notary: github.com/docker/notary/tuf/utils Index | Files

package utils

import "github.com/docker/notary/tuf/utils"

Package utils contains tuf related utility functions however this file is hard forked from https://github.com/youmark/pkcs8 package. It has been further modified based on the requirements of Notary. For converting keys into PKCS#8 format, original package expected *crypto.PrivateKey interface, which then type inferred to either *rsa.PrivateKey or *ecdsa.PrivateKey depending on the need and later converted to ASN.1 DER encoded form, this whole process was superfluous here as keys are already being kept in ASN.1 DER format wrapped in data.PrivateKey structure. With these changes, package has became tightly coupled with notary as most of the method signatures have been updated. Moreover support for ED25519 keys has been added as well. License for original package is following:

The MIT License (MIT)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Index

Package Files

pkcs8.go role_sort.go stack.go utils.go x509.go

func CanonicalKeyID Uses

func CanonicalKeyID(k data.PublicKey) (string, error)

CanonicalKeyID returns the ID of the public bytes version of a TUF key. On regular RSA/ECDSA TUF keys, this is just the key ID. On X509 RSA/ECDSA TUF keys, this is the key ID of the public key part of the key in the leaf cert

func CertBundleToKey Uses

func CertBundleToKey(leafCert *x509.Certificate, intCerts []*x509.Certificate) (data.PublicKey, error)

CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates

func CertChainToPEM Uses

func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)

CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed

func CertToKey Uses

func CertToKey(cert *x509.Certificate) data.PublicKey

CertToKey transforms a single input certificate into its corresponding PublicKey

func CertToPEM Uses

func CertToPEM(cert *x509.Certificate) []byte

CertToPEM is a utility function returns a PEM encoded x509 Certificate

func CertsToKeys Uses

func CertsToKeys(leafCerts map[string]*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey

CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey

func ConsistentName Uses

func ConsistentName(role string, hashSHA256 []byte) string

ConsistentName generates the appropriate HTTP URL path for the role, based on whether the repo is marked as consistent. The RemoteStore is responsible for adding file extensions.

func ConvertPrivateKeyToPKCS8 Uses

func ConvertPrivateKeyToPKCS8(key data.PrivateKey, role data.RoleName, gun data.GUN, passphrase string) ([]byte, error)

ConvertPrivateKeyToPKCS8 converts a data.PrivateKey to PKCS#8 Format

func ConvertTUFKeyToPKCS8 Uses

func ConvertTUFKeyToPKCS8(priv data.PrivateKey, password []byte) ([]byte, error)

ConvertTUFKeyToPKCS8 converts a private key (data.Private) to PKCS#8 and returns in DER format if password is not nil, it would convert the Private Key to Encrypted PKCS#8.

func DoHash Uses

func DoHash(alg string, d []byte) []byte

DoHash returns the digest of d using the hashing algorithm named in alg

func ECDSAToPrivateKey Uses

func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)

ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type

func ED25519ToPrivateKey Uses

func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)

ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type

func ExtractPrivateKeyAttributes Uses

func ExtractPrivateKeyAttributes(pemBytes []byte) (data.RoleName, data.GUN, error)

ExtractPrivateKeyAttributes extracts role and gun values from private key bytes

func FindRoleIndex Uses

func FindRoleIndex(rs []*data.Role, name data.RoleName) int

FindRoleIndex returns the index of the role named <name> or -1 if no matching role is found.

func GenerateECDSAKey Uses

func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)

GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey

func GenerateED25519Key Uses

func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)

GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey. The serialization format we use is just the public key bytes followed by the private key bytes

func GenerateKey Uses

func GenerateKey(algorithm string) (data.PrivateKey, error)

GenerateKey returns a new private key using the provided algorithm or an error detailing why the key could not be generated

func GetIntermediateCerts Uses

func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate

GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates

func GetLeafCerts Uses

func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate

GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA

func LoadCertBundleFromFile Uses

func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)

LoadCertBundleFromFile loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertBundleFromPEM Uses

func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

LoadCertBundleFromPEM loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromFile Uses

func LoadCertFromFile(filename string) (*x509.Certificate, error)

LoadCertFromFile loads the first certificate from the file provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromPEM Uses

func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)

LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found. Taken from https://golang.org/src/crypto/x509/cert_pool.go#L85.

func NewCertificate Uses

func NewCertificate(commonName string, startTime, endTime time.Time) (*x509.Certificate, error)

NewCertificate returns an X509 Certificate following a template, given a Common Name and validity interval.

func ParsePEMPrivateKey Uses

func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)

ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It supports PKCS#8 as well as RSA/ECDSA (PKCS#1) only in non-FIPS mode and attempts to decrypt using the passphrase, if encrypted.

func ParsePEMPublicKey Uses

func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error)

ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.

func ParsePKCS8ToTufKey Uses

func ParsePKCS8ToTufKey(der []byte, password []byte) (data.PrivateKey, error)

ParsePKCS8ToTufKey requires PKCS#8 key in DER format and returns data.PrivateKey Password should be provided in case of Encrypted PKCS#8 key, else it should be nil.

func RSAToPrivateKey Uses

func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)

RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type

func RemoveUnusedKeys Uses

func RemoveUnusedKeys(t *data.SignedTargets)

RemoveUnusedKeys determines which keys in the slice of IDs are no longer used in the given targets file and removes them from the delegated keys map

func RoleNameSliceContains Uses

func RoleNameSliceContains(ss []data.RoleName, s data.RoleName) bool

RoleNameSliceContains checks if the given string appears in the slice

func RoleNameSliceRemove Uses

func RoleNameSliceRemove(ss []data.RoleName, s data.RoleName) []data.RoleName

RoleNameSliceRemove removes the given RoleName from the slice, returning a new slice

func StrSliceContains Uses

func StrSliceContains(ss []string, s string) bool

StrSliceContains checks if the given string appears in the slice

func UnusedDelegationKeys Uses

func UnusedDelegationKeys(t data.SignedTargets) []string

UnusedDelegationKeys prunes a list of keys, returning those that are no longer in use for a given targets file

func ValidateCertificate Uses

func ValidateCertificate(c *x509.Certificate, checkExpiry bool) error

ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only ensuring the public key has a large enough modulus if RSA, using a non SHA1 signature algorithm, and an optional time expiry check

func X509PublicKeyID Uses

func X509PublicKeyID(certPubKey data.PublicKey) (string, error)

X509PublicKeyID returns a public key ID as a string, given a data.PublicKey that contains an X509 Certificate

type ErrBadTypeCast Uses

type ErrBadTypeCast struct{}

ErrBadTypeCast is used by PopX functions when the item cannot be typed to X

func (ErrBadTypeCast) Error Uses

func (err ErrBadTypeCast) Error() string

type ErrEmptyStack Uses

type ErrEmptyStack struct {
    // contains filtered or unexported fields
}

ErrEmptyStack is used when an action that requires some content is invoked and the stack is empty

func (ErrEmptyStack) Error Uses

func (err ErrEmptyStack) Error() string

type NoopCloser Uses

type NoopCloser struct {
    io.Reader
}

NoopCloser is a simple Reader wrapper that does nothing when Close is called

func (*NoopCloser) Close Uses

func (nc *NoopCloser) Close() error

Close does nothing for a NoopCloser

type RoleList Uses

type RoleList []string

RoleList is a list of roles

func (RoleList) Len Uses

func (r RoleList) Len() int

Len returns the length of the list

func (RoleList) Less Uses

func (r RoleList) Less(i, j int) bool

Less returns true if the item at i should be sorted before the item at j. It's an unstable partial ordering based on the number of segments, separated by "/", in the role name

func (RoleList) Swap Uses

func (r RoleList) Swap(i, j int)

Swap the items at 2 locations in the list

type Stack Uses

type Stack struct {
    // contains filtered or unexported fields
}

Stack is a simple type agnostic stack implementation

func NewStack Uses

func NewStack() *Stack

NewStack create a new stack

func (*Stack) Empty Uses

func (s *Stack) Empty() bool

Empty returns true if the stack is empty

func (*Stack) Pop Uses

func (s *Stack) Pop() (interface{}, error)

Pop removes and returns the top item on the stack, or returns ErrEmptyStack if the stack has no content

func (*Stack) PopString Uses

func (s *Stack) PopString() (string, error)

PopString attempts to cast the top item on the stack to the string type. If this succeeds, it removes and returns the top item. If the item is not of the string type, ErrBadTypeCast is returned. If the stack is empty, ErrEmptyStack is returned

func (*Stack) Push Uses

func (s *Stack) Push(item interface{})

Push adds an item to the top of the stack.

Package utils imports 28 packages (graph) and is imported by 47 packages. Updated 2019-08-17. Refresh now. Tools for package owners.