utils

package

v2.5.1 Latest Latest Go to latest Published: Mar 25, 2024 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/slsa-framework/slsa-verifier

Links

Open Source Insights

Documentation ¶

Index ¶

func BranchFromGitRef(ref string) (string, error)
func DecodeSignature(s string) ([]byte, error)
func DsseVerifierNew(content []byte, format KeyFormat, keyID string, sigEncoding *SignatureEncoding) (*dsselib.EnvelopeVerifier, error)
func EnvelopeFromBytes(payload []byte) (*dsselib.Envelope, error)
func IsValidBuilderTag(ref string, testing bool) error
func IsValidJreleaserBuilderTag(ref string) error
func MergeMaps[K comparable, V any](m1, m2 map[K]V) map[K]V
func NormalizeGitURI(s string) string
func ParseBuilderID(id string, needVersion bool) (string, string, error)
func ParseGitRef(ref string) (string, string)
func ParseGitURIAndRef(uri string) (string, string, error)
func PayloadFromEnvelope(env *dsselib.Envelope) ([]byte, error)
func StatementFromBytes(payload []byte) (*intoto.Statement, error)
func StatementFromEnvelope(env *dsselib.Envelope) (*intoto.Statement, error)
func TagFromGitRef(ref string) (string, error)
func ValidateGitRef(refType, ref string) (string, error)
func VerifyVersionedTag(provenanceTag, expectedTag string) error
type KeyFormat
type SignatureEncoding
type TrustedBuilderID
- func TrustedBuilderIDNew(builderID string, needVersion bool) (*TrustedBuilderID, error)
- func (b *TrustedBuilderID) MatchesFull(builderID string, allowRef bool) error
- func (b *TrustedBuilderID) MatchesLoose(builderID string, allowRef bool) error
- func (b *TrustedBuilderID) Name() string
- func (b *TrustedBuilderID) String() string
- func (b *TrustedBuilderID) Version() string

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func BranchFromGitRef ¶ added in v2.4.0

func BranchFromGitRef(ref string) (string, error)

BranchFromGitRef returns the tagname from a tag ref.

func DecodeSignature ¶ added in v2.1.0

func DecodeSignature(s string) ([]byte, error)

func DsseVerifierNew ¶ added in v2.4.1

func DsseVerifierNew(content []byte, format KeyFormat, keyID string, sigEncoding *SignatureEncoding) (*dsselib.EnvelopeVerifier, error)

func EnvelopeFromBytes ¶ added in v2.4.1

func EnvelopeFromBytes(payload []byte) (*dsselib.Envelope, error)

func IsValidBuilderTag ¶ added in v2.4.0

func IsValidBuilderTag(ref string, testing bool) error

IsValidBuilderTag validates if the given ref is a valid builder tag.

func IsValidJreleaserBuilderTag ¶ added in v2.4.0

func IsValidJreleaserBuilderTag(ref string) error

func MergeMaps ¶ added in v2.4.0

func MergeMaps[K comparable, V any](m1, m2 map[K]V) map[K]V

func NormalizeGitURI ¶ added in v2.4.0

func NormalizeGitURI(s string) string

NormalizeGitURI normalizes a git URI to include a git+https:// prefix.

func ParseBuilderID ¶

func ParseBuilderID(id string, needVersion bool) (string, string, error)

ParseBuilderID parses the builder ID into the URI and ref parts.

func ParseGitRef ¶ added in v2.4.0

func ParseGitRef(ref string) (string, string)

ParseGitRef parses the git ref and returns its type and name.

func ParseGitURIAndRef ¶ added in v2.4.0

func ParseGitURIAndRef(uri string) (string, string, error)

ParseGitURIAndRef retrieves the URI and ref from the given URI.

func PayloadFromEnvelope ¶ added in v2.1.0

func PayloadFromEnvelope(env *dsselib.Envelope) ([]byte, error)

func StatementFromBytes ¶ added in v2.4.1

func StatementFromBytes(payload []byte) (*intoto.Statement, error)

func StatementFromEnvelope ¶ added in v2.4.1

func StatementFromEnvelope(env *dsselib.Envelope) (*intoto.Statement, error)

func TagFromGitRef ¶ added in v2.4.0

func TagFromGitRef(ref string) (string, error)

TagFromGitRef returns the tagname from a tag ref.

func ValidateGitRef ¶ added in v2.4.0

func ValidateGitRef(refType, ref string) (string, error)

ValidateGitRef validates that the given git ref is a valid ref of the given type and returns its name.

func VerifyVersionedTag ¶ added in v2.2.0

func VerifyVersionedTag(provenanceTag, expectedTag string) error

Types ¶

type KeyFormat ¶ added in v2.4.1

type KeyFormat int

const (
	KeyFormatDER KeyFormat = iota
	KeyFormatPEM
)

type SignatureEncoding ¶ added in v2.4.1

type SignatureEncoding int

const (
	// The DER signature is encoded using ASN.1
	// (https://tools.ietf.org/html/rfc5480#appendix-A):
	// ECDSA-Sig-Value :: = SEQUENCE { r INTEGER, s INTEGER }. In particular, the
	// encoding is:
	// 0x30 || totalLength || 0x02 || r's length || r || 0x02 || s's length || s.
	SignatureEncodingDER SignatureEncoding = iota
	// The IEEE_P1363 signature's format is r || s, where r and s are zero-padded
	// and have the same size in bytes as the order of the curve. For example, for
	// NIST P-256 curve, r and s are zero-padded to 32 bytes.
	SignatureEncodingIEEEP1363
)

type TrustedBuilderID ¶

type TrustedBuilderID struct {
	// contains filtered or unexported fields
}

TrustedBuilderID represents a builder ID that has been explicitly trusted.

func TrustedBuilderIDNew ¶

func TrustedBuilderIDNew(builderID string, needVersion bool) (*TrustedBuilderID, error)

TrustedBuilderIDNew creates a new BuilderID structure.

func (*TrustedBuilderID) MatchesFull ¶ added in v2.3.0

func (b *TrustedBuilderID) MatchesFull(builderID string, allowRef bool) error

MatchesFull matches the builderID string against the reference builderID. Both the name and versions are always verified.

func (*TrustedBuilderID) MatchesLoose ¶ added in v2.3.0

func (b *TrustedBuilderID) MatchesLoose(builderID string, allowRef bool) error

MatchesLoose matches the builderID string against the reference builderID. If the builderID contains a semver, the full builderID must match. Otherwise, only the name needs to match. `allowRef: true` indicates that the matching need not be an eaxct match. In this case, if the BuilderID version is a GitHub ref `refs/tags/name`, we will consider it equal to user-provided builderID `name`.

func (*TrustedBuilderID) Name ¶

func (b *TrustedBuilderID) Name() string

Name returns the trusted builder's name.

func (*TrustedBuilderID) String ¶

func (b *TrustedBuilderID) String() string

String returns the full trusted builder ID as a string.

func (*TrustedBuilderID) Version ¶

func (b *TrustedBuilderID) Version() string

Version returns the trusted builder's version reference if any.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
container

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL