v1

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2025 License: Apache-2.0 Imports: 12 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	SigstoreModeExact  string = "exact"
	SigstoreModeRegexp string = "regexp"
)

Variables

View Source 
var File_carabiner_signer_v1_identity_proto protoreflect.FileDescriptor
View Source 
var File_carabiner_signer_v1_signer_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type Identity 

type Identity struct {
	Id       string            `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	Sigstore *IdentitySigstore `protobuf:"bytes,2,opt,name=sigstore,proto3,oneof" json:"sigstore,omitempty"`
	Key      *IdentityKey      `protobuf:"bytes,3,opt,name=key,proto3,oneof" json:"key,omitempty"`
	Ref      *IdentityRef      `protobuf:"bytes,4,opt,name=ref,proto3,oneof" json:"ref,omitempty"`
	// contains filtered or unexported fields
}

Identity captures a signer identity. An identity can one of: 

a) A sigstore identity
b) A key
c) A reference to an identity defined outside the policy

func NewIdentityFromSlug added in v0.3.4 

func NewIdentityFromSlug(slug string) (*Identity, error)

NewIdentityFromSlug returns a new identity by parsing a slug string.

There are three kinds of identities supported: sigstore, key and reference.

func (*Identity) Descriptor deprecated 

func (*Identity) Descriptor() ([]byte, []int)

Deprecated: Use Identity.ProtoReflect.Descriptor instead.

func (*Identity) GetId 

func (x *Identity) GetId() string

func (*Identity) GetKey 

func (x *Identity) GetKey() *IdentityKey

func (*Identity) GetRef 

func (x *Identity) GetRef() *IdentityRef

func (*Identity) GetSigstore 

func (x *Identity) GetSigstore() *IdentitySigstore

func (*Identity) ProtoMessage 

func (*Identity) ProtoMessage()

func (*Identity) ProtoReflect 

func (x *Identity) ProtoReflect() protoreflect.Message

func (*Identity) PublicKey added in v0.3.4 

func (i *Identity) PublicKey() (key.PublicKeyProvider, error)

PublicKey returns the identity public if by parsing the data if set.

func (*Identity) Reset 

func (x *Identity) Reset()

func (*Identity) Slug added in v0.3.4 

func (i *Identity) Slug() string

Slug returns a string representing the identity

func (*Identity) String 

func (x *Identity) String() string

func (*Identity) Validate added in v0.3.4 

func (i *Identity) Validate() error

Validate checks the integrity of the identity and returns an error if fields are missing or invalid

type IdentityKey 

type IdentityKey struct {
	Id   string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`     // Key ID
	Type string `protobuf:"bytes,2,opt,name=type,proto3" json:"type,omitempty"` // Identity type
	Data string `protobuf:"bytes,3,opt,name=data,proto3" json:"data,omitempty"` // Public key data
	// contains filtered or unexported fields
}

IdentityKey registers the data of a key used to sign attestations.

func (*IdentityKey) Descriptor deprecated 

func (*IdentityKey) Descriptor() ([]byte, []int)

Deprecated: Use IdentityKey.ProtoReflect.Descriptor instead.

func (*IdentityKey) GetData 

func (x *IdentityKey) GetData() string

func (*IdentityKey) GetId 

func (x *IdentityKey) GetId() string

func (*IdentityKey) GetType 

func (x *IdentityKey) GetType() string

func (*IdentityKey) ProtoMessage 

func (*IdentityKey) ProtoMessage()

func (*IdentityKey) ProtoReflect 

func (x *IdentityKey) ProtoReflect() protoreflect.Message

func (*IdentityKey) Reset 

func (x *IdentityKey) Reset()

func (*IdentityKey) String 

func (x *IdentityKey) String() string

type IdentityRef 

type IdentityRef struct {
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// contains filtered or unexported fields
}

IdentityRef represents an identity defined outside of the policy. Most commonly these identities will be defined at the policy set level to have a common definition that can be reused by all policies in a set.

func (*IdentityRef) Descriptor deprecated 

func (*IdentityRef) Descriptor() ([]byte, []int)

Deprecated: Use IdentityRef.ProtoReflect.Descriptor instead.

func (*IdentityRef) GetId 

func (x *IdentityRef) GetId() string

func (*IdentityRef) ProtoMessage 

func (*IdentityRef) ProtoMessage()

func (*IdentityRef) ProtoReflect 

func (x *IdentityRef) ProtoReflect() protoreflect.Message

func (*IdentityRef) Reset 

func (x *IdentityRef) Reset()

func (*IdentityRef) String 

func (x *IdentityRef) String() string

type IdentitySigstore 

type IdentitySigstore struct {
	Mode     *string `protobuf:"bytes,1,opt,name=mode,proto3,oneof" json:"mode,omitempty"`   // exact | regexp
	Issuer   string  `protobuf:"bytes,2,opt,name=issuer,proto3" json:"issuer,omitempty"`     // https://accounts.google.com
	Identity string  `protobuf:"bytes,3,opt,name=identity,proto3" json:"identity,omitempty"` //  "identity": "puerco@gmail.com"
	// contains filtered or unexported fields
}

IdentitySigstore represents the identity data in a Fulcio cert.

func (*IdentitySigstore) Descriptor deprecated 

func (*IdentitySigstore) Descriptor() ([]byte, []int)

Deprecated: Use IdentitySigstore.ProtoReflect.Descriptor instead.

func (*IdentitySigstore) GetIdentity 

func (x *IdentitySigstore) GetIdentity() string

func (*IdentitySigstore) GetIssuer 

func (x *IdentitySigstore) GetIssuer() string

func (*IdentitySigstore) GetMode 

func (x *IdentitySigstore) GetMode() string

func (*IdentitySigstore) ProtoMessage 

func (*IdentitySigstore) ProtoMessage()

func (*IdentitySigstore) ProtoReflect 

func (x *IdentitySigstore) ProtoReflect() protoreflect.Message

func (*IdentitySigstore) Reset 

func (x *IdentitySigstore) Reset()

func (*IdentitySigstore) String 

func (x *IdentitySigstore) String() string

type SignatureVerification 

type SignatureVerification struct {

	// Date when the verification was performed
	Date *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=date,proto3" json:"date,omitempty"`
	// SignatureVerified is set to true when a hash's signature was verified
	// with at least one key or cert. Verified does not imply any identity check.
	Verified bool `protobuf:"varint,2,opt,name=verified,proto3" json:"verified,omitempty"`
	// Identities has a list of the identities (sigstore signers or keys)
	// that signed the object.
	Identities []*Identity `protobuf:"bytes,3,rep,name=Identities,proto3" json:"Identities,omitempty"`
	// Message is an optional message that can be populated when a verification
	// was performed successfully.
	Message string `protobuf:"bytes,4,opt,name=message,proto3" json:"message,omitempty"`
	// Error is a message explaining why verification failed.
	Error string `protobuf:"bytes,5,opt,name=error,proto3" json:"error,omitempty"`
	// contains filtered or unexported fields
}

func (*SignatureVerification) Descriptor deprecated 

func (*SignatureVerification) Descriptor() ([]byte, []int)

Deprecated: Use SignatureVerification.ProtoReflect.Descriptor instead.

func (*SignatureVerification) GetDate 

func (x *SignatureVerification) GetDate() *timestamppb.Timestamp

func (*SignatureVerification) GetError 

func (x *SignatureVerification) GetError() string

func (*SignatureVerification) GetIdentities 

func (x *SignatureVerification) GetIdentities() []*Identity

func (*SignatureVerification) GetMessage 

func (x *SignatureVerification) GetMessage() string

func (*SignatureVerification) GetVerified 

func (x *SignatureVerification) GetVerified() bool

func (*SignatureVerification) MatchesIdentity added in v0.3.4 

func (sv *SignatureVerification) MatchesIdentity(id *Identity) bool

HasIdentity returns true if one of the verifiers matches the passed identity

func (*SignatureVerification) MatchesKeyIdentity added in v0.3.4 

func (sv *SignatureVerification) MatchesKeyIdentity(keyIdentity *IdentityKey) bool

MatchesKeyIdentity returns true if one of the verified signatures was performed with the specified key.

func (*SignatureVerification) MatchesSigstoreIdentity added in v0.3.4 

func (sv *SignatureVerification) MatchesSigstoreIdentity(id *IdentitySigstore) bool

HasIdentity returns true if one of the verifiers matches the passed sigstore identity.

func (*SignatureVerification) ProtoMessage 

func (*SignatureVerification) ProtoMessage()

func (*SignatureVerification) ProtoReflect 

func (x *SignatureVerification) ProtoReflect() protoreflect.Message

func (*SignatureVerification) Reset 

func (x *SignatureVerification) Reset()

func (*SignatureVerification) String 

func (x *SignatureVerification) String() string

type Verification 

type Verification struct {
	Signature *SignatureVerification `protobuf:"bytes,1,opt,name=signature,proto3" json:"signature,omitempty"`
	// contains filtered or unexported fields
}

Results of the signature verification process

func (*Verification) Descriptor deprecated 

func (*Verification) Descriptor() ([]byte, []int)

Deprecated: Use Verification.ProtoReflect.Descriptor instead.

func (*Verification) Error added in v0.3.4 

func (v *Verification) Error() string

Error implements the Go error interface when verification fails

func (*Verification) GetSignature 

func (x *Verification) GetSignature() *SignatureVerification

func (*Verification) GetVerified added in v0.3.4 

func (v *Verification) GetVerified() bool

GetVerified returns true if verification passed

func (*Verification) MatchesIdentity added in v0.3.4 

func (v *Verification) MatchesIdentity(rawID any) bool

MatchesIdentity returns true if one of the verified signatures matches the identity.

func (*Verification) ProtoMessage 

func (*Verification) ProtoMessage()

func (*Verification) ProtoReflect 

func (x *Verification) ProtoReflect() protoreflect.Message

func (*Verification) Reset 

func (x *Verification) Reset()

func (*Verification) String 

func (x *Verification) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.