Encode encodes and returns the packed TRC.

EncodeProtected encodes the protected header.

EncodeSigned encodes the signed TRC to raw bytes.

ParseSigned parses the raw signed TRC.

SigInput computes the signature input according to rfc7517 (see: https://tools.ietf.org/html/rfc7515#section-5.1).

ValidateKeyUpdate validates that the prev and next key meta are consistent.

AttributeAdded indicates an attribute is added.

AttributeRemoved indicates an attribute is removed.

Authoritative indicates an authoritative AS.

Core indicates a core AS.

ErrAuthoritativeButNotCore indicates a primary AS that is authoritative but not core.

ErrDecodeProtectedFailed indicates the signatrue metadata fails to decode.

ErrDuplicateAttributes indicates attribute duplication in the attributes list.

ErrDuplicatePOPSignature indicates a duplicate proof of possession signature for the same AS and key type.

ErrDuplicateVoteSignature indicates a duplicate voting signature for the same AS.

ErrImmutableBaseVersion indicates an invalid update to the base_version.

ErrImmutableISD indicates an invalid update to the ISD identifier.

ErrImmutableTrustResetAllowed indicates an invalid update to trust_reset_allowed.

ErrInvalidAttribute indicates an inexistent attribute.

ErrInvalidAttributesSize indicates invalid number of attributes in the attributes list.

ErrInvalidCrit indicates that the value for the crit key is invalid.

ErrInvalidKeyMeta indicates an invalid key metadata.

ErrInvalidKeyType indicates an inexistent key type.

ErrInvalidKeyVersion indicates an invalid key version.

ErrInvalidPrimaryAS indicates an invalid primary AS entry.

ErrInvalidProtected indicates that the protected signature metadata is invalid.

ErrInvalidSignatureType indicates an invalid signature type.

ErrInvalidValidityPeriod indicates an invalid validity period.

ErrInvalidVersionIncrement indicates an invalid version increment.

ErrInvalidVote indicates an invalid vote.

ErrInvariantViolation indicates a TRC invariant violation.

ErrMissingKey indicates that the primary AS is missing a key.

ErrMissingPOPSignature indicates a missing proof of possession signature.

ErrMissingProofOfPossession indicates that the proof_of_possession is missing.

ErrMissingVote indicates an AS has not cast vote during a regular update that changes its online key.

ErrMissingVoteSignature indicates a voting signature of an AS is missing.

ErrNotInsidePreviousValidityPeriod indicates the validity periods do not overlap.

ErrPOPVerification indicates the signature verification of a proof of possession failed.

ErrQuorumUnmet indicates that not enough votes have been cast.

ErrSanityCheck indicates a sanity check error.

ErrUnexpectedKey indicates that a primary AS has an excess key.

ErrUnexpectedPOPSignature indicates an unexpected proof of possession signature.

ErrUnexpectedProofOfPossession indicates an unexpected proof_of_possession.

ErrUnexpectedVoteSignature indicates an unexpected voting signature.

ErrUnsupportedFormat indicates an invalid TRC format.

ErrVoteVerification indicates the signature verification of a vote failed.

ErrVotingQuorumTooLarge indicates that the number of voting ASes is smaller than the voting quorum.

ErrWrongVotingKeyType indicates the vote is cast with the wrong key type.

ErrWrongVotingKeyVersion indicates the vote is cast with the wrong key version.

Issuing indicates an issuing AS.

IssuingKey is the issuing key type.

OfflineKey is the offline key type.

OnlineKey is the online key type.

POPSignature indicates the purpose of the signature is to proof possession.

RegularUpdate is a TRC update where the VotingQuorum parameter is not changed, and in the PrimaryASes section, only the issuing and online keys can change.

SensitiveUpdate is a TRC update that does not qualify as regular.

VoteSignature indicates the purpose of the signature is to cast a vote.

Voting indicates a voting AS.

ErrAlgorithmNotSet indicates the key algorithm is not set.

ErrASNotSet indicates the as is not set.

ErrAttributesNotSet indicates the attributes in a primary AS are not set.

ErrBaseNotUpdate indicates that the new TRC is a base TRC.

ErrBaseVersionNotSet indicates base_version is not set.

ErrBaseWithNonZeroGracePeriod indicates a base TRC with a non-zero grace period.

ErrBaseWithVotes indicates a base TRC with votes.

ErrCritNotSet indicates that crit is not set.

ErrDescriptionNotSet indicates description is not set.

ErrFormatVersionNotSet indicates format_version is not set.

ErrGracePeriodNotSet indicates grace_period is not set.

ErrISDNotSet indicates isd is not set.

ErrKeysNotSet indicates the keys in a primary AS are not set.

ErrKeyTypeNotSet indicates key_type is not set.

ErrKeyVersionNotSet indicates key_version is not set.

ErrNoIssuingAS indicates that the TRC has no issuing AS.

ErrNotUTF8 indicates an invalid encoding.

ErrNoVotingRight indicates the vote is cast by an AS without voting rights.

ErrPrimaryASesNotSet indicates primary_ases is not set.

ErrProofOfPossessionNotSet indicates proof_of_possession is not set.

ErrSignatureTypeNotSet indicates the signature type is not set.

ErrTrustResetAllowedNotSet indicates trust_reset_allowed is not set.

ErrUnexpectedVote indicates that a TRC has an unexpected vote attached.

ErrUpdateWithZeroGracePeriod indicates a TRC update with a zero grace period.

ErrValidityNotSet indicates validity is not set.

ErrVersionNotSet indicates version is not set.

ErrVotesNotSet indicates votes is not set.

ErrVotingQuorumNotSet indicates voting_quorum is not set.

ErrZeroVotingQuorum indicates that the voting quorum is zero.

Crit is the "crit" section (see: https://tools.ietf.org/html/rfc7515#section-4.1.11).

DecodedSignature holds the signature with the decoded protected meta data.

KeyChanges contains all new keys in a TRC update.

Period indicates a time duration.

POPVerifier verifies the proof of possession signature on a TRC.

PrimaryAS holds the attributes and keys of a primary AS.

Protected is the signature metadata.

Signature contains the signature and packed metadata for one single key.

Signed contains the packed TRC payload and the attached signatures.

TRC is the trust root configuration for an ISD.

UpdateInfo contains details about the TRC update.

UpdateValidator is used to validate TRC updates.

UpdateVerifier verifies a signed TRC update.

Vote identifies the expected vote.

ASToKeyMeta maps an AS to its key metadata for a single key type.

Attribute indicates the capability of a primary AS.

AttributeChange indicates the type of attribute change in a TRC update.

AttributeChanges contains all attribute changes for a TRC update.

Attributes holds all attributes of a primary AS.

Encoded is the the base64url encoded marshaled TRC.

EncodedProtected is the base64url encoded utf-8 metadata.

FormatVersion indicates the TRC format version.

KeyType indicates the type of the key authenticated by the TRC.

POPs maps ASes to their decoded proof of possession.

PrimaryASes holds all primary ASes and maps them to their attributes and keys.

SignatureType indicates the purpose of a signature.

UpdateType indicates the type of TRC update.

Votes maps ASes to their decoded vote.