Documentation
¶
Index ¶
- func Bundle(content Content, keypair Keypair, opts BundleOptions) (*protobundle.Bundle, error)
- type BundleOptions
- type CertificateProvider
- type CertificateProviderOptions
- type Content
- type DSSEData
- type EphemeralKeypair
- func (e *EphemeralKeypair) GetHashAlgorithm() protocommon.HashAlgorithm
- func (e *EphemeralKeypair) GetHint() []byte
- func (e *EphemeralKeypair) GetKeyAlgorithm() string
- func (e *EphemeralKeypair) GetPublicKeyPem() (string, error)
- func (e *EphemeralKeypair) SignData(data []byte) ([]byte, []byte, error)
- type EphemeralKeypairOptions
- type Fulcio
- type FulcioOptions
- type Keypair
- type PlainData
- type Rekor
- type RekorClient
- type RekorOptions
- type TimestampAuthority
- type TimestampAuthorityOptions
- type Transparency
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Bundle ¶
func Bundle(content Content, keypair Keypair, opts BundleOptions) (*protobundle.Bundle, error)
Types ¶
type BundleOptions ¶
type BundleOptions struct {
// Optional certificate provider to get code signing certificate from.
//
// Typically a Fulcio instance; resulting bundle will contain a certificate
// for its verification material content instead of a public key.
CertificateProvider CertificateProvider
// Optional options for certificate provider
//
// Some certificate authorities may require options to be set
CertificateProviderOptions *CertificateProviderOptions
// Optional list of timestamp authorities to contact for inclusion in bundle
TimestampAuthorities []*TimestampAuthority
// Optional list of Rekor instances to get transparency log entry from.
//
// Supports hashedrekord and dsse entry types.
TransparencyLogs []Transparency
// Optional context for retrying network requests
Context context.Context
// Optional trusted root to verify signed bundle
TrustedRoot root.TrustedMaterial
}
type CertificateProvider ¶
type CertificateProviderOptions ¶
type CertificateProviderOptions struct {
// Optional OIDC JWT to send to certificate provider; required for Fulcio
IDToken string
}
type Content ¶
type Content interface {
// Return the data to be signed
PreAuthEncoding() []byte
// Add something that satisfies protobundle.isBundle_Content to bundle
Bundle(bundle *protobundle.Bundle, signature, digest []byte, hashAlgorithm protocommon.HashAlgorithm)
}
type DSSEData ¶
func (*DSSEData) Bundle ¶
func (d *DSSEData) Bundle(bundle *protobundle.Bundle, signature, _ []byte, _ protocommon.HashAlgorithm)
func (*DSSEData) PreAuthEncoding ¶
type EphemeralKeypair ¶
type EphemeralKeypair struct {
// contains filtered or unexported fields
}
func NewEphemeralKeypair ¶
func NewEphemeralKeypair(opts *EphemeralKeypairOptions) (*EphemeralKeypair, error)
func (*EphemeralKeypair) GetHashAlgorithm ¶
func (e *EphemeralKeypair) GetHashAlgorithm() protocommon.HashAlgorithm
func (*EphemeralKeypair) GetHint ¶
func (e *EphemeralKeypair) GetHint() []byte
func (*EphemeralKeypair) GetKeyAlgorithm ¶
func (e *EphemeralKeypair) GetKeyAlgorithm() string
func (*EphemeralKeypair) GetPublicKeyPem ¶
func (e *EphemeralKeypair) GetPublicKeyPem() (string, error)
type EphemeralKeypairOptions ¶
type EphemeralKeypairOptions struct {
// Optional hint of for signing key
Hint []byte
}
type Fulcio ¶
type Fulcio struct {
// contains filtered or unexported fields
}
func NewFulcio ¶
func NewFulcio(opts *FulcioOptions) *Fulcio
func (*Fulcio) GetCertificate ¶
func (f *Fulcio) GetCertificate(ctx context.Context, keypair Keypair, opts *CertificateProviderOptions) ([]byte, error)
Returns DER-encoded code signing certificate
type FulcioOptions ¶
type FulcioOptions struct {
// URL of Fulcio instance
BaseURL string
// Optional timeout for network requests (default 30s; use negative value for no timeout)
Timeout time.Duration
// Optional number of times to retry on HTTP 5XX
Retries uint
// Optional Transport (for dependency injection)
Transport http.RoundTripper
}
type Keypair ¶
type Keypair interface {
GetHashAlgorithm() protocommon.HashAlgorithm
GetHint() []byte
GetKeyAlgorithm() string
GetPublicKeyPem() (string, error)
SignData(data []byte) ([]byte, []byte, error)
}
type PlainData ¶
type PlainData struct {
Data []byte
}
func (*PlainData) Bundle ¶
func (pd *PlainData) Bundle(bundle *protobundle.Bundle, signature, digest []byte, hashAlgorithm protocommon.HashAlgorithm)
func (*PlainData) PreAuthEncoding ¶
type Rekor ¶
type Rekor struct {
// contains filtered or unexported fields
}
func NewRekor ¶
func NewRekor(opts *RekorOptions) *Rekor
func (*Rekor) GetTransparencyLogEntry ¶
func (r *Rekor) GetTransparencyLogEntry(pubKeyPEM []byte, b *protobundle.Bundle) error
type RekorClient ¶
type RekorClient interface {
CreateLogEntry(params *entries.CreateLogEntryParams, opts ...entries.ClientOption) (*entries.CreateLogEntryCreated, error)
}
type RekorOptions ¶
type RekorOptions struct {
// URL of Fulcio instance
BaseURL string
// Optional timeout for network requests (default 30s; use negative value for no timeout)
Timeout time.Duration
// Optional number of times to retry
Retries uint
// Optional client (for dependency injection)
Client RekorClient
}
type TimestampAuthority ¶
type TimestampAuthority struct {
// contains filtered or unexported fields
}
func NewTimestampAuthority ¶
func NewTimestampAuthority(opts *TimestampAuthorityOptions) *TimestampAuthority
func (*TimestampAuthority) GetTimestamp ¶
type TimestampAuthorityOptions ¶
type TimestampAuthorityOptions struct {
// Full URL (with path) of Timestamp Authority endpoint
URL string
// Optional timeout for network requests (default 30s; use negative value for no timeout)
Timeout time.Duration
// Optional number of times to retry on HTTP 5XX
Retries uint
// Optional Transport (for dependency injection)
Transport http.RoundTripper
}
type Transparency ¶
type Transparency interface {
GetTransparencyLogEntry([]byte, *protobundle.Bundle) error
}
Source Files
Click to show internal directories.
Click to hide internal directories.