data

package
v0.0.0-...-a9fda57 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 10, 2015 License: Apache-2.0, BSD-3-Clause Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CanonicalRootRole      = "root"
	CanonicalTargetsRole   = "targets"
	CanonicalSnapshotRole  = "snapshot"
	CanonicalTimestampRole = "timestamp"
)

Canonical base role names

View Source 
const (
	ED25519Key   = "ed25519"
	RSAKey       = "rsa"
	RSAx509Key   = "rsa-x509"
	ECDSAKey     = "ecdsa"
	ECDSAx509Key = "ecdsa-x509"
)

Key types

Variables

View Source 
var TUFTypes = map[string]string{
	CanonicalRootRole:      "Root",
	CanonicalTargetsRole:   "Targets",
	CanonicalSnapshotRole:  "Snapshot",
	CanonicalTimestampRole: "Timestamp",
}

TUFTypes is the set of metadata types

View Source 
var ValidRoles = map[string]string{
	CanonicalRootRole:      CanonicalRootRole,
	CanonicalTargetsRole:   CanonicalTargetsRole,
	CanonicalSnapshotRole:  CanonicalSnapshotRole,
	CanonicalTimestampRole: CanonicalTimestampRole,
}

ValidRoles holds an overrideable mapping of canonical role names to any custom roles names a user wants to make use of. This allows us to be internally consistent while using different roles in the public TUF files.

Functions

func CanonicalRole 

func CanonicalRole(role string) string

CanonicalRole does a reverse lookup to get the canonical role name from the (possibly overridden) role name

func DefaultExpires 

func DefaultExpires(role string) time.Time

DefaultExpires gets the default expiry time for the given role

func RoleName 

func RoleName(canonicalRole string) string

RoleName returns the (possibly overridden) role name for the provided canonical role name

func SetDefaultExpiryTimes 

func SetDefaultExpiryTimes(times map[string]int)

SetDefaultExpiryTimes allows one to change the default expiries.

func SetTUFTypes 

func SetTUFTypes(ts map[string]string)

SetTUFTypes allows one to override some or all of the default type names in TUF.

func SetValidRoles 

func SetValidRoles(rs map[string]string)

SetValidRoles is a utility function to override some or all of the roles

func ValidRole 

func ValidRole(name string) bool

ValidRole only determines the name is semantically correct. For target delegated roles, it does NOT check the the appropriate parent roles exist.

func ValidTUFType 

func ValidTUFType(typ, role string) bool

ValidTUFType checks if the given type is valid for the role

Types

type Delegations 

type Delegations struct {
	Keys  Keys    `json:"keys"`
	Roles []*Role `json:"roles"`
}

Delegations holds a tier of targets delegations

func NewDelegations 

func NewDelegations() *Delegations

NewDelegations initializes an empty Delegations object

type ECDSAPrivateKey 

type ECDSAPrivateKey struct {
	PublicKey
	// contains filtered or unexported fields
}

ECDSAPrivateKey represents a private ECDSA key

func NewECDSAPrivateKey 

func NewECDSAPrivateKey(public PublicKey, private []byte) (*ECDSAPrivateKey, error)

NewECDSAPrivateKey initializes a new ECDSA private key

func (ECDSAPrivateKey) CryptoSigner 

func (s ECDSAPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the underlying crypto.Signer for use cases where we need the default signature or public key functionality (like when we generate certificates)

func (ECDSAPrivateKey) Private 

func (k ECDSAPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (ECDSAPrivateKey) Sign 

func (k ECDSAPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an ecdsa signature

type ECDSAPublicKey 

type ECDSAPublicKey struct {
	// contains filtered or unexported fields
}

ECDSAPublicKey represents an ECDSA key using a raw serialization of the public key

func NewECDSAPublicKey 

func NewECDSAPublicKey(public []byte) *ECDSAPublicKey

NewECDSAPublicKey initializes a new public key with the ECDSAKey type

func (ECDSAPublicKey) Algorithm 

func (k ECDSAPublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*ECDSAPublicKey) ID 

func (k *ECDSAPublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (ECDSAPublicKey) Public 

func (k ECDSAPublicKey) Public() []byte

Public returns the public bytes

type ECDSAx509PublicKey 

type ECDSAx509PublicKey struct {
	// contains filtered or unexported fields
}

ECDSAx509PublicKey represents an ECDSA key using an x509 cert as the serialized format of the public key

func NewECDSAx509PublicKey 

func NewECDSAx509PublicKey(public []byte) *ECDSAx509PublicKey

NewECDSAx509PublicKey initializes a new public key with the ECDSAx509Key type

func (ECDSAx509PublicKey) Algorithm 

func (k ECDSAx509PublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*ECDSAx509PublicKey) ID 

func (k *ECDSAx509PublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (ECDSAx509PublicKey) Public 

func (k ECDSAx509PublicKey) Public() []byte

Public returns the public bytes

type ED25519PrivateKey 

type ED25519PrivateKey struct {
	ED25519PublicKey
	// contains filtered or unexported fields
}

ED25519PrivateKey represents a private ED25519 key

func NewED25519PrivateKey 

func NewED25519PrivateKey(public ED25519PublicKey, private []byte) (*ED25519PrivateKey, error)

NewED25519PrivateKey initialized a new ED25519 private key

func (ED25519PrivateKey) Algorithm 

func (k ED25519PrivateKey) Algorithm() string

Algorithm returns the algorithm of the key

func (ED25519PrivateKey) CryptoSigner 

func (k ED25519PrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the ED25519PrivateKey which already implements crypto.Signer

func (*ED25519PrivateKey) ID 

func (k *ED25519PrivateKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (ED25519PrivateKey) Private 

func (k ED25519PrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (ED25519PrivateKey) Public 

func (k ED25519PrivateKey) Public() []byte

Public returns the public bytes

func (ED25519PrivateKey) Sign 

func (k ED25519PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an ed25519 signature

type ED25519PublicKey 

type ED25519PublicKey struct {
	// contains filtered or unexported fields
}

ED25519PublicKey represents an ED25519 key using a raw serialization of the public key

func NewED25519PublicKey 

func NewED25519PublicKey(public []byte) *ED25519PublicKey

NewED25519PublicKey initializes a new public key with the ED25519Key type

func (ED25519PublicKey) Algorithm 

func (k ED25519PublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*ED25519PublicKey) ID 

func (k *ED25519PublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (ED25519PublicKey) Public 

func (k ED25519PublicKey) Public() []byte

Public returns the public bytes

type FileMeta 

type FileMeta struct {
	Length int64           `json:"length"`
	Hashes Hashes          `json:"hashes"`
	Custom json.RawMessage `json:"custom,omitempty"`
}

FileMeta contains the size and hashes for a metadata or target file. Custom data can be optionally added.

func NewFileMeta 

func NewFileMeta(r io.Reader, hashAlgorithms ...string) (FileMeta, error)

NewFileMeta generates a FileMeta object from the reader, using the hash algorithms provided

type Files 

type Files map[string]FileMeta

Files is the map of paths to file meta container in targets and delegations metadata files

type Hashes 

type Hashes map[string][]byte

Hashes is the map of hash type to digest created for each metadata and target file

type KeyList 

type KeyList []PublicKey

KeyList represents a list of keys

func (*KeyList) UnmarshalJSON 

func (ks *KeyList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface

type KeyPair 

type KeyPair struct {
	Public  []byte `json:"public"`
	Private []byte `json:"private"`
}

KeyPair holds the public and private key bytes

type Keys 

type Keys map[string]PublicKey

Keys represents a map of key ID to PublicKey object. It's necessary to allow us to unmarshal into an interface via the json.Unmarshaller interface

func (*Keys) UnmarshalJSON 

func (ks *Keys) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface

type PrivateKey 

type PrivateKey interface {
	PublicKey
	Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)
	Private() []byte
	CryptoSigner() crypto.Signer
}

PrivateKey adds the ability to access the private key

func NewPrivateKey 

func NewPrivateKey(pubKey PublicKey, private []byte) (PrivateKey, error)

NewPrivateKey creates a new, correctly typed PrivateKey, using the UnknownPrivateKey catchall for unsupported ciphers

func UnmarshalPrivateKey 

func UnmarshalPrivateKey(data []byte) (PrivateKey, error)

UnmarshalPrivateKey is used to parse individual private keys in JSON

type PublicKey 

type PublicKey interface {
	ID() string
	Algorithm() string
	Public() []byte
}

PublicKey is the necessary interface for public keys

func NewPublicKey 

func NewPublicKey(alg string, public []byte) PublicKey

NewPublicKey creates a new, correctly typed PublicKey, using the UnknownPublicKey catchall for unsupported ciphers

func PublicKeyFromPrivate 

func PublicKeyFromPrivate(pk PrivateKey) PublicKey

PublicKeyFromPrivate returns a new tufKey based on a private key, with the private key bytes guaranteed to be nil.

func UnmarshalPublicKey 

func UnmarshalPublicKey(data []byte) (PublicKey, error)

UnmarshalPublicKey is used to parse individual public keys in JSON

type RSAPrivateKey 

type RSAPrivateKey struct {
	PublicKey
	// contains filtered or unexported fields
}

RSAPrivateKey represents a private RSA key

func NewRSAPrivateKey 

func NewRSAPrivateKey(public PublicKey, private []byte) (*RSAPrivateKey, error)

NewRSAPrivateKey initialized a new RSA private key

func (RSAPrivateKey) CryptoSigner 

func (s RSAPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the underlying crypto.Signer for use cases where we need the default signature or public key functionality (like when we generate certificates)

func (RSAPrivateKey) Private 

func (k RSAPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (RSAPrivateKey) Sign 

func (k RSAPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an rsa signature

type RSAPublicKey 

type RSAPublicKey struct {
	// contains filtered or unexported fields
}

RSAPublicKey represents an RSA key using a raw serialization of the public key

func NewRSAPublicKey 

func NewRSAPublicKey(public []byte) *RSAPublicKey

NewRSAPublicKey initializes a new public key with the RSA type

func (RSAPublicKey) Algorithm 

func (k RSAPublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*RSAPublicKey) ID 

func (k *RSAPublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (RSAPublicKey) Public 

func (k RSAPublicKey) Public() []byte

Public returns the public bytes

type RSAx509PublicKey 

type RSAx509PublicKey struct {
	// contains filtered or unexported fields
}

RSAx509PublicKey represents an RSA key using an x509 cert as the serialized format of the public key

func NewRSAx509PublicKey 

func NewRSAx509PublicKey(public []byte) *RSAx509PublicKey

NewRSAx509PublicKey initializes a new public key with the RSAx509Key type

func (RSAx509PublicKey) Algorithm 

func (k RSAx509PublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*RSAx509PublicKey) ID 

func (k *RSAx509PublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (RSAx509PublicKey) Public 

func (k RSAx509PublicKey) Public() []byte

Public returns the public bytes

type Role 

type Role struct {
	RootRole
	Name             string   `json:"name"`
	Paths            []string `json:"paths,omitempty"`
	PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"`
	Email            string   `json:"email,omitempty"`
}

Role is a more verbose role as they appear in targets delegations

func NewRole 

func NewRole(name string, threshold int, keyIDs, paths, pathHashPrefixes []string) (*Role, error)

NewRole creates a new Role object from the given parameters

func (Role) CheckPaths 

func (r Role) CheckPaths(path string) bool

CheckPaths checks if a given path is valid for the role

func (Role) CheckPrefixes 

func (r Role) CheckPrefixes(hash string) bool

CheckPrefixes checks if a given hash matches the prefixes for the role

func (Role) IsDelegation 

func (r Role) IsDelegation() bool

IsDelegation checks if the role is a delegation or a root role

func (Role) IsValid 

func (r Role) IsValid() bool

IsValid checks if the role has defined both paths and path hash prefixes, having both is invalid

func (Role) ValidKey 

func (r Role) ValidKey(id string) bool

ValidKey checks if the given id is a recognized signing key for the role

type Root 

type Root struct {
	Type               string               `json:"_type"`
	Version            int                  `json:"version"`
	Expires            time.Time            `json:"expires"`
	Keys               Keys                 `json:"keys"`
	Roles              map[string]*RootRole `json:"roles"`
	ConsistentSnapshot bool                 `json:"consistent_snapshot"`
}

Root is the Signed component of a root.json

type RootRole 

type RootRole struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

RootRole is a cut down role as it appears in the root.json

type SigAlgorithm 

type SigAlgorithm string

SigAlgorithm for types of signatures 

const (
	EDDSASignature       SigAlgorithm = "eddsa"
	RSAPSSSignature      SigAlgorithm = "rsapss"
	RSAPKCS1v15Signature SigAlgorithm = "rsapkcs1v15"
	ECDSASignature       SigAlgorithm = "ecdsa"
	PyCryptoSignature    SigAlgorithm = "pycrypto-pkcs#1 pss"
)

Signature types

func (SigAlgorithm) String 

func (k SigAlgorithm) String() string

type Signature 

type Signature struct {
	KeyID     string       `json:"keyid"`
	Method    SigAlgorithm `json:"method"`
	Signature []byte       `json:"sig"`
}

Signature is a signature on a piece of metadata

func (*Signature) UnmarshalJSON 

func (s *Signature) UnmarshalJSON(data []byte) error

UnmarshalJSON does a custom unmarshalling of the signature JSON

type Signed 

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

Signed is the high level, partially deserialized metadata object used to verify signatures before fully unpacking, or to add signatures before fully packing

type SignedCommon 

type SignedCommon struct {
	Type    string    `json:"_type"`
	Expires time.Time `json:"expires"`
	Version int       `json:"version"`
}

SignedCommon contains the fields common to the Signed component of all TUF metadata files

type SignedMeta 

type SignedMeta struct {
	Signed     SignedCommon `json:"signed"`
	Signatures []Signature  `json:"signatures"`
}

SignedMeta is used in server validation where we only need signatures and common fields

type SignedRoot 

type SignedRoot struct {
	Signatures []Signature
	Signed     Root
	Dirty      bool
}

SignedRoot is a fully unpacked root.json

func NewRoot 

func NewRoot(keys map[string]PublicKey, roles map[string]*RootRole, consistent bool) (*SignedRoot, error)

NewRoot initializes a new SignedRoot with a set of keys, roles, and the consistent flag

func RootFromSigned 

func RootFromSigned(s *Signed) (*SignedRoot, error)

RootFromSigned fully unpacks a Signed object into a SignedRoot

func (SignedRoot) ToSigned 

func (r SignedRoot) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedRoot for further signing

type SignedSnapshot 

type SignedSnapshot struct {
	Signatures []Signature
	Signed     Snapshot
	Dirty      bool
}

SignedSnapshot is a fully unpacked snapshot.json

func NewSnapshot 

func NewSnapshot(root *Signed, targets *Signed) (*SignedSnapshot, error)

NewSnapshot initilizes a SignedSnapshot with a given top level root and targets objects

func SnapshotFromSigned 

func SnapshotFromSigned(s *Signed) (*SignedSnapshot, error)

SnapshotFromSigned fully unpacks a Signed object into a SignedSnapshot

func (*SignedSnapshot) AddMeta 

func (sp *SignedSnapshot) AddMeta(role string, meta FileMeta)

AddMeta updates a role in the snapshot with new meta

func (SignedSnapshot) ToSigned 

func (sp SignedSnapshot) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedSnapshot for further signing

type SignedTargets 

type SignedTargets struct {
	Signatures []Signature
	Signed     Targets
	Dirty      bool
}

SignedTargets is a fully unpacked targets.json, or target delegation json file

func NewTargets 

func NewTargets() *SignedTargets

NewTargets intiializes a new empty SignedTargets object

func TargetsFromSigned 

func TargetsFromSigned(s *Signed) (*SignedTargets, error)

TargetsFromSigned fully unpacks a Signed object into a SignedTargets

func (*SignedTargets) AddDelegation 

func (t *SignedTargets) AddDelegation(role *Role, keys []*PublicKey) error

AddDelegation will add a new delegated role with the given keys, ensuring the keys either already exist, or are added to the map of delegation keys

func (*SignedTargets) AddTarget 

func (t *SignedTargets) AddTarget(path string, meta FileMeta)

AddTarget adds or updates the meta for the given path

func (SignedTargets) GetDelegations 

func (t SignedTargets) GetDelegations(path string) []*Role

GetDelegations filters the roles and associated keys that may be the signers for the given target path. If no appropriate roles can be found, it will simply return nil for the return values. The returned slice of Role will have order maintained relative to the role slice on Delegations per TUF spec proposal on using order to determine priority.

func (SignedTargets) GetMeta 

func (t SignedTargets) GetMeta(path string) *FileMeta

GetMeta attempts to find the targets entry for the path. It will return nil in the case of the target not being found.

func (SignedTargets) ToSigned 

func (t SignedTargets) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedTargets for further signing

type SignedTimestamp 

type SignedTimestamp struct {
	Signatures []Signature
	Signed     Timestamp
	Dirty      bool
}

SignedTimestamp is a fully unpacked timestamp.json

func NewTimestamp 

func NewTimestamp(snapshot *Signed) (*SignedTimestamp, error)

NewTimestamp initializes a timestamp with an existing snapshot

func TimestampFromSigned 

func TimestampFromSigned(s *Signed) (*SignedTimestamp, error)

TimestampFromSigned parsed a Signed object into a fully unpacked SignedTimestamp

func (SignedTimestamp) ToSigned 

func (ts SignedTimestamp) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedTimestamp such that it can be signed

type Snapshot 

type Snapshot struct {
	Type    string    `json:"_type"`
	Version int       `json:"version"`
	Expires time.Time `json:"expires"`
	Meta    Files     `json:"meta"`
}

Snapshot is the Signed component of a snapshot.json

type Targets 

type Targets struct {
	SignedCommon
	Targets     Files       `json:"targets"`
	Delegations Delegations `json:"delegations,omitempty"`
}

Targets is the Signed components of a targets.json or delegation json file

type Timestamp 

type Timestamp struct {
	Type    string    `json:"_type"`
	Version int       `json:"version"`
	Expires time.Time `json:"expires"`
	Meta    Files     `json:"meta"`
}

Timestamp is the Signed component of a timestamp.json

type UnknownPrivateKey 

type UnknownPrivateKey struct {
	// contains filtered or unexported fields
}

UnknownPrivateKey is a catchall for unsupported key types

func (UnknownPrivateKey) Algorithm 

func (k UnknownPrivateKey) Algorithm() string

Algorithm returns the algorithm of the key

func (UnknownPrivateKey) CryptoSigner 

func (k UnknownPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the UnknownPrivateKey which already implements crypto.Signer

func (*UnknownPrivateKey) ID 

func (k *UnknownPrivateKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (UnknownPrivateKey) Private 

func (k UnknownPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (UnknownPrivateKey) Public 

func (k UnknownPrivateKey) Public() []byte

Public returns the public bytes

func (UnknownPrivateKey) Sign 

func (k UnknownPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign on an UnknownPrivateKey raises an error because the client does not know how to sign with this key type.

type UnknownPublicKey 

type UnknownPublicKey struct {
	// contains filtered or unexported fields
}

UnknownPublicKey is a catchall for key types that are not supported

func (UnknownPublicKey) Algorithm 

func (k UnknownPublicKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*UnknownPublicKey) ID 

func (k *UnknownPublicKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (UnknownPublicKey) Public 

func (k UnknownPublicKey) Public() []byte

Public returns the public bytes

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.