timestamp

package
v0.2.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 4, 2021 License: MIT, MIT Imports: 13 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source
var DefaultHTTPClient = HTTPClient(http.DefaultClient)

DefaultHTTPClient is the HTTP client used for fetching timestamps. This variable may be changed to modify HTTP behavior (eg. add timeouts).

Functions

func GenerateNonce

func GenerateNonce() *big.Int

GenerateNonce generates a new nonce for this TSR.

Types

type Accuracy

type Accuracy struct {
	Seconds int `asn1:"optional"`
	Millis  int `asn1:"tag:0,optional"`
	Micros  int `asn1:"tag:1,optional"`
}
Accuracy ::= SEQUENCE {
  seconds        INTEGER              OPTIONAL,
  millis     [0] INTEGER  (1..999)    OPTIONAL,
  micros     [1] INTEGER  (1..999)    OPTIONAL  }

func (Accuracy) Duration

func (a Accuracy) Duration() time.Duration

Duration returns this Accuracy as a time.Duration.

type HTTPClient

type HTTPClient interface {
	Do(*http.Request) (*http.Response, error)
}

HTTPClient is an interface for *http.Client, allowing callers to customize HTTP behavior.

type Info

type Info struct {
	Version        int
	Policy         asn1.ObjectIdentifier
	MessageImprint MessageImprint
	SerialNumber   *big.Int
	GenTime        time.Time        `asn1:"generalized"`
	Accuracy       Accuracy         `asn1:"optional"`
	Ordering       bool             `asn1:"optional,default:false"`
	Nonce          *big.Int         `asn1:"optional"`
	TSA            asn1.RawValue    `asn1:"tag:0,optional"`
	Extensions     []pkix.Extension `asn1:"tag:1,optional"`
}

Info is a TSTInfo

TSTInfo ::= SEQUENCE  {
  version                      INTEGER  { v1(1) },
  policy                       TSAPolicyId,
  messageImprint               MessageImprint,
    -- MUST have the same value as the similar field in
    -- TimeStampReq
  serialNumber                 INTEGER,
    -- Time-Stamping users MUST be ready to accommodate integers
    -- up to 160 bits.
  genTime                      GeneralizedTime,
  accuracy                     Accuracy                 OPTIONAL,
  ordering                     BOOLEAN             DEFAULT FALSE,
  nonce                        INTEGER                  OPTIONAL,
    -- MUST be present if the similar field was present
    -- in TimeStampReq.  In that case it MUST have the same value.
  tsa                          [0] GeneralName          OPTIONAL,
  extensions                   [1] IMPLICIT Extensions   OPTIONAL  }

TSAPolicyId ::= OBJECT IDENTIFIER

func ParseInfo

func ParseInfo(eci protocol.EncapsulatedContentInfo) (Info, error)

ParseInfo parses an Info out of a CMS EncapsulatedContentInfo.

func (*Info) After

func (i *Info) After(t time.Time) bool

After checks if the earlier time the signature could have been generated at is before the specified time. For example, you might check that a signature was made *after* a certificate's not-before date.

func (*Info) Before

func (i *Info) Before(t time.Time) bool

Before checks if the latest time the signature could have been generated at is before the specified time. For example, you might check that a signature was made *before* a certificate's not-after date.

type MessageImprint

type MessageImprint struct {
	HashAlgorithm pkix.AlgorithmIdentifier
	HashedMessage []byte
}
MessageImprint ::= SEQUENCE  {
  hashAlgorithm                AlgorithmIdentifier,
  hashedMessage                OCTET STRING  }

func NewMessageImprint

func NewMessageImprint(hash crypto.Hash, r io.Reader) (MessageImprint, error)

NewMessageImprint creates a new MessageImprint, digesting all bytes from the provided reader using the specified hash.

func (MessageImprint) Equal

func (mi MessageImprint) Equal(other MessageImprint) bool

Equal checks if this MessageImprint is identical to another MessageImprint.

func (MessageImprint) Hash

func (mi MessageImprint) Hash() (crypto.Hash, error)

Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.

type PKIFreeText

type PKIFreeText []asn1.RawValue

PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String

func (PKIFreeText) Append

func (ft PKIFreeText) Append(t string) PKIFreeText

Append returns a new copy of the PKIFreeText with the provided string appended.

func (PKIFreeText) Strings

func (ft PKIFreeText) Strings() ([]string, error)

Strings decodes the PKIFreeText into a []string.

type PKIStatusInfo

type PKIStatusInfo struct {
	Status       int
	StatusString PKIFreeText    `asn1:"optional"`
	FailInfo     asn1.BitString `asn1:"optional"`
}
PKIStatusInfo ::= SEQUENCE {
	status        PKIStatus,
	statusString  PKIFreeText     OPTIONAL,
	failInfo      PKIFailureInfo  OPTIONAL  }
PKIStatus ::= INTEGER {
	granted                (0),
		-- when the PKIStatus contains the value zero a TimeStampToken, as
		requested, is present.
	grantedWithMods        (1),
		-- when the PKIStatus contains the value one a TimeStampToken,
		with modifications, is present.
	rejection              (2),
	waiting                (3),
	revocationWarning      (4),
		-- this message contains a warning that a revocation is
		-- imminent
	revocationNotification (5)
		-- notification that a revocation has occurred   }

-- When the TimeStampToken is not present -- failInfo indicates the reason why the -- time-stamp request was rejected and -- may be one of the following values.

PKIFailureInfo ::= BIT STRING {
	badAlg               (0),
		-- unrecognized or unsupported Algorithm Identifier
	badRequest           (2),
		-- transaction not permitted or supported
	badDataFormat        (5),
		-- the data submitted has the wrong format
	timeNotAvailable    (14),
		-- the TSA's time source is not available
	unacceptedPolicy    (15),
		-- the requested TSA policy is not supported by the TSA.
	unacceptedExtension (16),
		-- the requested extension is not supported by the TSA.
	addInfoNotAvailable (17)
		-- the additional information requested could not be understood
		-- or is not available
	systemFailure       (25)
		-- the request cannot be handled due to system failure  }

func (PKIStatusInfo) Error

func (si PKIStatusInfo) Error() string

Error implements the error interface.

func (PKIStatusInfo) GetError

func (si PKIStatusInfo) GetError() error

Error represents an unsuccessful PKIStatusInfo as an error.

type Request

type Request struct {
	Version        int
	MessageImprint MessageImprint
	ReqPolicy      asn1.ObjectIdentifier `asn1:"optional"`
	Nonce          *big.Int              `asn1:"optional"`
	CertReq        bool                  `asn1:"optional,default:false"`
	Extensions     []pkix.Extension      `asn1:"tag:1,optional"`
}

Request is a TimeStampReq

TimeStampReq ::= SEQUENCE  {
	version                      INTEGER  { v1(1) },
	messageImprint               MessageImprint,
		--a hash algorithm OID and the hash value of the data to be
		--time-stamped
	reqPolicy             TSAPolicyId              OPTIONAL,
	nonce                 INTEGER                  OPTIONAL,
	certReq               BOOLEAN                  DEFAULT FALSE,
	extensions            [0] IMPLICIT Extensions  OPTIONAL  }

func (Request) Do

func (req Request) Do(url string) (Response, error)

Do sends this timestamp request to the specified timestamp service, returning the parsed response. The timestamp.HTTPClient is used to make the request and HTTP behavior can be modified by changing that variable.

func (Request) Matches

func (req Request) Matches(tsti Info) bool

Matches checks if the MessageImprint and Nonce from a responsee match those of the request.

type Response

type Response struct {
	Status         PKIStatusInfo
	TimeStampToken protocol.ContentInfo `asn1:"optional"`
}

Response is a TimeStampResp

TimeStampResp ::= SEQUENCE  {
	status                  PKIStatusInfo,
	timeStampToken          TimeStampToken     OPTIONAL  }

TimeStampToken ::= ContentInfo

func ParseResponse

func ParseResponse(ber []byte) (Response, error)

ParseResponse parses a BER encoded TimeStampResp.

func (Response) Info

func (r Response) Info() (Info, error)

Info gets an Info from the response, doing no validation of the SignedData.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL