CheckHashes verifies all the checksums specified by the "hashes" of the payload.

CheckValidHashStructures returns an error, or nil, depending on whether the content of the hashes is valid or not.

CompareMultiHashes verifies that the two Hashes passed in can represent the same data.

DefaultExpires gets the default expiry time for the given role.

IsBaseRole checks if the role is a base role.

IsDelegation checks if the role is a delegation or a root role.

IsValidSnapshotStructure returns an error, or nil, depending on whether the content of the struct is valid for snapshot metadata.

IsValidTimestampStructure returns an error, or nil, depending on whether the content of the struct is valid for timestamp metadata.

IsWildDelegation determines if a role represents a valid wildcard delegation path, i.e.

MetadataRoleMapToStringMap generates a map string of bytes from a map RoleName of bytes.

NewBaseRole creates a new BaseRole object with the provided parameters.

NewDelegations initializes an empty Delegations object.

NewECDSAPrivateKey initializes a new ECDSA private key.

NewECDSAPublicKey initializes a new public key with the ECDSAKey type.

NewECDSAx509PublicKey initializes a new public key with the ECDSAx509Key type.

NewED25519PrivateKey initialized a new ED25519 private key.

NewED25519PublicKey initializes a new public key with the ED25519Key type.

NewFileMeta generates a FileMeta object from the reader, using the hash algorithms provided.

NewPrivateKey creates a new, correctly typed PrivateKey, using the UnknownPrivateKey catchall for unsupported ciphers.

NewPublicKey creates a new, correctly typed PublicKey, using the UnknownPublicKey catchall for unsupported ciphers.

NewRole creates a new Role object from the given parameters.

NewRoleList generates an array of RoleName objects from a slice of strings.

NewRoot initializes a new SignedRoot with a set of keys, roles, and the consistent flag.

NewRSAPrivateKey initialized a new RSA private key.

NewRSAPublicKey initializes a new public key with the RSA type.

NewRSAx509PublicKey initializes a new public key with the RSAx509Key type.

NewSnapshot initializes a SignedSnapshot with a given top level root and targets objects.

NewTargets initializes a new empty SignedTargets object.

NewTimestamp initializes a timestamp with an existing snapshot.

PublicKeyFromPrivate returns a new TUFKey based on a private key, with the private key bytes guaranteed to be nil.

RestrictDelegationPathPrefixes returns the list of valid delegationPaths that are prefixed by parentPaths.

RolesListToStringList generates an array of string objects from a slice of roles.

RootFromSigned fully unpacks a Signed object into a SignedRoot and ensures that it is a valid SignedRoot.

SetDefaultExpiryTimes allows one to change the default expiries.

SnapshotFromSigned fully unpacks a Signed object into a SignedSnapshot.

TargetsFromSigned fully unpacks a Signed object into a SignedTargets, given a role name (so it can validate the SignedTargets object).

TimestampFromSigned parsed a Signed object into a fully unpacked SignedTimestamp.

UnmarshalPrivateKey is used to parse individual private keys in JSON.

UnmarshalPublicKey is used to parse individual public keys in JSON.

ValidRole only determines the name is semantically correct.

ValidTUFType checks if the given type is valid for the role.

Key types.

Signature types.

Key types.

Key types.

Signature types.

Signature types.

Key types.

Signature types.

Signature types.

Key types.

BaseRoles is an easy to iterate list of the top level roles.

Canonical base role names.

Canonical base role names.

Canonical base role names.

Canonical base role names.

NotaryDefaultExpiries is the construct used to configure the default expiry times of the various role files.

NotaryDefaultHashes contains the default supported hash algorithms.

TUFTypes is the set of metadata types.

BaseRole is an internal representation of a root/targets/snapshot/timestamp role, with its public keys included.

DelegationRole is an internal representation of a delegation role, with its public keys included.

Delegations holds a tier of targets delegations.

ECDSAPrivateKey represents a private ECDSA key.

ECDSAPublicKey represents an ECDSA key using a raw serialization of the public key.

ECDSAx509PublicKey represents an ECDSA key using an x509 cert as the serialized format of the public key.

ED25519PrivateKey represents a private ED25519 key.

ED25519PublicKey represents an ED25519 key using a raw serialization of the public key.

ErrCertExpired is the error to be returned when a certificate has expired.

ErrInvalidChecksum is the error to be returned when checksum is invalid.

ErrInvalidMetadata is the error to be returned when metadata is invalid.

ErrInvalidRole represents an error regarding a role.

ErrMismatchedChecksum is the error to be returned when checksum is mismatched.

ErrMissingMeta - couldn't find the FileMeta object for the given Role, or the FileMeta object contained no supported checksums.

ErrNoSuchRole indicates the roles doesn't exist.

FileMeta contains the size and hashes for a metadata or target file.

KeyPair holds the public and private key bytes.

Role is a more verbose role as they appear in targets delegations Eventually should only be used for immediately before and after serialization/deserialization.

Root is the Signed component of a root.json.

RootRole is a cut down role as it appears in the root.json Eventually should only be used for immediately before and after serialization/deserialization.

RSAPrivateKey represents a private RSA key.

RSAPublicKey represents an RSA key using a raw serialization of the public key.

RSAx509PublicKey represents an RSA key using an x509 cert as the serialized format of the public key.

Signature is a signature on a piece of metadata.

Signed is the high level, partially deserialized metadata object used to verify signatures before fully unpacking, or to add signatures before fully packing.

SignedCommon contains the fields common to the Signed component of all TUF metadata files.

SignedMeta is used in server validation where we only need signatures and common fields.

SignedRoot is a fully unpacked root.json.

SignedSnapshot is a fully unpacked snapshot.json.

SignedTargets is a fully unpacked targets.json, or target delegation json file.

SignedTimestamp is a fully unpacked timestamp.json.

Snapshot is the Signed component of a snapshot.json.

Targets is the Signed components of a targets.json or delegation json file.

Timestamp is the Signed component of a timestamp.json.

TUFKey is the structure used for both public and private keys in TUF.

UnknownPrivateKey is a catchall for unsupported key types.

UnknownPublicKey is a catchall for key types that are not supported.

PrivateKey adds the ability to access the private key.

PublicKey is the necessary interface for public keys.

Files is the map of paths to file meta container in targets and delegations metadata files.

GUN is a Globally Unique Name.

Hashes is the map of hash type to digest created for each metadata and target file.

KeyList represents a list of keys.

Keys represents a map of key ID to PublicKey object.

RoleName type for specifying role.

SigAlgorithm for types of signatures.