Versions in this module Expand all Collapse all v0 v0.9.0 May 15, 2026 Changes in this version + var ErrCanonicalization = errors.New("failed to canonicalize component") + var ErrContentDigestMismatch = errors.New("content digest mismatch") + var ErrInvalidComponentIdentifier = errors.New("invalid component identifier") + var ErrInvalidKeySize = errors.New("invalid key size") + var ErrInvalidSignature = errors.New("invalid signature") + var ErrMalformedData = errors.New("malformed data") + var ErrMalformedSignatureParameter = errors.New("malformed signature parameter") + var ErrMissingParameter = errors.New("missing parameter error") + var ErrNoApplicableDigestFound = errors.New("no applicable digest found") + var ErrNoKeyProvided = errors.New("no key provided") + var ErrParameter = errors.New("parameter error") + var ErrSignatureNegotiationError = errors.New("signature negotiation error") + var ErrUnsupportedAlgorithm = errors.New("unknown/unsupported algorithm") + var ErrUnsupportedComponentIdentifier = errors.New("unsupported component identifier") + var ErrUnsupportedKeyType = errors.New("unsupported key type/format") + var ErrValidity = errors.New("validity error") + var ErrVerificationFailed = errors.New("verification failed") + var ErrVerifierCreation = errors.New("verifier creation failed") + type AcceptSignatureBuilder struct + func NewAcceptSignature(opts ...AcceptSignatureOption) (*AcceptSignatureBuilder, error) + func (asb *AcceptSignatureBuilder) Build(ctx context.Context, header http.Header) error + type AcceptSignatureOption func(*AcceptSignatureBuilder) error + func WithContentDigestAlgorithmPreferences(prefs ...AlgorithmPreference) AcceptSignatureOption + func WithExpectedComponents(identifiers ...string) AcceptSignatureOption + func WithExpectedCreatedTimestamp(flag bool) AcceptSignatureOption + func WithExpectedExpiresTimestamp(flag bool) AcceptSignatureOption + func WithExpectedKey(key Key) AcceptSignatureOption + func WithExpectedLabel(label string) AcceptSignatureOption + func WithExpectedNonce(ng NonceGetter) AcceptSignatureOption + func WithExpectedTag(tag string) AcceptSignatureOption + type AlgorithmPreference struct + Algorithm DigestAlgorithm + Preference int + func (p AlgorithmPreference) String() string + type DigestAlgorithm string + const Sha256 + const Sha512 + type Key struct + Algorithm SignatureAlgorithm + Key any + KeyID string + func (k Key) ResolveKey(_ context.Context, _ string) (Key, error) + type KeyResolver interface + ResolveKey func(ctx context.Context, keyID string) (Key, error) + type Message struct + Authority string + Body func() (io.ReadCloser, error) + Context context.Context + Header http.Header + IsRequest bool + Method string + RequestBody func() (io.ReadCloser, error) + RequestHeader http.Header + StatusCode int + URL *url.URL + func MessageForResponse(req *http.Request, respHeader http.Header, body []byte, respCode int) *Message + func MessageFromRequest(req *http.Request) *Message + func MessageFromResponse(rw *http.Response) *Message + type NoApplicableSignatureError struct + func (e *NoApplicableSignatureError) Error() string + func (e *NoApplicableSignatureError) Is(err error) bool + func (e *NoApplicableSignatureError) Negotiate(header http.Header) + type NonceChecker interface + CheckNonce func(ctx context.Context, nonce NonceValue) error + type NonceCheckerFunc func(ctx context.Context, nonce NonceValue) error + func (f NonceCheckerFunc) CheckNonce(ctx context.Context, nonce NonceValue) error + type NonceGetter interface + GetNonce func(ctx context.Context) (string, error) + type NonceGetterFunc func(ctx context.Context) (string, error) + func (ng NonceGetterFunc) GetNonce(ctx context.Context) (string, error) + type NonceValue struct + Present bool + Value string + type SignatureAlgorithm string + const EcdsaP256Sha256 + const EcdsaP384Sha384 + const EcdsaP521Sha512 + const Ed25519 + const HmacSha256 + const HmacSha384 + const HmacSha512 + const RsaPkcs1v15Sha256 + const RsaPkcs1v15Sha384 + const RsaPkcs1v15Sha512 + const RsaPssSha256 + const RsaPssSha384 + const RsaPssSha512 + type SignatureNegotiationOption func(sno *sigNegotiationOpts) + func WithRequestedContentDigestAlgorithmPreferences(prefs ...AlgorithmPreference) SignatureNegotiationOption + func WithRequestedKey(key Key) SignatureNegotiationOption + func WithRequestedLabel(label string) SignatureNegotiationOption + func WithRequestedNonce(ng NonceGetter) SignatureNegotiationOption + type SignatureParameter string + const Alg + const Created + const Expires + const KeyID + const Nonce + const Tag + type Signer interface + Sign func(msg *Message) (http.Header, error) + func NewSigner(key Key, opts ...SignerOption) (Signer, error) + type SignerOption func(s *signer) error + func WithComponents(identifiers ...string) SignerOption + func WithContentDigestAlgorithm(alg DigestAlgorithm) SignerOption + func WithLabel(label string) SignerOption + func WithNonce(ng NonceGetter) SignerOption + func WithTTL(ttl time.Duration) SignerOption + func WithTag(tag string) SignerOption + type Verifier interface + Verify func(msg *Message) error + func NewVerifier(resolver KeyResolver, opts ...VerifierOption) (Verifier, error) + type VerifierOption func(v *verifier, e *expectations, f bool) error + func WithCreatedTimestampRequired(flag bool) VerifierOption + func WithExpiredTimestampRequired(flag bool) VerifierOption + func WithMaxAge(d time.Duration) VerifierOption + func WithNonceChecker(checker NonceChecker) VerifierOption + func WithRequiredComponents(identifiers ...string) VerifierOption + func WithRequiredTag(tag string, opts ...VerifierOption) VerifierOption + func WithSignatureNegotiation(opts ...SignatureNegotiationOption) VerifierOption + func WithValidateAllSignatures() VerifierOption + func WithValidityTolerance(d time.Duration) VerifierOption
Go to main page