Documentation ¶
Index ¶
- type Client
- func (c *Client) PublicKeys() *cosign.TrustedTransparencyLogPubKeys
- func (c *Client) Verify(ctx context.Context, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error)
- func (c *Client) VerifyInclusion(ctx context.Context, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error)
- func (c *Client) Write(ctx context.Context, commitSHA string, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error)deprecated
- func (c *Client) WriteMessage(ctx context.Context, message, signature []byte, cert *x509.Certificate) (*models.LogEntryAnon, error)
- type CosignRekorKeyProvider
- type Option
- type Verifier
- type Writer
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
Client implements a basic rekor implementation for writing and verifying Rekor data.
func NewWithOptions ¶ added in v0.8.0
func (*Client) PublicKeys ¶ added in v0.6.0
func (c *Client) PublicKeys() *cosign.TrustedTransparencyLogPubKeys
func (*Client) Verify ¶
func (c *Client) Verify(ctx context.Context, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error)
Verify verifies a commit using online verification.
This is done by: 1. Searching Rekor for an entry matching the commit SHA + cert. 2. Use the same cert to verify the commit content.
Note: While not truly deprecated, using offline verification is generally preferred. This function relies on non-GA behavior of Rekor, and remains for backwards compatibility with older signatures.
func (*Client) VerifyInclusion ¶ added in v0.7.1
func (c *Client) VerifyInclusion(ctx context.Context, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error)
VerifyInclusion verifies a signature's inclusion in Rekor using offline verification. NOTE: This does **not** verify the correctness of the signature against the content. Prefer using [git.Verify] instead for complete verification.
func (*Client) WriteMessage ¶ added in v0.7.0
func (c *Client) WriteMessage(ctx context.Context, message, signature []byte, cert *x509.Certificate) (*models.LogEntryAnon, error)
type CosignRekorKeyProvider ¶ added in v0.8.0
type CosignRekorKeyProvider func(ctx context.Context) (*cosign.TrustedTransparencyLogPubKeys, error)
CosignRekorKeyProvider is a function that returns the Rekor public keys in cosign's specialized format.
type Option ¶ added in v0.8.0
type Option func(*options)
func WithClientOption ¶ added in v0.8.0
func WithCosignRekorKeyProvider ¶ added in v0.8.0
func WithCosignRekorKeyProvider(f CosignRekorKeyProvider) Option
type Verifier ¶
type Verifier interface { Verify(ctx context.Context, commitSHA string, cert *x509.Certificate) (*models.LogEntryAnon, error) VerifyInclusion(ctx context.Context, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) }
Verifier represents a mechanism to get and verify Rekor entries for the given Git data.
type Writer ¶
type Writer interface { Write(ctx context.Context, commitSHA string, sig []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) WriteMessage(ctx context.Context, message, signature []byte, cert *x509.Certificate) (*models.LogEntryAnon, error) }
Writer represents a mechanism to write content to Rekor.