cert

package
v0.0.0-...-c8fc2fc Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	EarlyUsage      = "Certificate IssuingTime in the future"
	Expired         = "Certificate expired"
	InvalidSubject  = "Invalid subject"
	ReservedVersion = "Invalid version 0"
	UnableSigPack   = "Cert: Unable to create signature input"
)
View Source 
const (
	MaxChainByteLength uint32 = 1 << 20
	// LeafValidity is the default validity time of a leaf certificate in seconds.
	DefaultLeafCertValidity = 3 * 24 * 60 * 60
	// CoreValidity is the default validity time of a core certificate in seconds.
	DefaultCoreCertValidity = 7 * 24 * 60 * 60

	// Error strings
	CoreCertInvalid  = "Core certificate invalid"
	CoreExpiresAfter = "Core certificate expires after TRC"
	IssASNotFound    = "Issuing Core AS not found"
	LeafCertInvalid  = "Leaf certificate invalid"
	LeafExpiresAfter = "Leaf certificate expires after core certificate"
	LeafIssuedBefore = "Leaf certificate issued before core certificate"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate 

type Certificate struct {
	// CanIssue describes whether the subject is able to issue certificates.
	CanIssue bool
	// Comment is an arbitrary and optional string used by the subject to describe the certificate.
	Comment string
	// EncAlgorithm is the algorithm associated with SubjectEncKey.
	EncAlgorithm string
	// ExpirationTime is the unix timestamp in seconds at which the certificate expires.
	ExpirationTime uint64
	// Issuer is the certificate issuer. It can only be a core AS.
	Issuer *addr.ISD_AS
	// IssuingTime is the unix timestamp in seconds at which the certificate was created.
	IssuingTime uint64
	// SignAlgorithm is the algorithm associated with SubjectSigKey.
	SignAlgorithm string
	// Signature is the certificate signature. It is computed over the rest of the certificate.
	Signature common.RawBytes `json:",omitempty"`
	// Subject is the certificate subject.
	Subject *addr.ISD_AS
	// SubjectEncKey is the public key used for encryption.
	SubjectEncKey common.RawBytes
	// SubjectSignKey the public key used for signature verification.
	SubjectSignKey common.RawBytes
	// TRCVersion is the version of the issuing trc.
	TRCVersion uint64
	// Version is the certificate version. The value 0 is reserved and shall not be used.
	Version uint64
}

func CertificateFromRaw 

func CertificateFromRaw(raw common.RawBytes) (*Certificate, error)

func (*Certificate) Copy 

func (c *Certificate) Copy() *Certificate

func (*Certificate) Eq 

func (c *Certificate) Eq(o *Certificate) bool

func (*Certificate) JSON 

func (c *Certificate) JSON(indent bool) ([]byte, error)

func (*Certificate) Sign 

func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error

Sign adds signature to the certificate. The signature is computed over the certificate without the signature field.

func (*Certificate) String 

func (c *Certificate) String() string

func (*Certificate) Verify 

func (c *Certificate) Verify(subject *addr.ISD_AS, verifyKey common.RawBytes, signAlgo string) error

Verify checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm. Further, it verifies that the certificate belongs to the given subject, and that it is valid at the current time.

func (*Certificate) VerifySignature 

func (c *Certificate) VerifySignature(verifyKey common.RawBytes, signAlgo string) error

VerifySignature checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm.

func (*Certificate) VerifyTime 

func (c *Certificate) VerifyTime(ts uint64) error

VerifyTime checks that the time ts is between issuing and expiration time. This function does not check the validity of the signature.

type Chain 

type Chain struct {
	// Leaf is the leaf certificate of the chain. It is signed by the Core certificate.
	Leaf *Certificate `json:"0"`
	// Core is the core AS certificate of the chain. It is signed by the TRC of the ISD.
	Core *Certificate `json:"1"`
}

Chain contains two certificates, one fore the leaf and one for the core. The leaf certificate is signed by the core certificate, which is signed by the TRC of the corresponding ISD.

func ChainFromRaw 

func ChainFromRaw(raw common.RawBytes, lz4_ bool) (*Chain, error)

func (*Chain) Compress 

func (c *Chain) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the certificate chain using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*Chain) Copy 

func (c *Chain) Copy() *Chain

func (*Chain) Eq 

func (c *Chain) Eq(o *Chain) bool

func (*Chain) IAVer 

func (c *Chain) IAVer() (*addr.ISD_AS, uint64)

func (*Chain) JSON 

func (c *Chain) JSON(indent bool) ([]byte, error)

func (*Chain) Key 

func (c *Chain) Key() *Key

func (*Chain) String 

func (c *Chain) String() string

func (*Chain) Verify 

func (c *Chain) Verify(subject *addr.ISD_AS, t *trc.TRC) error

type Key 

type Key struct {
	IA  addr.ISD_AS
	Ver uint64
}

func NewKey 

func NewKey(ia *addr.ISD_AS, ver uint64) *Key

func (*Key) String 

func (k *Key) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.