Documentation ¶
Index ¶
- func AddCertsToCertPool(certByte []byte, certPool *qx509.CertPool) (ok bool, err error)
- func AppendNewCertsToTrustRoots(tlsTrustRoots *ChainTrustRoots, chainId string, certPemBytes []byte) (bool, error)
- func GetCertAndPeerIdWithKeyPair(certPEMBlock []byte, keyPEMBlock []byte) (*tls.Certificate, string, error)
- func NewTlsConfig(certificate tls.Certificate, certValidator *CertValidator, useSm bool) (*tls.Config, error)
- func NewTlsConfigWithCertPool(certificate tls.Certificate, certValidator *CertValidator, ...) (*tls.Config, error)
- func ParsePublicKeyToPubKey4Quic(publicKey gocrypto.PublicKey) (libp2pcrypto.PubKey, error)
- type CertValidator
- type ChainTrustRoots
- func (ctr *ChainTrustRoots) AddIntermediates(chainId string, intermediates *qx509.Certificate)
- func (ctr *ChainTrustRoots) AddRoot(chainId string, root *qx509.Certificate)
- func (ctr *ChainTrustRoots) AppendIntermediatesFromPem(chainId string, intermediatesPem []byte) bool
- func (ctr *ChainTrustRoots) AppendRootsFromPem(chainId string, rootPem []byte) bool
- func (ctr *ChainTrustRoots) IntermediatesPool(chainId string) (*qx509.CertPool, bool)
- func (ctr *ChainTrustRoots) RefreshIntermediatesFromPem(chainId string, intermediatesPem [][]byte) bool
- func (ctr *ChainTrustRoots) RefreshRootsFromPem(chainId string, rootsPem [][]byte) bool
- func (ctr *ChainTrustRoots) RootsPool(chainId string) (*qx509.CertPool, bool)
- func (ctr *ChainTrustRoots) VerifyCert(cert *qx509.Certificate) ([]string, error)
- func (ctr *ChainTrustRoots) VerifyCertOfChain(chainId string, cert *qx509.Certificate) bool
- type DerivedInfoWithCert
- type QuicSM2PublicKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddCertsToCertPool ¶
AddCertsToCertPool add cert to cert pool
func AppendNewCertsToTrustRoots ¶
func AppendNewCertsToTrustRoots(tlsTrustRoots *ChainTrustRoots, chainId string, certPemBytes []byte) (bool, error)
AppendNewCertsToTrustRoots will load all cert from cert pem bytes, then append them to chain trust roots.
func GetCertAndPeerIdWithKeyPair ¶
func GetCertAndPeerIdWithKeyPair(certPEMBlock []byte, keyPEMBlock []byte) (*tls.Certificate, string, error)
GetCertAndPeerIdWithKeyPair will create a tls cert with x509 key pair and load the peer id from cert.
func NewTlsConfig ¶
func NewTlsConfig( certificate tls.Certificate, certValidator *CertValidator, useSm bool, ) (*tls.Config, error)
NewTlsConfig create a new tls config for tls handshake.
func NewTlsConfigWithCertPool ¶
func NewTlsConfigWithCertPool( certificate tls.Certificate, certValidator *CertValidator, certPool *x509.CertPool, useSm bool, ) (*tls.Config, error)
NewTlsConfigWithCertPool create a new tls config for tls handshake with cert pool.
Types ¶
type CertValidator ¶
type CertValidator struct {
// contains filtered or unexported fields
}
CertValidator wraps a ChainTrustRoots instance and a common.MemberStatusValidator. It provides a function for verifying peer certificate when tls handshaking. In handshaking process, the function will load remote tls certificate and verify it by chain trust roots, also load remote peer id and cert id. All these infos will stored in validator. These infos could be queried with QueryDerivedInfoWithPeerId function, and could be removed with CleanDerivedInfoWithPeerId function.
func NewCertValidator ¶
func NewCertValidator(tlsTrustRoots *ChainTrustRoots, memberStatusValidator *common.MemberStatusValidator) *CertValidator
NewCertValidator create a new CertValidator instance.
func (*CertValidator) QueryDerivedInfoWithPeerId ¶
func (v *CertValidator) QueryDerivedInfoWithPeerId(peerId string) *DerivedInfoWithCert
QueryDerivedInfoWithPeerId return all infos that loaded with VerifyPeerCertificateFunc and stored in validator.
func (*CertValidator) VerifyPeerCertificateFunc ¶
func (v *CertValidator) VerifyPeerCertificateFunc() func(rawCerts [][]byte, _ [][]*x509.Certificate) error
VerifyPeerCertificateFunc provides a function for verify peer certificate in tls config. In handshaking process, the function will load remote tls certificate and verify it by chain trust roots, also load remote peer id and cert id. All these infos will stored in validator.
type ChainTrustRoots ¶
type ChainTrustRoots struct {
// contains filtered or unexported fields
}
ChainTrustRoots keep the trust root cert pools and the trust intermediates cert pools of all chains.
func BuildTlsTrustRoots ¶
func BuildTlsTrustRoots(chainTrustRoots map[string][][]byte) (*ChainTrustRoots, error)
BuildTlsTrustRoots build the cert pool with cert bytes of chain.
func NewChainTrustRoots ¶
func NewChainTrustRoots() *ChainTrustRoots
NewChainTrustRoots create a new ChainTrustRoots instance.
func (*ChainTrustRoots) AddIntermediates ¶
func (ctr *ChainTrustRoots) AddIntermediates(chainId string, intermediates *qx509.Certificate)
AddIntermediates add a trust intermediates cert to cert pool.
func (*ChainTrustRoots) AddRoot ¶
func (ctr *ChainTrustRoots) AddRoot(chainId string, root *qx509.Certificate)
AddRoot add a trust root cert to cert pool.
func (*ChainTrustRoots) AppendIntermediatesFromPem ¶
func (ctr *ChainTrustRoots) AppendIntermediatesFromPem(chainId string, intermediatesPem []byte) bool
AppendIntermediatesFromPem append trust intermediates certs from pem bytes to cert pool.
func (*ChainTrustRoots) AppendRootsFromPem ¶
func (ctr *ChainTrustRoots) AppendRootsFromPem(chainId string, rootPem []byte) bool
AppendRootsFromPem append trust root certs from pem bytes to cert pool.
func (*ChainTrustRoots) IntermediatesPool ¶
func (ctr *ChainTrustRoots) IntermediatesPool(chainId string) (*qx509.CertPool, bool)
IntermediatesPool return the trust intermediates cert pool of the chain which id is the id given.
func (*ChainTrustRoots) RefreshIntermediatesFromPem ¶
func (ctr *ChainTrustRoots) RefreshIntermediatesFromPem(chainId string, intermediatesPem [][]byte) bool
RefreshIntermediatesFromPem reset all trust intermediates certs from pem bytes array to cert pool.
func (*ChainTrustRoots) RefreshRootsFromPem ¶
func (ctr *ChainTrustRoots) RefreshRootsFromPem(chainId string, rootsPem [][]byte) bool
RefreshRootsFromPem reset all trust root certs from pem bytes array to cert pool.
func (*ChainTrustRoots) RootsPool ¶
func (ctr *ChainTrustRoots) RootsPool(chainId string) (*qx509.CertPool, bool)
RootsPool return the trust root cert pool of the chain which id is the id given.
func (*ChainTrustRoots) VerifyCert ¶
func (ctr *ChainTrustRoots) VerifyCert(cert *qx509.Certificate) ([]string, error)
VerifyCert verify the cert given. If ok, return chain id list.
func (*ChainTrustRoots) VerifyCertOfChain ¶
func (ctr *ChainTrustRoots) VerifyCertOfChain(chainId string, cert *qx509.Certificate) bool
VerifyCertOfChain verify the cert given with chainId. If ok, return true.
type DerivedInfoWithCert ¶
type DerivedInfoWithCert struct { TlsCertBytes []byte ChainIds []string PeerId string CertId string }
DerivedInfoWithCert contains infos loaded from tls cert when verifying peer certificate.
type QuicSM2PublicKey ¶
type QuicSM2PublicKey struct {
// contains filtered or unexported fields
}
QuicSM2PublicKey is an implementation of an SM2 public key
func NewQuicSM2PublicKey ¶
func NewQuicSM2PublicKey(pub *sm2.PublicKey) *QuicSM2PublicKey
NewQuicSM2PublicKey create a QuicSM2PublicKey with sm2.PublicKey.
func (*QuicSM2PublicKey) Bytes ¶
func (ePub *QuicSM2PublicKey) Bytes() ([]byte, error)
Bytes returns the public key as protobuf bytes
func (*QuicSM2PublicKey) Equals ¶
func (ePub *QuicSM2PublicKey) Equals(other libp2pcrypto.Key) bool
Equals compares to public keys
func (*QuicSM2PublicKey) Raw ¶
func (ePub *QuicSM2PublicKey) Raw() ([]byte, error)
Raw returns x509 bytes from a public key
func (*QuicSM2PublicKey) Type ¶
func (ePub *QuicSM2PublicKey) Type() pb.KeyType
Type returns the key type
func (*QuicSM2PublicKey) Verify ¶
func (ePub *QuicSM2PublicKey) Verify(data, sigBytes []byte) (bool, error)
Verify compares data to a signature