README
¶
Notation
A collection of libraries for supporting Notation sign, verify, push, pull of oci artifacts. Based on Notary V2 standard.
Table of Contents
Core Documents
Code of Conduct
This project has adopted the CNCF Code of Conduct. See CODE_OF_CONDUCT.md for further details.
License
This project is covered under the Apache 2.0 license. You can read the license here.
Documentation
¶
Index ¶
Constants ¶
const MediaTypePayloadV1 = "application/vnd.cncf.notary.payload.v1+json"
MediaTypePayloadV1 is the supported content type for signature's payload.
Variables ¶
var SigningAgent = "Notation/1.0.0"
SigningAgent is the unprotected header field used by signature.
Functions ¶
This section is empty.
Types ¶
type Descriptor ¶
type Descriptor struct {
// The media type of the targeted content.
MediaType string `json:"mediaType"`
// The digest of the targeted content.
Digest digest.Digest `json:"digest"`
// Specifies the size in bytes of the blob.
Size int64 `json:"size"`
// Contains optional user defined attributes.
Annotations map[string]string `json:"annotations,omitempty"`
}
Descriptor describes the artifact that needs to be signed.
func (Descriptor) Equal ¶
func (d Descriptor) Equal(t Descriptor) bool
Equal reports whether d and t points to the same content.
type Payload ¶
type Payload struct {
TargetArtifact Descriptor `json:"targetArtifact"`
}
Payload describes the content that gets signed.
type SignOptions ¶
type SignOptions struct {
// Expiry identifies the expiration time of the resulted signature.
Expiry time.Time
// TSA is the TimeStamp Authority to timestamp the resulted signature if present.
TSA timestamp.Timestamper
// TSAVerifyOptions is the verify option to verify the fetched timestamp signature.
// The `Intermediates` in the verify options will be ignored and re-contrusted using
// the certificates in the fetched timestamp signature.
// An empty list of `KeyUsages` in the verify options implies ExtKeyUsageTimeStamping.
TSAVerifyOptions x509.VerifyOptions
// Sets or overrides the plugin configuration.
PluginConfig map[string]string
}
SignOptions contains parameters for Signer.Sign.
type Signer ¶
type Signer interface {
// Sign signs the artifact described by its descriptor,
// and returns the signature.
Sign(ctx context.Context, desc Descriptor, opts SignOptions) ([]byte, error)
}
Signer is a generic interface for signing an artifact. The interface allows signing with local or remote keys, and packing in various signature formats.
type Verifier ¶
type Verifier interface {
// Verify verifies the signature and returns the verified descriptor and
// metadata of the signed artifact.
Verify(ctx context.Context, signature []byte, opts VerifyOptions) (Descriptor, error)
}
Verifier is a generic interface for verifying an artifact.
type VerifyOptions ¶
type VerifyOptions struct {
// SignatureMediaType is the envelope type of the signature.
// Currently both `application/jose+json` and `application/cose` are supported.
SignatureMediaType string
}
VerifyOptions contains parameters for Verifier.Verify.
func (VerifyOptions) Validate ¶
func (opts VerifyOptions) Validate() error
Validate does basic validation on VerifyOptions.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
internal
|
|
|
Package verification provides the utilities for handling verification related logic like Trust Stores and Trust Policies.
|
Package verification provides the utilities for handling verification related logic like Trust Stores and Trust Policies. |