signing

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 13, 2023 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DIGESTMODE_LOCAL = "local" // (default) store nested digests locally in component descriptor
	DIGESTMODE_TOP   = "top"   // store aggregated nested digests in signed component version
)

Variables

View Source 
var REALM = logging.NewRealm("signing")

Functions

func Apply 

func Apply(printer common.Printer, state *WalkingState, cv ocm.ComponentVersionAccess, opts *Options, closecv ...bool) (*metav1.DigestSpec, error)

func ArtefactDigest added in v0.3.0 

func ArtefactDigest(r *compdesc.Resource) metav1.ArtefactDigest

func DigesterType added in v0.3.0 

func DigesterType(digest *metav1.DigestSpec) ocm.DigesterType

func GetDigestMode added in v0.3.0 

func GetDigestMode(cd *compdesc.ComponentDescriptor, def ...string) string

GetDigestMode checks whether the versio has already been digested. If so, the digest mode used at this time fixes the mode for all further signing processes. If a version is still undigested, any mode possible and is optionally defaulted by an additional argument.

func GetDigests added in v0.3.0 

func GetDigests(cd *compdesc.ComponentDescriptor) (*metav1.NestedComponentDigests, bool)

func NewVersionInfo added in v0.3.0 

func NewVersionInfo(cd *compdesc.ComponentDescriptor, parent *DigestContext) (*VersionInfo, *DigestContext)

func NormalizedDigesterType added in v0.4.1 

func NormalizedDigesterType(digest *metav1.DigestSpec) ocm.DigesterType

func RequireReProcessing 

func RequireReProcessing(vi *VersionInfo, ctx *DigestContext, opts *Options) bool

func SignComponentVersion added in v0.4.0 

func SignComponentVersion(cv ocm.ComponentVersionAccess, name string, optlist ...Option) (*metav1.DigestSpec, error)

func VerifyComponentVersion added in v0.4.0 

func VerifyComponentVersion(cv ocm.ComponentVersionAccess, name string, optlist ...Option) (*metav1.DigestSpec, error)

Types

type DigestContext added in v0.3.0 

type DigestContext struct {
	*RootContextInfo

	Key        common.NameVersion
	Parent     *DigestContext
	Descriptor *compdesc.ComponentDescriptor
	Digest     *metav1.DigestSpec
	Signed     bool
	Source     common.NameVersion
	Refs       map[common.NameVersion]*metav1.DigestSpec
}

func NewDigestContext added in v0.3.0 

func NewDigestContext(cd *compdesc.ComponentDescriptor, parent *DigestContext) *DigestContext

func (*DigestContext) GetDigests added in v0.3.0 

func (dc *DigestContext) GetDigests() metav1.NestedDigests

func (*DigestContext) IsRoot added in v0.3.0 

func (dc *DigestContext) IsRoot() bool

func (*DigestContext) Propagate added in v0.3.0 

func (dc *DigestContext) Propagate(d *metav1.DigestSpec) error

func (*DigestContext) Use added in v0.3.0 

func (dc *DigestContext) Use(ctx *DigestContext) error

func (*DigestContext) ValidFor added in v0.3.0 

func (dc *DigestContext) ValidFor(ctx *DigestContext) bool

type Option 

type Option interface {
	ApplySigningOption(o *Options)
}

func DigestMode added in v0.3.0 

func DigestMode(name string) Option

DigestMode provides an option configuring the digest mode for a signing/verification operation. Possible values are

  • DIGESTMODE_LOCAL(default) all digest information is store along with a component version
  • DIGESTMODE_TOP (experimental) all digest information is gathered for referenced component versions in the initially signed component version.

func Hash added in v0.3.0 

func Hash(h signing.Hasher) Option

Hash provides an option requesting hashing with a dedicated hasher for a signing/hash operation.

func HashByAlgo added in v0.3.0 

func HashByAlgo(algo string) Option

HashByAlgo provides an option requesting to use a dedicated hasher by name for a signing/hash operation. The effective hasher is taken from the hasher registry provided by the OCM context.

func Issuer 

func Issuer(name string) Option

Issuer provides an option requesting to use a dedicated issuer name for a signing operation.

func Printer added in v0.4.0 

func Printer(p common.Printer) Option

Printer provides an option configuring a printer for a signing/verification operation.

func PrivateKey 

func PrivateKey(name string, key interface{}) Option

PrivateKey provides an option requesting to use a dedicated private key for a dedicated signature name for a signing operation.

func PublicKey 

func PublicKey(name string, key interface{}) Option

PublicKey provides an option requesting to use a dedicated public key for a dedicated signature name for a verification operation.

func Recursive 

func Recursive(flags ...bool) Option

Recursive provides an option configuring recursion for a signing/verification operation. If enabled the operation will be done for all component versions in the reference graph.

func Registry 

func Registry(h signing.Registry) Option

Registry provides an option requesting to use a dedicated signing registry for a signing/verification operation. It is used to lookup signers, verifiers, hashers and signing public/private keys by name.

func Resolver 

func Resolver(h ...ocm.ComponentVersionResolver) Option

Resolver provides an option requesting to use a dedicated component version resolver for a signing/verification operation. It is used to resolve references in component versions.

func RootCertificates 

func RootCertificates(pool *x509.CertPool) Option

RootCertificates provides an option requesting to dedicated root certificates for a signing/verification operation using certificates.

func Sign 

func Sign(h signing.Signer, name string) Option

Sign provides an option requesting signing for a dedicated name and signer for a signing operation.

func SignByAlgo added in v0.4.1 

func SignByAlgo(algo string, name string) Option

SignByAlgo provides an option requesting signing with a signing algorithm for a signing operation. The effective signer is taken from the signer registry provided by the OCM context.

func SignatureName added in v0.3.0 

func SignatureName(name string, reset ...bool) Option

SignatureName provides an option requesting to use dedicated signature names for a signing/verification operation.

func Signer added in v0.4.0 

func Signer(h signing.Signer) Option

Signer provides an option requesting to use a dedicated signer for a signing/verification operation.

func SignerByAlgo added in v0.4.1 

func SignerByAlgo(algo string) Option

SignerByAlgo provides an option requesting to use a dedicated signer by algorithm for a signing operation. The effective signer is taken from the signer registry provided by the OCM context.

func SignerByName deprecated added in v0.4.0 

func SignerByName(algo string) Option

SignerByName set a signer by algorithm name.

Deprecated: use SignerByAlgo.

func SkipAccessTypes 

func SkipAccessTypes(names ...string) Option

SkipAccessTypes provides an option to declare dedicated resource types which should be excluded from digesting. This is a legacy options, required only for the handling of older component version not yet completely configured with resource digests. The content of resources with the given types will be marked as not signature relevant.

func Update 

func Update(flags ...bool) Option

Update provides an option configuring the update mode for a signing/verification operation. Only if enabled, state changes will be persisted.

func VerifyDigests 

func VerifyDigests(flags ...bool) Option

VerifyDigests provides an option requesting signature verification for a signing/verification operation.

func VerifySignature 

func VerifySignature(names ...string) Option

VerifySignature provides an option requesting verification for dedicated signature names for a signing/verification operation. If no name is specified the names are taken from the component version.

type Options 

type Options struct {
	Printer           common.Printer
	Update            bool
	Recursively       bool
	DigestMode        string
	Verify            bool
	SignAlgo          string
	Signer            signing.Signer
	Issuer            string
	VerifySignature   bool
	RootCerts         *x509.CertPool
	HashAlgo          string
	Hasher            signing.Hasher
	Keys              signing.KeyRegistry
	Registry          signing.Registry
	Resolver          ocm.ComponentVersionResolver
	SkipAccessTypes   map[string]bool
	SignatureNames    []string
	NormalizationAlgo string
	Keyless           bool
	// contains filtered or unexported fields
}

func NewOptions 

func NewOptions(list ...Option) *Options

func (*Options) ApplySigningOption 

func (o *Options) ApplySigningOption(opts *Options)

func (*Options) Complete 

func (o *Options) Complete(ctx interface{}) error

Complete takes either nil, an ocm.ContextProvider or a signing.Registry. To be compatible with an older version the type has been changed to interface to support multiple variants.

func (*Options) DoSign 

func (o *Options) DoSign() bool

func (*Options) DoUpdate 

func (o *Options) DoUpdate() bool

func (*Options) DoVerify 

func (o *Options) DoVerify() bool

func (*Options) Dup added in v0.3.0 

func (o *Options) Dup() *Options

func (*Options) Eval 

func (opts *Options) Eval(list ...Option) *Options

func (*Options) Nested added in v0.3.0 

func (o *Options) Nested() *Options

func (*Options) PrivateKey 

func (o *Options) PrivateKey() (interface{}, error)

func (*Options) PublicKey 

func (o *Options) PublicKey(sig string) interface{}

func (*Options) SignatureConfigured 

func (o *Options) SignatureConfigured(name string) bool

func (*Options) SignatureName 

func (o *Options) SignatureName() string

func (*Options) StopRecursion added in v0.3.0 

func (o *Options) StopRecursion() *Options

func (*Options) StoreLocally added in v0.3.0 

func (o *Options) StoreLocally() bool

func (*Options) WithDigestMode added in v0.3.0 

func (o *Options) WithDigestMode(mode string) *Options

type RootContextInfo added in v0.3.0 

type RootContextInfo struct {
	CtxKey     common.NameVersion
	Sign       bool
	DigestType ocm.DigesterType
	Hasher     signing.Hasher
	In         map[common.NameVersion]*metav1.NestedComponentDigests
	Out        map[common.NameVersion]*metav1.NestedComponentDigests
}

func (*RootContextInfo) GetPreset added in v0.3.0 

func (dc *RootContextInfo) GetPreset(nv common.NameVersion) *metav1.NestedComponentDigests

type VersionInfo 

type VersionInfo struct {
	// contains filtered or unexported fields
}

VersionInfo keeps track of handled component versions and provides the digest context used for a dedicated root component this component version is digested for (by following component references).

func (*VersionInfo) CreateContext added in v0.3.0 

func (vi *VersionInfo) CreateContext(cd *compdesc.ComponentDescriptor, parent *DigestContext) *DigestContext

func (*VersionInfo) GetContext added in v0.3.0 

func (vi *VersionInfo) GetContext(nv common.NameVersion) *DigestContext

type WalkingState 

type WalkingState struct {
	common.WalkingState[*VersionInfo, *DigestContext]
}

func NewWalkingState 

func NewWalkingState(lctx ...logging.Context) WalkingState

func (*WalkingState) GetContext added in v0.3.0 

func (s *WalkingState) GetContext(nv common.NameVersion, ctxkey common.NameVersion) *DigestContext

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.