util

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2022 License: Apache-2.0 Imports: 33 Imported by: 7

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckpointValidator added in v0.2.0 

func CheckpointValidator(strToValidate string) bool

func CreateRfc3161Response added in v0.2.0 

func CreateRfc3161Response(ctx context.Context, req pkcs9.TimeStampReq, certChain []*x509.Certificate, signer signature.Signer) (*pkcs9.TimeStampResp, error)

func FileOrURLReadCloser 

func FileOrURLReadCloser(ctx context.Context, url string, content []byte) (io.ReadCloser, error)

FileOrURLReadCloser Note: caller is responsible for closing ReadCloser returned from method!

func GetSigningTime added in v0.3.0 

func GetSigningTime(psd *pkcs7.ContentInfoSignedData) (time.Time, error)

func ParseTimestampRequest added in v0.2.0 

func ParseTimestampRequest(data []byte) (*pkcs9.TimeStampReq, error)

func PrefixSHA added in v0.6.0 

func PrefixSHA(sha string) string

PrefixSHA sets the prefix of a sha hash to match how it is stored based on the length.

func PublicKey added in v0.2.0 

func PublicKey(ctx context.Context, c *client.Rekor) (*ecdsa.PublicKey, error)

func SignedCheckpointValidator added in v0.2.0 

func SignedCheckpointValidator(strToValidate string) bool

func SignedNoteValidator added in v0.3.0 

func SignedNoteValidator(strToValidate string) bool

func SignedTimestampNoteValidator added in v0.4.0 

func SignedTimestampNoteValidator(strToValidate string) bool

func TimestampNoteValidator added in v0.4.0 

func TimestampNoteValidator(strToValidate string) bool

func TimestampRequestFromDigest added in v0.2.0 

func TimestampRequestFromDigest(digest []byte, opts TimestampRequestOptions) (*pkcs9.TimeStampReq, error)

func ValidateSHA1Value added in v0.4.0 

func ValidateSHA1Value(v string) error

func ValidateSHA256Value added in v0.4.0 

func ValidateSHA256Value(v string) error

validateSHA256Value ensures that the supplied string matches the following format: [sha256:]<64 hexadecimal characters> where [sha256:] is optional

Types

type Checkpoint added in v0.2.0 

type Checkpoint struct {
	// Origin is the unique identifier/version string
	Origin string
	// Size is the number of entries in the log at this checkpoint.
	Size uint64
	// Hash is the hash which commits to the contents of the entire log.
	Hash []byte
	// OtherContent is any additional data to be included in the signed payload; each element is assumed to be one line
	OtherContent []string
}

func (Checkpoint) MarshalCheckpoint added in v0.4.0 

func (c Checkpoint) MarshalCheckpoint() ([]byte, error)

MarshalText returns the common format representation of this Checkpoint.

func (Checkpoint) String added in v0.2.0 

func (c Checkpoint) String() string

String returns the String representation of the Checkpoint

func (*Checkpoint) UnmarshalCheckpoint added in v0.4.0 

func (c *Checkpoint) UnmarshalCheckpoint(data []byte) error

UnmarshalText parses the common formatted checkpoint data and stores the result in the Checkpoint.

The supplied data is expected to begin with the following 3 lines of text, each followed by a newline: <ecosystem/version string> <decimal representation of log size> <base64 representation of root hash> <optional non-empty line of other content>... <optional non-empty line of other content>...

This will discard any content found after the checkpoint (including signatures)

type EssCertIDv2 added in v0.2.0 

type EssCertIDv2 struct {
	HashAlgorithm       pkix.AlgorithmIdentifier `asn1:"optional"` // SHA256
	CertHash            []byte
	IssuerNameAndSerial IssuerNameAndSerial `asn1:"optional"`
}

type GeneralName added in v0.2.0 

type GeneralName struct {
	Name asn1.RawValue `asn1:"optional,tag:4"`
}

type IssuerNameAndSerial added in v0.2.0 

type IssuerNameAndSerial struct {
	IssuerName   GeneralName
	SerialNumber *big.Int
}

type SignedCheckpoint added in v0.2.0 

type SignedCheckpoint struct {
	Checkpoint
	SignedNote
}

func CreateSignedCheckpoint added in v0.3.0 

func CreateSignedCheckpoint(c Checkpoint) (*SignedCheckpoint, error)

func (*SignedCheckpoint) GetTimestamp added in v0.3.0 

func (r *SignedCheckpoint) GetTimestamp() uint64

func (*SignedCheckpoint) SetTimestamp added in v0.3.0 

func (r *SignedCheckpoint) SetTimestamp(timestamp uint64)

func (*SignedCheckpoint) UnmarshalText added in v0.2.0 

func (r *SignedCheckpoint) UnmarshalText(data []byte) error

type SignedNote added in v0.3.0 

type SignedNote struct {
	// Textual representation of a note to sign.
	Note string
	// Signatures are one or more signature lines covering the payload
	Signatures []note.Signature
}

func (SignedNote) MarshalText added in v0.3.0 

func (s SignedNote) MarshalText() ([]byte, error)

MarshalText returns the common format representation of this SignedNote.

func (*SignedNote) Sign added in v0.3.0 

func (s *SignedNote) Sign(identity string, signer signature.Signer, opts signature.SignOption) (*note.Signature, error)

Sign adds a signature to a SignedCheckpoint object The signature is added to the signature array as well as being directly returned to the caller

func (SignedNote) String added in v0.3.0 

func (s SignedNote) String() string

String returns the String representation of the SignedNote

func (*SignedNote) UnmarshalText added in v0.3.0 

func (s *SignedNote) UnmarshalText(data []byte) error

UnmarshalText parses the common formatted signed note data and stores the result in the SignedNote. THIS DOES NOT VERIFY SIGNATURES INSIDE THE CONTENT!

The supplied data is expected to contain a single Note, followed by a single line with no comment, followed by one or more lines with the following format:

\u2014 name signature

  • name is the string associated with the signer
  • signature is a base64 encoded string; the first 4 bytes of the decoded value is a hint to the public key; it is a big-endian encoded uint32 representing the first 4 bytes of the SHA256 hash of the public key

func (SignedNote) Verify added in v0.3.0 

func (s SignedNote) Verify(verifier signature.Verifier) bool

Verify checks that one of the signatures can be successfully verified using the supplied public key

type SignedTimestampNote added in v0.4.0 

type SignedTimestampNote struct {
	TimestampNote
	SignedNote
}

func CreateSignedTimestampNote added in v0.4.0 

func CreateSignedTimestampNote(t TimestampNote) (*SignedTimestampNote, error)

func (*SignedTimestampNote) UnmarshalText added in v0.4.0 

func (r *SignedTimestampNote) UnmarshalText(data []byte) error

type SigningCertificateV2 added in v0.2.0 

type SigningCertificateV2 struct {
	Certs []EssCertIDv2
}

type TimestampNote added in v0.3.0 

type TimestampNote struct {
	// Origin is the unique identifier/version string
	Origin string
	// MessageImprint is the hash of the message to timestamp, of the form sha256:<sha>
	MessageImprint string
	// Nonce is a short random  bytes to prove response freshness
	Nonce []byte
	// Time is the timestamp to imprint on the message
	Time time.Time
	// Radius is the time in microseconds used to indicate certainty
	Radius int64
	// CertChainRef is a reference URL to the valid timestamping cert chain used to sign the response
	CertChainRef *url.URL
	// OtherContent is any additional data to be included in the signed payload; each element is assumed to be one line
	OtherContent []string
}

func (TimestampNote) MarshalText added in v0.3.0 

func (t TimestampNote) MarshalText() ([]byte, error)

MarshalText returns the common format representation of this TimestampNote.

func (TimestampNote) String added in v0.3.0 

func (t TimestampNote) String() string

String returns the String representation of the TimestampNote

func (*TimestampNote) UnmarshalText added in v0.3.0 

func (t *TimestampNote) UnmarshalText(data []byte) error

UnmarshalText parses the common formatted timestamp note data and stores the result in the TimestampNote.

The supplied data is expected to begin with the following 6 lines of text, each followed by a newline: <ecosystem/version string> <message hash of the format sha256:$SHA> <base64 representation of the nonce> <RFC 3339 representation of the time> <decimal representation of radius> <cert chain URI> <optional non-empty line of other content>... <optional non-empty line of other content>...

This will discard any content found after the checkpoint (including signatures)

type TimestampRequestOptions added in v0.2.0 

type TimestampRequestOptions struct {
	// The policy that the client expects the TSA to use for creating the timestamp token.
	// If no policy is specified the TSA uses its default policy.
	TSAPolicyOid asn1.ObjectIdentifier

	// The nonce to specify in the request.
	Nonce *big.Int

	// Hash function to use when constructing the timestamp request. Defaults to SHA-256.
	Hash crypto.Hash
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.