tcert

package
v1.0.0-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2017 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// AESKeyLength is the default AES key length
	AESKeyLength = 32
)

Variables

View Source 
var (
	// TCertEncTCertIndex is the ASN1 object identifier of the TCert index.
	TCertEncTCertIndex = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 7}

	// TCertEncEnrollmentID is the ASN1 object identifier of the enrollment id.
	TCertEncEnrollmentID = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 8}

	// TCertAttributesHeaders is the ASN1 object identifier of attributes header.
	TCertAttributesHeaders = asn1.ObjectIdentifier{1, 2, 3, 4, 5, 6, 9}

	// Padding for encryption.
	Padding = []byte{255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255, 255}
)
View Source 
var (
	//RootPreKeySize is the default value of root key
	RootPreKeySize = 48
)

Functions

func CBCDecrypt 

func CBCDecrypt(key, src []byte) ([]byte, error)

CBCDecrypt decrypts using CBC mode

func CBCEncrypt 

func CBCEncrypt(key, s []byte) ([]byte, error)

CBCEncrypt encrypts using CBC mode

func CBCPKCS7Decrypt 

func CBCPKCS7Decrypt(key, src []byte) ([]byte, error)

CBCPKCS7Decrypt combines CBC decryption and PKCS7 unpadding

func CBCPKCS7Encrypt 

func CBCPKCS7Encrypt(key, src []byte) ([]byte, error)

CBCPKCS7Encrypt combines CBC encryption and PKCS7 padding

func ConvertDERToPEM 

func ConvertDERToPEM(der []byte, datatype string) []byte

ConvertDERToPEM returns data from DER to PEM format DERData is DER

func CreateRootPreKey 

func CreateRootPreKey() string

CreateRootPreKey method generates root key

func GenNumber 

func GenNumber(numlen *big.Int) *big.Int

GenNumber generates random numbers of type *big.Int with fixed length

func GenerateBytesUUID 

func GenerateBytesUUID() ([]byte, error)

GenerateBytesUUID returns a UUID based on RFC 4122 returning the generated bytes

func GenerateIntUUID 

func GenerateIntUUID() (*big.Int, error)

GenerateIntUUID returns a UUID based on RFC 4122 returning a big.Int

func GetCertificate 

func GetCertificate(certificate []byte) (*x509.Certificate, error)

GetCertificate returns interface containing *rsa.PublicKey or ecdsa.PublicKey

func GetCertitificateSerialNumber 

func GetCertitificateSerialNumber(certificatebyte []byte) (*big.Int, error)

GetCertitificateSerialNumber returns serial number for Certificate byte return -1 , if there is problem with the cert

func GetEnrollmentIDFromCert 

func GetEnrollmentIDFromCert(ecert *x509.Certificate) string

GetEnrollmentIDFromCert retrieves Enrollment Id from certificate

func GetPrivateKey 

func GetPrivateKey(buf []byte) (interface{}, error)

GetPrivateKey returns ecdsa.PrivateKey or rsa.privateKey object for the private Key Bytes

func LoadCert 

func LoadCert(path string) (*x509.Certificate, error)

LoadCert loads a certificate from a file

func LoadKey 

func LoadKey(path string) (interface{}, error)

LoadKey loads a private key from a file

func PKCS7Padding 

func PKCS7Padding(src []byte) []byte

PKCS7Padding pads as prescribed by the PKCS7 standard

func PKCS7UnPadding 

func PKCS7UnPadding(src []byte) ([]byte, error)

PKCS7UnPadding unpads as prescribed by the PKCS7 standard

func ParsePrivateKey 

func ParsePrivateKey(der []byte) (interface{}, error)

ParsePrivateKey parses private key

func ValidateCert 

func ValidateCert(cert *x509.Certificate) bool

ValidateCert checks for expiry in the certificate cert Does not check for revocation

Types

type Attribute 

type Attribute struct {
	Name  string `json:"name"`
	Value string `json:"value"`
}

Attribute is a single attribute name and value

type GetBatchRequest 

type GetBatchRequest struct {
	// Number of TCerts in the batch.
	Count int `json:"count"`
	// If PublicKeys is non nil, generates a TCert for each public key;
	// in this case, the 'Count' field is ignored and the number of TCerts
	// generated matches the number of public keys in the array.
	PublicKeys [][]byte `json:"public_keys,omitempty"`
	// The attribute name and values that are to be inserted in the issued TCerts.
	Attrs []Attribute `json:"attrs,omitempty"`
	// EncryptAttrs denotes whether to encrypt attribute values or not.
	// When set to true, each issued TCert in the batch will contain encrypted attribute values.
	EncryptAttrs bool `json:"encrypt_attrs,omitempty"`
	// Certificate Validity Period.  If specified, the value used
	// is the minimum of this value and the configured validity period
	// of the TCert manager.
	ValidityPeriod time.Duration `json:"validity_period,omitempty"`
	// The pre-key to be used for key derivation.
	PreKey string `json:"prekey"`
}

GetBatchRequest defines input to the GetBatch API

type GetBatchResponse 

type GetBatchResponse struct {
	ID     *big.Int  `json:"id"`
	TS     time.Time `json:"ts"`
	Key    []byte    `json:"key"`
	TCerts []TCert   `json:"tcerts"`
}

GetBatchResponse is the response from the GetBatch API

type KeyTree 

type KeyTree struct {
	// contains filtered or unexported fields
}

KeyTree is a tree of derived keys

func NewKeyTree 

func NewKeyTree(bccspMgr bccsp.BCCSP, rootKey bccsp.Key) *KeyTree

NewKeyTree is the constructor for a key tree

func (*KeyTree) GetKey 

func (m *KeyTree) GetKey(path []string) (bccsp.Key, error)

GetKey returns a key associated with a specific path in the tree.

type Mgr 

type Mgr struct {
	// CAKey is used for signing a certificate request
	CAKey interface{}
	// CACert is used for extracting CA data to associate with issued certificates
	CACert *x509.Certificate
	// ValidityPeriod is the duration that the issued certificate will be valid
	// unless the user requests a shorter validity period.
	// The default value is 1 year.
	ValidityPeriod time.Duration
	// MaxAllowedBatchSize is the maximum number of TCerts which can be requested at a time.
	// The default value is 1000.
	MaxAllowedBatchSize int
}

Mgr is the manager for the TCert library

func LoadMgr 

func LoadMgr(caKeyFile, caCertFile string) (*Mgr, error)

LoadMgr is the constructor for a TCert manager given key and certificate file names @parameter caKeyFile is the file name for the CA's key @parameter caCertFile is the file name for the CA's cert

func NewMgr 

func NewMgr(caKey interface{}, caCert *x509.Certificate) (*Mgr, error)

NewMgr is the constructor for a TCert manager given a key and an x509 certificate @parameter caKey is used for signing a certificate request @parameter caCert is used for extracting CA data to associate with issued certificates

func (*Mgr) GetBatch 

func (tm *Mgr) GetBatch(req *GetBatchRequest, ecert *x509.Certificate) (*GetBatchResponse, error)

GetBatch gets a batch of TCerts @parameter req Is the TCert batch request @parameter ecert Is the enrollment certificate of the caller

type TCert 

type TCert struct {
	Cert []byte            `json:"cert"`
	Keys map[string][]byte `json:"keys,omitempty"` //base64 encoded string as value
}

TCert encapsulates a signed transaction certificate and optionally a map of keys

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.