Affected by 
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ObjectHash ¶ added in v0.3.0
ObjectHash is a string representation of an encoded Git object
func VerifySignature
deprecated
func VerifySignature(data, sig []byte, detached bool, rootCerts, intermediates *x509.CertPool) (*x509.Certificate, error)
VerifySignature verifies for a given Git data + signature pair.
Data should be the Git data that was signed (i.e. everything in the commit besides the signature). Note: passing in the commit object itself will not work.
Signatures should be CMS/PKCS7 formatted.
Deprecated: Use CertVerifier.Verify instead.
Types ¶
type CertVerifier ¶ added in v0.4.0
type CertVerifier struct {
// contains filtered or unexported fields
}
CertVerifier is the default implementation of Verifier. It verifies git commits against a given CertPool. By default, the system CertPool + Fulcio roots are used for validation.
func NewCertVerifier ¶ added in v0.4.0
func NewCertVerifier(opts ...CertVerifierOption) (*CertVerifier, error)
func (*CertVerifier) Verify ¶ added in v0.4.0
func (v *CertVerifier) Verify(ctx context.Context, data, sig []byte, detached bool) (*x509.Certificate, error)
Verify verifies for a given Git data + signature pair.
Data should be the Git data that was signed (i.e. everything in the commit besides the signature). Note: passing in the commit object itself will not work.
Signatures should be CMS/PKCS7 formatted.
type CertVerifierOption ¶ added in v0.4.0
type CertVerifierOption func(*CertVerifier) error
func WithIntermediatePool ¶ added in v0.4.0
func WithIntermediatePool(pool *x509.CertPool) CertVerifierOption
WithIntermediatePool sets the base intermediate CertPool for the verifier.
func WithRootPool ¶ added in v0.4.0
func WithRootPool(pool *x509.CertPool) CertVerifierOption
WithRootPool sets the base CertPool for the verifier.
func WithTimestampCertPool ¶ added in v0.4.0
func WithTimestampCertPool(pool *x509.CertPool) CertVerifierOption
WithIntermediatePool sets the base intermediate CertPool for the verifier.
type Claim ¶ added in v0.3.0
type Claim struct {
Key ClaimCondition
Value bool
}
Claim is a key value pair representing the status of a given ClaimCondition.
func NewClaim ¶ added in v0.3.0
func NewClaim(c ClaimCondition, ok bool) Claim
type ClaimCondition ¶ added in v0.3.0
type ClaimCondition string
const ( ClaimValidatedSignature ClaimCondition = "Validated Git signature" ClaimValidatedRekorEntry ClaimCondition = "Validated Rekor entry" ClaimValidatedCerificate ClaimCondition = "Validated Certificate claims" )
type VerificationSummary ¶ added in v0.3.0
type VerificationSummary struct {
// Certificate used to sign the commit.
Cert *x509.Certificate
// Rekor log entry of the commit.
LogEntry *models.LogEntryAnon
// List of claims about what succeeded / failed during validation.
// This can be used to get details on what succeeded / failed during
// validation. This is not an exhaustive list - claims may be missing
// if validation ended early.
Claims []Claim
}
VerificationSummary holds artifacts of the gitsign verification of a Git commit or tag.
func Verify ¶ added in v0.3.0
func Verify(ctx context.Context, git Verifier, rekor rekor.Verifier, data, sig []byte, detached bool) (*VerificationSummary, error)
Verify takes a context, rekor verifier client, Git object data (everything but the signature), and a Git signature. A VerificationSummary is returned with the signing certificate & Rekor transparency log index of the Git object, if found, and whether each is valid for the given Git data.
Source Files