Documentation ¶
Index ¶
- func CanonicalKeyID(k data.PublicKey) (string, error)
- func CertBundleToKey(leafCert *x509.Certificate, intCerts []*x509.Certificate) (data.PublicKey, error)
- func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)
- func CertToKey(cert *x509.Certificate) data.PublicKey
- func CertToPEM(cert *x509.Certificate) []byte
- func CertsToKeys(leafCerts map[string]*x509.Certificate, ...) map[string]data.PublicKey
- func ConsistentName(role string, hashSha256 []byte) string
- func DoHash(alg string, d []byte) []byte
- func Download(url url.URL) (*http.Response, error)
- func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)
- func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)
- func EncryptPrivateKey(key data.PrivateKey, role, gun, passphrase string) ([]byte, error)
- func FileExists(path string) bool
- func FindRoleIndex(rs []*data.Role, name string) int
- func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)
- func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)
- func GenerateRSAKey(random io.Reader, bits int) (data.PrivateKey, error)
- func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate
- func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate
- func KeyToPEM(privKey data.PrivateKey, role string) ([]byte, error)
- func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)
- func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
- func LoadCertFromFile(filename string) (*x509.Certificate, error)
- func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)
- func NewCertificate(gun string, startTime, endTime time.Time) (*x509.Certificate, error)
- func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)
- func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error)
- func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)
- func ReadRoleFromPEM(pemBytes []byte) string
- func RemoveUnusedKeys(t *data.SignedTargets)
- func StrSliceContains(ss []string, s string) bool
- func StrSliceContainsI(ss []string, s string) bool
- func StrSliceRemove(ss []string, s string) []string
- func UnusedDelegationKeys(t data.SignedTargets) []string
- func Upload(url string, body io.Reader) (*http.Response, error)
- func ValidateCertificate(c *x509.Certificate, checkExpiry bool) error
- func X509PublicKeyID(certPubKey data.PublicKey) (string, error)
- type ErrBadTypeCast
- type ErrEmptyStack
- type NoopCloser
- type RoleList
- type Stack
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CanonicalKeyID ¶
CanonicalKeyID returns the ID of the public bytes version of a TUF key. On regular RSA/ECDSA TUF keys, this is just the key ID. On X509 RSA/ECDSA TUF keys, this is the key ID of the public key part of the key in the leaf cert
func CertBundleToKey ¶ added in v0.4.0
func CertBundleToKey(leafCert *x509.Certificate, intCerts []*x509.Certificate) (data.PublicKey, error)
CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates
func CertChainToPEM ¶ added in v0.4.0
func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)
CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed
func CertToKey ¶ added in v0.4.0
func CertToKey(cert *x509.Certificate) data.PublicKey
CertToKey transforms a single input certificate into its corresponding PublicKey
func CertToPEM ¶ added in v0.4.0
func CertToPEM(cert *x509.Certificate) []byte
CertToPEM is a utility function returns a PEM encoded x509 Certificate
func CertsToKeys ¶ added in v0.4.0
func CertsToKeys(leafCerts map[string]*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey
CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey
func ConsistentName ¶
ConsistentName generates the appropriate HTTP URL path for the role, based on whether the repo is marked as consistent. The RemoteStore is responsible for adding file extensions.
func ECDSAToPrivateKey ¶ added in v0.4.0
func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)
ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type
func ED25519ToPrivateKey ¶ added in v0.4.0
func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)
ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type
func EncryptPrivateKey ¶ added in v0.4.0
func EncryptPrivateKey(key data.PrivateKey, role, gun, passphrase string) ([]byte, error)
EncryptPrivateKey returns an encrypted PEM key given a Privatekey and a passphrase
func FileExists ¶
FileExists returns true if a file (or dir) exists at the given path, false otherwise
func FindRoleIndex ¶
FindRoleIndex returns the index of the role named <name> or -1 if no matching role is found.
func GenerateECDSAKey ¶ added in v0.4.0
func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)
GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey
func GenerateED25519Key ¶ added in v0.4.0
func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)
GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey. The serialization format we use is just the public key bytes followed by the private key bytes
func GenerateRSAKey ¶ added in v0.4.0
GenerateRSAKey generates an RSA private key and returns a TUF PrivateKey
func GetIntermediateCerts ¶ added in v0.4.0
func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate
GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates
func GetLeafCerts ¶ added in v0.4.0
func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate
GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA
func KeyToPEM ¶ added in v0.4.0
func KeyToPEM(privKey data.PrivateKey, role string) ([]byte, error)
KeyToPEM returns a PEM encoded key from a Private Key
func LoadCertBundleFromFile ¶ added in v0.4.0
func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)
LoadCertBundleFromFile loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertBundleFromPEM ¶ added in v0.4.0
func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
LoadCertBundleFromPEM loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertFromFile ¶ added in v0.4.0
func LoadCertFromFile(filename string) (*x509.Certificate, error)
LoadCertFromFile loads the first certificate from the file provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"
func LoadCertFromPEM ¶ added in v0.4.0
func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)
LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found. Taken from https://golang.org/src/crypto/x509/cert_pool.go#L85.
func NewCertificate ¶ added in v0.4.0
NewCertificate returns an X509 Certificate following a template, given a GUN and validity interval.
func ParsePEMPrivateKey ¶ added in v0.4.0
func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)
ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It only supports RSA (PKCS#1) and attempts to decrypt using the passphrase, if encrypted.
func ParsePEMPublicKey ¶ added in v0.4.0
ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.
func RSAToPrivateKey ¶ added in v0.4.0
func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)
RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type
func ReadRoleFromPEM ¶ added in v0.4.0
ReadRoleFromPEM returns the value from the role PEM header, if it exists
func RemoveUnusedKeys ¶
func RemoveUnusedKeys(t *data.SignedTargets)
RemoveUnusedKeys determines which keys in the slice of IDs are no longer used in the given targets file and removes them from the delegated keys map
func StrSliceContains ¶
StrSliceContains checks if the given string appears in the slice
func StrSliceContainsI ¶
StrSliceContainsI checks if the given string appears in the slice in a case insensitive manner
func StrSliceRemove ¶
StrSliceRemove removes the the given string from the slice, returning a new slice
func UnusedDelegationKeys ¶
func UnusedDelegationKeys(t data.SignedTargets) []string
UnusedDelegationKeys prunes a list of keys, returning those that are no longer in use for a given targets file
func ValidateCertificate ¶ added in v0.4.0
func ValidateCertificate(c *x509.Certificate, checkExpiry bool) error
ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only ensuring the public key has a large enough modulus if RSA, using a non SHA1 signature algorithm, and an optional time expiry check
Types ¶
type ErrBadTypeCast ¶
type ErrBadTypeCast struct{}
ErrBadTypeCast is used by PopX functions when the item cannot be typed to X
func (ErrBadTypeCast) Error ¶
func (err ErrBadTypeCast) Error() string
type ErrEmptyStack ¶
type ErrEmptyStack struct {
// contains filtered or unexported fields
}
ErrEmptyStack is used when an action that requires some content is invoked and the stack is empty
func (ErrEmptyStack) Error ¶
func (err ErrEmptyStack) Error() string
type NoopCloser ¶
NoopCloser is a simple Reader wrapper that does nothing when Close is called
type RoleList ¶
type RoleList []string
RoleList is a list of roles
type Stack ¶
type Stack struct {
// contains filtered or unexported fields
}
Stack is a simple type agnostic stack implementation
func (*Stack) Pop ¶
Pop removes and returns the top item on the stack, or returns ErrEmptyStack if the stack has no content