tuf

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2022 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultRemoteRoot = "sigstore-tuf-root"
	TufRootEnv        = "TUF_ROOT"
	SigstoreNoCache   = "SIGSTORE_NO_CACHE"
)
View Source 
const (
	KeyTypeFulcio   = "sigstore-oidc"
	KeySchemeFulcio = "https://fulcio.sigstore.dev"
)

Variables

View Source 
var (
	KeyAlgorithms = []string{"sha256", "sha512"}
)

Functions

func DefaultExpires added in v1.3.0 

func DefaultExpires(role string) time.Time

func GcsRemoteStore 

func GcsRemoteStore(ctx context.Context, bucket string, opts *GcsRemoteOptions, client *storage.Client) (client.RemoteStore, error)

A remote store for TUF metadata on GCS.

func Initialize added in v1.5.0 

func Initialize(ctx context.Context, mirror string, root []byte) error

func NewSigstoreTufRepo added in v1.8.0 

func NewSigstoreTufRepo(t *testing.T, root TestSigstoreRoot) (tuf.LocalStore, *tuf.Repo)

This creates a new sigstore TUF repo whose signers can be used to create dynamic signed Rekor entries.

Types

type FulcioKeyVal added in v1.3.0 

type FulcioKeyVal struct {
	Identity string `json:"identity"`
	Issuer   string `json:"issuer,omitempty"`
}

func GetFulcioKeyVal added in v1.3.1 

func GetFulcioKeyVal(key *Key) (*FulcioKeyVal, error)

type GcsRemoteOptions 

type GcsRemoteOptions struct {
	MetadataPath string
	TargetsPath  string
}

type Key added in v1.3.0 

type Key struct {
	Type       string          `json:"keytype"`
	Scheme     string          `json:"scheme"`
	Algorithms []string        `json:"keyid_hash_algorithms,omitempty"`
	Value      json.RawMessage `json:"keyval"`
	// contains filtered or unexported fields
}

func FulcioVerificationKey added in v1.3.0 

func FulcioVerificationKey(email string, issuer string) *Key

func (*Key) ContainsID added in v1.3.0 

func (k *Key) ContainsID(id string) bool

func (*Key) ID added in v1.3.0 

func (k *Key) ID() string

type MetadataStatus added in v1.8.0 

type MetadataStatus struct {
	Version    int    `json:"version"`
	Size       int    `json:"len"`
	Expiration string `json:"expiration"`
	Error      string `json:"error"`
}

type Role added in v1.3.0 

type Role struct {
	KeyIDs    []string `json:"keyids"`
	Threshold int      `json:"threshold"`
}

func (*Role) AddKeysWithThreshold added in v1.3.0 

func (r *Role) AddKeysWithThreshold(keys []*Key, threshold int) bool

type Root added in v1.3.0 

type Root struct {
	Type        string           `json:"_type"`
	SpecVersion string           `json:"spec_version"`
	Version     int              `json:"version"`
	Expires     time.Time        `json:"expires"`
	Keys        map[string]*Key  `json:"keys"`
	Roles       map[string]*Role `json:"roles"`
	Namespace   string           `json:"namespace"`

	ConsistentSnapshot bool `json:"consistent_snapshot"`
}

func NewRoot added in v1.3.0 

func NewRoot() *Root

func (*Root) AddKey added in v1.3.0 

func (r *Root) AddKey(key *Key) bool

func (*Root) Marshal added in v1.3.0 

func (r *Root) Marshal() (*Signed, error)

func (*Root) ValidKey added in v1.3.0 

func (r *Root) ValidKey(key *Key, role string) (string, error)

type RootStatus added in v1.6.0 

type RootStatus struct {
	Local    string                    `json:"local"`
	Remote   string                    `json:"remote"`
	Metadata map[string]MetadataStatus `json:"metadata"`
	Targets  []string                  `json:"targets"`
}

JSON output representing the configured root status

func GetRootStatus added in v1.6.0 

func GetRootStatus(ctx context.Context) (*RootStatus, error)

GetRootStatus gets the current root status for info logging

type Signature added in v1.3.0 

type Signature struct {
	KeyID     string `json:"keyid"`
	Signature string `json:"sig"`
	Cert      string `json:"cert,omitempty"`
}

type Signed added in v1.3.0 

type Signed struct {
	Signed     json.RawMessage `json:"signed"`
	Signatures []Signature     `json:"signatures"`
}

func (*Signed) AddOrUpdateSignature added in v1.3.0 

func (s *Signed) AddOrUpdateSignature(key *Key, signature Signature) error

func (*Signed) JSONMarshal added in v1.3.0 

func (s *Signed) JSONMarshal(prefix, indent string) ([]byte, error)

type StatusKind added in v1.6.0 

type StatusKind int
const (
	UnknownStatus StatusKind = iota
	Active
	Expired
)

func (StatusKind) MarshalText added in v1.6.0 

func (s StatusKind) MarshalText() ([]byte, error)

func (StatusKind) String added in v1.6.0 

func (s StatusKind) String() string

func (*StatusKind) UnmarshalText added in v1.6.0 

func (s *StatusKind) UnmarshalText(text []byte) error

type TUF added in v1.5.0 

type TUF struct {
	// contains filtered or unexported fields
}

func NewFromEnv added in v1.5.0 

func NewFromEnv(ctx context.Context) (*TUF, error)

func (*TUF) Close added in v1.5.0 

func (t *TUF) Close() error

Close closes the local TUF store. Should only be called once per client.

func (*TUF) GetTarget added in v1.5.0 

func (t *TUF) GetTarget(name string) ([]byte, error)

func (*TUF) GetTargetsByMeta added in v1.6.0 

func (t *TUF) GetTargetsByMeta(usage UsageKind, fallbacks []string) ([]TargetFile, error)

Get target files by a custom usage metadata tag. If there are no files found, use the fallback target names to fetch the targets by name.

type TargetFile added in v1.6.0 

type TargetFile struct {
	Target []byte
	Status StatusKind
}

type TestSigstoreRoot added in v1.8.0 

type TestSigstoreRoot struct {
	Rekor             signature.Verifier
	FulcioCertificate *x509.Certificate
}

type UsageKind added in v1.6.0 

type UsageKind int
const (
	UnknownUsage UsageKind = iota
	Fulcio
	Rekor
	CTFE
)

func (UsageKind) MarshalText added in v1.6.0 

func (u UsageKind) MarshalText() ([]byte, error)

func (UsageKind) String added in v1.6.0 

func (u UsageKind) String() string

func (*UsageKind) UnmarshalText added in v1.6.0 

func (u *UsageKind) UnmarshalText(text []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.