README
¶
go-witness
A client library for Witness, written in Go.
Status
This library is currently pre-1.0 and therefore the API may be subject to breaking changes.
Features
- Creation and signing of in-toto attestations
- Verification of in-toto attestations and associated signatures with:
- Witness policy engine
- OPA Rego policy language
- A growing list of attestor types defined under a common interface
- A selection of attestation sources to search for attestation collections
Documentation
For more detail regarding the library itself, we recommend viewing pkg.go.dev. For the documentation of the witness project, please view the main witness repository.
Requirements
In order to effectively contribute to this library, you will need:
- A Unix-compatible Operating System
- GNU Make
- Go 1.19
Running Tests
This repository uses Go tests for testing. You can run these tests by executing make test.
Documentation
¶
Index ¶
- func Sign(r io.Reader, dataType string, w io.Writer, opts ...dsse.SignOption) error
- func Verify(ctx context.Context, policyEnvelope dsse.Envelope, ...) (map[string][]source.VerifiedCollection, error)
- func VerifySignature(r io.Reader, verifiers ...cryptoutil.Verifier) (dsse.Envelope, error)
- type RunOption
- type RunResult
- type VerifyOption
- func VerifyWithCollectionSource(source source.Sourcer) VerifyOption
- func VerifyWithPolicyCAIntermediates(intermediates []*x509.Certificate) VerifyOption
- func VerifyWithPolicyCARoots(roots []*x509.Certificate) VerifyOption
- func VerifyWithPolicyCertConstraints(commonName string, dnsNames []string, emails []string, organizations []string, ...) VerifyOption
- func VerifyWithPolicyTimestampAuthorities(authorities []timestamp.TimestampVerifier) VerifyOption
- func VerifyWithSubjectDigests(subjectDigests []cryptoutil.DigestSet) VerifyOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Verify ¶
func Verify(ctx context.Context, policyEnvelope dsse.Envelope, policyVerifiers []cryptoutil.Verifier, opts ...VerifyOption) (map[string][]source.VerifiedCollection, error)
Verify verifies a set of attestations against a provided policy. The set of attestations that satisfy the policy will be returned if verifiation is successful.
func VerifySignature ¶
Types ¶
type RunOption ¶
type RunOption func(ro *runOptions)
func RunWithAttestationOpts ¶
func RunWithAttestationOpts(opts ...attestation.AttestationContextOption) RunOption
func RunWithAttestors ¶
func RunWithAttestors(attestors []attestation.Attestor) RunOption
func RunWithTimestampers ¶
func RunWithTimestampers(ts ...timestamp.Timestamper) RunOption
type RunResult ¶
type RunResult struct {
Collection attestation.Collection
SignedEnvelope dsse.Envelope
}
type VerifyOption ¶
type VerifyOption func(*verifyOptions)
func VerifyWithCollectionSource ¶
func VerifyWithCollectionSource(source source.Sourcer) VerifyOption
func VerifyWithPolicyCAIntermediates ¶ added in v0.2.3
func VerifyWithPolicyCAIntermediates(intermediates []*x509.Certificate) VerifyOption
func VerifyWithPolicyCARoots ¶ added in v0.2.2
func VerifyWithPolicyCARoots(roots []*x509.Certificate) VerifyOption
func VerifyWithPolicyCertConstraints ¶ added in v0.3.0
func VerifyWithPolicyTimestampAuthorities ¶ added in v0.2.2
func VerifyWithPolicyTimestampAuthorities(authorities []timestamp.TimestampVerifier) VerifyOption
func VerifyWithSubjectDigests ¶
func VerifyWithSubjectDigests(subjectDigests []cryptoutil.DigestSet) VerifyOption
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.