Documentation ¶
Index ¶
- func ExtractByteRange(sigdict *pdf.Dict) (pdf.Array, error)
- func ExtractContent(path string, byteRangeArray pdf.Array) ([]byte, error)
- func ExtractContext(path string) (*pdf.Context, error)
- func ExtractDss(context *pdf.Context) (pdf.Dict, error)
- func ExtractSigDict(context *pdf.Context) (pdf.Dict, error)
- func ExtractSignatureBytes(sigdict *pdf.Dict) ([]byte, error)
- func ExtractSigningTime(timestamp *pkcs7.PKCS7) (time.Time, error)
- func ExtractTimestampBytes(signature *pkcs7.PKCS7) ([]byte, error)
- func ExtractVri(context *pdf.Context) (pdf.Dict, error)
- func GetTrustedAnchors(pem *string) (*x509.CertPool, error)
- func IsTimestampOnly(signature *pkcs7.PKCS7) bool
- func Sign(hash []byte) ([]byte, error)
- func VerifyCrl(crl *pkix.CertificateList, signature *pkcs7.PKCS7) error
- func VerifyOcsp(ocspresponse *ocsp.Response) error
- func VerifyPkcs7(p7 *pkcs7.PKCS7, signingTime time.Time, content []byte, ...) (bool, error)
- func VerifyRevocationInfo(revocationInfo RevocationInfo, signature *pkcs7.PKCS7) (bool, error)
- type RevocationInfo
- type SignedPdf
- type TestFixture
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ExtractByteRange ¶
ExtractByteRange accesses the RootDictionary of the PDF and extracts the Byte Range ByteRange: portion of the document included in the signature
func ExtractContent ¶
ExtractContent returns the hash of the document, given the byte range
func ExtractContext ¶
ExtractContext extracts the PDF context from the PDF found on the given path
func ExtractDss ¶
ExtractDss extracts the dss dictionary from the pdf context
func ExtractSigDict ¶
ExtractSigDict extracts the signature dictionary from the given pdf context
func ExtractSignatureBytes ¶
ExtractSignatureBytes accesses the RootDictionary of the PDF and extracts the pkcs7 signature object
func ExtractSigningTime ¶
ExtractSigningTime extracts the signingTime from a timestamp
func ExtractTimestampBytes ¶
ExtractTimestampBytes accesses the pkcs7 signature object and returns the bytes of the timestamp
func ExtractVri ¶
ExtractVri extracts the vri dictionary from the pdf context
func GetTrustedAnchors ¶
GetTrustedAnchors returns a certpool given a filepath
func IsTimestampOnly ¶
IsTimestampOnly returns true if the signature is a timestamp (instead of a CMS signature)
func VerifyCrl ¶
func VerifyCrl(crl *pkix.CertificateList, signature *pkcs7.PKCS7) error
VerifyCrl checks if the signer certificate is not listed as expired in the CRL
func VerifyOcsp ¶
VerifyOcsp validates an OCSP response
func VerifyPkcs7 ¶
func VerifyPkcs7(p7 *pkcs7.PKCS7, signingTime time.Time, content []byte, validationInfo RevocationInfo, trustedAnchors *x509.CertPool) (bool, error)
VerifyPkcs7 is an own implementation based on pkcs7.verifyWithChain. This version allows to do the expiration checks against the timestamp (instead of against the current time or the signing time)
func VerifyRevocationInfo ¶
func VerifyRevocationInfo(revocationInfo RevocationInfo, signature *pkcs7.PKCS7) (bool, error)
VerifyRevocationInfo checks: - that the status of the ocsp response is GOOD - that the signing certificate is not revoked according to the crl
Types ¶
type RevocationInfo ¶
type RevocationInfo struct { Base16cert string Crls []*pkix.CertificateList Ocsps []*ocsp.Response Certs []*x509.Certificate }
The RevocationInfo type contains a base16-encoded signature and its associated ocsps, crls and certs
func ExtractRevocationInfo ¶
func ExtractRevocationInfo(signature *pkcs7.PKCS7) (bool, RevocationInfo, error)
ExtractRevocationInfo extracts the RevocationInformation from the signature. It returns false if none was found.
func ExtractValidationInformation ¶
func ExtractValidationInformation(context *pdf.Context, sigbytes []byte) (RevocationInfo, error)
ExtractValidationInformation finds and parses the Validation Information embedded in the PDF document If sigbytes is nil (no reference to an existing signature), it gets the ocsp and crl directly from the dss dictionary I'm assuming here the ocsps and crls element nested directly under dss are the ones related to the timestamp
type SignedPdf ¶
type SignedPdf struct { // Content represents the signed content in the pdf Content []byte // ByteRange defines the portion of the pdf which is signed ByteRange pdf.Array // IsTimestampOnly is true if the pdf is only timestamped but not signed IsTimestampOnly bool // Signature is the pkcs7 object holding the signature (PAdES signature) Signature *pkcs7.PKCS7 // Timetamp is the pkcs7 object holding the timestamp (CAdES signature) Timestamp *pkcs7.PKCS7 // SigningTime is the signed time signed holded by the timestamp SigningTime time.Time // RevocationInfo holds the revocation information embedded in the pkcs7 RevocationInfo RevocationInfo // ValidationInfo holds the revocation information associated with all signatures ValidationInfo RevocationInfo // TrustedAnchors hold the trusted ca certificates for signature validation TrustedAnchors *x509.CertPool }
The SignedPdf type holds all relevant information for signature verification
type TestFixture ¶
type TestFixture struct { Input []byte Certificate *x509.Certificate PrivateKey *rsa.PrivateKey }