package tofu

import "git.sr.ht/~adnano/go-gemini/tofu"

Package tofu implements trust on first use using hosts and fingerprints.

Index

Package Files

tofu.go

type Host

type Host struct {
    Hostname    string // hostname
    Algorithm   string // fingerprint algorithm e.g. sha256
    Fingerprint string // fingerprint
}

Host represents a host entry with a fingerprint using a certain algorithm.

func NewHost

func NewHost(hostname string, raw []byte) Host

NewHost returns a new host with a SHA256 fingerprint of the provided raw data.

func ParseHost

func ParseHost(text []byte) (Host, error)

ParseHost parses a host from the provided text.

func (Host) String

func (h Host) String() string

String returns a string representation of the host.

func (*Host) UnmarshalText

func (h *Host) UnmarshalText(text []byte) error

UnmarshalText unmarshals the host from the provided text.

type HostWriter

type HostWriter struct {
    // contains filtered or unexported fields
}

HostWriter writes host entries to an io.WriteCloser.

HostWriter is safe for concurrent use by multiple goroutines.

func NewHostWriter

func NewHostWriter(w io.WriteCloser) *HostWriter

NewHostWriter returns a new host writer that writes to the provided io.WriteCloser.

func OpenHostsFile

func OpenHostsFile(path string) (*HostWriter, error)

OpenHostsFile returns a new host writer that appends to the file at the given path. The file is created if it does not exist.

func (*HostWriter) Close

func (h *HostWriter) Close() error

Close closes the underlying io.Closer.

func (*HostWriter) WriteHost

func (h *HostWriter) WriteHost(host Host) error

WriteHost writes the host to the underlying io.Writer.

type KnownHosts

type KnownHosts struct {
    // contains filtered or unexported fields
}

KnownHosts represents a list of known hosts. The zero value for KnownHosts represents an empty list ready to use.

KnownHosts is safe for concurrent use by multiple goroutines.

func (*KnownHosts) Add

func (k *KnownHosts) Add(h Host)

Add adds a host to the list of known hosts.

func (*KnownHosts) Entries

func (k *KnownHosts) Entries() []Host

Entries returns the known host entries sorted by hostname.

func (*KnownHosts) Load

func (k *KnownHosts) Load(path string) error

Load loads the known hosts entries from the provided path.

func (*KnownHosts) Lookup

func (k *KnownHosts) Lookup(hostname string) (Host, bool)

Lookup returns the known host entry corresponding to the given hostname.

func (*KnownHosts) Parse

func (k *KnownHosts) Parse(r io.Reader) error

Parse parses the provided io.Reader and adds the parsed hosts to the list. Invalid entries are ignored.

For more control over errors encountered during parsing, use bufio.Scanner in combination with ParseHost. For example:

var knownHosts tofu.KnownHosts
scanner := bufio.NewScanner(r)
for scanner.Scan() {
    host, err := tofu.ParseHost(scanner.Bytes())
    if err != nil {
        // handle error
    } else {
        knownHosts.Add(host)
    }
}
err := scanner.Err()
if err != nil {
    // handle error
}

func (*KnownHosts) TOFU

func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error

TOFU implements basic trust on first use.

If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.

func (*KnownHosts) WriteTo

func (k *KnownHosts) WriteTo(w io.Writer) (int64, error)

WriteTo writes the list of known hosts to the provided io.Writer.

type PersistentHosts

type PersistentHosts struct {
    // contains filtered or unexported fields
}

PersistentHosts represents a persistent set of known hosts.

func LoadPersistentHosts

func LoadPersistentHosts(path string) (*PersistentHosts, error)

LoadPersistentHosts loads persistent hosts from the file at the given path.

func NewPersistentHosts

func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts

NewPersistentHosts returns a new persistent set of known hosts that stores known hosts in hosts and writes new hosts to writer.

func (*PersistentHosts) Add

func (p *PersistentHosts) Add(h Host) error

Add adds a host to the list of known hosts. It returns an error if the host could not be persisted.

func (*PersistentHosts) Close

func (p *PersistentHosts) Close() error

Close closes the underlying HostWriter.

func (*PersistentHosts) Entries

func (p *PersistentHosts) Entries() []Host

Entries returns the known host entries sorted by hostname.

func (*PersistentHosts) Lookup

func (p *PersistentHosts) Lookup(hostname string) (Host, bool)

Lookup returns the known host entry corresponding to the given hostname.

func (*PersistentHosts) TOFU

func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error

TOFU implements trust on first use with a persistent set of known hosts.

If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.

Package tofu imports 12 packages (graph).

Version v0.2.2 (latest) | Published Jun 27, 2021 | Platform: linux/amd64 | Updated 1 week ago

.
Tools for package owners.