tcert

package
v1.1.0-preview Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 1, 2017 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AESKeyLength is the default AES key length
	AESKeyLength = 32
)

Variables

View Source
var (
	// TCertEncTCertIndex is the ASN1 object identifier of the TCert index.
	TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7}

	// TCertEncEnrollmentID is the ASN1 object identifier of the enrollment id.
	TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8}

	// TCertAttributesHeaders is the ASN1 object identifier of attributes header.
	TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9}

	// Padding for encryption.
	Padding = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
)
View Source
var (
	//RootPreKeySize is the default value of root key
	RootPreKeySize = 48
)

Functions

func CBCDecrypt

func CBCDecrypt(key, src []byte) ([]byte, error)

CBCDecrypt decrypts using CBC mode

func CBCEncrypt

func CBCEncrypt(key, s []byte) ([]byte, error)

CBCEncrypt encrypts using CBC mode

func CBCPKCS7Decrypt

func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)

CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func CBCPKCS7Encrypt

func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)

CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func ConvertDERToPEM

func ConvertDERToPEM(der []byte, datatype string) []byte

ConvertDERToPEM returns data from DER to PEM format DERData is DER

func CreateRootPreKey

func CreateRootPreKey() string

CreateRootPreKey method generates root key

func GenNumber

func GenNumber(numlen *big.Int) (*big.Int, error)

GenNumber generates random numbers of type *big.Int with fixed length

func GenerateBytesUUID

func GenerateBytesUUID() ([]byte, error)

GenerateBytesUUID returns a UUID based on RFC 4122 returning the generated bytes

func GenerateIntUUID

func GenerateIntUUID() (*big.Int, error)

GenerateIntUUID returns a UUID based on RFC 4122 returning a big.Int

func GetCertificate

func GetCertificate(certificate []byte) (*x509.Certificate, error)

GetCertificate returns interface containing *rsa.PublicKey or ecdsa.PublicKey

func GetCertitificateSerialNumber

func GetCertitificateSerialNumber(certificatebyte []byte) (*big.Int, error)

GetCertitificateSerialNumber returns serial number for Certificate byte return -1 , if there is problem with the cert

func GetEnrollmentIDFromCert

func GetEnrollmentIDFromCert(ecert *x509.Certificate) string

GetEnrollmentIDFromCert retrieves Enrollment Id from certificate

func GetPrivateKey

func GetPrivateKey(buf []byte) (interface{}, error)

GetPrivateKey returns ecdsa.PrivateKey or rsa.privateKey object for the private Key Bytes

func LoadCert

func LoadCert(path string) (*x509.Certificate, error)

LoadCert loads a certificate from a file

func LoadKey

func LoadKey(path string) (interface{}, error)

LoadKey loads a private key from a file

func PKCS7Padding

func PKCS7Padding(src []byte) []byte

PKCS7Padding pads as prescribed by the PKCS7 standard

func PKCS7UnPadding

func PKCS7UnPadding(src []byte) ([]byte, error)

PKCS7UnPadding unpads as prescribed by the PKCS7 standard

func ParsePrivateKey

func ParsePrivateKey(der []byte) (interface{}, error)

ParsePrivateKey parses private key

func ValidateCert

func ValidateCert(cert *x509.Certificate) bool

ValidateCert checks for expiry in the certificate cert Does not check for revocation

Types

type Attribute

type Attribute struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

Attribute is a single attribute name and value

type GetBatchRequest

type GetBatchRequest struct {
	// Number of TCerts in the batch.
	Count int `json:"count"`
	// If PublicKeys is non nil, generates a TCert for each public key;
	// in this case, the 'Count' field is ignored and the number of TCerts
	// generated matches the number of public keys in the array.
	PublicKeys [][]byte `json:"public_keys,omitempty"`
	// The attribute name and values that are to be inserted in the issued TCerts.
	Attrs []Attribute `json:"attrs,omitempty"`
	// EncryptAttrs denotes whether to encrypt attribute values or not.
	// When set to true, each issued TCert in the batch will contain encrypted attribute values.
	EncryptAttrs bool `json:"encrypt_attrs,omitempty"`
	// Certificate Validity Period.  If specified, the value used
	// is the minimum of this value and the configured validity period
	// of the TCert manager.
	ValidityPeriod time.Duration `json:"validity_period,omitempty"`
	// The pre-key to be used for key derivation.
	PreKey string `json:"prekey"`
}

GetBatchRequest defines input to the GetBatch API

type GetBatchResponse

type GetBatchResponse struct {
	ID     *big.Int  `json:"id"`
	TS     time.Time `json:"ts"`
	Key    []byte    `json:"key"`
	TCerts []TCert   `json:"tcerts"`
}

GetBatchResponse is the response from the GetBatch API

type KeyTree

type KeyTree struct {
	// contains filtered or unexported fields
}

KeyTree is a tree of derived keys

func NewKeyTree

func NewKeyTree(bccspMgr bccsp.BCCSP, rootKey bccsp.Key) *KeyTree

NewKeyTree is the constructor for a key tree

func (*KeyTree) GetKey

func (m *KeyTree) GetKey(path []string) (bccsp.Key, error)

GetKey returns a key associated with a specific path in the tree.

type Mgr

type Mgr struct {
	// CAKey is used for signing a certificate request
	CAKey interface{}
	// CACert is used for extracting CA data to associate with issued certificates
	CACert *x509.Certificate
	// ValidityPeriod is the duration that the issued certificate will be valid
	// unless the user requests a shorter validity period.
	// The default value is 1 year.
	ValidityPeriod time.Duration
	// MaxAllowedBatchSize is the maximum number of TCerts which can be requested at a time.
	// The default value is 1000.
	MaxAllowedBatchSize int
}

Mgr is the manager for the TCert library

func LoadMgr

func LoadMgr(caKeyFile, caCertFile string, myCSP bccsp.BCCSP) (*Mgr, error)

LoadMgr is the constructor for a TCert manager given key and certificate file names @parameter caKeyFile is the file name for the CA's key @parameter caCertFile is the file name for the CA's cert

func NewMgr

func NewMgr(caKey interface{}, caCert *x509.Certificate) (*Mgr, error)

NewMgr is the constructor for a TCert manager given a key and an x509 certificate @parameter caKey is used for signing a certificate request @parameter caCert is used for extracting CA data to associate with issued certificates

func (*Mgr) GetBatch

func (tm *Mgr) GetBatch(req *GetBatchRequest, ecert *x509.Certificate) (*GetBatchResponse, error)

GetBatch gets a batch of TCerts @parameter req Is the TCert batch request @parameter ecert Is the enrollment certificate of the caller

type TCert

type TCert struct {
	Cert []byte            `json:"cert"`
	Keys map[string][]byte `json:"keys,omitempty"` //base64 encoded string as value
}

TCert encapsulates a signed transaction certificate and optionally a map of keys

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL