forked from notaryproject/notation-go
-
Notifications
You must be signed in to change notification settings - Fork 0
/
notation.go
80 lines (64 loc) · 2.45 KB
/
notation.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
package notation
import (
"context"
"crypto/x509"
"time"
"github.com/notaryproject/notation-go-lib/crypto/timestamp"
"github.com/opencontainers/go-digest"
)
// Descriptor describes the content signed or to be signed.
type Descriptor struct {
// MediaType is the media type of the targeted content.
MediaType string `json:"mediaType"`
// Digest is the digest of the targeted content.
Digest digest.Digest `json:"digest"`
// Size specifies the size in bytes of the blob.
Size int64 `json:"size"`
// Annotations contains optional user defined attributes.
Annotations map[string]string `json:"annotations,omitempty"`
}
// Equal reports whether d and t points to the same content.
func (d Descriptor) Equal(t Descriptor) bool {
return d.MediaType == t.MediaType && d.Digest == t.Digest && d.Size == t.Size
}
// SignOptions contains parameters for Signer.Sign.
type SignOptions struct {
// Expiry identifies the expiration time of the resulted signature.
Expiry time.Time
// TSA is the TimeStamp Authority to timestamp the resulted signature if present.
TSA timestamp.Timestamper
// TSAVerifyOptions is the verify option to verify the fetched timestamp signature.
// The `Intermediates` in the verify options will be ignored and re-contrusted using
// the certificates in the fetched timestamp signature.
// An empty list of `KeyUsages` in the verify options implies ExtKeyUsageTimeStamping.
TSAVerifyOptions x509.VerifyOptions
}
// Validate does basic validation on SignOptions.
func (opts SignOptions) Validate() error {
return nil
}
// Signer is a generic interface for signing an artifact.
// The interface allows signing with local or remote keys,
// and packing in various signature formats.
type Signer interface {
// Sign signs the artifact described by its descriptor,
// and returns the signature.
Sign(ctx context.Context, desc Descriptor, opts SignOptions) ([]byte, error)
}
// VerifyOptions contains parameters for Verifier.Verify.
type VerifyOptions struct{}
// Validate does basic validation on VerifyOptions.
func (opts VerifyOptions) Validate() error {
return nil
}
// Verifier is a generic interface for verifying an artifact.
type Verifier interface {
// Verify verifies the signature and returns the verified descriptor and
// metadata of the signed artifact.
Verify(ctx context.Context, signature []byte, opts VerifyOptions) (Descriptor, error)
}
// Service combines the signing and verification services.
type Service interface {
Signer
Verifier
}