pdf_sign

package
v0.0.0-...-1f827b5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2020 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ExtractByteRange 

func ExtractByteRange(sigdict *pdf.Dict) (pdf.Array, error)

ExtractByteRange accesses the RootDictionary of the PDF and extracts the Byte Range ByteRange: portion of the document included in the signature

func ExtractContent 

func ExtractContent(path string, byteRangeArray pdf.Array) ([]byte, error)

ExtractContent returns the hash of the document, given the byte range

func ExtractContext 

func ExtractContext(path string) (*pdf.Context, error)

ExtractContext extracts the PDF context from the PDF found on the given path

func ExtractDss 

func ExtractDss(context *pdf.Context) (pdf.Dict, error)

ExtractDss extracts the dss dictionary from the pdf context

func ExtractSigDict 

func ExtractSigDict(context *pdf.Context) (pdf.Dict, error)

ExtractSigDict extracts the signature dictionary from the given pdf context

func ExtractSignatureBytes 

func ExtractSignatureBytes(sigdict *pdf.Dict) ([]byte, error)

ExtractSignatureBytes accesses the RootDictionary of the PDF and extracts the pkcs7 signature object

func ExtractSigningTime 

func ExtractSigningTime(timestamp *pkcs7.PKCS7) (time.Time, error)

ExtractSigningTime extracts the signingTime from a timestamp

func ExtractTimestampBytes 

func ExtractTimestampBytes(signature *pkcs7.PKCS7) ([]byte, error)

ExtractTimestampBytes accesses the pkcs7 signature object and returns the bytes of the timestamp

func ExtractVri 

func ExtractVri(context *pdf.Context) (pdf.Dict, error)

ExtractVri extracts the vri dictionary from the pdf context

func GetTrustedAnchors 

func GetTrustedAnchors(pem *string) (*x509.CertPool, error)

GetTrustedAnchors returns a certpool given a filepath

func IsTimestampOnly 

func IsTimestampOnly(signature *pkcs7.PKCS7) bool

IsTimestampOnly returns true if the signature is a timestamp (instead of a CMS signature)

func Sign 

func Sign(hash []byte) ([]byte, error)

func VerifyCrl 

func VerifyCrl(crl *pkix.CertificateList, signature *pkcs7.PKCS7) error

VerifyCrl checks if the signer certificate is not listed as expired in the CRL

func VerifyOcsp 

func VerifyOcsp(ocspresponse *ocsp.Response) error

VerifyOcsp validates an OCSP response

func VerifyPkcs7 

func VerifyPkcs7(p7 *pkcs7.PKCS7, signingTime time.Time, content []byte, validationInfo RevocationInfo, trustedAnchors *x509.CertPool) (bool, error)

VerifyPkcs7 is an own implementation based on pkcs7.verifyWithChain. This version allows to do the expiration checks against the timestamp (instead of against the current time or the signing time)

func VerifyRevocationInfo 

func VerifyRevocationInfo(revocationInfo RevocationInfo, signature *pkcs7.PKCS7) (bool, error)

VerifyRevocationInfo checks: - that the status of the ocsp response is GOOD - that the signing certificate is not revoked according to the crl

Types

type RevocationInfo 

type RevocationInfo struct {
	Base16cert string
	Crls       []*pkix.CertificateList
	Ocsps      []*ocsp.Response
	Certs      []*x509.Certificate
}

The RevocationInfo type contains a base16-encoded signature and its associated ocsps, crls and certs

func ExtractRevocationInfo 

func ExtractRevocationInfo(signature *pkcs7.PKCS7) (bool, RevocationInfo, error)

ExtractRevocationInfo extracts the RevocationInformation from the signature. It returns false if none was found.

func ExtractValidationInformation 

func ExtractValidationInformation(context *pdf.Context, sigbytes []byte) (RevocationInfo, error)

ExtractValidationInformation finds and parses the Validation Information embedded in the PDF document If sigbytes is nil (no reference to an existing signature), it gets the ocsp and crl directly from the dss dictionary I'm assuming here the ocsps and crls element nested directly under dss are the ones related to the timestamp

type SignedPdf 

type SignedPdf struct {

	// Content represents the signed content in the pdf
	Content []byte

	// ByteRange defines the portion of the pdf which is signed
	ByteRange pdf.Array

	// IsTimestampOnly is true if the pdf is only timestamped but not signed
	IsTimestampOnly bool

	// Signature is the pkcs7 object holding the signature (PAdES signature)
	Signature *pkcs7.PKCS7

	// Timetamp is the pkcs7 object holding the timestamp (CAdES signature)
	Timestamp *pkcs7.PKCS7

	// SigningTime is the signed time signed holded by the timestamp
	SigningTime time.Time

	// RevocationInfo holds the revocation information embedded in the pkcs7
	RevocationInfo RevocationInfo

	// ValidationInfo holds the revocation information associated with all signatures
	ValidationInfo RevocationInfo

	// TrustedAnchors hold the trusted ca certificates for signature validation
	TrustedAnchors *x509.CertPool
}

The SignedPdf type holds all relevant information for signature verification

func Init 

func Init(filepath string, trustedAnchorsPem string) (SignedPdf, error)

Init parses the pdf in the filepath and extract the relevant components for signature verification

type TestFixture 

type TestFixture struct {
	Input       []byte
	Certificate *x509.Certificate
	PrivateKey  *rsa.PrivateKey
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.