cert

package

v0.4.0 Latest Latest Go to latest Published: Nov 14, 2019 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/JordiSubira/scion

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type Certificate
- func CertificateFromRaw(raw common.RawBytes) (*Certificate, error)
type Chain
type Key
- func NewKey(ia addr.IA, ver scrypto.Version) *Key
- func (k *Key) String() string

Constants ¶

View Source

const (
	ErrEarlyUsage      common.ErrMsg = "Certificate IssuingTime in the future"
	ErrExpired         common.ErrMsg = "Certificate expired"
	ErrInvalidSubject  common.ErrMsg = "Invalid subject"
	ErrReservedVersion common.ErrMsg = "Invalid version 0"
	ErrUnableSigPack   common.ErrMsg = "Cert: Unable to create signature input"
)

View Source

const (
	MaxChainByteLength uint32 = 1 << 20
	// DefaultLeafCertValidity is the default validity time of a leaf certificate in seconds.
	DefaultLeafCertValidity = 3 * 24 * 60 * 60
	// DefaultIssuerCertValidity is the default validity time of an issuer certificate in seconds.
	DefaultIssuerCertValidity = 7 * 24 * 60 * 60
)

View Source

const (
	ErrInvalidNumFields common.ErrMsg = "Invalid number of fields"
	ErrMissingField     common.ErrMsg = "Missing json field"
	ErrValidatingFields common.ErrMsg = "Unable to validate fields"
)

Variables ¶

View Source

var (
	ErrIssCertInvalid   = serrors.New("issuer certificate invalid")
	ErrIssExpiresAfter  = serrors.New("issuer certificate expires after TRC")
	ErrIssASNotFound    = serrors.New("issuing AS not found")
	ErrLeafCertInvalid  = serrors.New("leaf certificate invalid")
	ErrLeafExpiresAfter = serrors.New("leaf certificate expires after issuer certificate")
	ErrLeafIssuedBefore = serrors.New("leaf certificate issued before issuer certificate")
)

Errors

Functions ¶

This section is empty.

Types ¶

type Certificate ¶

type Certificate struct {
	// CanIssue describes whether the subject is able to issue certificates.
	CanIssue bool
	// Comment is an arbitrary and optional string used by the subject to describe the certificate.
	Comment string
	// EncAlgorithm is the algorithm associated with SubjectEncKey.
	EncAlgorithm string
	// ExpirationTime is the unix timestamp in seconds at which the certificate expires.
	ExpirationTime uint32
	// Issuer is the certificate issuer. It can only be a issuing AS.
	Issuer addr.IA
	// IssuingTime is the unix timestamp in seconds at which the certificate was created.
	IssuingTime uint32
	// SignAlgorithm is the algorithm associated with SubjectSigKey.
	SignAlgorithm string
	// Signature is the certificate signature. It is computed over the rest of the certificate.
	Signature common.RawBytes `json:",omitempty"`
	// Subject is the certificate subject.
	Subject addr.IA
	// SubjectEncKey is the public key used for encryption.
	SubjectEncKey common.RawBytes
	// SubjectSignKey the public key used for signature verification.
	SubjectSignKey common.RawBytes
	// TRCVersion is the version of the issuing trc.
	TRCVersion scrypto.Version
	// Version is the certificate version.
	// The value scrypto.LatestVer is reserved and shall not be used.
	Version scrypto.Version
}

func CertificateFromRaw ¶

func CertificateFromRaw(raw common.RawBytes) (*Certificate, error)

func (*Certificate) Copy ¶

func (c *Certificate) Copy() *Certificate

func (*Certificate) Equal ¶ added in v0.4.0

func (c *Certificate) Equal(o *Certificate) bool

func (*Certificate) JSON ¶

func (c *Certificate) JSON(indent bool) ([]byte, error)

func (*Certificate) Sign ¶

func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error

Sign adds signature to the certificate. The signature is computed over the certificate without the signature field.

func (*Certificate) String ¶

func (c *Certificate) String() string

func (*Certificate) UnmarshalJSON ¶

func (c *Certificate) UnmarshalJSON(b []byte) error

func (*Certificate) Verify ¶

func (c *Certificate) Verify(subject addr.IA, verifyKey common.RawBytes, signAlgo string) error

Verify checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm. Further, it verifies that the certificate belongs to the given subject, and that it is valid at the current time.

func (*Certificate) VerifySignature ¶

func (c *Certificate) VerifySignature(verifyKey common.RawBytes, signAlgo string) error

VerifySignature checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm.

func (*Certificate) VerifyTime ¶

func (c *Certificate) VerifyTime(ts uint32) error

VerifyTime checks that the time ts is between issuing and expiration time. This function does not check the validity of the signature.

type Chain ¶

type Chain struct {
	// Leaf is the leaf certificate of the chain. It is signed by the Issuer certificate.
	Leaf *Certificate `json:"0"`
	// Issuer is the issuer AS certificate of the chain. It is signed by the TRC of the ISD.
	Issuer *Certificate `json:"1"`
}

Chain contains two certificates, one for the leaf and one for the issuer. The leaf certificate is signed by the issuer certificate, which is signed by the TRC of the corresponding ISD.

func ChainFromDir ¶

func ChainFromDir(dir string, ia addr.IA, f func(err error)) (*Chain, error)

ChainFromDir reads all the {IA}-V*.crt (e.g., ISD1-ASff00_0_1-V17.crt) files contained directly in dir (no subdirectories), and out of those that match IA ia returns the newest one. The chains must not be compressed. If an error occurs when parsing one of the files, f() is called with the error as argument. Execution continues with the remaining files.

If no chain is found, the returned chain is nil and the error is set to nil.

func ChainFromFile ¶

func ChainFromFile(path string, lz4_ bool) (*Chain, error)

func ChainFromRaw ¶

func ChainFromRaw(raw common.RawBytes, lz4_ bool) (*Chain, error)

func ChainFromSlice ¶

func ChainFromSlice(certs []*Certificate) (*Chain, error)

ChainFromSlice creates a certificate chain from a list of certificates. The first certificate is the leaf certificate. The second certificate is the issuer certificate. Only chains with length of two are supported.

func (*Chain) Compress ¶

func (c *Chain) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the certificate chain using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*Chain) Copy ¶

func (c *Chain) Copy() *Chain

func (*Chain) Equal ¶ added in v0.4.0

func (c *Chain) Equal(o *Chain) bool

func (*Chain) IAVer ¶

func (c *Chain) IAVer() (addr.IA, scrypto.Version)

func (*Chain) JSON ¶

func (c *Chain) JSON(indent bool) ([]byte, error)

func (*Chain) Key ¶

func (c *Chain) Key() *Key

func (*Chain) String ¶

func (c *Chain) String() string

func (*Chain) UnmarshalJSON ¶

func (c *Chain) UnmarshalJSON(b []byte) error

func (*Chain) Verify ¶

func (c *Chain) Verify(subject addr.IA, t *trc.TRC) error

type Key ¶

type Key struct {
	IA  addr.IA
	Ver scrypto.Version
}

func NewKey ¶

func NewKey(ia addr.IA, ver scrypto.Version) *Key

func (*Key) String ¶

func (k *Key) String() string

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
v2

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL