Documentation ¶
Index ¶
- Constants
- func CertToPem(c *x509.Certificate) []byte
- func Descriptors(ref name.Reference) ([]v1.Descriptor, error)
- func DestinationTag(ref name.Reference, img *remote.Descriptor) (name.Tag, error)
- func Experimental() bool
- func FindTlogEntry(rekorClient *client.Rekor, b64Sig string, payload, pubKey []byte) (string, error)
- func GeneratePrivateKey() (*ecdsa.PrivateKey, error)
- func ImageSignature(ctx context.Context, signer Signer, img v1.Descriptor, ...) (payload, signature []byte, err error)
- func KeyToPem(pub *ecdsa.PublicKey) []byte
- func LoadCerts(pemStr string) ([]*x509.Certificate, error)
- func LoadPrivateKey(key []byte, pass []byte) (*ecdsa.PrivateKey, error)
- func LoadPublicKey(keyRef string) (*ecdsa.PublicKey, error)
- func Munge(desc v1.Descriptor) string
- func PayloadSignature(ctx context.Context, signer Signer, payload []byte) (signature []byte, err error)
- func TlogServer() string
- func TrustedCert(cert *x509.Certificate, roots *x509.CertPool) error
- func Upload(signature, payload []byte, dstTag name.Reference, cert, chain string) error
- func UploadTLog(signature, payload []byte, pemBytes []byte) (string, error)
- func VerifySignature(pubkey *ecdsa.PublicKey, base64sig string, payload []byte) error
- type CheckOpts
- type Critical
- type ECDSASigner
- type ECDSAVerifier
- type Identity
- type Image
- type ImagePayload
- type Keys
- type PassFunc
- type SignedPayload
- func (sp *SignedPayload) TrustedCert(roots *x509.CertPool) error
- func (sp *SignedPayload) VerifyClaims(d *v1.Descriptor, ss *SimpleSigning) error
- func (sp *SignedPayload) VerifyKey(pubKey *ecdsa.PublicKey) error
- func (sp *SignedPayload) VerifyTlog(rc *client.Rekor, publicKeyPem []byte) (string, error)
- type Signer
- type SimpleSigning
- type Verifier
Constants ¶
View Source
const ( ExperimentalEnv = "COSIGN_EXPERIMENTAL" ServerEnv = "REKOR_SERVER" )
Variables ¶
This section is empty.
Functions ¶
func CertToPem ¶ added in v0.2.0
func CertToPem(c *x509.Certificate) []byte
func Descriptors ¶
func Descriptors(ref name.Reference) ([]v1.Descriptor, error)
func DestinationTag ¶ added in v0.2.0
func Experimental ¶
func Experimental() bool
func FindTlogEntry ¶
func GeneratePrivateKey ¶
func GeneratePrivateKey() (*ecdsa.PrivateKey, error)
func ImageSignature ¶ added in v0.2.0
func LoadPrivateKey ¶
func LoadPrivateKey(key []byte, pass []byte) (*ecdsa.PrivateKey, error)
func Munge ¶
func Munge(desc v1.Descriptor) string
func PayloadSignature ¶ added in v0.2.0
func TlogServer ¶
func TlogServer() string
tlogServer returns the name of the tlog server, can be overwritten via env var
func TrustedCert ¶
func TrustedCert(cert *x509.Certificate, roots *x509.CertPool) error
func UploadTLog ¶
Upload will upload the signature, public key and payload to the tlog
Types ¶
type CheckOpts ¶
type CheckOpts struct { Annotations map[string]string Claims bool Tlog bool PubKey *ecdsa.PublicKey Roots *x509.CertPool }
There are only payloads. Some have certs, some don't.
type ECDSASigner ¶ added in v0.2.0
type ECDSASigner struct {
Key *ecdsa.PrivateKey
}
type ECDSAVerifier ¶ added in v0.2.0
type ImagePayload ¶ added in v0.2.0
type ImagePayload struct { Img v1.Descriptor Annotations map[string]string }
func (*ImagePayload) MarshalJSON ¶ added in v0.2.0
func (p *ImagePayload) MarshalJSON() ([]byte, error)
type Keys ¶
func GenerateKeyPair ¶
type SignedPayload ¶
type SignedPayload struct { Base64Signature string Payload []byte Cert *x509.Certificate Chain []*x509.Certificate }
func FetchSignatures ¶
func FetchSignatures(ctx context.Context, ref name.Reference) ([]SignedPayload, *v1.Descriptor, error)
func Verify ¶
Verify does all the main cosign checks in a loop, returning validated payloads. If there were no payloads, we return an error.
func (*SignedPayload) TrustedCert ¶
func (sp *SignedPayload) TrustedCert(roots *x509.CertPool) error
func (*SignedPayload) VerifyClaims ¶
func (sp *SignedPayload) VerifyClaims(d *v1.Descriptor, ss *SimpleSigning) error
func (*SignedPayload) VerifyTlog ¶
type SimpleSigning ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.