package tofu

import "git.sr.ht/~sotirisp/go-gemini/tofu"

Package tofu implements trust on first use using hosts and fingerprints.

Index

Types

type Host 

type Host struct {
	Hostname    string // hostname
	Algorithm   string // fingerprint algorithm e.g. sha256
	Fingerprint string // fingerprint
}

Host represents a host entry with a fingerprint using a certain algorithm.

func NewHost 

func NewHost(hostname string, raw []byte) Host

NewHost returns a new host with a SHA256 fingerprint of the provided raw data.

func ParseHost 

func ParseHost(text []byte) (Host, error)

ParseHost parses a host from the provided text.

func (Host) String 

func (h Host) String() string

String returns a string representation of the host.

func (*Host) UnmarshalText 

func (h *Host) UnmarshalText(text []byte) error

UnmarshalText unmarshals the host from the provided text.

type HostWriter 

type HostWriter struct {
	// contains filtered or unexported fields
}

HostWriter writes host entries to an io.WriteCloser.

HostWriter is safe for concurrent use by multiple goroutines.

func NewHostWriter 

func NewHostWriter(w io.WriteCloser) *HostWriter

NewHostWriter returns a new host writer that writes to the provided io.WriteCloser.

func OpenHostsFile 

func OpenHostsFile(path string) (*HostWriter, error)

OpenHostsFile returns a new host writer that appends to the file at the given path. The file is created if it does not exist.

func (*HostWriter) Close 

func (h *HostWriter) Close() error

Close closes the underlying io.Closer.

func (*HostWriter) WriteHost 

func (h *HostWriter) WriteHost(host Host) error

WriteHost writes the host to the underlying io.Writer.

type KnownHosts 

type KnownHosts struct {
	// contains filtered or unexported fields
}

KnownHosts represents a list of known hosts. The zero value for KnownHosts represents an empty list ready to use.

KnownHosts is safe for concurrent use by multiple goroutines.

func (*KnownHosts) Add 

func (k *KnownHosts) Add(h Host)

Add adds a host to the list of known hosts.

func (*KnownHosts) Entries 

func (k *KnownHosts) Entries() []Host

Entries returns the known host entries sorted by hostname.

func (*KnownHosts) Load 

func (k *KnownHosts) Load(path string) error

Load loads the known hosts entries from the provided path.

func (*KnownHosts) Lookup 

func (k *KnownHosts) Lookup(hostname string) (Host, bool)

Lookup returns the known host entry corresponding to the given hostname.

func (*KnownHosts) Parse 

func (k *KnownHosts) Parse(r io.Reader) error

Parse parses the provided io.Reader and adds the parsed hosts to the list. Invalid entries are ignored.

For more control over errors encountered during parsing, use bufio.Scanner in combination with ParseHost. For example: 

var knownHosts tofu.KnownHosts
scanner := bufio.NewScanner(r)
for scanner.Scan() {
    host, err := tofu.ParseHost(scanner.Bytes())
    if err != nil {
        // handle error
    } else {
        knownHosts.Add(host)
    }
}
err := scanner.Err()
if err != nil {
    // handle error
}

func (*KnownHosts) TOFU 

func (k *KnownHosts) TOFU(hostname string, cert *x509.Certificate) error

TOFU implements basic trust on first use.

If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.

func (*KnownHosts) WriteTo 

func (k *KnownHosts) WriteTo(w io.Writer) (int64, error)

WriteTo writes the list of known hosts to the provided io.Writer.

type PersistentHosts 

type PersistentHosts struct {
	// contains filtered or unexported fields
}

PersistentHosts represents a persistent set of known hosts.

func LoadPersistentHosts 

func LoadPersistentHosts(path string) (*PersistentHosts, error)

LoadPersistentHosts loads persistent hosts from the file at the given path.

func NewPersistentHosts 

func NewPersistentHosts(hosts *KnownHosts, writer *HostWriter) *PersistentHosts

NewPersistentHosts returns a new persistent set of known hosts that stores known hosts in hosts and writes new hosts to writer.

func (*PersistentHosts) Add 

func (p *PersistentHosts) Add(h Host) error

Add adds a host to the list of known hosts. It returns an error if the host could not be persisted.

func (*PersistentHosts) Close 

func (p *PersistentHosts) Close() error

Close closes the underlying HostWriter.

func (*PersistentHosts) Entries 

func (p *PersistentHosts) Entries() []Host

Entries returns the known host entries sorted by hostname.

func (*PersistentHosts) Lookup 

func (p *PersistentHosts) Lookup(hostname string) (Host, bool)

Lookup returns the known host entry corresponding to the given hostname.

func (*PersistentHosts) TOFU 

func (p *PersistentHosts) TOFU(hostname string, cert *x509.Certificate) error

TOFU implements trust on first use with a persistent set of known hosts.

If the host is not on file, it is added to the list. If the fingerprint does not match the one on file, an error is returned.

Source Files

tofu.go

Version
v0.0.0-20241120232757-f2c5ece7cd6e (latest)
Published
Nov 20, 2024
Platform
linux/amd64
Imports
12 packages
Last checked
2 weeks ago

Tools for package owners.