notary: github.com/docker/notary/tuf/data Index | Files

package data

import "github.com/docker/notary/tuf/data"

Index

Package Files

errors.go keys.go roles.go root.go serializer.go snapshot.go targets.go timestamp.go types.go

Constants

const (
    ED25519Key   = "ed25519"
    RSAKey       = "rsa"
    RSAx509Key   = "rsa-x509"
    ECDSAKey     = "ecdsa"
    ECDSAx509Key = "ecdsa-x509"
)

Key types

Variables

var BaseRoles = []RoleName{
    CanonicalRootRole,
    CanonicalTargetsRole,
    CanonicalSnapshotRole,
    CanonicalTimestampRole,
}

BaseRoles is an easy to iterate list of the top level roles.

var NotaryDefaultExpiries = map[RoleName]time.Duration{
    CanonicalRootRole:      notary.NotaryRootExpiry,
    CanonicalTargetsRole:   notary.NotaryTargetsExpiry,
    CanonicalSnapshotRole:  notary.NotarySnapshotExpiry,
    CanonicalTimestampRole: notary.NotaryTimestampExpiry,
}

NotaryDefaultExpiries is the construct used to configure the default expiry times of the various role files.

var NotaryDefaultHashes = []string{notary.SHA256, notary.SHA512}

NotaryDefaultHashes contains the default supported hash algorithms.

var TUFTypes = map[RoleName]string{
    CanonicalRootRole:      "Root",
    CanonicalTargetsRole:   "Targets",
    CanonicalSnapshotRole:  "Snapshot",
    CanonicalTimestampRole: "Timestamp",
}

TUFTypes is the set of metadata types

func CheckHashes Uses

func CheckHashes(payload []byte, name string, hashes Hashes) error

CheckHashes verifies all the checksums specified by the "hashes" of the payload.

func CheckValidHashStructures Uses

func CheckValidHashStructures(hashes Hashes) error

CheckValidHashStructures returns an error, or nil, depending on whether the content of the hashes is valid or not.

func CompareMultiHashes Uses

func CompareMultiHashes(hashes1, hashes2 Hashes) error

CompareMultiHashes verifies that the two Hashes passed in can represent the same data. This means that both maps must have at least one key defined for which they map, and no conflicts. Note that we check the intersection of map keys, which adds support for non-default hash algorithms in notary

func DefaultExpires Uses

func DefaultExpires(role RoleName) time.Time

DefaultExpires gets the default expiry time for the given role

func IsBaseRole Uses

func IsBaseRole(role RoleName) bool

IsBaseRole checks if the role is a base role

func IsDelegation Uses

func IsDelegation(role RoleName) bool

IsDelegation checks if the role is a delegation or a root role

func IsValidSnapshotStructure Uses

func IsValidSnapshotStructure(s Snapshot) error

IsValidSnapshotStructure returns an error, or nil, depending on whether the content of the struct is valid for snapshot metadata. This does not check signatures or expiry, just that the metadata content is valid.

func IsValidTimestampStructure Uses

func IsValidTimestampStructure(t Timestamp) error

IsValidTimestampStructure returns an error, or nil, depending on whether the content of the struct is valid for timestamp metadata. This does not check signatures or expiry, just that the metadata content is valid.

func IsWildDelegation Uses

func IsWildDelegation(role RoleName) bool

IsWildDelegation determines if a role represents a valid wildcard delegation path, i.e. targets/*, targets/foo/*. The wildcard may only appear as the final part of the delegation and must be a whole segment, i.e. targets/foo* is not a valid wildcard delegation.

func MetadataRoleMapToStringMap Uses

func MetadataRoleMapToStringMap(roles map[RoleName][]byte) map[string][]byte

MetadataRoleMapToStringMap generates a map string of bytes from a map RoleName of bytes

func RestrictDelegationPathPrefixes Uses

func RestrictDelegationPathPrefixes(parentPaths, delegationPaths []string) []string

RestrictDelegationPathPrefixes returns the list of valid delegationPaths that are prefixed by parentPaths

func RolesListToStringList Uses

func RolesListToStringList(roles []RoleName) []string

RolesListToStringList generates an array of string objects from a slice of roles

func SetDefaultExpiryTimes Uses

func SetDefaultExpiryTimes(times map[RoleName]time.Duration)

SetDefaultExpiryTimes allows one to change the default expiries.

func ValidRole Uses

func ValidRole(name RoleName) bool

ValidRole only determines the name is semantically correct. For target delegated roles, it does NOT check the appropriate parent roles exist.

func ValidTUFType Uses

func ValidTUFType(typ string, role RoleName) bool

ValidTUFType checks if the given type is valid for the role

type BaseRole Uses

type BaseRole struct {
    Keys      map[string]PublicKey
    Name      RoleName
    Threshold int
}

BaseRole is an internal representation of a root/targets/snapshot/timestamp role, with its public keys included

func NewBaseRole Uses

func NewBaseRole(name RoleName, threshold int, keys ...PublicKey) BaseRole

NewBaseRole creates a new BaseRole object with the provided parameters

func (BaseRole) Equals Uses

func (b BaseRole) Equals(o BaseRole) bool

Equals returns whether this BaseRole equals another BaseRole

func (BaseRole) ListKeyIDs Uses

func (b BaseRole) ListKeyIDs() []string

ListKeyIDs retrieves the list of key IDs valid for this role

func (BaseRole) ListKeys Uses

func (b BaseRole) ListKeys() KeyList

ListKeys retrieves the public keys valid for this role

type DelegationRole Uses

type DelegationRole struct {
    BaseRole
    Paths []string
}

DelegationRole is an internal representation of a delegation role, with its public keys included

func (DelegationRole) CheckPaths Uses

func (d DelegationRole) CheckPaths(path string) bool

CheckPaths checks if a given path is valid for the role

func (DelegationRole) IsParentOf Uses

func (d DelegationRole) IsParentOf(child DelegationRole) bool

IsParentOf returns whether the passed in delegation role is the direct child of this role, determined by delegation name. Ex: targets/a is a direct parent of targets/a/b, but targets/a is not a direct parent of targets/a/b/c

func (DelegationRole) Restrict Uses

func (d DelegationRole) Restrict(child DelegationRole) (DelegationRole, error)

Restrict restricts the paths and path hash prefixes for the passed in delegation role, returning a copy of the role with validated paths as if it was a direct child

type Delegations Uses

type Delegations struct {
    Keys  Keys    `json:"keys"`
    Roles []*Role `json:"roles"`
}

Delegations holds a tier of targets delegations

func NewDelegations Uses

func NewDelegations() *Delegations

NewDelegations initializes an empty Delegations object

type ECDSAPrivateKey Uses

type ECDSAPrivateKey struct {
    PublicKey
    // contains filtered or unexported fields
}

ECDSAPrivateKey represents a private ECDSA key

func NewECDSAPrivateKey Uses

func NewECDSAPrivateKey(public PublicKey, private []byte) (*ECDSAPrivateKey, error)

NewECDSAPrivateKey initializes a new ECDSA private key

func (ECDSAPrivateKey) CryptoSigner Uses

func (s ECDSAPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the underlying crypto.Signer for use cases where we need the default signature or public key functionality (like when we generate certificates)

func (ECDSAPrivateKey) Private Uses

func (k ECDSAPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (ECDSAPrivateKey) Sign Uses

func (k ECDSAPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an ecdsa signature

func (ECDSAPrivateKey) SignatureAlgorithm Uses

func (k ECDSAPrivateKey) SignatureAlgorithm() SigAlgorithm

SignatureAlgorithm returns the SigAlgorithm for a ECDSAPrivateKey

type ECDSAPublicKey Uses

type ECDSAPublicKey struct {
    TUFKey
}

ECDSAPublicKey represents an ECDSA key using a raw serialization of the public key

func NewECDSAPublicKey Uses

func NewECDSAPublicKey(public []byte) *ECDSAPublicKey

NewECDSAPublicKey initializes a new public key with the ECDSAKey type

type ECDSAx509PublicKey Uses

type ECDSAx509PublicKey struct {
    TUFKey
}

ECDSAx509PublicKey represents an ECDSA key using an x509 cert as the serialized format of the public key

func NewECDSAx509PublicKey Uses

func NewECDSAx509PublicKey(public []byte) *ECDSAx509PublicKey

NewECDSAx509PublicKey initializes a new public key with the ECDSAx509Key type

type ED25519PrivateKey Uses

type ED25519PrivateKey struct {
    ED25519PublicKey
    // contains filtered or unexported fields
}

ED25519PrivateKey represents a private ED25519 key

func NewED25519PrivateKey Uses

func NewED25519PrivateKey(public ED25519PublicKey, private []byte) (*ED25519PrivateKey, error)

NewED25519PrivateKey initialized a new ED25519 private key

func (ED25519PrivateKey) CryptoSigner Uses

func (k ED25519PrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the ED25519PrivateKey which already implements crypto.Signer

func (ED25519PrivateKey) Private Uses

func (k ED25519PrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (ED25519PrivateKey) Sign Uses

func (k ED25519PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an ed25519 signature

func (ED25519PrivateKey) SignatureAlgorithm Uses

func (k ED25519PrivateKey) SignatureAlgorithm() SigAlgorithm

SignatureAlgorithm returns the SigAlgorithm for a ED25519PrivateKey

type ED25519PublicKey Uses

type ED25519PublicKey struct {
    TUFKey
}

ED25519PublicKey represents an ED25519 key using a raw serialization of the public key

func NewED25519PublicKey Uses

func NewED25519PublicKey(public []byte) *ED25519PublicKey

NewED25519PublicKey initializes a new public key with the ED25519Key type

type ErrCertExpired Uses

type ErrCertExpired struct {
    CN string
}

ErrCertExpired is the error to be returned when a certificate has expired

func (ErrCertExpired) Error Uses

func (e ErrCertExpired) Error() string

type ErrInvalidChecksum Uses

type ErrInvalidChecksum struct {
    // contains filtered or unexported fields
}

ErrInvalidChecksum is the error to be returned when checksum is invalid

func (ErrInvalidChecksum) Error Uses

func (e ErrInvalidChecksum) Error() string

type ErrInvalidMetadata Uses

type ErrInvalidMetadata struct {
    // contains filtered or unexported fields
}

ErrInvalidMetadata is the error to be returned when metadata is invalid

func (ErrInvalidMetadata) Error Uses

func (e ErrInvalidMetadata) Error() string

type ErrInvalidRole Uses

type ErrInvalidRole struct {
    Role   RoleName
    Reason string
}

ErrInvalidRole represents an error regarding a role. Typically something like a role for which sone of the public keys were not found in the TUF repo.

func (ErrInvalidRole) Error Uses

func (e ErrInvalidRole) Error() string

type ErrMismatchedChecksum Uses

type ErrMismatchedChecksum struct {
    // contains filtered or unexported fields
}

ErrMismatchedChecksum is the error to be returned when checksum is mismatched

func (ErrMismatchedChecksum) Error Uses

func (e ErrMismatchedChecksum) Error() string

type ErrMissingMeta Uses

type ErrMissingMeta struct {
    Role string
}

ErrMissingMeta - couldn't find the FileMeta object for the given Role, or the FileMeta object contained no supported checksums

func (ErrMissingMeta) Error Uses

func (e ErrMissingMeta) Error() string

type ErrNoSuchRole Uses

type ErrNoSuchRole struct {
    Role RoleName
}

ErrNoSuchRole indicates the roles doesn't exist

func (ErrNoSuchRole) Error Uses

func (e ErrNoSuchRole) Error() string

type FileMeta Uses

type FileMeta struct {
    Length int64            `json:"length"`
    Hashes Hashes           `json:"hashes"`
    Custom *json.RawMessage `json:"custom,omitempty"`
}

FileMeta contains the size and hashes for a metadata or target file. Custom data can be optionally added.

func NewFileMeta Uses

func NewFileMeta(r io.Reader, hashAlgorithms ...string) (FileMeta, error)

NewFileMeta generates a FileMeta object from the reader, using the hash algorithms provided

func (FileMeta) Equals Uses

func (f FileMeta) Equals(o FileMeta) bool

Equals returns true if the other FileMeta object is equivalent to this one

type Files Uses

type Files map[string]FileMeta

Files is the map of paths to file meta container in targets and delegations metadata files

type GUN Uses

type GUN string

GUN is a Globally Unique Name. It is used to identify trust collections. An example usage of this is for container image repositories. For example: myregistry.io/myuser/myimage

func (GUN) String Uses

func (g GUN) String() string

type Hashes Uses

type Hashes map[string][]byte

Hashes is the map of hash type to digest created for each metadata and target file

type KeyList Uses

type KeyList []PublicKey

KeyList represents a list of keys

func (KeyList) IDs Uses

func (ks KeyList) IDs() []string

IDs generates a list of the hex encoded key IDs in the KeyList

func (*KeyList) UnmarshalJSON Uses

func (ks *KeyList) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface

type KeyPair Uses

type KeyPair struct {
    Public  []byte `json:"public"`
    Private []byte `json:"private"`
}

KeyPair holds the public and private key bytes

type Keys Uses

type Keys map[string]PublicKey

Keys represents a map of key ID to PublicKey object. It's necessary to allow us to unmarshal into an interface via the json.Unmarshaller interface

func (*Keys) UnmarshalJSON Uses

func (ks *Keys) UnmarshalJSON(data []byte) error

UnmarshalJSON implements the json.Unmarshaller interface

type PrivateKey Uses

type PrivateKey interface {
    PublicKey
    Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)
    Private() []byte
    CryptoSigner() crypto.Signer
    SignatureAlgorithm() SigAlgorithm
}

PrivateKey adds the ability to access the private key

func NewPrivateKey Uses

func NewPrivateKey(pubKey PublicKey, private []byte) (PrivateKey, error)

NewPrivateKey creates a new, correctly typed PrivateKey, using the UnknownPrivateKey catchall for unsupported ciphers

func UnmarshalPrivateKey Uses

func UnmarshalPrivateKey(data []byte) (PrivateKey, error)

UnmarshalPrivateKey is used to parse individual private keys in JSON

type PublicKey Uses

type PublicKey interface {
    ID() string
    Algorithm() string
    Public() []byte
}

PublicKey is the necessary interface for public keys

func NewPublicKey Uses

func NewPublicKey(alg string, public []byte) PublicKey

NewPublicKey creates a new, correctly typed PublicKey, using the UnknownPublicKey catchall for unsupported ciphers

func PublicKeyFromPrivate Uses

func PublicKeyFromPrivate(pk PrivateKey) PublicKey

PublicKeyFromPrivate returns a new TUFKey based on a private key, with the private key bytes guaranteed to be nil.

func UnmarshalPublicKey Uses

func UnmarshalPublicKey(data []byte) (PublicKey, error)

UnmarshalPublicKey is used to parse individual public keys in JSON

type RSAPrivateKey Uses

type RSAPrivateKey struct {
    PublicKey
    // contains filtered or unexported fields
}

RSAPrivateKey represents a private RSA key

func NewRSAPrivateKey Uses

func NewRSAPrivateKey(public PublicKey, private []byte) (*RSAPrivateKey, error)

NewRSAPrivateKey initialized a new RSA private key

func (RSAPrivateKey) CryptoSigner Uses

func (s RSAPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the underlying crypto.Signer for use cases where we need the default signature or public key functionality (like when we generate certificates)

func (RSAPrivateKey) Private Uses

func (k RSAPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (RSAPrivateKey) Sign Uses

func (k RSAPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign creates an rsa signature

func (RSAPrivateKey) SignatureAlgorithm Uses

func (k RSAPrivateKey) SignatureAlgorithm() SigAlgorithm

SignatureAlgorithm returns the SigAlgorithm for a RSAPrivateKey

type RSAPublicKey Uses

type RSAPublicKey struct {
    TUFKey
}

RSAPublicKey represents an RSA key using a raw serialization of the public key

func NewRSAPublicKey Uses

func NewRSAPublicKey(public []byte) *RSAPublicKey

NewRSAPublicKey initializes a new public key with the RSA type

type RSAx509PublicKey Uses

type RSAx509PublicKey struct {
    TUFKey
}

RSAx509PublicKey represents an RSA key using an x509 cert as the serialized format of the public key

func NewRSAx509PublicKey Uses

func NewRSAx509PublicKey(public []byte) *RSAx509PublicKey

NewRSAx509PublicKey initializes a new public key with the RSAx509Key type

type Role Uses

type Role struct {
    RootRole
    Name  RoleName `json:"name"`
    Paths []string `json:"paths,omitempty"`
}

Role is a more verbose role as they appear in targets delegations Eventually should only be used for immediately before and after serialization/deserialization

func NewRole Uses

func NewRole(name RoleName, threshold int, keyIDs, paths []string) (*Role, error)

NewRole creates a new Role object from the given parameters

func (*Role) AddKeys Uses

func (r *Role) AddKeys(ids []string)

AddKeys merges the ids into the current list of role key ids

func (*Role) AddPaths Uses

func (r *Role) AddPaths(paths []string) error

AddPaths merges the paths into the current list of role paths

func (Role) CheckPaths Uses

func (r Role) CheckPaths(path string) bool

CheckPaths checks if a given path is valid for the role

func (*Role) RemoveKeys Uses

func (r *Role) RemoveKeys(ids []string)

RemoveKeys removes the ids from the current list of key ids

func (*Role) RemovePaths Uses

func (r *Role) RemovePaths(paths []string)

RemovePaths removes the paths from the current list of role paths

type RoleName Uses

type RoleName string

RoleName type for specifying role

var (
    CanonicalRootRole      RoleName = "root"
    CanonicalTargetsRole   RoleName = "targets"
    CanonicalSnapshotRole  RoleName = "snapshot"
    CanonicalTimestampRole RoleName = "timestamp"
)

Canonical base role names

func NewRoleList Uses

func NewRoleList(roles []string) []RoleName

NewRoleList generates an array of RoleName objects from a slice of strings

func (RoleName) Parent Uses

func (r RoleName) Parent() RoleName

Parent provides the parent path role from the provided child role

func (RoleName) String Uses

func (r RoleName) String() string

type Root Uses

type Root struct {
    SignedCommon
    Keys               Keys                   `json:"keys"`
    Roles              map[RoleName]*RootRole `json:"roles"`
    ConsistentSnapshot bool                   `json:"consistent_snapshot"`
}

Root is the Signed component of a root.json

type RootRole Uses

type RootRole struct {
    KeyIDs    []string `json:"keyids"`
    Threshold int      `json:"threshold"`
}

RootRole is a cut down role as it appears in the root.json Eventually should only be used for immediately before and after serialization/deserialization

type SigAlgorithm Uses

type SigAlgorithm string

SigAlgorithm for types of signatures

const (
    EDDSASignature       SigAlgorithm = "eddsa"
    RSAPSSSignature      SigAlgorithm = "rsapss"
    RSAPKCS1v15Signature SigAlgorithm = "rsapkcs1v15"
    ECDSASignature       SigAlgorithm = "ecdsa"
    PyCryptoSignature    SigAlgorithm = "pycrypto-pkcs#1 pss"
)

Signature types

func (SigAlgorithm) String Uses

func (k SigAlgorithm) String() string

type Signature Uses

type Signature struct {
    KeyID     string       `json:"keyid"`
    Method    SigAlgorithm `json:"method"`
    Signature []byte       `json:"sig"`
    IsValid   bool         `json:"-"`
}

Signature is a signature on a piece of metadata

func (*Signature) UnmarshalJSON Uses

func (s *Signature) UnmarshalJSON(data []byte) error

UnmarshalJSON does a custom unmarshalling of the signature JSON

type Signed Uses

type Signed struct {
    Signed     *json.RawMessage `json:"signed"`
    Signatures []Signature      `json:"signatures"`
}

Signed is the high level, partially deserialized metadata object used to verify signatures before fully unpacking, or to add signatures before fully packing

type SignedCommon Uses

type SignedCommon struct {
    Type    string    `json:"_type"`
    Expires time.Time `json:"expires"`
    Version int       `json:"version"`
}

SignedCommon contains the fields common to the Signed component of all TUF metadata files

type SignedMeta Uses

type SignedMeta struct {
    Signed     SignedCommon `json:"signed"`
    Signatures []Signature  `json:"signatures"`
}

SignedMeta is used in server validation where we only need signatures and common fields

type SignedRoot Uses

type SignedRoot struct {
    Signatures []Signature
    Signed     Root
    Dirty      bool
}

SignedRoot is a fully unpacked root.json

func NewRoot Uses

func NewRoot(keys map[string]PublicKey, roles map[RoleName]*RootRole, consistent bool) (*SignedRoot, error)

NewRoot initializes a new SignedRoot with a set of keys, roles, and the consistent flag

func RootFromSigned Uses

func RootFromSigned(s *Signed) (*SignedRoot, error)

RootFromSigned fully unpacks a Signed object into a SignedRoot and ensures that it is a valid SignedRoot

func (SignedRoot) BuildBaseRole Uses

func (r SignedRoot) BuildBaseRole(roleName RoleName) (BaseRole, error)

BuildBaseRole returns a copy of a BaseRole using the information in this SignedRoot for the specified role name. Will error for invalid role name or key metadata within this SignedRoot

func (SignedRoot) MarshalJSON Uses

func (r SignedRoot) MarshalJSON() ([]byte, error)

MarshalJSON returns the serialized form of SignedRoot as bytes

func (SignedRoot) ToSigned Uses

func (r SignedRoot) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedRoot for further signing

type SignedSnapshot Uses

type SignedSnapshot struct {
    Signatures []Signature
    Signed     Snapshot
    Dirty      bool
}

SignedSnapshot is a fully unpacked snapshot.json

func NewSnapshot Uses

func NewSnapshot(root *Signed, targets *Signed) (*SignedSnapshot, error)

NewSnapshot initializes a SignedSnapshot with a given top level root and targets objects

func SnapshotFromSigned Uses

func SnapshotFromSigned(s *Signed) (*SignedSnapshot, error)

SnapshotFromSigned fully unpacks a Signed object into a SignedSnapshot

func (*SignedSnapshot) AddMeta Uses

func (sp *SignedSnapshot) AddMeta(role RoleName, meta FileMeta)

AddMeta updates a role in the snapshot with new meta

func (*SignedSnapshot) DeleteMeta Uses

func (sp *SignedSnapshot) DeleteMeta(role RoleName)

DeleteMeta removes a role from the snapshot. If the role doesn't exist in the snapshot, it's a noop.

func (*SignedSnapshot) GetMeta Uses

func (sp *SignedSnapshot) GetMeta(role RoleName) (*FileMeta, error)

GetMeta gets the metadata for a particular role, returning an error if it's not found

func (*SignedSnapshot) MarshalJSON Uses

func (sp *SignedSnapshot) MarshalJSON() ([]byte, error)

MarshalJSON returns the serialized form of SignedSnapshot as bytes

func (*SignedSnapshot) ToSigned Uses

func (sp *SignedSnapshot) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedSnapshot for further signing

type SignedTargets Uses

type SignedTargets struct {
    Signatures []Signature
    Signed     Targets
    Dirty      bool
}

SignedTargets is a fully unpacked targets.json, or target delegation json file

func NewTargets Uses

func NewTargets() *SignedTargets

NewTargets initializes a new empty SignedTargets object

func TargetsFromSigned Uses

func TargetsFromSigned(s *Signed, roleName RoleName) (*SignedTargets, error)

TargetsFromSigned fully unpacks a Signed object into a SignedTargets, given a role name (so it can validate the SignedTargets object)

func (*SignedTargets) AddDelegation Uses

func (t *SignedTargets) AddDelegation(role *Role, keys []*PublicKey) error

AddDelegation will add a new delegated role with the given keys, ensuring the keys either already exist, or are added to the map of delegation keys

func (*SignedTargets) AddTarget Uses

func (t *SignedTargets) AddTarget(path string, meta FileMeta)

AddTarget adds or updates the meta for the given path

func (*SignedTargets) BuildDelegationRole Uses

func (t *SignedTargets) BuildDelegationRole(roleName RoleName) (DelegationRole, error)

BuildDelegationRole returns a copy of a DelegationRole using the information in this SignedTargets for the specified role name. Will error for invalid role name or key metadata within this SignedTargets. Path data is not validated.

func (SignedTargets) GetMeta Uses

func (t SignedTargets) GetMeta(path string) *FileMeta

GetMeta attempts to find the targets entry for the path. It will return nil in the case of the target not being found.

func (SignedTargets) GetValidDelegations Uses

func (t SignedTargets) GetValidDelegations(parent DelegationRole) []DelegationRole

GetValidDelegations filters the delegation roles specified in the signed targets, and only returns roles that are direct children and restricts their paths

func (*SignedTargets) MarshalJSON Uses

func (t *SignedTargets) MarshalJSON() ([]byte, error)

MarshalJSON returns the serialized form of SignedTargets as bytes

func (*SignedTargets) ToSigned Uses

func (t *SignedTargets) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedTargets for further signing

type SignedTimestamp Uses

type SignedTimestamp struct {
    Signatures []Signature
    Signed     Timestamp
    Dirty      bool
}

SignedTimestamp is a fully unpacked timestamp.json

func NewTimestamp Uses

func NewTimestamp(snapshot *Signed) (*SignedTimestamp, error)

NewTimestamp initializes a timestamp with an existing snapshot

func TimestampFromSigned Uses

func TimestampFromSigned(s *Signed) (*SignedTimestamp, error)

TimestampFromSigned parsed a Signed object into a fully unpacked SignedTimestamp

func (*SignedTimestamp) GetSnapshot Uses

func (ts *SignedTimestamp) GetSnapshot() (*FileMeta, error)

GetSnapshot gets the expected snapshot metadata hashes in the timestamp metadata, or nil if it doesn't exist

func (*SignedTimestamp) MarshalJSON Uses

func (ts *SignedTimestamp) MarshalJSON() ([]byte, error)

MarshalJSON returns the serialized form of SignedTimestamp as bytes

func (*SignedTimestamp) ToSigned Uses

func (ts *SignedTimestamp) ToSigned() (*Signed, error)

ToSigned partially serializes a SignedTimestamp such that it can be signed

type Snapshot Uses

type Snapshot struct {
    SignedCommon
    Meta Files `json:"meta"`
}

Snapshot is the Signed component of a snapshot.json

type TUFKey Uses

type TUFKey struct {
    Type  string  `json:"keytype"`
    Value KeyPair `json:"keyval"`
    // contains filtered or unexported fields
}

TUFKey is the structure used for both public and private keys in TUF. Normally it would make sense to use a different structures for public and private keys, but that would change the key ID algorithm (since the canonical JSON would be different). This structure should normally be accessed through the PublicKey or PrivateKey interfaces.

func (TUFKey) Algorithm Uses

func (k TUFKey) Algorithm() string

Algorithm returns the algorithm of the key

func (*TUFKey) ID Uses

func (k *TUFKey) ID() string

ID efficiently generates if necessary, and caches the ID of the key

func (TUFKey) Public Uses

func (k TUFKey) Public() []byte

Public returns the public bytes

type Targets Uses

type Targets struct {
    SignedCommon
    Targets     Files       `json:"targets"`
    Delegations Delegations `json:"delegations,omitempty"`
}

Targets is the Signed components of a targets.json or delegation json file

type Timestamp Uses

type Timestamp struct {
    SignedCommon
    Meta Files `json:"meta"`
}

Timestamp is the Signed component of a timestamp.json

type UnknownPrivateKey Uses

type UnknownPrivateKey struct {
    TUFKey
    // contains filtered or unexported fields
}

UnknownPrivateKey is a catchall for unsupported key types

func (UnknownPrivateKey) CryptoSigner Uses

func (k UnknownPrivateKey) CryptoSigner() crypto.Signer

CryptoSigner returns the UnknownPrivateKey which already implements crypto.Signer

func (UnknownPrivateKey) Private Uses

func (k UnknownPrivateKey) Private() []byte

Private return the serialized private bytes of the key

func (UnknownPrivateKey) Sign Uses

func (k UnknownPrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign on an UnknownPrivateKey raises an error because the client does not know how to sign with this key type.

func (UnknownPrivateKey) SignatureAlgorithm Uses

func (k UnknownPrivateKey) SignatureAlgorithm() SigAlgorithm

SignatureAlgorithm returns the SigAlgorithm for an UnknownPrivateKey

type UnknownPublicKey Uses

type UnknownPublicKey struct {
    TUFKey
}

UnknownPublicKey is a catchall for key types that are not supported

Package data imports 24 packages (graph) and is imported by 659 packages. Updated 2019-07-31. Refresh now. Tools for package owners.