Documentation
¶
Overview ¶
Package proto defines the protocol layer for communication between notation and notation external plugin.
Index ¶
- Constants
- func DecodeKeySpec(k KeySpec) (keySpec signature.KeySpec, err error)
- func DecodeSigningAlgorithm(raw SignatureAlgorithm) (signature.Algorithm, error)
- type Capability
- type Command
- type CriticalAttributes
- type DescribeKeyRequest
- type DescribeKeyResponse
- type ErrorCode
- type GenerateEnvelopeRequest
- type GenerateEnvelopeResponse
- type GenerateSignatureRequest
- type GenerateSignatureResponse
- type GetMetadataRequest
- type GetMetadataResponse
- type HashAlgorithm
- type KeySpec
- type Request
- type RequestError
- type Signature
- type SignatureAlgorithm
- type TrustPolicy
- type VerificationResult
- type VerifySignatureRequest
- type VerifySignatureResponse
Constants ¶
const ContractVersion = "1.0"
ContractVersion is the <major>.<minor> version of the plugin contract.
const Prefix = "notation-"
Prefix is the prefix required on all plugin binary names.
Variables ¶
This section is empty.
Functions ¶
func DecodeKeySpec ¶
DecodeKeySpec parses keySpec name to a signature.keySpec type.
func DecodeSigningAlgorithm ¶
func DecodeSigningAlgorithm(raw SignatureAlgorithm) (signature.Algorithm, error)
DecodeSigningAlgorithm parses the signing algorithm name from a given string.
Types ¶
type Capability ¶
type Capability string
Capability is a feature available in the plugin contract.
const ( // CapabilitySignatureGenerator is the name of the capability // for a plugin to support generating raw signatures. CapabilitySignatureGenerator Capability = "SIGNATURE_GENERATOR.RAW" // CapabilityEnvelopeGenerator is the name of the capability // for a plugin to support generating envelope signatures. CapabilityEnvelopeGenerator Capability = "SIGNATURE_GENERATOR.ENVELOPE" // CapabilityTrustedIdentityVerifier is the name of the // capability for a plugin to support verifying trusted identities. CapabilityTrustedIdentityVerifier Capability = "SIGNATURE_VERIFIER.TRUSTED_IDENTITY" // CapabilityRevocationCheckVerifier is the name of the // capability for a plugin to support verifying revocation checks. CapabilityRevocationCheckVerifier Capability = "SIGNATURE_VERIFIER.REVOCATION_CHECK" )
type Command ¶
type Command string
Command is a CLI command available in the plugin contract.
const ( // CommandGetMetadata is the name of the plugin command // which must be supported by every plugin and returns the // plugin metadata. CommandGetMetadata Command = "get-plugin-metadata" // CommandDescribeKey is the name of the plugin command // which must be supported by every plugin that has the // SIGNATURE_GENERATOR.RAW capability. CommandDescribeKey Command = "describe-key" // CommandGenerateSignature is the name of the plugin command // which must be supported by every plugin that has the // SIGNATURE_GENERATOR.RAW capability. CommandGenerateSignature Command = "generate-signature" // CommandGenerateEnvelope is the name of the plugin command // which must be supported by every plugin that has the // SIGNATURE_GENERATOR.ENVELOPE capability. CommandGenerateEnvelope Command = "generate-envelope" // CommandVerifySignature is the name of the plugin command // which must be supported by every plugin that has // any SIGNATURE_VERIFIER.* capability CommandVerifySignature Command = "verify-signature" )
type CriticalAttributes ¶
type CriticalAttributes struct {
ContentType string `json:"contentType"`
SigningScheme string `json:"signingScheme"`
Expiry *time.Time `json:"expiry,omitempty"`
AuthenticSigningTime *time.Time `json:"authenticSigningTime,omitempty"`
ExtendedAttributes map[string]interface{} `json:"extendedAttributes,omitempty"`
}
CriticalAttributes contains all Notary Project defined critical attributes and their values in the signature envelope
type DescribeKeyRequest ¶
type DescribeKeyRequest struct {
ContractVersion string `json:"contractVersion"`
KeyID string `json:"keyId"`
PluginConfig map[string]string `json:"pluginConfig,omitempty"`
}
DescribeKeyRequest contains the parameters passed in a describe-key request.
func (DescribeKeyRequest) Command ¶
func (DescribeKeyRequest) Command() Command
type DescribeKeyResponse ¶
type DescribeKeyResponse struct {
// The same key id as passed in the request.
KeyID string `json:"keyId"`
// One of following supported key types:
// https://github.com/notaryproject/notaryproject/blob/main/specs/signature-specification.md#algorithm-selection
KeySpec KeySpec `json:"keySpec"`
}
DescribeKeyResponse is the response of a describe-key request.
type ErrorCode ¶
type ErrorCode string
const ( // Any of the required request fields was empty, // or a value was malformed/invalid. ErrorCodeValidation ErrorCode = "VALIDATION_ERROR" // The contract version used in the request is unsupported. ErrorCodeUnsupportedContractVersion ErrorCode = "UNSUPPORTED_CONTRACT_VERSION" // Authentication/authorization error to use given key. ErrorCodeAccessDenied ErrorCode = "ACCESS_DENIED" // The operation to generate signature timed out // and can be retried by Notation. ErrorCodeTimeout ErrorCode = "TIMEOUT" // The operation to generate signature was throttles // and can be retried by Notation. ErrorCodeThrottled ErrorCode = "THROTTLED" // Any general error that does not fall into any categories. ErrorCodeGeneric ErrorCode = "ERROR" )
type GenerateEnvelopeRequest ¶
type GenerateEnvelopeRequest struct {
ContractVersion string `json:"contractVersion"`
KeyID string `json:"keyId"`
PayloadType string `json:"payloadType"`
SignatureEnvelopeType string `json:"signatureEnvelopeType"`
Payload []byte `json:"payload"`
ExpiryDurationInSeconds uint64 `json:"expiryDurationInSeconds,omitempty"`
PluginConfig map[string]string `json:"pluginConfig,omitempty"`
}
GenerateEnvelopeRequest contains the parameters passed in a generate-envelope request.
func (GenerateEnvelopeRequest) Command ¶
func (GenerateEnvelopeRequest) Command() Command
type GenerateEnvelopeResponse ¶
type GenerateEnvelopeResponse struct {
SignatureEnvelope []byte `json:"signatureEnvelope"`
SignatureEnvelopeType string `json:"signatureEnvelopeType"`
Annotations map[string]string `json:"annotations,omitempty"`
}
GenerateEnvelopeResponse is the response of a generate-envelope request.
type GenerateSignatureRequest ¶
type GenerateSignatureRequest struct {
ContractVersion string `json:"contractVersion"`
KeyID string `json:"keyId"`
KeySpec KeySpec `json:"keySpec"`
Hash HashAlgorithm `json:"hashAlgorithm"`
Payload []byte `json:"payload"`
PluginConfig map[string]string `json:"pluginConfig,omitempty"`
}
GenerateSignatureRequest contains the parameters passed in a generate-signature request.
func (GenerateSignatureRequest) Command ¶
func (GenerateSignatureRequest) Command() Command
type GenerateSignatureResponse ¶
type GenerateSignatureResponse struct {
KeyID string `json:"keyId"`
Signature []byte `json:"signature"`
SigningAlgorithm string `json:"signingAlgorithm"`
// Ordered list of certificates starting with leaf certificate
// and ending with root certificate.
CertificateChain [][]byte `json:"certificateChain"`
}
GenerateSignatureResponse is the response of a generate-signature request.
type GetMetadataRequest ¶
GetMetadataRequest contains the parameters passed in a get-plugin-metadata request.
func (GetMetadataRequest) Command ¶
func (GetMetadataRequest) Command() Command
type GetMetadataResponse ¶
type GetMetadataResponse struct {
Name string `json:"name"`
Description string `json:"description"`
Version string `json:"version"`
URL string `json:"url"`
SupportedContractVersions []string `json:"supportedContractVersions"`
Capabilities []Capability `json:"capabilities"`
}
GetMetadataResponse provided by the plugin.
func (*GetMetadataResponse) HasCapability ¶
func (resp *GetMetadataResponse) HasCapability(capability Capability) bool
HasCapability return true if the metadata states that the capability is supported. Returns true if capability is empty.
type HashAlgorithm ¶
type HashAlgorithm string
HashAlgorithm is the type of a hash algorithm.
const ( HashAlgorithmSHA256 HashAlgorithm = "SHA-256" HashAlgorithmSHA384 HashAlgorithm = "SHA-384" HashAlgorithmSHA512 HashAlgorithm = "SHA-512" )
one of the following supported hash algorithm names.
func HashAlgorithmFromKeySpec ¶
func HashAlgorithmFromKeySpec(k signature.KeySpec) (HashAlgorithm, error)
HashAlgorithmFromKeySpec returns the name of hash function according to the spec.
type KeySpec ¶
type KeySpec string
KeySpec is type of the signing algorithm, including algorithm and size.
type Request ¶
type Request interface {
Command() Command
}
Request defines a plugin request, which is always associated to a command.
type RequestError ¶
RequestError is the common error response for any request.
func (RequestError) Error ¶
func (e RequestError) Error() string
func (RequestError) Is ¶
func (e RequestError) Is(target error) bool
func (RequestError) MarshalJSON ¶
func (e RequestError) MarshalJSON() ([]byte, error)
func (*RequestError) UnmarshalJSON ¶
func (e *RequestError) UnmarshalJSON(data []byte) error
func (RequestError) Unwrap ¶
func (e RequestError) Unwrap() error
type Signature ¶
type Signature struct {
CriticalAttributes CriticalAttributes `json:"criticalAttributes"`
UnprocessedAttributes []string `json:"unprocessedAttributes"`
CertificateChain [][]byte `json:"certificateChain"`
}
Signature represents a signature pulled from the envelope
type SignatureAlgorithm ¶
type SignatureAlgorithm string
SignatureAlgorithm is the type of signature algorithm
const ( SignatureAlgorithmECDSA_SHA256 SignatureAlgorithm = "ECDSA-SHA-256" SignatureAlgorithmECDSA_SHA384 SignatureAlgorithm = "ECDSA-SHA-384" SignatureAlgorithmECDSA_SHA512 SignatureAlgorithm = "ECDSA-SHA-512" SignatureAlgorithmRSASSA_PSS_SHA256 SignatureAlgorithm = "RSASSA-PSS-SHA-256" SignatureAlgorithmRSASSA_PSS_SHA384 SignatureAlgorithm = "RSASSA-PSS-SHA-384" SignatureAlgorithmRSASSA_PSS_SHA512 SignatureAlgorithm = "RSASSA-PSS-SHA-512" )
one of the following supported signing algorithm names.
func EncodeSigningAlgorithm ¶
func EncodeSigningAlgorithm(alg signature.Algorithm) (SignatureAlgorithm, error)
EncodeSigningAlgorithm returns the signing algorithm name of an algorithm according to the spec.
type TrustPolicy ¶
type TrustPolicy struct {
TrustedIdentities []string `json:"trustedIdentities"`
SignatureVerification []Capability `json:"signatureVerification"`
}
TrustPolicy represents trusted identities that sign the artifacts
type VerificationResult ¶
type VerificationResult struct {
Success bool `json:"success"`
Reason string `json:"reason,omitempty"`
}
VerificationResult is the result of a verification performed by the plugin
type VerifySignatureRequest ¶
type VerifySignatureRequest struct {
ContractVersion string `json:"contractVersion"`
Signature Signature `json:"signature"`
TrustPolicy TrustPolicy `json:"trustPolicy"`
PluginConfig map[string]string `json:"pluginConfig,omitempty"`
}
VerifySignatureRequest contains the parameters passed in a verify-signature request.
func (VerifySignatureRequest) Command ¶
func (VerifySignatureRequest) Command() Command
type VerifySignatureResponse ¶
type VerifySignatureResponse struct {
VerificationResults map[Capability]*VerificationResult `json:"verificationResults"`
ProcessedAttributes []interface{} `json:"processedAttributes"`
}
VerifySignatureResponse is the response of a verify-signature request.
Source Files