xmldsig

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 5, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var CanonicalizationAlgorithms map[string]CanonicalizationAlgorithm

CanonicalizationAlgorithms maps the CanonicalizationMethod or Transform Algorithm URIs to a type that implements the CanonicalizationAlgorithm interface.

Implementations are provided for the following transforms: 

http://www.w3.org/2001/10/xml-exc-c14n# (ExclusiveCanonicalization)
http://www.w3.org/2001/10/xml-exc-c14n#WithComments (ExclusiveCanonicalizationWithComments)
http://www.w3.org/2000/09/xmldsig#enveloped-signature (EnvelopedSignature)

Custom implementations can be added to the map

Functions

func Verify 

func Verify(f *os.File, opts options.VerifyOptions) error

Extract and verify an enveloped signature at the given root

Types

type CanonicalizationAlgorithm 

type CanonicalizationAlgorithm interface {
	Process(inputXML string, transformXML string) (outputXML string, err error)
}

CanonicalizationAlgorithm defines an interface for processing an XML document into a standard format.

If any child elements are in the Transform node, the entire transform node will be passed to the Process method through the transformXML parameter as an XML string. This is necessary for transforms that need additional processing data, like XPath (http://www.w3.org/TR/xmldsig-core/#sec-XPath). If there are no child elements in Transform (or CanonicalizationMethod), then an empty string will be passed through.

type EnvelopedSignature 

type EnvelopedSignature struct{}

EnvelopedSignature implements the CanonicalizationAlgorithm interface and is used for processing the http://www.w3.org/2000/09/xmldsig#enveloped-signature transform algorithm

func (EnvelopedSignature) Process 

func (e EnvelopedSignature) Process(inputXML string,
	transformXML string) (outputXML string, err error)

Process is called to transfrom the XML using the EnvelopedSignature algorithm

type ExclusiveCanonicalization 

type ExclusiveCanonicalization struct {
	WithComments bool
	// contains filtered or unexported fields
}

ExclusiveCanonicalization implements the CanonicalizationAlgorithm interface and is used for processing the http://www.w3.org/2001/10/xml-exc-c14n# and http://www.w3.org/2001/10/xml-exc-c14n#WithComments transform algorithms

func (ExclusiveCanonicalization) Process 

func (e ExclusiveCanonicalization) Process(inputXML string,
	transformXML string) (outputXML string, err error)

Process is called to transfrom the XML using the ExclusiveCanonicalization algorithm

type Signature 

type Signature struct {
	PublicKey       crypto.PublicKey
	Certificates    []*x509.Certificate
	Hash            crypto.Hash
	EncryptedDigest []byte
	Reference       *etree.Element
}

func (Signature) Leaf 

func (s Signature) Leaf() *x509.Certificate

type Signer 

type Signer struct {
	// contains filtered or unexported fields
}

Signer provides options for signing an XML document

func NewSigner 

func NewSigner(xml []byte, opts signers.SignOpts) (*Signer, error)

NewSigner returns a *Signer for the XML provided

func (*Signer) SetReferenceIDAttribute 

func (s *Signer) SetReferenceIDAttribute(refIDAttribute string)

SetReferenceIDAttribute set the referenceIDAttribute

func (*Signer) SetSignature 

func (s *Signer) SetSignature(sig string) error

SetSignature can be used to assign an external signature for the XML doc that Validator will verify

func (*Signer) Sign 

func (s *Signer) Sign() ([]byte, error)

Sign populates the XML digest and signature based on the parameters present and privateKey given

type Validator 

type Validator struct {
	Certificates []*x509.Certificate
	// contains filtered or unexported fields
}

Validator provides options for verifying a signed XML document

func NewValidator 

func NewValidator(xml string, opts signers.VerifyOpts) (*Validator, error)

NewValidator returns a *Validator for the XML provided

func (*Validator) SetReferenceIDAttribute 

func (v *Validator) SetReferenceIDAttribute(refIDAttribute string)

SetReferenceIDAttribute set the referenceIDAttribute

func (*Validator) SetSignature 

func (s *Validator) SetSignature(sig string) error

SetSignature can be used to assign an external signature for the XML doc that Validator will verify

func (*Validator) SetXML 

func (v *Validator) SetXML(xml string) error

SetXML is used to assign the XML document that the Validator will verify

func (*Validator) SigningCert 

func (v *Validator) SigningCert() x509.Certificate

SigningCert returns the certificate, if any, that was used to successfully validate the signature of the XML document. This will be a zero value x509.Certificate before Validator.Validate is successfully called.

func (*Validator) Validate deprecated 

func (v *Validator) Validate() error

Validate validates the Reference digest values, and the signature value over the SignedInfo.

Deprecated: Use ValidateReferences instead

func (*Validator) ValidateReferences 

func (v *Validator) ValidateReferences() ([]string, error)

ValidateReferences validates the Reference digest values, and the signature value over the SignedInfo.

If the signature is enveloped in the XML, then it will be used. Otherwise, an external signature should be assigned using Validator.SetSignature.

The references returned by this method can be used to verify what was signed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.