Documentation ¶
Index ¶
- Constants
- Variables
- func CanonicalRole(role string) string
- func DefaultExpires(role string) time.Time
- func RoleName(role string) string
- func SetDefaultExpiryTimes(times map[string]int)
- func SetTUFTypes(ts map[string]string)
- func SetValidRoles(rs map[string]string)
- func ValidRole(name string) bool
- func ValidTUFType(typ, role string) bool
- type Delegations
- type FileMeta
- type Files
- type Hashes
- type Key
- type KeyAlgorithm
- type KeyPair
- type PrivateKey
- type PublicKey
- type Role
- type Root
- type RootRole
- type SigAlgorithm
- type Signature
- type Signed
- type SignedCommon
- type SignedMeta
- type SignedRoot
- type SignedSnapshot
- type SignedTargets
- func (t *SignedTargets) AddDelegation(role *Role, keys []*PublicKey) error
- func (t *SignedTargets) AddTarget(path string, meta FileMeta)
- func (t SignedTargets) GetDelegations(path string) []*Role
- func (t SignedTargets) GetMeta(path string) *FileMeta
- func (t SignedTargets) ToSigned() (*Signed, error)
- type SignedTimestamp
- type Snapshot
- type TUFKey
- type Targets
- type Timestamp
Constants ¶
const ( CanonicalRootRole = "root" CanonicalTargetsRole = "targets" CanonicalSnapshotRole = "snapshot" CanonicalTimestampRole = "timestamp" )
Canonical base role names
const ( EDDSASignature SigAlgorithm = "eddsa" RSAPSSSignature SigAlgorithm = "rsapss" RSAPKCS1v15Signature SigAlgorithm = "rsapkcs1v15" ECDSASignature SigAlgorithm = "ecdsa" PyCryptoSignature SigAlgorithm = "pycrypto-pkcs#1 pss" ED25519Key KeyAlgorithm = "ed25519" RSAKey KeyAlgorithm = "rsa" RSAx509Key KeyAlgorithm = "rsa-x509" ECDSAKey KeyAlgorithm = "ecdsa" ECDSAx509Key KeyAlgorithm = "ecdsa-x509" )
Variables ¶
var TUFTypes = map[string]string{
CanonicalRootRole: "Root",
CanonicalTargetsRole: "Targets",
CanonicalSnapshotRole: "Snapshot",
CanonicalTimestampRole: "Timestamp",
}
Functions ¶
func CanonicalRole ¶
func DefaultExpires ¶
func SetDefaultExpiryTimes ¶
SetDefaultExpiryTimes allows one to change the default expiries.
func SetTUFTypes ¶
SetTUFTypes allows one to override some or all of the default type names in TUF.
func SetValidRoles ¶
func ValidRole ¶
ValidRole only determines the name is semantically correct. For target delegated roles, it does NOT check the the appropriate parent roles exist.
func ValidTUFType ¶
Types ¶
type Delegations ¶
func NewDelegations ¶
func NewDelegations() *Delegations
type FileMeta ¶
type FileMeta struct { Length int64 `json:"length"` Hashes Hashes `json:"hashes"` Custom json.RawMessage `json:"custom,omitempty"` }
type Key ¶
type Key interface { ID() string Algorithm() KeyAlgorithm Public() []byte }
type KeyAlgorithm ¶
type KeyAlgorithm string
func (KeyAlgorithm) String ¶
func (k KeyAlgorithm) String() string
type PrivateKey ¶
type PublicKey ¶
type PublicKey interface { Key }
func NewPublicKey ¶
func NewPublicKey(algorithm KeyAlgorithm, public []byte) PublicKey
func PublicKeyFromPrivate ¶
func PublicKeyFromPrivate(pk PrivateKey) PublicKey
type Role ¶
type Role struct { RootRole Name string `json:"name"` Paths []string `json:"paths,omitempty"` PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"` }
func (Role) CheckPaths ¶
func (Role) CheckPrefixes ¶
func (Role) IsDelegation ¶
type Root ¶
type Root struct { Type string `json:"_type"` Version int `json:"version"` Expires time.Time `json:"expires"` // These keys are public keys. We use TUFKey instead of PublicKey to // support direct JSON unmarshaling. Keys map[string]*TUFKey `json:"keys"` Roles map[string]*RootRole `json:"roles"` ConsistentSnapshot bool `json:"consistent_snapshot"` }
type SigAlgorithm ¶
type SigAlgorithm string
func (SigAlgorithm) String ¶
func (k SigAlgorithm) String() string
type Signature ¶
type Signature struct { KeyID string `json:"keyid"` Method SigAlgorithm `json:"method"` Signature []byte `json:"sig"` }
func (*Signature) UnmarshalJSON ¶
type Signed ¶
type Signed struct { Signed json.RawMessage `json:"signed"` Signatures []Signature `json:"signatures"` }
type SignedCommon ¶
type SignedMeta ¶
type SignedMeta struct { Signed SignedCommon `json:"signed"` Signatures []Signature `json:"signatures"` }
type SignedRoot ¶
func RootFromSigned ¶
func RootFromSigned(s *Signed) (*SignedRoot, error)
func (SignedRoot) ToSigned ¶
func (r SignedRoot) ToSigned() (*Signed, error)
type SignedSnapshot ¶
func NewSnapshot ¶
func NewSnapshot(root *Signed, targets *Signed) (*SignedSnapshot, error)
func SnapshotFromSigned ¶
func SnapshotFromSigned(s *Signed) (*SignedSnapshot, error)
func (*SignedSnapshot) AddMeta ¶
func (sp *SignedSnapshot) AddMeta(role string, meta FileMeta)
func (SignedSnapshot) ToSigned ¶
func (sp SignedSnapshot) ToSigned() (*Signed, error)
type SignedTargets ¶
func NewTargets ¶
func NewTargets() *SignedTargets
func TargetsFromSigned ¶
func TargetsFromSigned(s *Signed) (*SignedTargets, error)
func (*SignedTargets) AddDelegation ¶
func (t *SignedTargets) AddDelegation(role *Role, keys []*PublicKey) error
func (*SignedTargets) AddTarget ¶
func (t *SignedTargets) AddTarget(path string, meta FileMeta)
func (SignedTargets) GetDelegations ¶
func (t SignedTargets) GetDelegations(path string) []*Role
GetDelegations filters the roles and associated keys that may be the signers for the given target path. If no appropriate roles can be found, it will simply return nil for the return values. The returned slice of Role will have order maintained relative to the role slice on Delegations per TUF spec proposal on using order to determine priority.
func (SignedTargets) GetMeta ¶
func (t SignedTargets) GetMeta(path string) *FileMeta
GetMeta attempts to find the targets entry for the path. It will return nil in the case of the target not being found.
func (SignedTargets) ToSigned ¶
func (t SignedTargets) ToSigned() (*Signed, error)
type SignedTimestamp ¶
func NewTimestamp ¶
func NewTimestamp(snapshot *Signed) (*SignedTimestamp, error)
func TimestampFromSigned ¶
func TimestampFromSigned(s *Signed) (*SignedTimestamp, error)
func (SignedTimestamp) ToSigned ¶
func (ts SignedTimestamp) ToSigned() (*Signed, error)
type TUFKey ¶
type TUFKey struct { Type KeyAlgorithm `json:"keytype"` Value KeyPair `json:"keyval"` // contains filtered or unexported fields }
TUFKey is the structure used for both public and private keys in TUF. Normally it would make sense to use a different structures for public and private keys, but that would change the key ID algorithm (since the canonical JSON would be different). This structure should normally be accessed through the PublicKey or PrivateKey interfaces.
func NewPrivateKey ¶
func NewPrivateKey(algorithm KeyAlgorithm, public, private []byte) *TUFKey
func (TUFKey) Algorithm ¶
func (k TUFKey) Algorithm() KeyAlgorithm
type Targets ¶
type Targets struct { SignedCommon Targets Files `json:"targets"` Delegations Delegations `json:"delegations,omitempty"` }