const (
KeyIDLength = sha256.Size * 2
KeyTypeEd25519 KeyType = "ed25519"
// From version 1.0.32, the reference implementation defines 'ecdsa',
// not 'ecdsa-sha2-nistp256' for NIST P-256 curves.
KeyTypeECDSA_SHA2_P256 KeyType = "ecdsa"
KeyTypeECDSA_SHA2_P256_OLD_FMT KeyType = "ecdsa-sha2-nistp256"
KeyTypeRSASSA_PSS_SHA256 KeyType = "rsa"
KeySchemeEd25519 KeyScheme = "ed25519"
KeySchemeECDSA_SHA2_P256 KeyScheme = "ecdsa-sha2-nistp256"
KeySchemeRSASSA_PSS_SHA256 KeyScheme = "rsassa-pss-sha256"
HashAlgorithmSHA256 HashAlgorithm = "sha256"
HashAlgorithmSHA512 HashAlgorithm = "sha512"
)
var (
HashAlgorithms = []HashAlgorithm{HashAlgorithmSHA256, HashAlgorithmSHA512}
ErrPathsAndPathHashesSet = errors.New("tuf: failed validation of delegated target: paths and path_hash_prefixes are both set")
)
func DefaultExpires(role string) time.Time
func PathHexDigest(s string) string
4.5. File formats: targets.json and delegated target roles: ...each target path, when hashed with the SHA-256 hash function to produce a 64-byte hexadecimal digest (HEX_DIGEST)...
DelegatedRole describes a delegated role, including what paths it is reponsible for. See spec v1.0.19 section 4.5.
type DelegatedRole struct {
Name string `json:"name"`
KeyIDs []string `json:"keyids"`
Threshold int `json:"threshold"`
Terminating bool `json:"terminating"`
PathHashPrefixes []string `json:"path_hash_prefixes,omitempty"`
Paths []string `json:"paths"`
}
func (d *DelegatedRole) MarshalJSON() ([]byte, error)
MarshalJSON is called when writing the struct to JSON. We validate prior to marshalling to ensure that an invalid delegated role can not be serialized to JSON.
func (d *DelegatedRole) MatchesPath(file string) (bool, error)
MatchesPath evaluates whether the path patterns or path hash prefixes match a given file. This determines whether a delegated role is responsible for signing and verifying the file.
func (d *DelegatedRole) UnmarshalJSON(b []byte) error
UnmarshalJSON is called when reading the struct from JSON. We validate once unmarshalled to ensure that an error is thrown if an invalid delegated role is read.
Delegations represents the edges from a parent Targets role to one or more delegated target roles. See spec v1.0.19 section 4.5.
type Delegations struct {
Keys map[string]*PublicKey `json:"keys"`
Roles []DelegatedRole `json:"roles"`
}
type FileMeta struct {
Length int64 `json:"length"`
Hashes Hashes `json:"hashes"`
}
type Files map[string]TargetFileMeta
type HashAlgorithm string
type Hashes map[string]HexBytes
func (f Hashes) HashAlgorithms() []string
type HexBytes []byte
func (b *HexBytes) FromString(data []byte) error
func (b HexBytes) MarshalJSON() ([]byte, error)
func (b HexBytes) String() string
func (b *HexBytes) UnmarshalJSON(data []byte) error
type KeyScheme string
type KeyType string
type PrivateKey struct {
Type KeyType `json:"keytype"`
Scheme KeyScheme `json:"scheme,omitempty"`
Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
Value json.RawMessage `json:"keyval"`
}
type PublicKey struct {
Type KeyType `json:"keytype"`
Scheme KeyScheme `json:"scheme"`
Algorithms []HashAlgorithm `json:"keyid_hash_algorithms,omitempty"`
Value json.RawMessage `json:"keyval"`
// contains filtered or unexported fields
}
func (k *PublicKey) ContainsID(id string) bool
func (k *PublicKey) IDs() []string
type Role struct {
KeyIDs []string `json:"keyids"`
Threshold int `json:"threshold"`
}
func (r *Role) AddKeyIDs(ids []string) bool
type Root struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Keys map[string]*PublicKey `json:"keys"`
Roles map[string]*Role `json:"roles"`
Custom *json.RawMessage `json:"custom,omitempty"`
ConsistentSnapshot bool `json:"consistent_snapshot"`
}
func NewRoot() *Root
func (r *Root) AddKey(key *PublicKey) bool
type Signature struct {
KeyID string `json:"keyid"`
Signature HexBytes `json:"sig"`
}
type Signed struct {
Signed json.RawMessage `json:"signed"`
Signatures []Signature `json:"signatures"`
}
type Snapshot struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Meta SnapshotFiles `json:"meta"`
Custom *json.RawMessage `json:"custom,omitempty"`
}
func NewSnapshot() *Snapshot
SnapshotFileMeta is the meta field of a snapshot Note: Contains a `custom` field
type SnapshotFileMeta metapathFileMeta
type SnapshotFiles map[string]SnapshotFileMeta
type TargetFileMeta struct {
FileMeta
Custom *json.RawMessage `json:"custom,omitempty"`
}
func (f TargetFileMeta) HashAlgorithms() []string
type TargetFiles map[string]TargetFileMeta
type Targets struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Targets TargetFiles `json:"targets"`
Delegations *Delegations `json:"delegations,omitempty"`
Custom *json.RawMessage `json:"custom,omitempty"`
}
func NewTargets() *Targets
type Timestamp struct {
Type string `json:"_type"`
SpecVersion string `json:"spec_version"`
Version int64 `json:"version"`
Expires time.Time `json:"expires"`
Meta TimestampFiles `json:"meta"`
Custom *json.RawMessage `json:"custom,omitempty"`
}
func NewTimestamp() *Timestamp
type TimestampFileMeta metapathFileMeta
type TimestampFiles map[string]TimestampFileMeta