signature

package
v0.10.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2024 License: MIT Imports: 12 Imported by: 3

Documentation

Overview

Package signature implements signing and verification of pipeline steps.

Index

Constants

View Source 
const EnvNamespacePrefix = "env::"

EnvNamespacePrefix is the string that prefixes all fields in the "env" namespace. This is used to separate signed data that came from the environment from data that came from an object.

Variables

This section is empty.

Functions

func Sign 

func Sign(_ context.Context, key jwk.Key, sf SignedFielder, opts ...Option) (*pipeline.Signature, error)

Sign computes a new signature for an environment (env) combined with an object containing values (sf) using a given key.

func SignSteps 

func SignSteps(ctx context.Context, s pipeline.Steps, key jwk.Key, repoURL string, opts ...Option) error

SignSteps adds signatures to each command step (and recursively to any command steps that are within group steps). The steps are mutated directly, so an error part-way through may leave some steps un-signed.

func Verify 

func Verify(ctx context.Context, s *pipeline.Signature, keySet jwk.Set, sf SignedFielder, opts ...Option) error

Verify verifies an existing signature against environment (env) combined with an object containing values (sf) using keys from a keySet.

Types

type CommandStepWithInvariants added in v0.2.0 

type CommandStepWithInvariants struct {
	pipeline.CommandStep
	RepositoryURL string
}

CommandStepWithInvariants is a CommandStep with PipelineInvariants.

func (*CommandStepWithInvariants) SignedFields added in v0.2.0 

func (c *CommandStepWithInvariants) SignedFields() (map[string]any, error)

SignedFields returns the default fields for signing.

func (*CommandStepWithInvariants) ValuesForFields added in v0.2.0 

func (c *CommandStepWithInvariants) ValuesForFields(fields []string) (map[string]any, error)

ValuesForFields returns the contents of fields to sign.

type Logger added in v0.10.0 

type Logger interface{ Debug(f string, v ...any) }

type Option added in v0.10.0 

type Option interface {
	// contains filtered or unexported methods
}

func WithDebugSigning added in v0.10.0 

func WithDebugSigning(debugSigning bool) Option

func WithEnv added in v0.10.0 

func WithEnv(env map[string]string) Option

func WithLogger added in v0.10.0 

func WithLogger(logger Logger) Option

type SignedFielder 

type SignedFielder interface {
	// SignedFields returns the default set of fields to sign, and their values.
	// This is called by Sign.
	SignedFields() (map[string]any, error)

	// ValuesForFields looks up each field and produces a map of values. This is
	// called by Verify. The set of fields might differ from the default, e.g.
	// when verifying older signatures computed with fewer fields or deprecated
	// field names. signedFielder implementations should reject requests for
	// values if "mandatory" fields are missing (e.g. signing a command step
	// should always sign the command).
	ValuesForFields([]string) (map[string]any, error)
}

SignedFielder describes types that can be signed and have signatures verified. Converting non-string fields into strings (in a stable, canonical way) is an exercise left to the implementer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.