tuf

package
v0.0.0-...-d338334 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2022 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultRemoteRoot is the default remote TUF root location.
	DefaultRemoteRoot = "https://sigstore-tuf-root.storage.googleapis.com"

	// TufRootEnv is the name of the environment variable that locates an alternate local TUF root location.
	TufRootEnv = "TUF_ROOT"

	// SigstoreNoCache is the name of the environment variable that, if set, configures this code to only store root data in memory.
	SigstoreNoCache = "SIGSTORE_NO_CACHE"
)
View Source 
const (
	KeyTypeFulcio   = "sigstore-oidc"
	KeySchemeFulcio = "https://fulcio.sigstore.dev"
)

Variables

View Source 
var KeyAlgorithms = []string{"sha256", "sha512"}

Functions

func Initialize 

func Initialize(ctx context.Context, mirror string, root []byte) error

func NewSigstoreTufRepo 

func NewSigstoreTufRepo(t *testing.T, root TestSigstoreRoot) (tuf.LocalStore, *tuf.Repo)

This creates a new sigstore TUF repo whose signers can be used to create dynamic signed Rekor entries.

Types

type FulcioKeyVal 

type FulcioKeyVal struct {
	Identity string `json:"identity"`
	Issuer   string `json:"issuer,omitempty"`
}

func GetFulcioKeyVal 

func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)

type Key 

type Key struct {
	Type       string          `json:"keytype"`
	Scheme     string          `json:"scheme"`
	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
	Value      json.RawMessage `json:"keyval"`
	// contains filtered or unexported fields
}

func FulcioVerificationKey 

func FulcioVerificationKey(email, issuer string) *Key

func (*Key) ContainsID 

func (k *Key) ContainsID(id string) bool

func (*Key) ID 

func (k *Key) ID() string

type MetadataStatus 

type MetadataStatus struct {
	Version    int    `json:"version"`
	Size       int    `json:"len"`
	Expiration string `json:"expiration"`
	Error      string `json:"error"`
}

type Role 

type Role struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

func (*Role) AddKeysWithThreshold 

func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool

type Root 

type Root struct {
	Type        string           `json:"_type"`
	SpecVersion string           `json:"spec_version"`
	Version     int              `json:"version"`
	Expires     time.Time        `json:"expires"`
	Keys        map[string]*Key  `json:"keys"`
	Roles       map[string]*Role `json:"roles"`
	Namespace   string           `json:"namespace"`

	ConsistentSnapshot bool `json:"consistent_snapshot"`
}

func NewRoot 

func NewRoot() *Root

func (*Root) AddKey 

func (r *Root) AddKey(key *Key) bool

func (*Root) Marshal 

func (r *Root) Marshal() (*Signed, error)

func (*Root) ValidKey 

func (r *Root) ValidKey(key *Key, role string) (string, error)

type RootStatus 

type RootStatus struct {
	Local    string                    `json:"local"`
	Remote   string                    `json:"remote"`
	Metadata map[string]MetadataStatus `json:"metadata"`
	Targets  []string                  `json:"targets"`
}

JSON output representing the configured root status

func GetRootStatus 

func GetRootStatus(ctx context.Context) (*RootStatus, error)

GetRootStatus gets the current root status for info logging

type Signature 

type Signature struct {
	KeyID     string `json:"keyid"`
	Signature string `json:"sig"`
	Cert      string `json:"cert,omitempty"`
}

type Signed 

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

func (*Signed) AddOrUpdateSignature 

func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error

func (*Signed) JSONMarshal 

func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

type StatusKind 

type StatusKind int
const (
	UnknownStatus StatusKind = iota
	Active
	Expired
)

func (StatusKind) MarshalText 

func (s StatusKind) MarshalText() ([]byte, error)

func (StatusKind) String 

func (s StatusKind) String() string

func (*StatusKind) UnmarshalText 

func (s *StatusKind) UnmarshalText(text []byte) error

type TUF 

type TUF struct {
	sync.Mutex
	// contains filtered or unexported fields
}

func NewFromEnv 

func NewFromEnv(_ context.Context) (*TUF, error)

TODO: Remove ctx arg.

func (*TUF) GetTarget 

func (t *TUF) GetTarget(name string) ([]byte, error)

func (*TUF) GetTargetsByMeta 

func (t *TUF) GetTargetsByMeta(usage UsageKind, fallbacks []string) ([]TargetFile, error)

Get target files by a custom usage metadata tag. If there are no files found, use the fallback target names to fetch the targets by name.

type TargetFile 

type TargetFile struct {
	Target []byte
	Status StatusKind
}

type TestSigstoreRoot 

type TestSigstoreRoot struct {
	Rekor             signature.Verifier
	FulcioCertificate *x509.Certificate
}

type UsageKind 

type UsageKind int
const (
	UnknownUsage UsageKind = iota
	Fulcio
	Rekor
	CTFE
)

func (UsageKind) MarshalText 

func (u UsageKind) MarshalText() ([]byte, error)

func (UsageKind) String 

func (u UsageKind) String() string

func (*UsageKind) UnmarshalText 

func (u *UsageKind) UnmarshalText(text []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.