signer

package
v0.1.0-alpha.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2022 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func VerifyAuthenticity 

func VerifyAuthenticity(signerInfo *SignerInfo, trustedCerts []*x509.Certificate) (*x509.Certificate, error)

VerifyAuthenticity verifies the certificate chain in the given SignerInfo with one of the trusted certificates and returns a certificate that matches with one of the certificates in the SignerInfo.

Types

type Attribute 

type Attribute struct {
	Key      string
	Critical bool
	Value    interface{}
}

Attribute represents metadata in the Signature envelope

type HashAlgorithm 

type HashAlgorithm string

HashAlgorithm algorithm associated with the key spec. 

const (
	SHA_256 HashAlgorithm = "SHA_256"
	SHA_384 HashAlgorithm = "SHA_384"
	SHA_512 HashAlgorithm = "SHA_512"
)

One of following supported specs https://github.com/notaryproject/notaryproject/blob/main/signature-specification.md#algorithm-selection

func (HashAlgorithm) HashFunc 

func (h HashAlgorithm) HashFunc() crypto.Hash

HashFunc returns the Hash associated k.

type KeySpec 

type KeySpec string

KeySpec defines a key type and size. 

const (
	RSA_2048 KeySpec = "RSA_2048"
	RSA_3072 KeySpec = "RSA_3072"
	RSA_4096 KeySpec = "RSA_4096"
	EC_256   KeySpec = "EC_256"
	EC_384   KeySpec = "EC_384"
	EC_521   KeySpec = "EC_521"
)

func GetKeySpec 

func GetKeySpec(signingCert *x509.Certificate) (KeySpec, error)

GetKeySpec picks up a recommended signing algorithm for given certificate.

func (KeySpec) SignatureAlgorithm 

func (k KeySpec) SignatureAlgorithm() SignatureAlgorithm

SignatureAlgorithm returns the signing algorithm associated with KeyType k.

type LocalSignatureProvider 

type LocalSignatureProvider struct {
	// contains filtered or unexported fields
}

LocalSignatureProvider implements SignatureEnvelope's SignatureProvider to facilitate signing using local certificates and private key.

func NewLocalSignatureProvider 

func NewLocalSignatureProvider(certs []*x509.Certificate, pk crypto.PrivateKey) (*LocalSignatureProvider, error)

NewLocalSignatureProvider returns the LocalSignatureProvider created using given certificates and private key.

func (*LocalSignatureProvider) KeySpec 

func (l *LocalSignatureProvider) KeySpec() (KeySpec, error)

func (*LocalSignatureProvider) Sign 

func (l *LocalSignatureProvider) Sign(bytes []byte) ([]byte, []*x509.Certificate, error)

type MalformedArgumentError 

type MalformedArgumentError struct {
	// contains filtered or unexported fields
}

MalformedArgumentError is used when an argument to a function is malformed.

func (MalformedArgumentError) Error 

func (e MalformedArgumentError) Error() string

type MalformedSignRequestError 

type MalformedSignRequestError struct {
	// contains filtered or unexported fields
}

MalformedSignRequestError is used when SignRequest is malformed.

func (MalformedSignRequestError) Error 

func (e MalformedSignRequestError) Error() string

type MalformedSignatureError 

type MalformedSignatureError struct {
	// contains filtered or unexported fields
}

MalformedSignatureError is used when Signature envelope is malformed.

func (MalformedSignatureError) Error 

func (e MalformedSignatureError) Error() string

type PayloadContentType 

type PayloadContentType string

PayloadContentType list the supported content types for signature's payload . 

const (
	PayloadContentTypeV1 PayloadContentType = "application/vnd.cncf.notary.payload.v1+json"
)

type SignRequest 

type SignRequest struct {
	Payload                      []byte
	PayloadContentType           PayloadContentType
	SignatureProvider            SignatureProvider
	SigningTime                  time.Time
	Expiry                       time.Time
	ExtendedSignedAttrs          []Attribute
	SigningAgent                 string
	SigningScheme                SigningScheme
	VerificationPlugin           string
	VerificationPluginMinVersion string
}

SignRequest is used to generate Signature.

type SignatureAlgoNotSupportedError 

type SignatureAlgoNotSupportedError struct {
	// contains filtered or unexported fields
}

SignatureAlgoNotSupportedError is used when signing algo is not supported.

func (SignatureAlgoNotSupportedError) Error 

func (e SignatureAlgoNotSupportedError) Error() string

type SignatureAlgorithm 

type SignatureAlgorithm string

SignatureAlgorithm lists supported signature algorithms. 

const (
	RSASSA_PSS_SHA_256 SignatureAlgorithm = "RSASSA_PSS_SHA_256"
	RSASSA_PSS_SHA_384 SignatureAlgorithm = "RSASSA_PSS_SHA_384"
	RSASSA_PSS_SHA_512 SignatureAlgorithm = "RSASSA_PSS_SHA_512"
	ECDSA_SHA_256      SignatureAlgorithm = "ECDSA_SHA_256"
	ECDSA_SHA_384      SignatureAlgorithm = "ECDSA_SHA_384"
	ECDSA_SHA_512      SignatureAlgorithm = "ECDSA_SHA_512"
)

One of following supported specs https://github.com/notaryproject/notaryproject/blob/main/signature-specification.md#algorithm-selection

func (SignatureAlgorithm) Hash 

func (s SignatureAlgorithm) Hash() HashAlgorithm

Hash returns the Hash associated s.

type SignatureAuthenticityError 

type SignatureAuthenticityError struct{}

SignatureAuthenticityError is used when signature is not generated using trusted certificates.

func (SignatureAuthenticityError) Error 

func (e SignatureAuthenticityError) Error() string

type SignatureEnvelope 

type SignatureEnvelope struct {
	// contains filtered or unexported fields
}

SignatureEnvelope provides functions to generate signature and verify signature.

func NewSignatureEnvelope 

func NewSignatureEnvelope(envelopeMediaType SignatureMediaType) (*SignatureEnvelope, error)

NewSignatureEnvelope is used for signature generation workflow

func NewSignatureEnvelopeFromBytes 

func NewSignatureEnvelopeFromBytes(envelopeBytes []byte, envelopeMediaType SignatureMediaType) (*SignatureEnvelope, error)

NewSignatureEnvelopeFromBytes is used for signature verification workflow

func (SignatureEnvelope) GetSignerInfo 

func (s SignatureEnvelope) GetSignerInfo() (*SignerInfo, error)

GetSignerInfo returns information about the Signature envelope

func (*SignatureEnvelope) Sign 

func (s *SignatureEnvelope) Sign(req SignRequest) ([]byte, error)

Sign generates Signature using given SignRequest.

func (*SignatureEnvelope) Verify 

func (s *SignatureEnvelope) Verify() (*SignerInfo, error)

Verify performs integrity and other signature specification related validations Returns the SignerInfo object containing the information about the signature.

type SignatureIntegrityError 

type SignatureIntegrityError struct {
	// contains filtered or unexported fields
}

SignatureIntegrityError is used when the Signature associated is no longer valid.

func (SignatureIntegrityError) Error 

func (e SignatureIntegrityError) Error() string

type SignatureMediaType 

type SignatureMediaType string

SignatureMediaType list the supported media-type for signatures. 

const (
	MediaTypeJWSJson SignatureMediaType = "application/jose+json"
)

type SignatureNotFoundError 

type SignatureNotFoundError struct{}

SignatureNotFoundError is used when signature envelope is not present.

func (SignatureNotFoundError) Error 

func (e SignatureNotFoundError) Error() string

type SignatureProvider 

type SignatureProvider interface {
	Sign([]byte) ([]byte, []*x509.Certificate, error)
	KeySpec() (KeySpec, error)
}

SignatureProvider is used to sign bytes generated after creating Signature envelope.

type SignedAttributes 

type SignedAttributes struct {
	SigningTime                  time.Time
	Expiry                       time.Time
	VerificationPlugin           string
	VerificationPluginMinVersion string
	ExtendedAttributes           []Attribute
}

SignedAttributes represents signed metadata in the Signature envelope

type SignerInfo 

type SignerInfo struct {
	Payload   []byte
	Signature []byte

	// Signed attributes
	PayloadContentType PayloadContentType
	SignatureAlgorithm SignatureAlgorithm
	SigningScheme      SigningScheme
	SignedAttributes   SignedAttributes

	// Unsigned attributes
	CertificateChain   []*x509.Certificate
	TimestampSignature []byte
	UnsignedAttributes UnsignedAttributes
}

SignerInfo represents a parsed signature envelope that is agnostic to signature envelope format.

type SigningScheme 

type SigningScheme string

SigningScheme formalizes the feature set (guarantees) provided by the signature. 

const (
	SigningSchemeX509                 SigningScheme = "notary.x509"
	SigningSchemeX509SigningAuthority SigningScheme = "notary.x509.signingAuthority"
)

type UnsignedAttributes 

type UnsignedAttributes struct {
	SigningAgent string
}

UnsignedAttributes represents unsigned metadata in the Signature envelope

type UnsupportedSignatureFormatError 

type UnsupportedSignatureFormatError struct {
	// contains filtered or unexported fields
}

UnsupportedSignatureFormatError is used when Signature envelope is not supported.

func (UnsupportedSignatureFormatError) Error 

func (e UnsupportedSignatureFormatError) Error() string

type UnsupportedSigningKeyError 

type UnsupportedSigningKeyError struct {
	// contains filtered or unexported fields
}

UnsupportedSigningKeyError is used when a signing key is not supported

func (UnsupportedSigningKeyError) Error 

func (e UnsupportedSigningKeyError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.