root

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 10, 2024 License: Apache-2.0 Imports: 14 Imported by: 3

Documentation

Index

Constants

View Source 
const TrustedRootMediaType01 = "application/vnd.dev.sigstore.trustedroot+json;version=0.1"

Variables

This section is empty.

Functions

func NewTrustedRootProtobuf 

func NewTrustedRootProtobuf(rootJSON []byte) (*prototrustroot.TrustedRoot, error)

NewTrustedRootProtobuf returns the Sigstore trusted root as a protobuf.

func ParseTransparencyLogs added in v0.3.0 

func ParseTransparencyLogs(tlogs []*prototrustroot.TransparencyLogInstance) (transparencyLogs map[string]*TransparencyLog, err error)

Types

type BaseTrustedMaterial 

type BaseTrustedMaterial struct{}

func (*BaseTrustedMaterial) CTLogs added in v0.3.0 

func (b *BaseTrustedMaterial) CTLogs() map[string]*TransparencyLog

func (*BaseTrustedMaterial) FulcioCertificateAuthorities 

func (b *BaseTrustedMaterial) FulcioCertificateAuthorities() []CertificateAuthority

func (*BaseTrustedMaterial) PublicKeyVerifier 

func (b *BaseTrustedMaterial) PublicKeyVerifier(_ string) (TimeConstrainedVerifier, error)

func (*BaseTrustedMaterial) RekorLogs added in v0.3.0 

func (b *BaseTrustedMaterial) RekorLogs() map[string]*TransparencyLog

func (*BaseTrustedMaterial) TimestampingAuthorities added in v0.3.0 

func (b *BaseTrustedMaterial) TimestampingAuthorities() []CertificateAuthority

type CertificateAuthority 

type CertificateAuthority struct {
	Root                *x509.Certificate
	Intermediates       []*x509.Certificate
	Leaf                *x509.Certificate
	ValidityPeriodStart time.Time
	ValidityPeriodEnd   time.Time
}

func ParseCertificateAuthorities 

func ParseCertificateAuthorities(certAuthorities []*prototrustroot.CertificateAuthority) (certificateAuthorities []CertificateAuthority, err error)

func ParseCertificateAuthority 

func ParseCertificateAuthority(certAuthority *prototrustroot.CertificateAuthority) (certificateAuthority *CertificateAuthority, err error)

type ExpiringKey 

type ExpiringKey struct {
	signature.Verifier
	// contains filtered or unexported fields
}

ExpiringKey is a TimeConstrainedVerifier with a static validity period.

func NewExpiringKey 

func NewExpiringKey(verifier signature.Verifier, validityPeriodStart, validityPeriodEnd time.Time) *ExpiringKey

NewExpiringKey returns a new ExpiringKey with the given validity period

func (*ExpiringKey) ValidAtTime 

func (k *ExpiringKey) ValidAtTime(t time.Time) bool

ValidAtTime returns true if the key is valid at the given time. If the validity period start time is not set, the key is considered valid for all times before the end time. Likewise, if the validity period end time is not set, the key is considered valid for all times after the start time.

type LiveTrustedRoot added in v0.2.0 

type LiveTrustedRoot struct {
	*TrustedRoot
	// contains filtered or unexported fields
}

LiveTrustedRoot is a wrapper around TrustedRoot that periodically refreshes the trusted root from TUF. This is needed for long-running processes to ensure that the trusted root does not expire.

func NewLiveTrustedRoot added in v0.2.0 

func NewLiveTrustedRoot(opts *tuf.Options) (*LiveTrustedRoot, error)

NewLiveTrustedRoot returns a LiveTrustedRoot that will periodically refresh the trusted root from TUF.

func (*LiveTrustedRoot) CTLogs added in v0.3.0 

func (l *LiveTrustedRoot) CTLogs() map[string]*TransparencyLog

func (*LiveTrustedRoot) FulcioCertificateAuthorities added in v0.2.0 

func (l *LiveTrustedRoot) FulcioCertificateAuthorities() []CertificateAuthority

func (*LiveTrustedRoot) PublicKeyVerifier added in v0.2.0 

func (l *LiveTrustedRoot) PublicKeyVerifier(keyID string) (TimeConstrainedVerifier, error)

func (*LiveTrustedRoot) RekorLogs added in v0.3.0 

func (l *LiveTrustedRoot) RekorLogs() map[string]*TransparencyLog

func (*LiveTrustedRoot) TimestampingAuthorities added in v0.3.0 

func (l *LiveTrustedRoot) TimestampingAuthorities() []CertificateAuthority

type TimeConstrainedVerifier 

type TimeConstrainedVerifier interface {
	ValidityPeriodChecker
	signature.Verifier
}

type TransparencyLog added in v0.3.0 

type TransparencyLog struct {
	BaseURL             string
	ID                  []byte
	ValidityPeriodStart time.Time
	ValidityPeriodEnd   time.Time
	// This is the hash algorithm used by the Merkle tree
	HashFunc  crypto.Hash
	PublicKey crypto.PublicKey
	// The hash algorithm used during signature creation
	SignatureHashFunc crypto.Hash
}

type TrustedMaterial 

type TrustedMaterial interface {
	TimestampingAuthorities() []CertificateAuthority
	FulcioCertificateAuthorities() []CertificateAuthority
	RekorLogs() map[string]*TransparencyLog
	CTLogs() map[string]*TransparencyLog
	PublicKeyVerifier(string) (TimeConstrainedVerifier, error)
}

type TrustedMaterialCollection 

type TrustedMaterialCollection []TrustedMaterial

func (TrustedMaterialCollection) CTLogs added in v0.3.0 

func (tmc TrustedMaterialCollection) CTLogs() map[string]*TransparencyLog

func (TrustedMaterialCollection) FulcioCertificateAuthorities 

func (tmc TrustedMaterialCollection) FulcioCertificateAuthorities() []CertificateAuthority

func (TrustedMaterialCollection) PublicKeyVerifier 

func (tmc TrustedMaterialCollection) PublicKeyVerifier(keyID string) (TimeConstrainedVerifier, error)

func (TrustedMaterialCollection) RekorLogs added in v0.3.0 

func (tmc TrustedMaterialCollection) RekorLogs() map[string]*TransparencyLog

func (TrustedMaterialCollection) TimestampingAuthorities added in v0.3.0 

func (tmc TrustedMaterialCollection) TimestampingAuthorities() []CertificateAuthority

type TrustedPublicKeyMaterial 

type TrustedPublicKeyMaterial struct {
	BaseTrustedMaterial
	// contains filtered or unexported fields
}

func NewTrustedPublicKeyMaterial 

func NewTrustedPublicKeyMaterial(publicKeyVerifier func(string) (TimeConstrainedVerifier, error)) *TrustedPublicKeyMaterial

func NewTrustedPublicKeyMaterialFromMapping 

func NewTrustedPublicKeyMaterialFromMapping(trustedPublicKeys map[string]*ExpiringKey) *TrustedPublicKeyMaterial

NewTrustedPublicKeyMaterialFromMapping returns a TrustedPublicKeyMaterial from a map of key IDs to ExpiringKeys.

func (*TrustedPublicKeyMaterial) PublicKeyVerifier 

func (tr *TrustedPublicKeyMaterial) PublicKeyVerifier(keyID string) (TimeConstrainedVerifier, error)

type TrustedRoot 

type TrustedRoot struct {
	BaseTrustedMaterial
	// contains filtered or unexported fields
}

func FetchTrustedRoot added in v0.2.0 

func FetchTrustedRoot() (*TrustedRoot, error)

FetchTrustedRoot fetches the Sigstore trusted root from TUF and returns it.

func FetchTrustedRootWithOptions added in v0.2.0 

func FetchTrustedRootWithOptions(opts *tuf.Options) (*TrustedRoot, error)

FetchTrustedRootWithOptions fetches the trusted root from TUF with the given options and returns it.

func GetTrustedRoot added in v0.2.0 

func GetTrustedRoot(c *tuf.Client) (*TrustedRoot, error)

GetTrustedRoot returns the trusted root

func NewTrustedRootFromJSON 

func NewTrustedRootFromJSON(rootJSON []byte) (*TrustedRoot, error)

NewTrustedRootFromJSON returns the Sigstore trusted root.

func NewTrustedRootFromPath 

func NewTrustedRootFromPath(path string) (*TrustedRoot, error)

func NewTrustedRootFromProtobuf 

func NewTrustedRootFromProtobuf(protobufTrustedRoot *prototrustroot.TrustedRoot) (trustedRoot *TrustedRoot, err error)

func (*TrustedRoot) CTLogs added in v0.3.0 

func (tr *TrustedRoot) CTLogs() map[string]*TransparencyLog

func (*TrustedRoot) FulcioCertificateAuthorities 

func (tr *TrustedRoot) FulcioCertificateAuthorities() []CertificateAuthority

func (*TrustedRoot) RekorLogs added in v0.3.0 

func (tr *TrustedRoot) RekorLogs() map[string]*TransparencyLog

func (*TrustedRoot) TimestampingAuthorities added in v0.3.0 

func (tr *TrustedRoot) TimestampingAuthorities() []CertificateAuthority

type ValidityPeriodChecker 

type ValidityPeriodChecker interface {
	ValidAtTime(time.Time) bool
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.