security

package
v0.1.39 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 27, 2026 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CAPrefix      = "_ops_ca"
	IssuerPrefix  = "_ops_issuer"
	SubjectPrefix = "_ops_u"
)
View Source 
const (
	DefaultDigestMethod = "sha256"
)

Variables

View Source 
var DNS = dns{
	// contains filtered or unexported fields
}
View Source 
var ErrDNSSECValidationFailed = errors.New("dnssec validation failed: AD bit not set")
View Source 
var PemTPL = `
-----BEGIN CERTIFICATE-----
%s
-----END CERTIFICATE-----
	`

Functions

func SecuritySignFile 

func SecuritySignFile(filePath string, sigPath string, ski string, fingerprint string, key *rsa.PrivateKey, algo string) error

func SignBytes 

func SignBytes(content *[]byte, ski string, certFingerprint string, key *rsa.PrivateKey, algo string) (*action.Signature, error)

func SpkiSKI 

func SpkiSKI(cert *x509.Certificate) string

func ValidateBytes 

func ValidateBytes(content *[]byte, cert *x509.Certificate, signature action.Signature) error

func ValidateKeyPair 

func ValidateKeyPair(cert, key []byte) error

Types

type CertMetadata 

type CertMetadata struct {
	Subject     string
	Publisher   string
	Type        pki.CertType
	Fingerprint string
	SKI         string
}

func CertMetadataFromBytes 

func CertMetadataFromBytes(certPem *[]byte) (*CertMetadata, error)

type Fingerprint 

type Fingerprint []byte

func ParseFingerprint 

func ParseFingerprint(fp string) (Fingerprint, error)

func SpkiFingerprint 

func SpkiFingerprint(cert *x509.Certificate) Fingerprint

func (Fingerprint) String 

func (f Fingerprint) String() string

type LookupRequest 

type LookupRequest struct {
	SKI       string
	Publisher string
}

type LookupResult 

type LookupResult struct {
	CA     []byte
	Issuer []byte
	SKI    []byte
}

type Mode 

type Mode string
const (
	Default Mode = "default"
)
const (
	Empty Mode = "empty"
)
const (
	None Mode = "none"
)

func (Mode) String 

func (rcv Mode) String() string

func (*Mode) UnmarshalBinary 

func (rcv *Mode) UnmarshalBinary(data []byte) error

type Security 

type Security interface {
	Mode() Mode
	VerifyManifest(manifest *ops.Manifest) ([]*VerifyResult, error)
	VerifyMetadata(metadata *metadata.Metadata, publisher string) ([]*VerifyResult, error)
	KeyPair(publisher string) (*pki.KeyPairEntry, error)
	Refresh() error
	Resolve(ski string, publisher string) (*pki.CertEntry, error)
	Trust(content *[]byte) (*CertMetadata, error)
}

func New 

func New(log *slog.Logger, mode Mode, store *pki.Pki) (Security, error)

type SecurityDefault 

type SecurityDefault struct {
	*slog.Logger
	// contains filtered or unexported fields
}

func (*SecurityDefault) KeyPair 

func (s *SecurityDefault) KeyPair(publisher string) (*pki.KeyPairEntry, error)

func (*SecurityDefault) Mode 

func (s *SecurityDefault) Mode() Mode

func (*SecurityDefault) Refresh 

func (s *SecurityDefault) Refresh() error

func (*SecurityDefault) Resolve 

func (s *SecurityDefault) Resolve(ski string, publisher string) (*pki.CertEntry, error)

func (*SecurityDefault) Trust 

func (s *SecurityDefault) Trust(content *[]byte) (*CertMetadata, error)

func (*SecurityDefault) VerifyManifest 

func (s *SecurityDefault) VerifyManifest(manifest *ops.Manifest) ([]*VerifyResult, error)

func (*SecurityDefault) VerifyMetadata 

func (s *SecurityDefault) VerifyMetadata(metadata *metadata.Metadata, publisher string) ([]*VerifyResult, error)

type SecurityNone 

type SecurityNone struct{}

func (*SecurityNone) KeyPair 

func (s *SecurityNone) KeyPair(publisher string) (*pki.KeyPairEntry, error)

func (*SecurityNone) Mode 

func (s *SecurityNone) Mode() Mode

func (*SecurityNone) Refresh 

func (s *SecurityNone) Refresh() error

func (*SecurityNone) Resolve 

func (s *SecurityNone) Resolve(ski string, publisher string) (*pki.CertEntry, error)

func (*SecurityNone) Trust 

func (s *SecurityNone) Trust(content *[]byte) (*CertMetadata, error)

func (*SecurityNone) VerifyManifest 

func (s *SecurityNone) VerifyManifest(manifest *ops.Manifest) ([]*VerifyResult, error)

func (*SecurityNone) VerifyMetadata 

func (s *SecurityNone) VerifyMetadata(metadata *metadata.Metadata, publisher string) ([]*VerifyResult, error)

type VerifyResult 

type VerifyResult struct {
	Cert      *pki.CertEntry
	Signature *action.Signature
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.