utils

package
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 14, 2021 License: Apache-2.0, BSD-3-Clause Imports: 28 Imported by: 330

Documentation

Overview

Package utils contains tuf related utility functions however this file is hard forked from https://github.com/youmark/pkcs8 package. It has been further modified based on the requirements of Notary. For converting keys into PKCS#8 format, original package expected *crypto.PrivateKey interface, which then type inferred to either *rsa.PrivateKey or *ecdsa.PrivateKey depending on the need and later converted to ASN.1 DER encoded form, this whole process was superfluous here as keys are already being kept in ASN.1 DER format wrapped in data.PrivateKey structure. With these changes, package has became tightly coupled with notary as most of the method signatures have been updated. Moreover support for ED25519 keys has been added as well. License for original package is following:

The MIT License (MIT)

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CanonicalKeyID

func CanonicalKeyID(k data.PublicKey) (string, error)

CanonicalKeyID returns the ID of the public bytes version of a TUF key. On regular RSA/ECDSA TUF keys, this is just the key ID. On X509 RSA/ECDSA TUF keys, this is the key ID of the public key part of the key in the leaf cert

func CertBundleToKey added in v0.4.0

func CertBundleToKey(leafCert *x509.Certificate, intCerts []*x509.Certificate) (data.PublicKey, error)

CertBundleToKey creates a TUF key from a leaf certs and a list of intermediates

func CertChainToPEM added in v0.4.0

func CertChainToPEM(certChain []*x509.Certificate) ([]byte, error)

CertChainToPEM is a utility function returns a PEM encoded chain of x509 Certificates, in the order they are passed

func CertToKey added in v0.4.0

func CertToKey(cert *x509.Certificate) data.PublicKey

CertToKey transforms a single input certificate into its corresponding PublicKey

func CertToPEM added in v0.4.0

func CertToPEM(cert *x509.Certificate) []byte

CertToPEM is a utility function returns a PEM encoded x509 Certificate

func CertsToKeys added in v0.4.0

func CertsToKeys(leafCerts map[string]*x509.Certificate, intCerts map[string][]*x509.Certificate) map[string]data.PublicKey

CertsToKeys transforms each of the input certificate chains into its corresponding PublicKey

func ConsistentName

func ConsistentName(role string, hashSHA256 []byte) string

ConsistentName generates the appropriate HTTP URL path for the role, based on whether the repo is marked as consistent. The RemoteStore is responsible for adding file extensions.

func ConvertPrivateKeyToPKCS8 added in v0.5.1

func ConvertPrivateKeyToPKCS8(key data.PrivateKey, role data.RoleName, gun data.GUN, passphrase string) ([]byte, error)

ConvertPrivateKeyToPKCS8 converts a data.PrivateKey to PKCS#8 Format

func ConvertTUFKeyToPKCS8 added in v0.5.1

func ConvertTUFKeyToPKCS8(priv data.PrivateKey, password []byte) ([]byte, error)

ConvertTUFKeyToPKCS8 converts a private key (data.Private) to PKCS#8 and returns in DER format if password is not nil, it would convert the Private Key to Encrypted PKCS#8.

func DoHash

func DoHash(alg string, d []byte) []byte

DoHash returns the digest of d using the hashing algorithm named in alg

func ECDSAToPrivateKey added in v0.4.0

func ECDSAToPrivateKey(ecdsaPrivKey *ecdsa.PrivateKey) (data.PrivateKey, error)

ECDSAToPrivateKey converts an ecdsa.Private key to a TUF data.PrivateKey type

func ED25519ToPrivateKey added in v0.4.0

func ED25519ToPrivateKey(privKeyBytes []byte) (data.PrivateKey, error)

ED25519ToPrivateKey converts a serialized ED25519 key to a TUF data.PrivateKey type

func ExtractPrivateKeyAttributes added in v0.5.1

func ExtractPrivateKeyAttributes(pemBytes []byte) (data.RoleName, data.GUN, error)

ExtractPrivateKeyAttributes extracts role and gun values from private key bytes

func FindRoleIndex

func FindRoleIndex(rs []*data.Role, name data.RoleName) int

FindRoleIndex returns the index of the role named <name> or -1 if no matching role is found.

func GenerateECDSAKey added in v0.4.0

func GenerateECDSAKey(random io.Reader) (data.PrivateKey, error)

GenerateECDSAKey generates an ECDSA Private key and returns a TUF PrivateKey

func GenerateED25519Key added in v0.4.0

func GenerateED25519Key(random io.Reader) (data.PrivateKey, error)

GenerateED25519Key generates an ED25519 private key and returns a TUF PrivateKey. The serialization format we use is just the public key bytes followed by the private key bytes

func GenerateKey added in v0.5.1

func GenerateKey(algorithm string) (data.PrivateKey, error)

GenerateKey returns a new private key using the provided algorithm or an error detailing why the key could not be generated

func GetIntermediateCerts added in v0.4.0

func GetIntermediateCerts(certs []*x509.Certificate) []*x509.Certificate

GetIntermediateCerts parses a list of x509 Certificates and returns all of the ones marked as a CA, to be used as intermediates

func GetLeafCerts added in v0.4.0

func GetLeafCerts(certs []*x509.Certificate) []*x509.Certificate

GetLeafCerts parses a list of x509 Certificates and returns all of them that aren't CA

func LoadCertBundleFromFile added in v0.4.0

func LoadCertBundleFromFile(filename string) ([]*x509.Certificate, error)

LoadCertBundleFromFile loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertBundleFromPEM added in v0.4.0

func LoadCertBundleFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

LoadCertBundleFromPEM loads certificates from the []byte provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromFile added in v0.4.0

func LoadCertFromFile(filename string) (*x509.Certificate, error)

LoadCertFromFile loads the first certificate from the file provided. The data is expected to be PEM Encoded and contain one of more certificates with PEM type "CERTIFICATE"

func LoadCertFromPEM added in v0.4.0

func LoadCertFromPEM(pemBytes []byte) (*x509.Certificate, error)

LoadCertFromPEM returns the first certificate found in a bunch of bytes or error if nothing is found. Taken from https://golang.org/src/crypto/x509/cert_pool.go#L85.

func NewCertificate added in v0.4.0

func NewCertificate(commonName string, startTime, endTime time.Time) (*x509.Certificate, error)

NewCertificate returns an X509 Certificate following a template, given a Common Name and validity interval.

func ParsePEMPrivateKey added in v0.4.0

func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (data.PrivateKey, error)

ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It supports PKCS#8 as well as RSA/ECDSA (PKCS#1) only in non-FIPS mode and attempts to decrypt using the passphrase, if encrypted.

func ParsePEMPublicKey added in v0.4.0

func ParsePEMPublicKey(pubKeyBytes []byte) (data.PublicKey, error)

ParsePEMPublicKey returns a data.PublicKey from a PEM encoded public key or certificate.

func ParsePKCS8ToTufKey added in v0.5.1

func ParsePKCS8ToTufKey(der []byte, password []byte) (data.PrivateKey, error)

ParsePKCS8ToTufKey requires PKCS#8 key in DER format and returns data.PrivateKey Password should be provided in case of Encrypted PKCS#8 key, else it should be nil.

func RSAToPrivateKey added in v0.4.0

func RSAToPrivateKey(rsaPrivKey *rsa.PrivateKey) (data.PrivateKey, error)

RSAToPrivateKey converts an rsa.Private key to a TUF data.PrivateKey type

func RemoveUnusedKeys

func RemoveUnusedKeys(t *data.SignedTargets)

RemoveUnusedKeys determines which keys in the slice of IDs are no longer used in the given targets file and removes them from the delegated keys map

func RoleNameSliceContains added in v0.5.1

func RoleNameSliceContains(ss []data.RoleName, s data.RoleName) bool

RoleNameSliceContains checks if the given string appears in the slice

func RoleNameSliceRemove added in v0.5.1

func RoleNameSliceRemove(ss []data.RoleName, s data.RoleName) []data.RoleName

RoleNameSliceRemove removes the given RoleName from the slice, returning a new slice

func StrSliceContains

func StrSliceContains(ss []string, s string) bool

StrSliceContains checks if the given string appears in the slice

func UnusedDelegationKeys

func UnusedDelegationKeys(t data.SignedTargets) []string

UnusedDelegationKeys prunes a list of keys, returning those that are no longer in use for a given targets file

func ValidateCertificate added in v0.4.0

func ValidateCertificate(c *x509.Certificate, checkExpiry bool) error

ValidateCertificate returns an error if the certificate is not valid for notary Currently this is only ensuring the public key has a large enough modulus if RSA, using a non SHA1 signature algorithm, and an optional time expiry check

func X509PublicKeyID added in v0.4.0

func X509PublicKeyID(certPubKey data.PublicKey) (string, error)

X509PublicKeyID returns a public key ID as a string, given a data.PublicKey that contains an X509 Certificate

Types

type ErrBadTypeCast

type ErrBadTypeCast struct{}

ErrBadTypeCast is used by PopX functions when the item cannot be typed to X

func (ErrBadTypeCast) Error

func (err ErrBadTypeCast) Error() string

type ErrEmptyStack

type ErrEmptyStack struct {
	// contains filtered or unexported fields
}

ErrEmptyStack is used when an action that requires some content is invoked and the stack is empty

func (ErrEmptyStack) Error

func (err ErrEmptyStack) Error() string

type NoopCloser

type NoopCloser struct {
	io.Reader
}

NoopCloser is a simple Reader wrapper that does nothing when Close is called

func (*NoopCloser) Close

func (nc *NoopCloser) Close() error

Close does nothing for a NoopCloser

type RoleList

type RoleList []string

RoleList is a list of roles

func (RoleList) Len

func (r RoleList) Len() int

Len returns the length of the list

func (RoleList) Less

func (r RoleList) Less(i, j int) bool

Less returns true if the item at i should be sorted before the item at j. It's an unstable partial ordering based on the number of segments, separated by "/", in the role name

func (RoleList) Swap

func (r RoleList) Swap(i, j int)

Swap the items at 2 locations in the list

type Stack

type Stack struct {
	// contains filtered or unexported fields
}

Stack is a simple type agnostic stack implementation

func NewStack

func NewStack() *Stack

NewStack create a new stack

func (*Stack) Empty

func (s *Stack) Empty() bool

Empty returns true if the stack is empty

func (*Stack) Pop

func (s *Stack) Pop() (interface{}, error)

Pop removes and returns the top item on the stack, or returns ErrEmptyStack if the stack has no content

func (*Stack) PopString

func (s *Stack) PopString() (string, error)

PopString attempts to cast the top item on the stack to the string type. If this succeeds, it removes and returns the top item. If the item is not of the string type, ErrBadTypeCast is returned. If the stack is empty, ErrEmptyStack is returned

func (*Stack) Push

func (s *Stack) Push(item interface{})

Push adds an item to the top of the stack.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL