Documentation ¶
Index ¶
- type ErrRootRotationFail
- type ErrValidationFail
- type Manager
- func (m *Manager) AddTrustedCACert(cert *x509.Certificate)
- func (m *Manager) AddTrustedCert(cert *x509.Certificate)
- func (m *Manager) TrustedCAStore() trustmanager.X509Store
- func (m *Manager) TrustedCertificateStore() trustmanager.X509Store
- func (m *Manager) ValidateRoot(root *data.Signed, gun string) error
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ErrRootRotationFail ¶
type ErrRootRotationFail struct {
Reason string
}
ErrRootRotationFail is returned when we fail to do a full root key rotation by either failing to add the new root certificate, or delete the old ones
func (ErrRootRotationFail) Error ¶
func (err ErrRootRotationFail) Error() string
ErrRootRotationFail is returned when we fail to do a full root key rotation by either failing to add the new root certificate, or delete the old ones
type ErrValidationFail ¶
type ErrValidationFail struct {
Reason string
}
ErrValidationFail is returned when there is no valid trusted certificates being served inside of the roots.json
func (ErrValidationFail) Error ¶
func (err ErrValidationFail) Error() string
ErrValidationFail is returned when there is no valid trusted certificates being served inside of the roots.json
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is an abstraction around trusted root CA stores
func NewManager ¶
NewManager returns an initialized Manager, or an error if it fails to load certificates
func (*Manager) AddTrustedCACert ¶
func (m *Manager) AddTrustedCACert(cert *x509.Certificate)
AddTrustedCACert adds a cert to the trusted CA certificate store
func (*Manager) AddTrustedCert ¶
func (m *Manager) AddTrustedCert(cert *x509.Certificate)
AddTrustedCert adds a cert to the trusted certificate store (not the CA store)
func (*Manager) TrustedCAStore ¶
func (m *Manager) TrustedCAStore() trustmanager.X509Store
TrustedCAStore returns the CA store being managed by this Manager
func (*Manager) TrustedCertificateStore ¶
func (m *Manager) TrustedCertificateStore() trustmanager.X509Store
TrustedCertificateStore returns the trusted certificate store being managed by this Manager
func (*Manager) ValidateRoot ¶
ValidateRoot receives a new root, validates its correctness and attempts to do root key rotation if needed.
First we list the current trusted certificates we have for a particular GUN. If that list is non-empty means that we've already seen this repository before, and have a list of trusted certificates for it. In this case, we use this list of certificates to attempt to validate this root file.
If the previous validation suceeds, or in the case where we found no trusted certificates for this particular GUN, we check the integrity of the root by making sure that it is validated by itself. This means that we will attempt to validate the root data with the certificates that are included in the root keys themselves.
If this last steps succeeds, we attempt to do root rotation, by ensuring that we only trust the certificates that are present in the new root.
This mechanism of operation is essentially Trust On First Use (TOFU): if we have never seen a certificate for a particular CN, we trust it. If later we see a different certificate for that certificate, we return an ErrValidationFailed error.
Note that since we only allow trust data to be downloaded over an HTTPS channel we are using the current public PKI to validate the first download of the certificate adding an extra layer of security over the normal (SSH style) trust model. We shall call this: TOFUS.