Documentation
¶
Index ¶
- func CreateCoseSign1(payloadBlob []byte, issuer string, feed string, contentType string, ...) (result []byte, err error)
- func MakeDidX509(fingerprintAlgorithm string, fingerprintIndex int, chainPEM string, ...) (string, error)
- func NewFixedReader(value byte) io.Reader
- func ParsePemChain(filename string) ([]string, error)
- func StringToAlgorithm(algoType string) (algo cose.Algorithm, err error)
- func WriteBlob(path string, data []byte) error
- func WriteString(path string, str string) error
- type UnpackedCoseSign1
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateCoseSign1 ¶
func CreateCoseSign1(payloadBlob []byte, issuer string, feed string, contentType string, chainPem []byte, keyPem []byte, saltType string, algo cose.Algorithm) (result []byte, err error)
CreateCoseSign1 returns a COSE Sign1 document as an array of bytes. Takes `payloadBlob` and places it inside the envelope. `issuer` is an arbitrary string, placed in the protected header along with the other strings. Typically, this might be a did:x509 that identifies the party that published the document. `feed` is another arbitrary string. Typically, it is an identifier for the object stored in the document. `contentType` is a string to describe the payload content, e.g. "application/rego" or "application/json". `chainPem` is a byte slice containing the certificate chain. That chain is stored and used by a receiver to validate the signature. The leaf cert must match the private key. `keyPem` is a byte slice (PEM format) containing the private key used to sign the document. Acceptable private key formats: EC, PKCS8, PKCS1.
func MakeDidX509 ¶
func NewFixedReader ¶
func ParsePemChain ¶
ParsePemChain reads cose document and converts certificate chain to pem slice
func StringToAlgorithm ¶
StringToAlgorithm returns cose.Algorithm code corresponding to algorithm name.
func WriteString ¶
Types ¶
type UnpackedCoseSign1 ¶
type UnpackedCoseSign1 struct {
Issuer string
Feed string
ContentType string
Pubkey string
Pubcert string
ChainPem string
Payload []byte
CertChain []*x509.Certificate
}
func UnpackAndValidateCOSE1CertChain ¶
func UnpackAndValidateCOSE1CertChain(raw []byte) (*UnpackedCoseSign1, error)
This function is rather unpleasant in that it both decodes the COSE Sign1 document and its various crypto parts AND checks that those parts are sound in this context. Higher layers may yet refuse the payload for reasons beyond the scope of the checking of the document itself. While this function could be decomposed into "unpack" and "verify" there would need to be extra state, such as the cert pools, stored in some state object. Then the sensible pattern would be to have accessors and member functions such as "verity()". However that was done there could exist state objects for badly formed COSE Sign1 documents and that would complicate the jobs of callers.
raw: an array of bytes comprising the COSE Sign1 document.
Source Files