common

package
v0.0.0-...-b5235f6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 13, 2020 License: Apache-2.0 Imports: 3 Imported by: 21

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var NoteKind_name = map[int32]string{
	0: "NOTE_KIND_UNSPECIFIED",
	1: "VULNERABILITY",
	2: "BUILD",
	3: "IMAGE",
	4: "PACKAGE",
	5: "DEPLOYMENT",
	6: "DISCOVERY",
	7: "ATTESTATION",
}
View Source 
var NoteKind_value = map[string]int32{
	"NOTE_KIND_UNSPECIFIED": 0,
	"VULNERABILITY":         1,
	"BUILD":                 2,
	"IMAGE":                 3,
	"PACKAGE":               4,
	"DEPLOYMENT":            5,
	"DISCOVERY":             6,
	"ATTESTATION":           7,
}

Functions

This section is empty.

Types

type NoteKind 

type NoteKind int32

Kind represents the kinds of notes supported. 

const (
	// Unknown.
	NoteKind_NOTE_KIND_UNSPECIFIED NoteKind = 0
	// The note and occurrence represent a package vulnerability.
	NoteKind_VULNERABILITY NoteKind = 1
	// The note and occurrence assert build provenance.
	NoteKind_BUILD NoteKind = 2
	// This represents an image basis relationship.
	NoteKind_IMAGE NoteKind = 3
	// This represents a package installed via a package manager.
	NoteKind_PACKAGE NoteKind = 4
	// The note and occurrence track deployment events.
	NoteKind_DEPLOYMENT NoteKind = 5
	// The note and occurrence track the initial discovery status of a resource.
	NoteKind_DISCOVERY NoteKind = 6
	// This represents a logical "role" that can attest to artifacts.
	NoteKind_ATTESTATION NoteKind = 7
)

func (NoteKind) EnumDescriptor 

func (NoteKind) EnumDescriptor() ([]byte, []int)

func (NoteKind) String 

func (x NoteKind) String() string

type RelatedUrl 

type RelatedUrl struct {
	// Specific URL associated with the resource.
	Url string `protobuf:"bytes,1,opt,name=url,proto3" json:"url,omitempty"`
	// Label to describe usage of the URL.
	Label                string   `protobuf:"bytes,2,opt,name=label,proto3" json:"label,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Metadata for any related URL information.

func (*RelatedUrl) Descriptor 

func (*RelatedUrl) Descriptor() ([]byte, []int)

func (*RelatedUrl) GetLabel 

func (m *RelatedUrl) GetLabel() string

func (*RelatedUrl) GetUrl 

func (m *RelatedUrl) GetUrl() string

func (*RelatedUrl) ProtoMessage 

func (*RelatedUrl) ProtoMessage()

func (*RelatedUrl) Reset 

func (m *RelatedUrl) Reset()

func (*RelatedUrl) String 

func (m *RelatedUrl) String() string

func (*RelatedUrl) XXX_DiscardUnknown 

func (m *RelatedUrl) XXX_DiscardUnknown()

func (*RelatedUrl) XXX_Marshal 

func (m *RelatedUrl) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*RelatedUrl) XXX_Merge 

func (m *RelatedUrl) XXX_Merge(src proto.Message)

func (*RelatedUrl) XXX_Size 

func (m *RelatedUrl) XXX_Size() int

func (*RelatedUrl) XXX_Unmarshal 

func (m *RelatedUrl) XXX_Unmarshal(b []byte) error

type Signature 

type Signature struct {
	// The content of the signature, an opaque bytestring.
	// The payload that this signature verifies MUST be unambiguously provided
	// with the Signature during verification. A wrapper message might provide
	// the payload explicitly. Alternatively, a message might have a canonical
	// serialization that can always be unambiguously computed to derive the
	// payload.
	Signature []byte `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// The identifier for the public key that verifies this signature.
	//   * The `public_key_id` is required.
	//   * The `public_key_id` MUST be an RFC3986 conformant URI.
	//   * When possible, the `public_key_id` SHOULD be an immutable reference,
	//     such as a cryptographic digest.
	//
	// Examples of valid `public_key_id`s:
	//
	// OpenPGP V4 public key fingerprint:
	//   * "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA"
	// See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more
	// details on this scheme.
	//
	// RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER
	// serialization):
	//   * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
	//   * "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95a1271589a5"
	PublicKeyId          string   `protobuf:"bytes,2,opt,name=public_key_id,json=publicKeyId,proto3" json:"public_key_id,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from `public_key_id` to public key material (and any required parameters, e.g. signing algorithm).

In particular, verification implementations MUST NOT treat the signature `public_key_id` as anything more than a key lookup hint. The `public_key_id` DOES NOT validate or authenticate a public key; it only provides a mechanism for quickly selecting a public key ALREADY CONFIGURED on the verifier through a trusted channel. Verification implementations MUST reject signatures in any of the following circumstances:

  • The `public_key_id` is not recognized by the verifier.
  • The public key that `public_key_id` refers to does not verify the signature with respect to the payload.

The `signature` contents SHOULD NOT be "attached" (where the payload is included with the serialized `signature` bytes). Verifiers MUST ignore any "attached" payload and only verify signatures with respect to explicitly provided payload (e.g. a `payload` field on the proto message that holds this Signature, or the canonical serialization of the proto message that holds this signature).

func (*Signature) Descriptor 

func (*Signature) Descriptor() ([]byte, []int)

func (*Signature) GetPublicKeyId 

func (m *Signature) GetPublicKeyId() string

func (*Signature) GetSignature 

func (m *Signature) GetSignature() []byte

func (*Signature) ProtoMessage 

func (*Signature) ProtoMessage()

func (*Signature) Reset 

func (m *Signature) Reset()

func (*Signature) String 

func (m *Signature) String() string

func (*Signature) XXX_DiscardUnknown 

func (m *Signature) XXX_DiscardUnknown()

func (*Signature) XXX_Marshal 

func (m *Signature) XXX_Marshal(b []byte, deterministic bool) ([]byte, error)

func (*Signature) XXX_Merge 

func (m *Signature) XXX_Merge(src proto.Message)

func (*Signature) XXX_Size 

func (m *Signature) XXX_Size() int

func (*Signature) XXX_Unmarshal 

func (m *Signature) XXX_Unmarshal(b []byte) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.