Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Group ¶
type Group struct {
Components []policyComponent
N int
}
Group defines a group of witnesses, and a threshold of signatures that must be met for this group to be satisfied. Witnesses within a group should be fungible, e.g. all of the Armored Witness devices form a logical group, and N should be picked to represent a threshold of the quorum. For some users this will be a simple majority, but other strategies are available. N must be <= len(WitnessKeys).
func NewGroup ¶
NewGroup creates a grouping of Witness or WitnessGroup with a configurable threshold of these sub-components that need to be satisfied in order for this group to be satisfied.
The threshold should only be set to less than the number of sub-components if these are considered fungible.
func ParsePolicy ¶
ParsePolicy creates a graph of witness objects that represents the policy provided.
The policy structure is as described by [Sigsum's policy format](https://git.glasklar.is/sigsum/core/sigsum-go/-/blob/main/doc/policy.md) but with the difference that the configured witness keys MUST be signature type `0x04` `vkey`s as specified by C2SP [signed-note](https://github.com/C2SP/C2SP/blob/main/signed-note.md#verifier-keys).
func (Group) Endpoints ¶
Endpoints returns the details required for updating a witness and checking the response. The returned result is a map from the URL that should be used to update the witness with a new checkpoint, to the value which is the verifier to check the response is well formed.
func (Group) Satisfied ¶
Satisfied returns true if the checkpoint provided has sufficient signatures from the witnesses in this group to satisfy the threshold. This will return false if there are insufficient signatures, and also if the checkpoint cannot be read as a valid note. It is up to the caller to ensure that the input value represents a valid note.
The implementation of this requires every witness in the group to verify the checkpoint, which is O(N). If this is called every time a witness returns a checkpoint then this algorithm is O(N^2). To support large N, this may require some rewriting in order to maintain performance.
type Witness ¶
Witness represents a single witness that can be reached in order to perform a witnessing operation. The URLs() method returns the URL where it can be reached for witnessing, and the Satisfied method provides a predicate to check whether this witness has signed a checkpoint.
func New ¶
New returns a Witness given a verifier key and the root URL for where this witness can be reached.
func (Witness) Endpoints ¶
Endpoints returns the details required for updating a witness and checking the response. The returned result is a map from the URL that should be used to update the witness with a new checkpoint, to the value which is the verifier to check the response is well formed.
Source Files