Documentation
¶
Index ¶
- Constants
- Variables
- func SetLogger(logger Logger)
- type DelegatedRole
- type Delegations
- type DiscardLogger
- type ErrBadVersionNumber
- type ErrDownload
- type ErrDownloadHTTP
- type ErrDownloadLengthMismatch
- type ErrEqualVersionNumber
- type ErrExpiredMetadata
- type ErrLengthOrHashMismatch
- type ErrRepository
- type ErrRuntime
- type ErrType
- type ErrUnsignedMetadata
- type ErrValue
- type Hashes
- type HexBytes
- type Key
- type KeyVal
- type Logger
- type MetaFiles
- type Metadata
- func (meta *Metadata[T]) ClearSignatures()
- func (meta *Metadata[T]) FromBytes(data []byte) (*Metadata[T], error)
- func (meta *Metadata[T]) FromFile(name string) (*Metadata[T], error)
- func (meta Metadata[T]) MarshalJSON() ([]byte, error)
- func (meta *Metadata[T]) Sign(signer signature.Signer) (*Signature, error)
- func (meta *Metadata[T]) ToBytes(pretty bool) ([]byte, error)
- func (meta *Metadata[T]) ToFile(name string, pretty bool) error
- func (meta *Metadata[T]) UnmarshalJSON(data []byte) error
- func (meta *Metadata[T]) VerifyDelegate(delegatedRole string, delegatedMetadata any) error
- type Role
- type RoleResult
- type Roles
- type RootType
- type Signature
- type SnapshotType
- type SuccinctRoles
- func (role *SuccinctRoles) GetRoles() []string
- func (role *SuccinctRoles) GetRolesForTarget(targetFilepath string) []RoleResult
- func (role *SuccinctRoles) GetSuffixLen() (int, int)
- func (role *SuccinctRoles) IsDelegatedRole(roleName string) bool
- func (role SuccinctRoles) MarshalJSON() ([]byte, error)
- func (role *SuccinctRoles) UnmarshalJSON(data []byte) error
- type TargetFiles
- func (source *TargetFiles) Equal(expected TargetFiles) bool
- func (t *TargetFiles) FromBytes(localPath string, data []byte, hashes ...string) (*TargetFiles, error)
- func (t *TargetFiles) FromFile(localPath string, hashes ...string) (*TargetFiles, error)
- func (signed TargetFiles) MarshalJSON() ([]byte, error)
- func (signed *TargetFiles) UnmarshalJSON(data []byte) error
- func (f *TargetFiles) VerifyLengthHashes(data []byte) error
- type TargetsType
- func (signed *TargetsType) AddKey(key *Key, role string) error
- func (signed *TargetsType) IsExpired(referenceTime time.Time) bool
- func (signed TargetsType) MarshalJSON() ([]byte, error)
- func (signed *TargetsType) RevokeKey(keyID string, role string) error
- func (signed *TargetsType) UnmarshalJSON(data []byte) error
- type TimestampType
Constants ¶
const ( KeyTypeEd25519 = "ed25519" KeyTypeECDSA_SHA2_P256_COMPAT = "ecdsa-sha2-nistp256" KeyTypeECDSA_SHA2_P256 = "ecdsa" KeyTypeRSASSA_PSS_SHA256 = "rsa" KeySchemeEd25519 = "ed25519" KeySchemeECDSA_SHA2_P256 = "ecdsa-sha2-nistp256" KeySchemeECDSA_SHA2_P384 = "ecdsa-sha2-nistp384" KeySchemeRSASSA_PSS_SHA256 = "rsassa-pss-sha256" )
const ( ROOT = "root" SNAPSHOT = "snapshot" TARGETS = "targets" TIMESTAMP = "timestamp" )
Define top level role names
const (
SPECIFICATION_VERSION = "1.0.31"
)
Define version of the TUF specification
Variables ¶
Functions ¶
Types ¶
type DelegatedRole ¶
type DelegatedRole struct {
Name string `json:"name"`
KeyIDs []string `json:"keyids"`
Threshold int `json:"threshold"`
Terminating bool `json:"terminating"`
PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"`
Paths []string `json:"paths,omitempty"`
UnrecognizedFields map[string]any `json:"-"`
}
DelegatedRole represents a delegated role in TUF
func (*DelegatedRole) IsDelegatedPath ¶
func (role *DelegatedRole) IsDelegatedPath(targetFilepath string) (bool, error)
IsDelegatedPath determines whether the given "targetFilepath" is in one of the paths that "DelegatedRole" is trusted to provide
func (DelegatedRole) MarshalJSON ¶
func (role DelegatedRole) MarshalJSON() ([]byte, error)
func (*DelegatedRole) UnmarshalJSON ¶
func (role *DelegatedRole) UnmarshalJSON(data []byte) error
type Delegations ¶
type Delegations struct {
Keys map[string]*Key `json:"keys"`
Roles []DelegatedRole `json:"roles,omitempty"`
SuccinctRoles *SuccinctRoles `json:"succinct_roles,omitempty"`
UnrecognizedFields map[string]any `json:"-"`
}
Delegations is an optional object which represents delegation roles and their corresponding keys
func (*Delegations) GetRolesForTarget ¶
func (role *Delegations) GetRolesForTarget(targetFilepath string) []RoleResult
GetRolesForTarget return the names and terminating status of all delegated roles who are responsible for targetFilepath Note the result should be an ordered list, ref. https://github.com/franchb/go-tuf/security/advisories/GHSA-4f8r-qqr9-fq8j
func (Delegations) MarshalJSON ¶
func (d Delegations) MarshalJSON() ([]byte, error)
func (*Delegations) UnmarshalJSON ¶
func (d *Delegations) UnmarshalJSON(data []byte) error
type DiscardLogger ¶
type DiscardLogger struct{}
func (DiscardLogger) Info ¶
func (d DiscardLogger) Info(msg string, kv ...any)
type ErrBadVersionNumber ¶
type ErrBadVersionNumber struct {
Msg string
}
ErrBadVersionNumber - An error for metadata that contains an invalid version number
func (*ErrBadVersionNumber) Error ¶
func (e *ErrBadVersionNumber) Error() string
func (*ErrBadVersionNumber) Is ¶
func (e *ErrBadVersionNumber) Is(target error) bool
ErrBadVersionNumber is a subset of ErrRepository
type ErrDownload ¶
type ErrDownload struct {
Msg string
}
ErrDownload - An error occurred while attempting to download a file
func (*ErrDownload) Error ¶
func (e *ErrDownload) Error() string
func (*ErrDownload) Is ¶
func (e *ErrDownload) Is(target error) bool
type ErrDownloadHTTP ¶
ErrDownloadHTTP - Returned by Fetcher interface implementations for HTTP errors
func (*ErrDownloadHTTP) Error ¶
func (e *ErrDownloadHTTP) Error() string
func (*ErrDownloadHTTP) Is ¶
func (e *ErrDownloadHTTP) Is(target error) bool
ErrDownloadHTTP is a subset of ErrDownload
type ErrDownloadLengthMismatch ¶
type ErrDownloadLengthMismatch struct {
Msg string
}
ErrDownloadLengthMismatch - Indicate that a mismatch of lengths was seen while downloading a file
func (*ErrDownloadLengthMismatch) Error ¶
func (e *ErrDownloadLengthMismatch) Error() string
func (*ErrDownloadLengthMismatch) Is ¶
func (e *ErrDownloadLengthMismatch) Is(target error) bool
ErrDownloadLengthMismatch is a subset of ErrDownload
type ErrEqualVersionNumber ¶
type ErrEqualVersionNumber struct {
Msg string
}
ErrEqualVersionNumber - An error for metadata containing a previously verified version number
func (*ErrEqualVersionNumber) Error ¶
func (e *ErrEqualVersionNumber) Error() string
func (*ErrEqualVersionNumber) Is ¶
func (e *ErrEqualVersionNumber) Is(target error) bool
ErrEqualVersionNumber is a subset of both ErrRepository and ErrBadVersionNumber
type ErrExpiredMetadata ¶
type ErrExpiredMetadata struct {
Msg string
}
ErrExpiredMetadata - Indicate that a TUF Metadata file has expired
func (*ErrExpiredMetadata) Error ¶
func (e *ErrExpiredMetadata) Error() string
func (*ErrExpiredMetadata) Is ¶
func (e *ErrExpiredMetadata) Is(target error) bool
ErrExpiredMetadata is a subset of ErrRepository
type ErrLengthOrHashMismatch ¶
type ErrLengthOrHashMismatch struct {
Msg string
}
ErrLengthOrHashMismatch - An error while checking the length and hash values of an object
func (*ErrLengthOrHashMismatch) Error ¶
func (e *ErrLengthOrHashMismatch) Error() string
func (*ErrLengthOrHashMismatch) Is ¶
func (e *ErrLengthOrHashMismatch) Is(target error) bool
ErrLengthOrHashMismatch is a subset of ErrRepository
type ErrRepository ¶
type ErrRepository struct {
Msg string
}
ErrRepository - an error with a repository's state, such as a missing file. It covers all exceptions that come from the repository side when looking from the perspective of users of metadata API or client
func (*ErrRepository) Error ¶
func (e *ErrRepository) Error() string
func (*ErrRepository) Is ¶
func (e *ErrRepository) Is(target error) bool
type ErrRuntime ¶
type ErrRuntime struct {
Msg string
}
RuntimeError
func (*ErrRuntime) Error ¶
func (e *ErrRuntime) Error() string
func (*ErrRuntime) Is ¶
func (e *ErrRuntime) Is(err error) bool
type ErrUnsignedMetadata ¶
type ErrUnsignedMetadata struct {
Msg string
}
ErrUnsignedMetadata - An error about metadata object with insufficient threshold of signatures
func (*ErrUnsignedMetadata) Error ¶
func (e *ErrUnsignedMetadata) Error() string
func (*ErrUnsignedMetadata) Is ¶
func (e *ErrUnsignedMetadata) Is(target error) bool
ErrUnsignedMetadata is a subset of ErrRepository
type Key ¶
type Key struct {
Type string `json:"keytype"`
Scheme string `json:"scheme"`
Value KeyVal `json:"keyval"`
UnrecognizedFields map[string]any `json:"-"`
// contains filtered or unexported fields
}
Key represents a key in TUF
func KeyFromPublicKey ¶
KeyFromPublicKey generate metadata type Key from crypto.PublicKey
func (Key) MarshalJSON ¶
func (*Key) ToPublicKey ¶
ToPublicKey generate crypto.PublicKey from metadata type Key
func (*Key) UnmarshalJSON ¶
type KeyVal ¶
type KeyVal struct {
PublicKey string `json:"public"`
UnrecognizedFields map[string]any `json:"-"`
}
func (KeyVal) MarshalJSON ¶
func (*KeyVal) UnmarshalJSON ¶
type Logger ¶
type Logger interface {
// Info logs a non-error message with key/value pairs
Info(msg string, kv ...any)
// Error logs an error with a given message and key/value pairs.
Error(err error, msg string, kv ...any)
}
Logger partially implements the go-log/logr's interface: https://github.com/go-logr/logr/blob/master/logr.go
type MetaFiles ¶
type MetaFiles struct {
Length int64 `json:"length,omitempty"`
Hashes Hashes `json:"hashes,omitempty"`
Version int64 `json:"version"`
UnrecognizedFields map[string]any `json:"-"`
}
MetaFiles represents the value portion of METAFILES in TUF (used in Snapshot and Timestamp metadata). Used to store information about a particular meta file.
func (MetaFiles) MarshalJSON ¶
func (*MetaFiles) UnmarshalJSON ¶
func (*MetaFiles) VerifyLengthHashes ¶
VerifyLengthHashes checks whether the MetaFiles data matches its corresponding length and hashes
type Metadata ¶
type Metadata[T Roles] struct { Signed T `json:"signed"` Signatures []Signature `json:"signatures"` UnrecognizedFields map[string]any `json:"-"` }
Metadata[T Roles] represents a TUF metadata. Provides methods to read and write to and from file and bytes, also to create, verify and clear metadata signatures.
func Snapshot ¶
func Snapshot(expires ...time.Time) *Metadata[SnapshotType]
Snapshot return new metadata instance of type Snapshot
func Targets ¶
func Targets(expires ...time.Time) *Metadata[TargetsType]
Targets return new metadata instance of type Targets
func Timestamp ¶
func Timestamp(expires ...time.Time) *Metadata[TimestampType]
Timestamp return new metadata instance of type Timestamp
func (*Metadata[T]) ClearSignatures ¶
func (meta *Metadata[T]) ClearSignatures()
ClearSignatures clears Signatures
func (Metadata[T]) MarshalJSON ¶
func (*Metadata[T]) UnmarshalJSON ¶
type Role ¶
type Role struct {
KeyIDs []string `json:"keyids"`
Threshold int `json:"threshold"`
UnrecognizedFields map[string]any `json:"-"`
}
Role represents one of the top-level roles in TUF
func (Role) MarshalJSON ¶
func (*Role) UnmarshalJSON ¶
type RoleResult ¶
RoleResult represents the name and terminating status of a delegated role that is responsible for targetFilepath
type Roles ¶
type Roles interface {
RootType | SnapshotType | TimestampType | TargetsType
}
Generic type constraint
type RootType ¶
type RootType struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
ConsistentSnapshot bool `json:"consistent_snapshot"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Keys map[string]*Key `json:"keys"`
Roles map[string]*Role `json:"roles"`
UnrecognizedFields map[string]any `json:"-"`
}
RootType represents the Signed portion of a root metadata
func (*RootType) AddKey ¶
AddKey adds new signing key for delegated role "role" keyID: Identifier of the key to be added for “role“. key: Signing key to be added for “role“. role: Name of the role, for which “key“ is added.
func (*RootType) IsExpired ¶
IsExpired returns true if metadata is expired. It checks if referenceTime is after Signed.Expires
func (RootType) MarshalJSON ¶
func (*RootType) RevokeKey ¶
RevokeKey revoke key from “role“ and updates the Keys store. keyID: Identifier of the key to be removed for “role“. role: Name of the role, for which a signing key is removed.
func (*RootType) UnmarshalJSON ¶
type Signature ¶
type Signature struct {
KeyID string `json:"keyid"`
Signature HexBytes `json:"sig"`
UnrecognizedFields map[string]any `json:"-"`
}
Signature represents the Signature part of a TUF metadata
func (Signature) MarshalJSON ¶
func (*Signature) UnmarshalJSON ¶
type SnapshotType ¶
type SnapshotType struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Meta map[string]*MetaFiles `json:"meta"`
UnrecognizedFields map[string]any `json:"-"`
}
SnapshotType represents the Signed portion of a snapshot metadata
func (*SnapshotType) IsExpired ¶
func (signed *SnapshotType) IsExpired(referenceTime time.Time) bool
IsExpired returns true if metadata is expired. It checks if referenceTime is after Signed.Expires
func (SnapshotType) MarshalJSON ¶
func (signed SnapshotType) MarshalJSON() ([]byte, error)
func (*SnapshotType) UnmarshalJSON ¶
func (signed *SnapshotType) UnmarshalJSON(data []byte) error
type SuccinctRoles ¶
type SuccinctRoles struct {
KeyIDs []string `json:"keyids"`
Threshold int `json:"threshold"`
BitLength int `json:"bit_length"`
NamePrefix string `json:"name_prefix"`
UnrecognizedFields map[string]any `json:"-"`
}
SuccinctRoles represents a delegation graph that covers all targets, distributing them uniformly over the delegated roles (i.e. bins) in the graph.
func (*SuccinctRoles) GetRoles ¶
func (role *SuccinctRoles) GetRoles() []string
GetRoles returns the names of all different delegated roles
func (*SuccinctRoles) GetRolesForTarget ¶
func (role *SuccinctRoles) GetRolesForTarget(targetFilepath string) []RoleResult
GetRolesForTarget calculate the name of the delegated role responsible for "targetFilepath". The target at path "targetFilepath" is assigned to a bin by casting the left-most "BitLength" of bits of the file path hash digest to int, using it as bin index between 0 and “2**BitLength-1”.
func (*SuccinctRoles) GetSuffixLen ¶
func (role *SuccinctRoles) GetSuffixLen() (int, int)
func (*SuccinctRoles) IsDelegatedRole ¶
func (role *SuccinctRoles) IsDelegatedRole(roleName string) bool
IsDelegatedRole returns whether the given roleName is in one of the delegated roles that “SuccinctRoles“ represents
func (SuccinctRoles) MarshalJSON ¶
func (role SuccinctRoles) MarshalJSON() ([]byte, error)
func (*SuccinctRoles) UnmarshalJSON ¶
func (role *SuccinctRoles) UnmarshalJSON(data []byte) error
type TargetFiles ¶
type TargetFiles struct {
Length int64 `json:"length"`
Hashes Hashes `json:"hashes"`
Custom *json.RawMessage `json:"custom,omitempty"`
Path string `json:"-"`
UnrecognizedFields map[string]any `json:"-"`
}
TargetFiles represents the value portion of TARGETS in TUF (used Targets metadata). Used to store information about a particular target file.
func TargetFile ¶
func TargetFile() *TargetFiles
TargetFile return new metadata instance of type TargetFiles
func (*TargetFiles) Equal ¶
func (source *TargetFiles) Equal(expected TargetFiles) bool
Equal checks whether the source target file matches another
func (*TargetFiles) FromBytes ¶
func (t *TargetFiles) FromBytes(localPath string, data []byte, hashes ...string) (*TargetFiles, error)
FromBytes generate TargetFiles from bytes
func (*TargetFiles) FromFile ¶
func (t *TargetFiles) FromFile(localPath string, hashes ...string) (*TargetFiles, error)
FromFile generate TargetFiles from file
func (TargetFiles) MarshalJSON ¶
func (signed TargetFiles) MarshalJSON() ([]byte, error)
func (*TargetFiles) UnmarshalJSON ¶
func (signed *TargetFiles) UnmarshalJSON(data []byte) error
func (*TargetFiles) VerifyLengthHashes ¶
func (f *TargetFiles) VerifyLengthHashes(data []byte) error
VerifyLengthHashes checks whether the TargetFiles data matches its corresponding length and hashes
type TargetsType ¶
type TargetsType struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Targets map[string]*TargetFiles `json:"targets"`
Delegations *Delegations `json:"delegations,omitempty"`
UnrecognizedFields map[string]any `json:"-"`
}
TargetsType represents the Signed portion of a targets metadata
func (*TargetsType) AddKey ¶
func (signed *TargetsType) AddKey(key *Key, role string) error
AddKey adds new signing key for delegated role "role" key: Signing key to be added for “role“. role: Name of the role, for which “key“ is added. If SuccinctRoles is used then the "role" argument can be ignored.
func (*TargetsType) IsExpired ¶
func (signed *TargetsType) IsExpired(referenceTime time.Time) bool
IsExpired returns true if metadata is expired. It checks if referenceTime is after Signed.Expires
func (TargetsType) MarshalJSON ¶
func (signed TargetsType) MarshalJSON() ([]byte, error)
func (*TargetsType) RevokeKey ¶
func (signed *TargetsType) RevokeKey(keyID string, role string) error
RevokeKey revokes key from delegated role "role" and updates the delegations key store keyID: Identifier of the key to be removed for “role“. role: Name of the role, for which a signing key is removed.
func (*TargetsType) UnmarshalJSON ¶
func (signed *TargetsType) UnmarshalJSON(data []byte) error
type TimestampType ¶
type TimestampType struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Meta map[string]*MetaFiles `json:"meta"`
UnrecognizedFields map[string]any `json:"-"`
}
TimestampType represents the Signed portion of a timestamp metadata
func (*TimestampType) IsExpired ¶
func (signed *TimestampType) IsExpired(referenceTime time.Time) bool
IsExpired returns true if metadata is expired. It checks if referenceTime is after Signed.Expires
func (TimestampType) MarshalJSON ¶
func (signed TimestampType) MarshalJSON() ([]byte, error)
func (*TimestampType) UnmarshalJSON ¶
func (signed *TimestampType) UnmarshalJSON(data []byte) error
Source Files
Directories