Documentation
¶
Index ¶
- Constants
- func CacheCRL(ctx context.Context, certs []*x509.Certificate, fetcher corecrl.Fetcher)
- func CreateCRLFetcher(httpClient *http.Client, cacheRoot string) (corecrl.Fetcher, error)
- func SupportCRL(cert *x509.Certificate) bool
- type CRLHandler
- type NotationPluginVerifierConfig
- type RatifyPluginManager
- type RevocationFactory
Constants ¶
const ( CA certStoreType = "ca" SigningAuthority certStoreType = "signingAuthority" TSA certStoreType = "tsa" )
Variables ¶
This section is empty.
Functions ¶
func CacheCRL ¶ added in v1.4.0
cacheCRL caches the Certificate Revocation Lists (CRLs) for the given certificates using the provided CRL fetcher. It logs a warning if fetching the CRL fails but does not return an error to ensure the process is not blocked.
func CreateCRLFetcher ¶ added in v1.4.0
CreateCRLFetcher returns a new fetcher instance
func SupportCRL ¶ added in v1.4.0
func SupportCRL(cert *x509.Certificate) bool
SupportCRL checks if the certificate supports CRL
Types ¶
type CRLHandler ¶ added in v1.4.0
type CRLHandler struct {
CacheEnabled bool
// contains filtered or unexported fields
}
func (*CRLHandler) NewFetcher ¶ added in v1.4.0
func (h *CRLHandler) NewFetcher() (corecrl.Fetcher, error)
NewFetcher creates a new instance of a Fetcher if it doesn't already exist. If a Fetcher instance is already present, it returns the existing instance. The method also configures the cache for the Fetcher. Returns an instance of corecrl.Fetcher or an error if the Fetcher creation fails.
func (*CRLHandler) NewValidator ¶ added in v1.4.0
func (h *CRLHandler) NewValidator(opts revocation.Options) (revocation.Validator, error)
NewValidator returns a new validator instance
type NotationPluginVerifierConfig ¶
type NotationPluginVerifierConfig struct {
Name string `json:"name"`
ArtifactTypes string `json:"artifactTypes"`
// VerificationCerts is array of directories containing certificates.
VerificationCerts []string `json:"verificationCerts"`
// VerificationCertStores defines a collection of Notary Project Trust Stores.
// VerificationCertStores accepts new format map[string]map[string][]string
// {
// "ca": {
// "certs": {"kv1", "kv2"},
// },
// "signingauthority": {
// "certs": {"kv3"}
// },
// }
// VerificationCertStores accepts legacy format map[string][]string as well.
// {
// "certs": {"kv1", "kv2"},
// },
VerificationCertStores verificationCertStores `json:"verificationCertStores"`
// TrustPolicyDoc represents a trustpolicy.json document. Reference: https://pkg.go.dev/github.com/notaryproject/notation-go@v0.12.0-beta.1.0.20221125022016-ab113ebd2a6c/verifier/trustpolicy#Document
TrustPolicyDoc trustpolicy.Document `json:"trustPolicyDoc"`
}
NotationPluginVerifierConfig describes the configuration of notation verifier
type RatifyPluginManager ¶
type RatifyPluginManager struct {
// contains filtered or unexported fields
}
Implements interface defined in https://github.com/notaryproject/notation-go/blob/main/plugin/manager.go#L20
func NewRatifyPluginManager ¶
func NewRatifyPluginManager(directory string) *RatifyPluginManager
type RevocationFactory ¶ added in v1.4.0
type RevocationFactory interface {
// NewFetcher returns a new fetcher instance
NewFetcher() (corecrl.Fetcher, error)
// NewValidator returns a new validator instance
NewValidator(revocation.Options) (revocation.Validator, error)
}
RevocationFactory is an interface that defines methods for creating instances related to revocation. It provides methods to create a new fetcher and a new validator.
func CreateCRLHandlerFromConfig ¶ added in v1.4.0
func CreateCRLHandlerFromConfig() RevocationFactory
CreateCRLHandlerFromConfig creates a new instance of CRLHandler using the configuration provided in config.CRLConf. It returns a RevocationFactory interface. The CRLHandler will have its CacheDisabled field set based on the configuration, and it will use a default HTTP client.
Source Files