Documentation ¶
Index ¶
- Constants
- Variables
- func NewOPKSignerVerifier(provider client.OpenIdProvider) dsse.SignerVerifier
- func SignInTotoStatement(ctx context.Context, stmt intoto.Statement, provider client.OpenIdProvider) (*dsse.Envelope, error)
- func VerifyInTotoEnvelope(ctx context.Context, env *dsse.Envelope, provider client.OpenIdProvider) (*intoto.Statement, error)
- func VerifyInTotoEnvelopeExt(ctx context.Context, env *Envelope, provider client.OpenIdProvider) (*intoto.Statement, error)
- func VerifyPayloadSignature(ctx context.Context, pkToken, payload []byte, signature string) (bool, error)
- func WithTL(ctx context.Context, tl TL) context.Context
- type Envelope
- type Extension
- type MockTL
- func (tl *MockTL) UnmarshalEntry(entryBytes []byte) (any, error)
- func (tl *MockTL) UploadLogEntry(ctx context.Context, pkToken *pktoken.PKToken, payload, signature []byte, ...) ([]byte, error)
- func (tl *MockTL) VerifyEntryPayload(entryBytes, payload, pkToken []byte) error
- func (tl *MockTL) VerifyLogEntry(ctx context.Context, entryBytes []byte) error
- type RekorTL
- func (tl *RekorTL) UnmarshalEntry(entry []byte) (any, error)
- func (tl *RekorTL) UploadLogEntry(ctx context.Context, pkToken *pktoken.PKToken, payload, signature []byte, ...) ([]byte, error)
- func (tl *RekorTL) VerifyEntryPayload(entryBytes, payload, pkToken []byte) error
- func (tl *RekorTL) VerifyLogEntry(ctx context.Context, entryBytes []byte) error
- type Signature
- type TL
- type TlPayload
Constants ¶
View Source
const ( DefaultRekorURL = "https://rekor.sigstore.dev" DefaultCtxKey = "tl" )
View Source
const (
OpkSignatureID = "OPK"
)
Variables ¶
View Source
var TlCtxKey tlCtxKeyType
Functions ¶
func NewOPKSignerVerifier ¶
func NewOPKSignerVerifier(provider client.OpenIdProvider) dsse.SignerVerifier
func SignInTotoStatement ¶
func VerifyInTotoEnvelope ¶
func VerifyInTotoEnvelopeExt ¶
Types ¶
type Envelope ¶
type Envelope struct { PayloadType string `json:"payloadType"` Payload string `json:"payload"` Signatures []Signature `json:"signatures"` }
the following types are needed until https://github.com/secure-systems-lab/dsse/pull/61 is merged
func SignInTotoStatementExt ¶
type MockTL ¶
type MockTL struct { UploadLogEntryFunc func(ctx context.Context, pkToken *pktoken.PKToken, payload, signature []byte, signer crypto.Signer) ([]byte, error) VerifyLogEntryFunc func(ctx context.Context, entryBytes []byte) error VerifyEntryPayloadFunc func(entryBytes, payload, pkToken []byte) error UnmarshalEntryFunc func(entryBytes []byte) (any, error) }
func (*MockTL) UploadLogEntry ¶
func (*MockTL) VerifyEntryPayload ¶
type RekorTL ¶
type RekorTL struct{}
func (*RekorTL) UploadLogEntry ¶
func (tl *RekorTL) UploadLogEntry(ctx context.Context, pkToken *pktoken.PKToken, payload, signature []byte, signer crypto.Signer) ([]byte, error)
UploadLogEntry submits a PK token signature to the transparency log
func (*RekorTL) VerifyEntryPayload ¶
VerifyEntryPayload checks that the TL entry payload matches envelope payload
type TL ¶
type TL interface { UploadLogEntry(ctx context.Context, pkToken *pktoken.PKToken, payload, signature []byte, signer crypto.Signer) ([]byte, error) VerifyLogEntry(ctx context.Context, entryBytes []byte) error VerifyEntryPayload(entryBytes, payload, pkToken []byte) error UnmarshalEntry(entryBytes []byte) (any, error) }
Click to show internal directories.
Click to hide internal directories.