cosesign1

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 6, 2023 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateCoseSign1

func CreateCoseSign1(payloadBlob []byte, issuer string, feed string, contentType string, chainPem []byte, keyPem []byte, saltType string, algo cose.Algorithm) (result []byte, err error)

CreateCoseSign1 returns a COSE Sign1 document as an array of bytes. Takes `payloadBlob` and places it inside the envelope. `issuer` is an arbitrary string, placed in the protected header along with the other strings. Typically, this might be a did:x509 that identifies the party that published the document. `feed` is another arbitrary string. Typically, it is an identifier for the object stored in the document. `contentType` is a string to describe the payload content, e.g. "application/rego" or "application/json". `chainPem` is a byte slice containing the certificate chain. That chain is stored and used by a receiver to validate the signature. The leaf cert must match the private key. `keyPem` is a byte slice (PEM format) containing the private key used to sign the document. Acceptable private key formats: EC, PKCS8, PKCS1.

func MakeDidX509

func MakeDidX509(fingerprintAlgorithm string, fingerprintIndex int, chainPEM string, didPolicy string, verbose bool) (string, error)

func NewFixedReader

func NewFixedReader(value byte) io.Reader

func ParsePemChain

func ParsePemChain(filename string) ([]string, error)

ParsePemChain reads cose document and converts certificate chain to pem slice

func StringToAlgorithm

func StringToAlgorithm(algoType string) (algo cose.Algorithm, err error)

StringToAlgorithm returns cose.Algorithm code corresponding to algorithm name.

func WriteBlob

func WriteBlob(path string, data []byte) error

func WriteString

func WriteString(path string, str string) error

Types

type UnpackedCoseSign1

type UnpackedCoseSign1 struct {
	Issuer      string
	Feed        string
	ContentType string
	Pubkey      string
	Pubcert     string
	ChainPem    string
	Payload     []byte
	CertChain   []*x509.Certificate
}

func UnpackAndValidateCOSE1CertChain

func UnpackAndValidateCOSE1CertChain(raw []byte) (*UnpackedCoseSign1, error)

This function is rather unpleasant in that it both decodes the COSE Sign1 document and its various crypto parts AND checks that those parts are sound in this context. Higher layers may yet refuse the payload for reasons beyond the scope of the checking of the document itself. While this function could be decomposed into "unpack" and "verify" there would need to be extra state, such as the cert pools, stored in some state object. Then the sensible pattern would be to have accessors and member functions such as "verity()". However that was done there could exist state objects for badly formed COSE Sign1 documents and that would complicate the jobs of callers.

raw: an array of bytes comprising the COSE Sign1 document.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL