pub struct SignedMetadata<D, M>where
D: Pouf,{ /* private fields */ }Expand description
Serialized metadata with attached unverified signatures.
Implementations§
Source§impl<D, M> SignedMetadata<D, M>
impl<D, M> SignedMetadata<D, M>
Sourcepub fn new(metadata: &M, private_key: &dyn PrivateKey) -> Result<Self>
pub fn new(metadata: &M, private_key: &dyn PrivateKey) -> Result<Self>
Create a new SignedMetadata. The supplied private key is used to sign the canonicalized
bytes of the provided metadata with the provided scheme.
let key = Ed25519PrivateKey::from_pkcs8(&key).unwrap();
let snapshot = SnapshotMetadataBuilder::new().build().unwrap();
SignedMetadata::<Pouf1, _>::new(&snapshot, &key).unwrap();Sourcepub fn to_raw(&self) -> Result<RawSignedMetadata<D, M>>
pub fn to_raw(&self) -> Result<RawSignedMetadata<D, M>>
Serialize this metadata to canonical bytes suitable for serialization. Note that this method is only intended to serialize signed metadata generated by this crate, not to re-serialize metadata that was originally obtained from a remote source.
TUF metadata hashes are on the raw bytes of the metadata, so it is not guaranteed that the hash of the returned bytes will match a hash included in, for example, a snapshot metadata file, as:
- Parsing metadata removes unknown fields, which would not be included in the returned bytes,
- Pouf implementations only guarantee the bytes are canonical for the purpose of a signature. Metadata obtained from a remote source may have included different whitespace or ordered fields in a way that is not preserved when parsing that metadata.
Sourcepub fn add_signature(&mut self, private_key: &dyn PrivateKey) -> Result<()>
pub fn add_signature(&mut self, private_key: &dyn PrivateKey) -> Result<()>
Append a signature to this signed metadata. Will overwrite signature by keys with the same ID.
WARNING: You should never have multiple TUF private keys on the same machine, so if
you’re using this to append several signatures at once, you are doing something wrong. The
preferred method is to generate your copy of the metadata locally and use merge_signatures
to perform the “append” operations.
let key_1: &[u8] = include_bytes!("../tests/ed25519/ed25519-1.pk8.der");
let key_1 = Ed25519PrivateKey::from_pkcs8(&key_1).unwrap();
// Note: This is for demonstration purposes only.
// You should never have multiple private keys on the same device.
let key_2: &[u8] = include_bytes!("../tests/ed25519/ed25519-2.pk8.der");
let key_2 = Ed25519PrivateKey::from_pkcs8(&key_2).unwrap();
let snapshot = SnapshotMetadataBuilder::new().build().unwrap();
let mut snapshot = SignedMetadata::<Pouf1, _>::new(&snapshot, &key_1).unwrap();
snapshot.add_signature(&key_2).unwrap();
assert_eq!(snapshot.signatures().len(), 2);
snapshot.add_signature(&key_2).unwrap();
assert_eq!(snapshot.signatures().len(), 2);Sourcepub fn merge_signatures(&mut self, other: &Self) -> Result<()>
pub fn merge_signatures(&mut self, other: &Self) -> Result<()>
Merge the singatures from other into self if and only if
self.as_ref() == other.as_ref(). If self and other contain signatures from the same
key ID, then the signatures from self will replace the signatures from other.
Sourcepub fn signatures(&self) -> &[Signature]
pub fn signatures(&self) -> &[Signature]
An immutable reference to the signatures.
Sourcepub fn assume_valid(&self) -> Result<M>
pub fn assume_valid(&self) -> Result<M>
Parse this metadata without verifying signatures.
This operation is not safe to do with metadata obtained from an untrusted source.
Trait Implementations§
Source§impl<D, M: Clone> Clone for SignedMetadata<D, M>
impl<D, M: Clone> Clone for SignedMetadata<D, M>
Source§fn clone(&self) -> SignedMetadata<D, M>
fn clone(&self) -> SignedMetadata<D, M>
1.0.0 · Source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source. Read more