cmtlssupport

package
v0.0.0-...-ec6225e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 14, 2022 License: Apache-2.0 Imports: 17 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AppendNewCertsToTrustRoots 

func AppendNewCertsToTrustRoots(tlsTrustRoots *ChainTrustRoots, chainId string, certPemBytes []byte) (bool, error)

AppendNewCertsToTrustRoots will load all cert from cert pem bytes, then append them to chain trust roots.

func GetCertAndPeerIdWithKeyPair 

func GetCertAndPeerIdWithKeyPair(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)

GetCertAndPeerIdWithKeyPair will create a tls cert with x509 key pair and load the peer id from cert.

func GetCertAndPeerIdWithKeyPair4Quic 

func GetCertAndPeerIdWithKeyPair4Quic(certPEMBlock []byte, keyPEMBlock []byte) (*cmTls.Certificate, string, error)

GetCertAndPeerIdWithKeyPair4Quic will create a tls cert with qx509 key pair and load the peer id from cert.

func NewTlsConfigWithCertMode 

func NewTlsConfigWithCertMode(
	certificate cmTls.Certificate,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithCertMode create a new tls config with tls certificates for tls handshake.

func NewTlsConfigWithPubKeyMode 

func NewTlsConfigWithPubKeyMode(
	sk crypto.PrivateKey,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithPubKeyMode create a new tls config with a tls certificate wrapped the public key of the private key for tls handshake.

func NewTlsConfigWithPubKeyMode4Quic 

func NewTlsConfigWithPubKeyMode4Quic(
	sk crypto.PrivateKey,
	certValidator *CertValidator,
) (*cmTls.Config, error)

NewTlsConfigWithPubKeyMode4Quic create a new tls config with a tls certificate wrapped the public key of the private key for tls handshake. Just for quic network.

func ParseQTLSCertToCMTLSCert 

func ParseQTLSCertToCMTLSCert(cert tls.Certificate) cmTls.Certificate

func PrivateKeyToCertificate 

func PrivateKeyToCertificate(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)

PrivateKeyToCertificate create a certificate simply with a private key.

func PrivateKeyToCertificate4Quic 

func PrivateKeyToCertificate4Quic(privateKey crypto.PrivateKey) (*cmTls.Certificate, error)

PrivateKeyToCertificate4Quic create a certificate simply with a private key. Just for quic network.

Types

type CertValidator 

type CertValidator struct {
	// contains filtered or unexported fields
}

CertValidator wraps a ChainTrustRoots instance and a common.MemberStatusValidator. It provides a function for verifying peer certificate when tls handshaking. In handshaking process, the function will load remote tls certificate and verify it by the access control module of each blockchain, also load remote peer id and cert id. All these infos will stored in validator. These infos could be queried with QueryDerivedInfoWithPeerId method, and could be removed with CleanDerivedInfoWithPeerId method.

func NewCertValidator 

func NewCertValidator(pkMod bool, memberStatusValidator *common.MemberStatusValidator,
	roots *ChainTrustRoots) *CertValidator

NewCertValidator create a new CertValidator instance.

func (*CertValidator) DeleteDerivedInfoWithPeerId 

func (v *CertValidator) DeleteDerivedInfoWithPeerId(peerId string)

func (*CertValidator) QueryDerivedInfoWithPeerId 

func (v *CertValidator) QueryDerivedInfoWithPeerId(peerId string) *DerivedInfoWithCert

QueryDerivedInfoWithPeerId return all infos that loaded with VerifyPeerCertificateFunc and stored in validator.

func (*CertValidator) VerifyPeerCertificateFunc 

func (v *CertValidator) VerifyPeerCertificateFunc() func(rawCerts [][]byte, _ [][]*cmx509.Certificate) error

VerifyPeerCertificateFunc provides a function for verify peer certificate in tls config. In handshaking process, the function will load remote tls certificate and verify it by the access control module of each blockchain, also load remote peer id and cert id. All these infos will stored in validator.

type ChainTrustRoots 

type ChainTrustRoots struct {
	// contains filtered or unexported fields
}

ChainTrustRoots keep the trust root cert pools and the trust intermediates cert pools of all chains.

func BuildTlsTrustRoots 

func BuildTlsTrustRoots(chainTrustRoots map[string][][]byte) (*ChainTrustRoots, error)

BuildTlsTrustRoots build the cert pool with cert bytes of chain.

func NewChainTrustRoots 

func NewChainTrustRoots() *ChainTrustRoots

NewChainTrustRoots create a new ChainTrustRoots instance.

func (*ChainTrustRoots) AddIntermediates 

func (ctr *ChainTrustRoots) AddIntermediates(chainId string, intermediates *cmx509.Certificate)

AddIntermediates add a trust intermediates cert to cert pool.

func (*ChainTrustRoots) AddRoot 

func (ctr *ChainTrustRoots) AddRoot(chainId string, root *cmx509.Certificate)

AddRoot add a trust root cert to cert pool.

func (*ChainTrustRoots) AppendIntermediatesFromPem 

func (ctr *ChainTrustRoots) AppendIntermediatesFromPem(chainId string, intermediatesPem []byte) bool

AppendIntermediatesFromPem append trust intermediates certs from pem bytes to cert pool.

func (*ChainTrustRoots) AppendRootsFromPem 

func (ctr *ChainTrustRoots) AppendRootsFromPem(chainId string, rootPem []byte) bool

AppendRootsFromPem append trust root certs from pem bytes to cert pool.

func (*ChainTrustRoots) IntermediatesPool 

func (ctr *ChainTrustRoots) IntermediatesPool(chainId string) (*cmx509.CertPool, bool)

IntermediatesPool return the trust intermediates cert pool of the chain which id is the id given.

func (*ChainTrustRoots) RefreshIntermediatesFromPem 

func (ctr *ChainTrustRoots) RefreshIntermediatesFromPem(chainId string, intermediatesPem [][]byte) bool

RefreshIntermediatesFromPem reset all trust intermediates certs from pem bytes array to cert pool.

func (*ChainTrustRoots) RefreshRootsFromPem 

func (ctr *ChainTrustRoots) RefreshRootsFromPem(chainId string, rootsPem [][]byte) bool

RefreshRootsFromPem reset all trust root certs from pem bytes array to cert pool.

func (*ChainTrustRoots) RootsPool 

func (ctr *ChainTrustRoots) RootsPool(chainId string) (*cmx509.CertPool, bool)

RootsPool return the trust root cert pool of the chain which id is the id given.

func (*ChainTrustRoots) VerifyCert 

func (ctr *ChainTrustRoots) VerifyCert(cert *cmx509.Certificate) ([]string, error)

VerifyCert verify the cert given. If ok, return chain id list.

func (*ChainTrustRoots) VerifyCertOfChain 

func (ctr *ChainTrustRoots) VerifyCertOfChain(chainId string, cert *cmx509.Certificate) bool

VerifyCertOfChain verify the cert given with chainId. If ok, return true.

type DerivedInfoWithCert 

type DerivedInfoWithCert struct {
	TlsCertBytes []byte
	PubKeyBytes  []byte
	ChainIds     []string
	PeerId       string
	CertId       string
}

DerivedInfoWithCert contains infos loaded from tls cert when verifying peer certificate.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.