publications

package

v1.0.0 Latest Latest Go to latest Published: Jan 10, 2020 License: Apache-2.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/guardtime/goksi

Links

Open Source Insights

Documentation ¶

Overview ¶

Package publications implements handling of publications file and PKI signature verification.

Index ¶

Variables
func CertChainToString(certList []*x509.Certificate) string
func CertificateToString(cert *x509.Certificate) string
type File
- func NewFile(builder FileBuilder) (*File, error)
type FileBuilder
type FileHandler
- func NewFileHandler(settings ...FileHandlerSetting) (*FileHandler, error)
type FileHandlerSetting
type OID
type PubRecSearchBy

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// OidEmail is the ASN.1 notation for Email Address attribute for use in signatures.
	OidEmail = OID([]int{1, 2, 840, 113549, 1, 9, 1})
	// OidCommonName is the ASN.1 notation for common name attribute type.
	OidCommonName = OID([]int{2, 5, 4, 3})
	// OidCountry is the ASN.1 notation for Country Name attribute type specifying a country.
	OidCountry = OID([]int{2, 5, 4, 6})
	// OidOrganization is the ASN.1 notation for Organization Name attribute type specifying an organization.
	OidOrganization = OID([]int{2, 5, 4, 10})
)

Functions ¶

func CertChainToString ¶

func CertChainToString(certList []*x509.Certificate) string

CertChainToString returns a printable representation of the x509 certificate chain.

func CertificateToString ¶

func CertificateToString(cert *x509.Certificate) string

CertificateToString returns a printable representation of the x509 certificate.

Types ¶

type File ¶

type File struct {
	// contains filtered or unexported fields
}

File is a trust anchor for verifying KSI signatures. It contains a list of public-key certificates for verifying authentication records and a list of publications for verifying publication records attached to calendar hash chains. A publication file has the following components that must appear in the following order:

8-byte magic 4B 53 49 50 55 42 4C 46 (in hexadecimal), which encodes the string 'KSIPUBLF' in ASCII.
Header (Single)
Public Key Certificates (Multiple) that are considered trustworthy at the time of creation of the publication file.
Publications (Multiple) that have been created up to the file creation time. Every 'publication' structure consists of 'published data' and 'publication reference' structures, where the 'published data' structure consists of the 'publication time' and 'published hash' fields .
Signature (Single) of the file.

func NewFile ¶

func NewFile(builder FileBuilder) (*File, error)

NewFile returns publications file constructed from the provided initializer.

Note that the returned publications file is not verified (see (FileHandler).Verify()).

func (*File) Certificate ¶

func (p *File) Certificate(id []byte) (*pdu.CertificateRecord, error)

Certificate returns PKI certificate record with the given ID.

Returns the found certificate, or nil otherwise.

func (*File) PublicationRec ¶

func (p *File) PublicationRec(by PubRecSearchBy) (*pdu.PublicationRec, error)

PublicationRec returns publication record based on the provided search strategy.

Returns the found publication record, or nil otherwise.

func (*File) VerifyRecord ¶

func (p *File) VerifyRecord(rec *pdu.CalendarAuthRec) error

VerifyRecord verifies the calendar authentication record against publications file.

type FileBuilder ¶

type FileBuilder func(*file) error

FileBuilder defines a publications file initializer.

func FileFromBytes ¶

func FileFromBytes(raw []byte) FileBuilder

FileFromBytes returns initializer for the publications file to be built from binary array.

func FileFromFile ¶

func FileFromFile(path string) FileBuilder

FileFromFile returns initializer for the publications file to be built from a binary file.

func FileFromReader ¶

func FileFromReader(r io.Reader) FileBuilder

FileFromReader returns initializer for the publications file to be built from binary stream.

func FileFromURL ¶

func FileFromURL(url string) FileBuilder

FileFromURL returns initializer for the publications file to be download from the specified location.

type FileHandler ¶

type FileHandler struct {
	// contains filtered or unexported fields
}

FileHandler is publications file (see File) processor.

func NewFileHandler ¶

func NewFileHandler(settings ...FileHandlerSetting) (*FileHandler, error)

NewFileHandler returns a new publications file handler instance.

func (*FileHandler) FileTTL ¶

func (h *FileHandler) FileTTL() (time.Duration, error)

FileTTL returns downloaded publications file cache timeout.

func (*FileHandler) ReceiveFile ¶

func (h *FileHandler) ReceiveFile() (*File, error)

ReceiveFile downloads the publications file from the URI specified by the FileHandlerSetPublicationsURL.

The downloaded publications file is cached. Sequential calls to this method will return the cached file, except when the cache timeout specified by FileHandlerSetFileTTL has expired, in which case a new download is triggered.

func (*FileHandler) Verify ¶

func (h *FileHandler) Verify(p *File) error

Verify verifies the PKI signature of the publications file.

type FileHandlerSetting ¶

type FileHandlerSetting func(*fileHandler) error

FileHandlerSetting is handler initialization option.

func FileHandlerSetFile ¶

func FileHandlerSetFile(p *File) FileHandlerSetting

FileHandlerSetFile publications file setter. Note that if the publications URL is set, then calling ReceiveFile() will always trigger a new file download.

func FileHandlerSetFileCertConstraint ¶

func FileHandlerSetFileCertConstraint(oid OID, value string) FileHandlerSetting

FileHandlerSetFileCertConstraint specifies the default constraints for verifying the publications file PKI certificate.

Can be called multiple times in order to apply different X.509 distinguished names.

func FileHandlerSetFileCertConstraints ¶

func FileHandlerSetFileCertConstraints(cnstrs []pkix.AttributeTypeAndValue) FileHandlerSetting

FileHandlerSetFileCertConstraints see description of FileHandlerSetFileCertConstraint.

func FileHandlerSetFileTTL ¶

func FileHandlerSetFileTTL(d time.Duration) FileHandlerSetting

FileHandlerSetFileTTL specifies the downloaded publications file cache timeout.

After the timeout expires, a call to the ReceiveFile() will trigger a new publications file download. In order to disable the timeout, set the duration to 0.

func FileHandlerSetPublicationsURL ¶

func FileHandlerSetPublicationsURL(url string) FileHandlerSetting

FileHandlerSetPublicationsURL is configuration method for the publications file URL.

func FileHandlerSetTrustedCertificate ¶

func FileHandlerSetTrustedCertificate(certificate *x509.Certificate) FileHandlerSetting

FileHandlerSetTrustedCertificate is configuration method that appends certificate to pool of trusted certificates.

func FileHandlerSetTrustedCertificateDir ¶

func FileHandlerSetTrustedCertificateDir(path string) FileHandlerSetting

FileHandlerSetTrustedCertificateDir is configuration method that takes a directory path as input, locates all files with 'crt' extension and loads them as trusted certificates.

func FileHandlerSetTrustedCertificateFromFilePem ¶

func FileHandlerSetTrustedCertificateFromFilePem(fname string) FileHandlerSetting

FileHandlerSetTrustedCertificateFromFilePem is configuration method that appends certificate(s) from pem encoded file to pool of trusted certificates.

func FileHandlerUseSystemCertStore ¶

func FileHandlerUseSystemCertStore() FileHandlerSetting

FileHandlerUseSystemCertStore initializes the trust store with a copy of the system cert pool.

type OID ¶

type OID asn1.ObjectIdentifier

OID is certificate DN object identifier.

type PubRecSearchBy ¶

type PubRecSearchBy func(*File) (int, error)

PubRecSearchBy specifies the publication record search criteria.

func PubRecSearchByPubData ¶

func PubRecSearchByPubData(pubData *pdu.PublicationData) PubRecSearchBy

PubRecSearchByPubData searches publication by publication record.

func PubRecSearchByPubString ¶

func PubRecSearchByPubString(pubString string) PubRecSearchBy

PubRecSearchByPubString searches publication by publication string.

func PubRecSearchByTime ¶

func PubRecSearchByTime(pubTime time.Time) PubRecSearchBy

PubRecSearchByTime searches publication by exact time.

func PubRecSearchLatest ¶

func PubRecSearchLatest(pubTime time.Time) PubRecSearchBy

PubRecSearchLatest searches for the latest available publication, it must be published after given time.

func PubRecSearchNearest ¶

func PubRecSearchNearest(pubTime time.Time) PubRecSearchBy

PubRecSearchNearest searches for the publication that is published after given time and is closest to it.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL