Documentation ¶
Index ¶
- Constants
- type Certificate
- func (c *Certificate) Copy() *Certificate
- func (c *Certificate) Eq(o *Certificate) bool
- func (c *Certificate) JSON(indent bool) ([]byte, error)
- func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error
- func (c *Certificate) String() string
- func (c *Certificate) Verify(subject *addr.ISD_AS, verifyKey common.RawBytes, signAlgo string) error
- func (c *Certificate) VerifySignature(verifyKey common.RawBytes, signAlgo string) error
- func (c *Certificate) VerifyTime(ts uint64) error
- type Chain
- func (c *Chain) Compress() (common.RawBytes, error)
- func (c *Chain) Copy() *Chain
- func (c *Chain) Eq(o *Chain) bool
- func (c *Chain) IAVer() (*addr.ISD_AS, uint64)
- func (c *Chain) JSON(indent bool) ([]byte, error)
- func (c *Chain) Key() *Key
- func (c *Chain) String() string
- func (c *Chain) Verify(subject *addr.ISD_AS, t *trc.TRC) error
- type Key
Constants ¶
const ( EarlyUsage = "Certificate IssuingTime in the future" Expired = "Certificate expired" InvalidSubject = "Invalid subject" ReservedVersion = "Invalid version 0" UnableSigPack = "Cert: Unable to create signature input" )
const ( MaxChainByteLength uint32 = 1 << 20 // LeafValidity is the default validity time of a leaf certificate in seconds. DefaultLeafCertValidity = 3 * 24 * 60 * 60 // CoreValidity is the default validity time of a core certificate in seconds. DefaultCoreCertValidity = 7 * 24 * 60 * 60 // Error strings CoreCertInvalid = "Core certificate invalid" CoreExpiresAfter = "Core certificate expires after TRC" IssASNotFound = "Issuing Core AS not found" LeafCertInvalid = "Leaf certificate invalid" LeafExpiresAfter = "Leaf certificate expires after core certificate" LeafIssuedBefore = "Leaf certificate issued before core certificate" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate struct { // CanIssue describes whether the subject is able to issue certificates. CanIssue bool // Comment is an arbitrary and optional string used by the subject to describe the certificate. Comment string // EncAlgorithm is the algorithm associated with SubjectEncKey. EncAlgorithm string // ExpirationTime is the unix timestamp in seconds at which the certificate expires. ExpirationTime uint64 // Issuer is the certificate issuer. It can only be a core AS. Issuer *addr.ISD_AS // IssuingTime is the unix timestamp in seconds at which the certificate was created. IssuingTime uint64 // SignAlgorithm is the algorithm associated with SubjectSigKey. SignAlgorithm string // Signature is the certificate signature. It is computed over the rest of the certificate. Signature common.RawBytes `json:",omitempty"` // Subject is the certificate subject. Subject *addr.ISD_AS // SubjectEncKey is the public key used for encryption. SubjectEncKey common.RawBytes // SubjectSignKey the public key used for signature verification. SubjectSignKey common.RawBytes // TRCVersion is the version of the issuing trc. TRCVersion uint64 // Version is the certificate version. The value 0 is reserved and shall not be used. Version uint64 }
func CertificateFromRaw ¶
func CertificateFromRaw(raw common.RawBytes) (*Certificate, error)
func (*Certificate) Copy ¶
func (c *Certificate) Copy() *Certificate
func (*Certificate) Eq ¶
func (c *Certificate) Eq(o *Certificate) bool
func (*Certificate) Sign ¶
func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error
Sign adds signature to the certificate. The signature is computed over the certificate without the signature field.
func (*Certificate) String ¶
func (c *Certificate) String() string
func (*Certificate) Verify ¶
func (c *Certificate) Verify(subject *addr.ISD_AS, verifyKey common.RawBytes, signAlgo string) error
Verify checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm. Further, it verifies that the certificate belongs to the given subject, and that it is valid at the current time.
func (*Certificate) VerifySignature ¶
func (c *Certificate) VerifySignature(verifyKey common.RawBytes, signAlgo string) error
VerifySignature checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm.
func (*Certificate) VerifyTime ¶
func (c *Certificate) VerifyTime(ts uint64) error
VerifyTime checks that the time ts is between issuing and expiration time. This function does not check the validity of the signature.
type Chain ¶
type Chain struct { // Leaf is the leaf certificate of the chain. It is signed by the Core certificate. Leaf *Certificate `json:"0"` // Core is the core AS certificate of the chain. It is signed by the TRC of the ISD. Core *Certificate `json:"1"` }
Chain contains two certificates, one fore the leaf and one for the core. The leaf certificate is signed by the core certificate, which is signed by the TRC of the corresponding ISD.