trust

package

v2.7.0 Latest Latest Go to latest Published: May 13, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/capiscio/capiscio-core

Links

Open Source Insights

Documentation ¶

Overview ¶

Package trust provides a local trust store for CA public keys. This enables offline badge verification without network access. See RFC-002 §13.1.

Index ¶

Variables
func DefaultTrustDir() string
type FileStore
- func NewFileStore(dir string) (*FileStore, error)
type Store

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrKeyNotFound    = errors.New("key not found in trust store")
	ErrIssuerNotFound = errors.New("issuer not found in trust store")
	ErrInvalidKey     = errors.New("invalid key format")
)

Common errors returned by this package.

Functions ¶

func DefaultTrustDir ¶

func DefaultTrustDir() string

DefaultTrustDir returns the default trust store directory.

Types ¶

type FileStore ¶

type FileStore struct {
	// contains filtered or unexported fields
}

FileStore implements Store using the filesystem. Default location: ~/.capiscio/trust/

func NewFileStore ¶

func NewFileStore(dir string) (*FileStore, error)

NewFileStore creates a new file-based trust store.

func (*FileStore) Add ¶

func (s *FileStore) Add(key jose.JSONWebKey) error

Add adds a key to the trust store.

func (*FileStore) AddFromJWKS ¶

func (s *FileStore) AddFromJWKS(jwks *jose.JSONWebKeySet, issuerURL string) error

AddFromJWKS adds all keys from a JWKS and optionally maps them to an issuer.

func (*FileStore) AddIssuerMapping ¶

func (s *FileStore) AddIssuerMapping(issuerURL, kid string) error

AddIssuerMapping maps an issuer URL to a key kid.

func (*FileStore) Get ¶

func (s *FileStore) Get(kid string) (*jose.JSONWebKey, error)

Get retrieves a key by kid.

func (*FileStore) GetByIssuer ¶

func (s *FileStore) GetByIssuer(issuerURL string) ([]jose.JSONWebKey, error)

GetByIssuer retrieves all keys for an issuer URL.

func (*FileStore) List ¶

func (s *FileStore) List() ([]jose.JSONWebKey, error)

List returns all keys in the store.

func (*FileStore) Remove ¶

func (s *FileStore) Remove(kid string) error

Remove removes a key by kid.

type Store ¶

type Store interface {
	// Add adds a key to the trust store.
	Add(key jose.JSONWebKey) error

	// Get retrieves a key by kid.
	Get(kid string) (*jose.JSONWebKey, error)

	// GetByIssuer retrieves all keys for an issuer URL.
	GetByIssuer(issuerURL string) ([]jose.JSONWebKey, error)

	// List returns all keys in the store.
	List() ([]jose.JSONWebKey, error)

	// Remove removes a key by kid.
	Remove(kid string) error

	// AddIssuerMapping maps an issuer URL to a key kid.
	AddIssuerMapping(issuerURL, kid string) error
}

Store is the interface for a trust store.

Source Files ¶

View all Source files

store.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL