revocation

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 27, 2024 License: Apache-2.0 Imports: 9 Imported by: 2

Documentation

Overview

Package Revocation provides methods for checking the revocation status of a certificate chain

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Options added in v1.1.0 

type Options struct {
	// OCSPHTTPClient is the HTTP client for OCSP request. If not provided,
	// a default *http.Client with timeout of 2 seconds will be used.
	// OPTIONAL.
	OCSPHTTPClient *http.Client

	// CertChainPurpose is the purpose of the certificate chain. Supported
	// values are CodeSigning and Timestamping. Default value is CodeSigning.
	// OPTIONAL.
	CertChainPurpose purpose.Purpose
}

Options specifies values that are needed to check revocation

type Revocation deprecated 

type Revocation interface {
	// Validate checks the revocation status for a certificate chain using OCSP
	// and returns an array of CertRevocationResults that contain the results
	// and any errors that are encountered during the process
	Validate(certChain []*x509.Certificate, signingTime time.Time) ([]*result.CertRevocationResult, error)
}

Revocation is an interface that specifies methods used for revocation checking.

Deprecated: Revocation exists for backwards compatibility and should not be used. To perform revocation check, use Validator.

func New deprecated 

func New(httpClient *http.Client) (Revocation, error)

New constructs a revocation object for code signing certificate chain.

Deprecated: New exists for backwards compatibility and should not be used. To create a revocation object, use NewWithOptions.

type ValidateContextOptions added in v1.1.0 

type ValidateContextOptions struct {
	// CertChain denotes the certificate chain whose revocation status is
	// been validated. REQUIRED.
	CertChain []*x509.Certificate

	// AuthenticSigningTime denotes the authentic signing time of the signature.
	// It is used to compare with the InvalidityDate during revocation check.
	// OPTIONAL.
	//
	// Reference: https://github.com/notaryproject/specifications/blob/v1.0.0/specs/trust-store-trust-policy.md#revocation-checking-with-ocsp
	AuthenticSigningTime time.Time
}

ValidateContextOptions provides configuration options for revocation checks

type Validator added in v1.1.0 

type Validator interface {
	// ValidateContext checks the revocation status given caller provided options
	// and returns an array of CertRevocationResults that contain the results
	// and any errors that are encountered during the process
	ValidateContext(ctx context.Context, validateContextOpts ValidateContextOptions) ([]*result.CertRevocationResult, error)
}

Validator is an interface that provides revocation checking with context

func NewWithOptions added in v1.1.0 

func NewWithOptions(opts Options) (Validator, error)

NewWithOptions constructs a Validator with the specified options

Source Files

View all Source files

Directories

Path Synopsis
Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
 Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
Package purpose provides purposes of the certificate chain whose revocation status is checked
 Package purpose provides purposes of the certificate chain whose revocation status is checked
Package result provides general objects that are used across revocation
 Package result provides general objects that are used across revocation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.