Documentation ¶
Index ¶
- func GetEntriesByIndexRange(ctx context.Context, rekorClient *client.Rekor, start, end int) ([]models.LogEntry, error)
- func GetLogInfo(ctx context.Context, rekorClient *client.Rekor) (*models.LogInfo, error)
- func GetLogVerifier(ctx context.Context, rekorClient *client.Rekor) (signature.Verifier, error)
- func GetPublicKey(ctx context.Context, rekorClient *client.Rekor) ([]byte, error)
- type CertificateIdentity
- type IdentityEntry
- type MonitoredValues
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetEntriesByIndexRange ¶
func GetEntriesByIndexRange(ctx context.Context, rekorClient *client.Rekor, start, end int) ([]models.LogEntry, error)
GetEntriesByIndexRange fetches all entries by log index, from (start, end] If start == end, returns a single entry for that index Returns error if start > end
func GetLogInfo ¶
GetLogInfo fetches a stable checkpoint for each log shard
func GetLogVerifier ¶
GetLogVerifier creates a verifier from the log's public key TODO: Fetch the public key from TUF
Types ¶
type CertificateIdentity ¶
type CertificateIdentity struct { CertSubject string `yaml:"certSubject"` Issuers []string `yaml:"issuers"` }
CertificateIdentity holds a certificate subject and an optional list of identity issuers
type IdentityEntry ¶
type IdentityEntry struct { CertSubject string Issuer string Fingerprint string Subject string Index int64 UUID string }
IdentityEntry holds a certificate subject, issuer, and log entry metadata
func MatchedIndices ¶
func MatchedIndices(logEntries []models.LogEntry, mvs MonitoredValues) ([]IdentityEntry, error)
MatchedIndices returns a list of log indices that contain the requested identities.
func (*IdentityEntry) String ¶
func (e *IdentityEntry) String() string
type MonitoredValues ¶
type MonitoredValues struct { // CertificateIdentities contains a list of subjects and issuers CertificateIdentities []CertificateIdentity `yaml:"certIdentities"` // Fingerprints contains a list of key fingerprints. Values are as follows: // For keys, certificates, and minisign, hex-encoded SHA-256 digest // of the DER-encoded PKIX public key or certificate // For SSH and PGP, the standard for each ecosystem: // For SSH, unpadded base-64 encoded SHA-256 digest of the key // For PGP, hex-encoded SHA-1 digest of a key, which can be either // a primary key or subkey Fingerprints []string `yaml:"fingerprints"` // Subjects contains a list of subjects that are not specified in a // certificate, such as a SSH key or PGP key email address Subjects []string `yaml:"subjects"` }
MonitoredValues holds a set of values to compare against a given entry
Click to show internal directories.
Click to hide internal directories.