GO-2025-3381: notation-go's timestamp signature generation lacks certificate revocation check in github.com/notaryproject/notation-go

verifier

package

v1.2.0-beta.1 Latest Latest Go to latest Published: Jul 23, 2024 License: Apache-2.0 Imports: 32 Imported by: 16

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/notaryproject/notation-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package verifier provides an implementation of notation.Verifier interface

Index ¶

Constants
Variables
func New(ociTrustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, ...) (notation.Verifier, error)
func NewBlobVerifierFromConfig() (*verifier, error)
func NewFromConfig() (notation.Verifier, error)
func NewOCIVerifierFromConfig() (*verifier, error)
func NewVerifier(ociTrustPolicy *trustpolicy.OCIDocument, ...) (*verifier, error)
func NewVerifierWithOptions(ociTrustPolicy *trustpolicy.OCIDocument, ...) (*verifier, error)
func NewWithOptions(ociTrustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, ...) (notation.Verifier, error)
type VerifierOptions

Constants ¶

View Source

const (
	// HeaderVerificationPlugin specifies the name of the verification plugin
	// that should be used to verify the signature.
	HeaderVerificationPlugin = "io.cncf.notary.verificationPlugin"

	// HeaderVerificationPluginMinVersion specifies the minimum version of the
	// verification plugin that should be used to verify the signature.
	HeaderVerificationPluginMinVersion = "io.cncf.notary.verificationPluginMinVersion"
)

Variables ¶

View Source

var VerificationPluginHeaders = []string{
	HeaderVerificationPlugin,
	HeaderVerificationPluginMinVersion,
}

VerificationPluginHeaders specifies headers of a verification plugin

Functions ¶

func New ¶

func New(ociTrustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager) (notation.Verifier, error)

New creates a new verifier given ociTrustPolicy, trustStore and pluginManager Deprecated: New function exists for historical compatibility and should not be used. To create verifier, use NewVerifier function.

func NewBlobVerifierFromConfig ¶

func NewBlobVerifierFromConfig() (*verifier, error)

NewBlobVerifierFromConfig returns a Blob verifier based on local file system

func NewFromConfig ¶

func NewFromConfig() (notation.Verifier, error)

NewFromConfig returns a OCI verifier based on local file system Deprecated: NewFromConfig function exists for historical compatibility and should not be used. To create an OCI verifier, use NewOCIVerifierFromConfig function.

func NewOCIVerifierFromConfig ¶

func NewOCIVerifierFromConfig() (*verifier, error)

NewOCIVerifierFromConfig returns a OCI verifier based on local file system

func NewVerifier ¶

func NewVerifier(ociTrustPolicy *trustpolicy.OCIDocument, blobTrustPolicy *trustpolicy.BlobDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager) (*verifier, error)

NewVerifier creates a new verifier given ociTrustPolicy, trustStore and pluginManager

func NewVerifierWithOptions ¶

func NewVerifierWithOptions(ociTrustPolicy *trustpolicy.OCIDocument, blobTrustPolicy *trustpolicy.BlobDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager, verifierOptions VerifierOptions) (*verifier, error)

NewVerifierWithOptions creates a new verifier given ociTrustPolicy, blobTrustPolicy, trustStore, pluginManager, and verifierOptions

func NewWithOptions ¶

func NewWithOptions(ociTrustPolicy *trustpolicy.OCIDocument, trustStore truststore.X509TrustStore, pluginManager plugin.Manager, opts VerifierOptions) (notation.Verifier, error)

NewWithOptions creates a new verifier given ociTrustPolicy, trustStore, pluginManager, and VerifierOptions Deprecated: NewWithOptions function exists for historical compatibility and should not be used. To create verifier, use NewVerifierWithOptions function.

Types ¶

type VerifierOptions ¶

type VerifierOptions struct {
	// RevocationClient is an implementation of revocation.Revocation to use for
	// verifying revocation of code signing certificate chain
	RevocationClient revocation.Revocation

	// RevocationTimestampClient is an implementaion of evocation.Revocation to
	// use for verifying revocation of timestamping certificate chain
	RevocationTimestampClient revocation.Revocation
}

VerifierOptions specifies additional parameters that can be set when using the NewVerifierWithOptions constructor

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
trustpolicy Package trustpolicy provides functionalities for trust policy document and trust policy statements.	Package trustpolicy provides functionalities for trust policy document and trust policy statements.
truststore Package truststore reads certificates in a trust store	Package truststore reads certificates in a trust store

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL