package tofu
import "git.sr.ht/~sotirisp/go-gemini/tofu"
Package tofu implements trust on first use using hosts and fingerprints.
Index ¶
- type Host
- func NewHost(hostname string, raw []byte) Host
- func ParseHost(text []byte) (Host, error)
- func (h Host) String() string
- func (h *Host) UnmarshalText(text []byte) error
- type HostWriter
- func NewHostWriter(w io.WriteCloser) *HostWriter
- func OpenHostsFile(path string) (*HostWriter, error)
- func (h *HostWriter) Close() error
- func (h *HostWriter) WriteHost(host Host) error
- type KnownHosts
- func (k *KnownHosts) Add(h Host)
- func (k *KnownHosts) Entries() []Host
- func (k *KnownHosts) Load(path string) error
- func (k *KnownHosts) Lookup(hostname string) (Host, bool)
- func (k *KnownHosts) Parse(r io.Reader) error
- func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error
- func (k *KnownHosts) WriteTo(w io.Writer) (int64, error)
- type PersistentHosts
- func LoadPersistentHosts(path string) (*PersistentHosts, error)
- func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts
- func (p *PersistentHosts) Add(h Host) error
- func (p *PersistentHosts) Close() error
- func (p *PersistentHosts) Entries() []Host
- func (p *PersistentHosts) Lookup(hostname string) (Host, bool)
- func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error
Types ¶
type Host ¶
type Host struct { Hostname string // hostname Algorithm string // fingerprint algorithm e.g. sha256 Fingerprint string // fingerprint }
Host represents a host entry with a fingerprint using a certain algorithm.
func NewHost ¶
NewHost returns a new host with a SHA256 fingerprint of the provided raw data.
func ParseHost ¶
ParseHost parses a host from the provided text.
func (Host) String ¶
String returns a string representation of the host.
func (*Host) UnmarshalText ¶
UnmarshalText unmarshals the host from the provided text.
type HostWriter ¶
type HostWriter struct {
// contains filtered or unexported fields
}
HostWriter writes host entries to an io.WriteCloser.
HostWriter is safe for concurrent use by multiple goroutines.
func NewHostWriter ¶
func NewHostWriter(w io.WriteCloser) *HostWriter
NewHostWriter returns a new host writer that writes to the provided io.WriteCloser.
func OpenHostsFile ¶
func OpenHostsFile(path string) (*HostWriter, error)
OpenHostsFile returns a new host writer that appends to the file at the given path. The file is created if it does not exist.
func (*HostWriter) Close ¶
func (h *HostWriter) Close() error
Close closes the underlying io.Closer.
func (*HostWriter) WriteHost ¶
func (h *HostWriter) WriteHost(host Host) error
WriteHost writes the host to the underlying io.Writer.
type KnownHosts ¶
type KnownHosts struct {
// contains filtered or unexported fields
}
KnownHosts represents a list of known hosts. The zero value for KnownHosts represents an empty list ready to use.
KnownHosts is safe for concurrent use by multiple goroutines.
func (*KnownHosts) Add ¶
func (k *KnownHosts) Add(h Host)
Add adds a host to the list of known hosts.
func (*KnownHosts) Entries ¶
func (k *KnownHosts) Entries() []Host
Entries returns the known host entries sorted by hostname.
func (*KnownHosts) Load ¶
func (k *KnownHosts) Load(path string) error
Load loads the known hosts entries from the provided path.
func (*KnownHosts) Lookup ¶
func (k *KnownHosts) Lookup(hostname string) (Host, bool)
Lookup returns the known host entry corresponding to the given hostname.
func (*KnownHosts) Parse ¶
func (k *KnownHosts) Parse(r io.Reader) error
Parse parses the provided io.Reader and adds the parsed hosts to the list. Invalid entries are ignored.
For more control over errors encountered during parsing, use bufio.Scanner in combination with ParseHost. For example:
var knownHosts tofu.KnownHosts scanner := bufio.NewScanner(r) for scanner.Scan() { host, err := tofu.ParseHost(scanner.Bytes()) if err != nil { // handle error } else { knownHosts.Add(host) } } err := scanner.Err() if err != nil { // handle error }
func (*KnownHosts) TOFU ¶
func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error
TOFU implements basic trust on first use.
If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.
func (*KnownHosts) WriteTo ¶
func (k *KnownHosts) WriteTo(w io.Writer) (int64, error)
WriteTo writes the list of known hosts to the provided io.Writer.
type PersistentHosts ¶
type PersistentHosts struct {
// contains filtered or unexported fields
}
PersistentHosts represents a persistent set of known hosts.
func LoadPersistentHosts ¶
func LoadPersistentHosts(path string) (*PersistentHosts, error)
LoadPersistentHosts loads persistent hosts from the file at the given path.
func NewPersistentHosts ¶
func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts
NewPersistentHosts returns a new persistent set of known hosts that stores known hosts in hosts and writes new hosts to writer.
func (*PersistentHosts) Add ¶
func (p *PersistentHosts) Add(h Host) error
Add adds a host to the list of known hosts. It returns an error if the host could not be persisted.
func (*PersistentHosts) Close ¶
func (p *PersistentHosts) Close() error
Close closes the underlying HostWriter.
func (*PersistentHosts) Entries ¶
func (p *PersistentHosts) Entries() []Host
Entries returns the known host entries sorted by hostname.
func (*PersistentHosts) Lookup ¶
func (p *PersistentHosts) Lookup(hostname string) (Host, bool)
Lookup returns the known host entry corresponding to the given hostname.
func (*PersistentHosts) TOFU ¶
func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error
TOFU implements trust on first use with a persistent set of known hosts.
If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.
Source Files ¶
- Version
- v0.0.0-20241120232757-f2c5ece7cd6e (latest)
- Published
- Nov 20, 2024
- Platform
- linux/amd64
- Imports
- 12 packages
- Last checked
- 2 weeks ago –
Tools for package owners.