util

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 26, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrKeyNotFound = errors.New("key not found")
	ErrBadCert     = errors.New("invalid X.509 cert")
)

Functions

func IsSignedCoRIM 

func IsSignedCoRIM(buf []byte) bool

IsSignedCoRIM returns true if the provided buffer appears to contain a signed CoRIM (no validation is performed).

func IsUnsignedCoRIM 

func IsUnsignedCoRIM(buf []byte) bool

IsUnignedCoRIM returns true if the provided buffer appears to contain an unsigned CoRIM (no validation is performed).

func Normalize 

func Normalize(name string) string

Normalize returns a normalized version of a name.

Types

type CompositeKeyStore 

type CompositeKeyStore struct {
	// contains filtered or unexported fields
}

CompositeKeyStore wraps multiple other KeyStore's. It returns the first matching entry form the contained store. The stores are checked in the order they were added.

func NewCompositeKeyStore 

func NewCompositeKeyStore(stores ...KeyStore) *CompositeKeyStore

NewCompositeKeyStore creates a new CompositeKeyStore containing the provided stores.

func (*CompositeKeyStore) Add 

func (o *CompositeKeyStore) Add(store KeyStore) *CompositeKeyStore

Add the provided store to the CompositeKeyStore. The store is added at the end of the list, making it lowest priority when looking for matches.

func (*CompositeKeyStore) Get 

func (o *CompositeKeyStore) Get(sc *corim.SignedCorim) (KeyStoreEntry, error)

func (*CompositeKeyStore) Insert 

func (o *CompositeKeyStore) Insert(store KeyStore) *CompositeKeyStore

Insert the store at the front of the list of contained stores, making it highest priority when looking for matches

type KeyEntry 

type KeyEntry struct {
	// contains filtered or unexported fields
}

KeyEntry wraps a crypto.PublicKey and a *comid.CryptoKey obtained from the same underying key, and exposes them via the KeyStoreEntry interface.

func KeyEntryFromPublicKey 

func KeyEntryFromPublicKey(pub crypto.PublicKey) (*KeyEntry, error)

KeyEntryFromPublicKey returns a KeyEntry for the specified crypto.PublicKey.

func (*KeyEntry) Authority 

func (o *KeyEntry) Authority() *comid.CryptoKey

func (*KeyEntry) PublicKey 

func (o *KeyEntry) PublicKey() crypto.PublicKey

type KeyStore 

type KeyStore interface {
	// Get matches the provided CoRIM to an entry in the store and
	// returns that entry.
	Get(sc *corim.SignedCorim) (KeyStoreEntry, error)
}

KeyStore is a repository of keys that may be used to verify CoRIM signatures.

type KeyStoreEntry 

type KeyStoreEntry interface {
	// PublicKey returns crypto.PublicKey extracted from the contained key
	PublicKey() crypto.PublicKey
	// Authority returns a *comid.CryptoKey encapsulating the contained key
	Authority() *comid.CryptoKey
}

KeyStoreEntry encapsulates a key obtained from a KeyStore that may be used to verify signatures on CoRIMs going into the store.

type SingleKeyStore 

type SingleKeyStore struct {
	// contains filtered or unexported fields
}

SingleKeyStore wraps a single KeyEntry and matches it to every CoRIM it is given.

func KeyStoreFromJWKBytes 

func KeyStoreFromJWKBytes(data []byte) (*SingleKeyStore, error)

KeyStoreFromJWKBytes returns a *SingleKeyStore that contains an entry for the JWK in the provided buffer.

func KeyStoreFromJWKPath 

func KeyStoreFromJWKPath(path string) (*SingleKeyStore, error)

KeyStoreFromJWKPath returns a *SingleKeyStore that contains an entry for the JWK at the specified path.

func KeyStoreFromPEMBytes 

func KeyStoreFromPEMBytes(data []byte) (*SingleKeyStore, error)

KeyStoreFromPEMBytes returns a *SingleKeyStore that contains an entry for the PEM PUBLIC KEY block in the provided buffer.

func KeyStoreFromPEMPath 

func KeyStoreFromPEMPath(path string) (*SingleKeyStore, error)

KeyStoreFromPEMPath returns a *SingleKeyStore that contains an entry for the PEM PUBLIC KEY block at the specified path.

func KeyStoreFromPublicKey 

func KeyStoreFromPublicKey(pub crypto.PublicKey) (*SingleKeyStore, error)

KeyStoreFromPublicKey returns a *SingleKeyStore that contains an entry for the specified crypto.PublicKey.

func (*SingleKeyStore) Get 

func (o *SingleKeyStore) Get(*corim.SignedCorim) (KeyStoreEntry, error)

type X5ChainKeyStore 

type X5ChainKeyStore struct {
	// contains filtered or unexported fields
}

X5ChainKeyStore produces a KeyEntry for the key extracted from the CoRIM's x5chain header, if one is set. The x5chain is verified beforehand.

func NewX5ChainKeyStore 

func NewX5ChainKeyStore(pool *x509.CertPool) *X5ChainKeyStore

NewX5ChainKeyStore returns a new X5ChainKeyStore with the specified pool.

func NewX5ChainKeyStoreWithSystemCerts 

func NewX5ChainKeyStoreWithSystemCerts() (*X5ChainKeyStore, error)

NewX5ChainKeyStoreWithSystemCerts returns a new X5ChainKeyStore whose root certs are populated from the system certificate pool.

func (*X5ChainKeyStore) AddCertFromBytes 

func (o *X5ChainKeyStore) AddCertFromBytes(bytes []byte) error

AddCertFromBytes parses a certificate from the specified buffers, attempting to guess the format. ErrBadCert is returned if the format cannot be established.

func (*X5ChainKeyStore) AddCertFromDERBytes 

func (o *X5ChainKeyStore) AddCertFromDERBytes(der []byte) error

AddCertFromDERBytes parses a certificate from the specified buffer and adds it to its root certs.

func (*X5ChainKeyStore) AddCertFromDERPath 

func (o *X5ChainKeyStore) AddCertFromDERPath(path string) error

AddCertFromPEMPath parses a certificate from the file at the specified path and adds it to its root certs.

func (*X5ChainKeyStore) AddCertFromPEMBytes 

func (o *X5ChainKeyStore) AddCertFromPEMBytes(pem []byte) error

AddCertFromPEMBytes parses a certificate from the specified buffer and adds it to its root certs.

func (*X5ChainKeyStore) AddCertFromPEMPath 

func (o *X5ChainKeyStore) AddCertFromPEMPath(path string) error

AddCertFromPEMPath parses a certificate from the file at the specified path and adds it to its root certs.

func (*X5ChainKeyStore) AddCertFromPath 

func (o *X5ChainKeyStore) AddCertFromPath(path string) error

AddCertFromPath parses a certificate from the specified paths, attempting to guess the format. ErrBadCert is returned if the format cannot be established.

func (*X5ChainKeyStore) Get 

func (o *X5ChainKeyStore) Get(signed *corim.SignedCorim) (KeyStoreEntry, error)

func (*X5ChainKeyStore) SetCertPool 

func (o *X5ChainKeyStore) SetCertPool(pool *x509.CertPool) *x509.CertPool

SetCertPool replaces the internal root cert pool with the provided one, and returns the old pool.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.