths []string, key Key, ...) (Metablock, error) + func InTotoRecordStop(prelimLinkMb Metablock, productPaths []string, key Key, ...) (Metablock, error) + func InTotoRun(name string, materialPaths []string, productPaths []string, cmdArgs []string, ...) (Metablock, error) + func InTotoVerify(layoutMb Metablock, layoutKeys map[string]Key, linkDir string, stepName string, ...) (Metablock, error) + func (mb *Metablock) Dump(path string) error + func (mb *Metablock) GetSignableRepresentation() ([]byte, error) + func (mb *Metablock) GetSignatureForKeyID(keyID string) (Signature, error) + func (mb *Metablock) Load(path string) (err error) + func (mb *Metablock) Sign(key Key) error + func (mb *Metablock) VerifySignature(key Key) error + func (mb *Metablock) VerifySignatureWithCertificate(sig Signature, cert *x509.Certificate, ...) error + type Set map[string]struct + func NewSet(elems ...string) Set + func (s Set) Add(elem string) + func (s Set) Difference(s2 Set) Set + func (s Set) Filter(pattern string) Set + func (s Set) Has(elem string) bool + func (s Set) Intersection(s2 Set) Set + func (s Set) IsSubSet(subset Set) bool + func (s Set) Remove(elem string) + func (s Set) Slice() []string + type Signature struct + Certificate string + KeyID string + Sig string + func GenerateSignature(signable []byte, key Key) (Signature, error) + func (sig Signature) GetCertificate() (*x509.Certificate, error) + type Step struct + CertificateConstraints []CertificateConstraint + ExpectedCommand []string + PubKeys []string + Threshold int + Type string + func (s Step) CheckCertConstraints(cert *x509.Certificate) bool + type SupplyChainItem struct + ExpectedMaterials [][]string + ExpectedProducts [][]string + Name string