Documentation ¶
Index ¶
- Constants
- Variables
- func GetSignatureAlgorithm(pkiType string, x509Cert *x509.Certificate) (x509.SignatureAlgorithm, crypto.Hash, error)
- func NewX509Certificates(cert *x509.Certificate, intermediates []*x509.Certificate) *payments.X509Certificates
- func ParseX509Certificates(certs *payments.X509Certificates) (*x509.Certificate, *x509.CertPool, error)
- type Builder
- type CheckerInterface
- type UnsignedBuilder
- type ValidationConfig
- type X509Builder
- type X509Checker
Constants ¶
const ( // PkiTypeNone indicates that the request has no // pki data or signature PkiTypeNone = "none" // PkiTypeX509Sha256 indicates the hashing algorithm // to be taken with the public key type to produce // the signature algorithm. PkiTypeX509Sha256 = "x509+sha256" // PkiTypeX509Sha1 indicates the hashing algorithm // to be taken with the public key type to produce // the signature algorithm. PkiTypeX509Sha1 = "x509+sha1" // MimeTypePaymentRequest is the MIME type, set as // Accept: header to download a request, and set // by the server as Content-Type in a successful // response MimeTypePaymentRequest = "application/bitcoin-paymentrequest" // MimeTypePayment is the MIME type, set as // Content-Type: header when submitting a payment // to the server MimeTypePayment = "application/bitcoin-payment" // MimeTypePaymentAck is the MIME type, set as // by the server as Content-Type in a successful // response MimeTypePaymentAck = "application/bitcoin-paymentack" )
Variables ¶
var ( // ErrUnsupportedKeyType is returned when we really have no // idea what kind of key is involved. ErrUnsupportedKeyType = errors.New("unsupported key type") // ErrUnsupportedPkiType is returned when we don't recognize // the pki type in the request, or in input. ErrUnsupportedPkiType = errors.New("unsupported pki type") )
var ( // ErrNoCertificates is returned when certificate chain // validation is attempted but with no certificates ErrNoCertificates = errors.New("no certificates in bundle") // ErrEmptySignature is returned when the signature field // is empty ErrEmptySignature = errors.New("empty signature") )
Functions ¶
func GetSignatureAlgorithm ¶
func GetSignatureAlgorithm(pkiType string, x509Cert *x509.Certificate) ( x509.SignatureAlgorithm, crypto.Hash, error)
GetSignatureAlgorithm takes a pkiType, and a certificate, extracts the subject public keys type, and produces a signature algorithm and a hash function, or an error
func NewX509Certificates ¶
func NewX509Certificates(cert *x509.Certificate, intermediates []*x509.Certificate) *payments.X509Certificates
NewX509Certificates takes an entityCertificate, a slice of intermediate certificates, and produces an X509Certificates protobuf message
func ParseX509Certificates ¶
func ParseX509Certificates(certs *payments.X509Certificates) (*x509.Certificate, *x509.CertPool, error)
ParseX509Certificates extracts a X509Certificates message into an entity certificate, and a CertPool containing the intermediate certificates.
Types ¶
type Builder ¶
type Builder interface {
Build(details *payments.PaymentDetails) (*payments.PaymentRequest, error)
}
Builder is an interface designed for completing a payment request. It receives PaymentDetails, and renders it into a final PaymentRequest object.
type CheckerInterface ¶
type CheckerInterface interface { // ValidateChain takes a validation config, and a set of // certificates, and returns a set of valid chains to // the entity certificate, or an error. ValidateChain(cfg *ValidationConfig, derCerts *payments.X509Certificates) ([][]*x509.Certificate, error) // ValidateSignature takes a certificate, and a // payment request, and validates the signature. // An error is returned if the signature is invalid. ValidateSignature(cert *x509.Certificate, req *payments.PaymentRequest) error }
CheckerInterface is a type capable of validating a certificate chain, and validate x509 signatures
type UnsignedBuilder ¶
type UnsignedBuilder struct { }
UnsignedBuilder implements the Builder interface, and works by embedding the payment details into a request, without a signature (PkiTypeNone)
func NewUnsignedBuilder ¶
func NewUnsignedBuilder() (*UnsignedBuilder, error)
NewUnsignedBuilder returns an UnsignedBuilder.
func (*UnsignedBuilder) Build ¶
func (c *UnsignedBuilder) Build(details *payments.PaymentDetails) (*payments.PaymentRequest, error)
Build takes the details struct and converts it to a payment request, or returns an error on failure.
type ValidationConfig ¶
type ValidationConfig struct { DNSName string Time time.Time RootPool *x509.CertPool KeyUsages []x509.ExtKeyUsage }
ValidationConfig captures high level validation configuration. If RootPool is empty, the system store is used as a default. See x509.VerifyOptions for additional information, this struct exists to supplement details not known by parsing X509 certs, to constrain validation, or to unit test (current time)
type X509Builder ¶
type X509Builder struct {
// contains filtered or unexported fields
}
X509Builder contains the state required for signing operations. cachedCertsBin should be computed once before use.
func NewX509Builder ¶
func NewX509Builder(pkiType string, priv crypto.PrivateKey, cert *x509.Certificate, intermediates []*x509.Certificate) (*X509Builder, error)
NewX509Builder initializes an X509Builder from details deemed constant for a series of signature operations. This is the pkiType, private key, entity certificate, and intermediate certificate list.
func (*X509Builder) Build ¶
func (c *X509Builder) Build(details *payments.PaymentDetails) ( *payments.PaymentRequest, error)
Build produces a signed PaymentRequest for the provided PaymentDetails.
type X509Checker ¶
type X509Checker struct { }
X509Checker implements the CheckerInterface performing actual validation on inputs.
func (*X509Checker) ValidateChain ¶
func (c *X509Checker) ValidateChain(cfg *ValidationConfig, certs *payments.X509Certificates) ([][]*x509.Certificate, error)
ValidateChain - see CheckerInterface.ValidateChain
func (*X509Checker) ValidateSignature ¶
func (c *X509Checker) ValidateSignature(cert *x509.Certificate, req *payments.PaymentRequest) error
ValidateSignature - see CheckerInterface.ValidateSignature