Documentation ¶
Overview ¶
Package signedxml transforms and validates signedxml documents
Index ¶
- Variables
- func CalculateHash(targetToBeHashed []byte, digestMethodURI string) (string, error)
- func CalculateHashFromRef(reference *etree.Element, targetToBeHashed interface{}) (string, error)
- func LoadCertFromPEMString(pemString, pubKeyType string) (*x509.Certificate, error)
- func PopulateElementWithNameSpaces(targetElem *etree.Element, rootDoc *etree.Document) (err error)
- func ValidateCertificate(cert *x509.Certificate, ...) (err error)
- type C14N10Canonicalizer
- type C14N10ExclusiveCanonicalizer
- type C14N11Canonicalizer
- type CanonicalizationAlgorithm
- type EnvelopedSignature
- type ExclusiveCanonicalization
- type Signer
- type Validator
- func (v *Validator) SetReferenceIDAttribute(refIDAttribute string)
- func (s *Validator) SetSignature(sig string) error
- func (v *Validator) SetValidationCert(cert *x509.Certificate)
- func (v *Validator) SetValidationCertFromPEMString(certPEM string) error
- func (v *Validator) SetXML(xml string) error
- func (v *Validator) SigningCert() x509.Certificate
- func (v *Validator) Validate() errordeprecated
- func (v *Validator) ValidateReferences() ([]string, error)
Constants ¶
This section is empty.
Variables ¶
var CanonicalizationAlgorithms map[string]CanonicalizationAlgorithm
CanonicalizationAlgorithms maps the CanonicalizationMethod or Transform Algorithm URIs to a type that implements the CanonicalizationAlgorithm interface.
Implementations are provided for the following transforms:
http://www.w3.org/2001/10/xml-exc-c14n# (ExclusiveCanonicalization) http://www.w3.org/2001/10/xml-exc-c14n#WithComments (ExclusiveCanonicalizationWithComments) http://www.w3.org/2000/09/xmldsig#enveloped-signature (EnvelopedSignature)
Custom implementations can be added to the map
Functions ¶
func CalculateHash ¶
calculates a hash of a targetToBeHashed ([]byte), detecting the hash algorithm by the URI string. The URI follows notation common for XML Signatures. If successfull, it outputs base64 encoded string of a target hash digest (fingerprint).
func CalculateHashFromRef ¶
calculates a hash of a TargetToBeHashed (*etree.Document or []byte), detecting the hash algorithm in the reference element. If successful, hash digest value in base64 encoded string is written to the reference element/DigestValue tag.
func LoadCertFromPEMString ¶
func LoadCertFromPEMString(pemString, pubKeyType string) (*x509.Certificate, error)
func PopulateElementWithNameSpaces ¶
Copies all namespaces that related to the targetElement. It must have the following namespaces: - own namespaces (if it defines such): nothing todo here, typically, they're defined in attributes of that element; - if the element has a prefix, but no definition for it, then parent has this namespace defined; - if any of the sub-elementas have a prefix, which is different from targetElement, then some parent must define it. Needed before canonicalizing and calculating hash of the target Element. TargetElem is always a sub-tag (child) of RootDoc
func ValidateCertificate ¶
func ValidateCertificate(cert *x509.Certificate, certDigest, digestMethodURI, notBefore, notAfter string) (err error)
Validates certificate: 1. checks if it hasn't expired, 2. calculates certificate hash digest and compares to supplied certificate digest value. Params 'notBefore', 'notAfter' are optional, just for setting validity dates separately, else X509.Certificate container equivalent values are used
Types ¶
type C14N10Canonicalizer ¶
type C14N10Canonicalizer struct {
WithComments bool
}
type C14N10ExclusiveCanonicalizer ¶
type C14N10ExclusiveCanonicalizer struct {
WithComments bool
}
type C14N11Canonicalizer ¶
type C14N11Canonicalizer struct {
WithComments bool
}
type CanonicalizationAlgorithm ¶
type CanonicalizationAlgorithm interface {
Process(inputXML string, transformXML string) (outputXML string, err error)
}
CanonicalizationAlgorithm defines an interface for processing an XML document into a standard format.
If any child elements are in the Transform node, the entire transform node will be passed to the Process method through the transformXML parameter as an XML string. This is necessary for transforms that need additional processing data, like XPath (http://www.w3.org/TR/xmldsig-core/#sec-XPath). If there are no child elements in Transform (or CanonicalizationMethod), then an empty string will be passed through.
type EnvelopedSignature ¶
type EnvelopedSignature struct{}
EnvelopedSignature implements the CanonicalizationAlgorithm interface and is used for processing the http://www.w3.org/2000/09/xmldsig#enveloped-signature transform algorithm
type ExclusiveCanonicalization ¶
type ExclusiveCanonicalization struct { WithComments bool // contains filtered or unexported fields }
ExclusiveCanonicalization implements the CanonicalizationAlgorithm interface and is used for processing the http://www.w3.org/2001/10/xml-exc-c14n# and http://www.w3.org/2001/10/xml-exc-c14n#WithComments transform algorithms
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer provides options for signing an XML document
func (*Signer) SetReferenceIDAttribute ¶
SetReferenceIDAttribute set the referenceIDAttribute
func (*Signer) SetSignature ¶
SetSignature can be used to assign an external signature for the XML doc that Validator will verify
type Validator ¶
type Validator struct { Certificates []x509.Certificate RSAPublicKeys []*rsa.PublicKey // contains filtered or unexported fields }
Validator provides options for verifying a signed XML document
func NewValidator ¶
NewValidator returns a *Validator for the XML provided
func (*Validator) SetReferenceIDAttribute ¶
SetReferenceIDAttribute set the referenceIDAttribute
func (*Validator) SetSignature ¶
SetSignature can be used to assign an external signature for the XML doc that Validator will verify
func (*Validator) SetValidationCert ¶
func (v *Validator) SetValidationCert(cert *x509.Certificate)
func (*Validator) SetValidationCertFromPEMString ¶
func (*Validator) SigningCert ¶
func (v *Validator) SigningCert() x509.Certificate
SigningCert returns the certificate, if any, that was used to successfully validate the signature of the XML document. This will be a zero value x509.Certificate before Validator.Validate is successfully called.
func (*Validator) ValidateReferences ¶
ValidateReferences validates the Reference digest values, and the signature value over the SignedInfo.
If the signature is enveloped in the XML, then it will be used. Otherwise, an external signature should be assigned using Validator.SetSignature.
The references returned by this method can be used to verify what was signed.