challenges

package

v0.4.0 Latest Latest Go to latest Published: Apr 23, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/sigstore/fulcio

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckSignature(pub crypto.PublicKey, proof []byte, subject string) error
func ParseCSR(csr []byte) (*x509.CertificateRequest, error)
func ParsePublicKey(encodedPubKey string, csr *x509.CertificateRequest) (crypto.PublicKey, error)
type AdditionalInfo
type ChallengeResult
- func ExtractSubject(ctx context.Context, tok *oidc.IDToken, publicKey crypto.PublicKey, ...) (*ChallengeResult, error)
type ChallengeType

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckSignature ¶

func CheckSignature(pub crypto.PublicKey, proof []byte, subject string) error

CheckSignature verifies a challenge, a signature over the subject or email of an OIDC token

func ParseCSR ¶ added in v0.4.0

func ParseCSR(csr []byte) (*x509.CertificateRequest, error)

TODO: Move to sigstore/sigstore

func ParsePublicKey ¶ added in v0.4.0

func ParsePublicKey(encodedPubKey string, csr *x509.CertificateRequest) (crypto.PublicKey, error)

ParsePublicKey parses a PEM or DER encoded public key, or extracts the public key from the provided CSR. Returns an error if decoding fails or if no public key is found.

Types ¶

type AdditionalInfo ¶ added in v0.2.0

type AdditionalInfo int

const (
	GithubWorkflowTrigger AdditionalInfo = iota
	GithubWorkflowSha
	GithubWorkflowName
	GithubWorkflowRepository
	GithubWorkflowRef
)

Additional information that can be added as a cert extension.

type ChallengeResult ¶

type ChallengeResult struct {
	Issuer    string
	TypeVal   ChallengeType
	PublicKey crypto.PublicKey
	Value     string
	// Extra information from the token that can be added to extensions.
	AdditionalInfo map[AdditionalInfo]string
}

func ExtractSubject ¶ added in v0.4.0

func ExtractSubject(ctx context.Context, tok *oidc.IDToken, publicKey crypto.PublicKey, csr *x509.CertificateRequest, challenge []byte) (*ChallengeResult, error)

type ChallengeType ¶

type ChallengeType int

const (
	EmailValue ChallengeType = iota
	SpiffeValue
	GithubWorkflowValue
	KubernetesValue
	URIValue
	UsernameValue
)

Source Files ¶

View all Source files

challenges.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL