Documentation
¶
Overview ¶
Package publications implements handling of publications file and PKI signature verification.
Index ¶
- Variables
- func CertChainToString(certList []*x509.Certificate) string
- func CertificateToString(cert *x509.Certificate) string
- type File
- type FileBuilder
- type FileHandler
- type FileHandlerSetting
- func FileHandlerSetFile(p *File) FileHandlerSetting
- func FileHandlerSetFileCertConstraint(oid OID, value string) FileHandlerSetting
- func FileHandlerSetFileCertConstraints(cnstrs []pkix.AttributeTypeAndValue) FileHandlerSetting
- func FileHandlerSetFileTTL(d time.Duration) FileHandlerSetting
- func FileHandlerSetPublicationsURL(url string) FileHandlerSetting
- func FileHandlerSetTrustedCertificate(certificate *x509.Certificate) FileHandlerSetting
- func FileHandlerSetTrustedCertificateDir(path string) FileHandlerSetting
- func FileHandlerSetTrustedCertificateFromFilePem(fname string) FileHandlerSetting
- func FileHandlerUseSystemCertStore() FileHandlerSetting
- type OID
- type PubRecSearchBy
- func PubRecSearchByPubData(pubData *pdu.PublicationData) PubRecSearchBy
- func PubRecSearchByPubString(pubString string) PubRecSearchBy
- func PubRecSearchByTime(pubTime time.Time) PubRecSearchBy
- func PubRecSearchLatest(pubTime time.Time) PubRecSearchBy
- func PubRecSearchNearest(pubTime time.Time) PubRecSearchBy
Constants ¶
This section is empty.
Variables ¶
var ( // OidEmail is the ASN.1 notation for Email Address attribute for use in signatures. OidEmail = OID([]int{1, 2, 840, 113549, 1, 9, 1}) // OidCommonName is the ASN.1 notation for common name attribute type. OidCommonName = OID([]int{2, 5, 4, 3}) // OidCountry is the ASN.1 notation for Country Name attribute type specifying a country. OidCountry = OID([]int{2, 5, 4, 6}) // OidOrganization is the ASN.1 notation for Organization Name attribute type specifying an organization. OidOrganization = OID([]int{2, 5, 4, 10}) )
Functions ¶
func CertChainToString ¶
func CertChainToString(certList []*x509.Certificate) string
CertChainToString returns a printable representation of the x509 certificate chain.
func CertificateToString ¶
func CertificateToString(cert *x509.Certificate) string
CertificateToString returns a printable representation of the x509 certificate.
Types ¶
type File ¶
type File struct {
// contains filtered or unexported fields
}
File is a trust anchor for verifying KSI signatures. It contains a list of public-key certificates for verifying authentication records and a list of publications for verifying publication records attached to calendar hash chains. A publication file has the following components that must appear in the following order:
- 8-byte magic 4B 53 49 50 55 42 4C 46 (in hexadecimal), which encodes the string 'KSIPUBLF' in ASCII.
- Header (Single)
- Public Key Certificates (Multiple) that are considered trustworthy at the time of creation of the publication file.
- Publications (Multiple) that have been created up to the file creation time. Every 'publication' structure consists of 'published data' and 'publication reference' structures, where the 'published data' structure consists of the 'publication time' and 'published hash' fields .
- Signature (Single) of the file.
func NewFile ¶
func NewFile(builder FileBuilder) (*File, error)
NewFile returns publications file constructed from the provided initializer.
Note that the returned publications file is not verified (see (FileHandler).Verify()).
func (*File) Certificate ¶
func (p *File) Certificate(id []byte) (*pdu.CertificateRecord, error)
Certificate returns PKI certificate record with the given ID.
Returns the found certificate, or nil otherwise.
func (*File) PublicationRec ¶
func (p *File) PublicationRec(by PubRecSearchBy) (*pdu.PublicationRec, error)
PublicationRec returns publication record based on the provided search strategy.
Returns the found publication record, or nil otherwise.
func (*File) VerifyRecord ¶
func (p *File) VerifyRecord(rec *pdu.CalendarAuthRec) error
VerifyRecord verifies the calendar authentication record against publications file.
type FileBuilder ¶
type FileBuilder func(*file) error
FileBuilder defines a publications file initializer.
func FileFromBytes ¶
func FileFromBytes(raw []byte) FileBuilder
FileFromBytes returns initializer for the publications file to be built from binary array.
func FileFromFile ¶
func FileFromFile(path string) FileBuilder
FileFromFile returns initializer for the publications file to be built from a binary file.
func FileFromReader ¶
func FileFromReader(r io.Reader) FileBuilder
FileFromReader returns initializer for the publications file to be built from binary stream.
func FileFromURL ¶
func FileFromURL(url string) FileBuilder
FileFromURL returns initializer for the publications file to be download from the specified location.
type FileHandler ¶
type FileHandler struct {
// contains filtered or unexported fields
}
FileHandler is publications file (see File) processor.
func NewFileHandler ¶
func NewFileHandler(settings ...FileHandlerSetting) (*FileHandler, error)
NewFileHandler returns a new publications file handler instance.
func (*FileHandler) FileTTL ¶
func (h *FileHandler) FileTTL() (time.Duration, error)
FileTTL returns downloaded publications file cache timeout.
func (*FileHandler) ReceiveFile ¶
func (h *FileHandler) ReceiveFile() (*File, error)
ReceiveFile downloads the publications file from the URI specified by the FileHandlerSetPublicationsURL.
The downloaded publications file is cached. Sequential calls to this method will return the cached file, except when the cache timeout specified by FileHandlerSetFileTTL has expired, in which case a new download is triggered.
func (*FileHandler) Verify ¶
func (h *FileHandler) Verify(p *File) error
Verify verifies the PKI signature of the publications file.
type FileHandlerSetting ¶
type FileHandlerSetting func(*fileHandler) error
FileHandlerSetting is handler initialization option.
func FileHandlerSetFile ¶
func FileHandlerSetFile(p *File) FileHandlerSetting
FileHandlerSetFile publications file setter. Note that if the publications URL is set, then calling ReceiveFile() will always trigger a new file download.
func FileHandlerSetFileCertConstraint ¶
func FileHandlerSetFileCertConstraint(oid OID, value string) FileHandlerSetting
FileHandlerSetFileCertConstraint specifies the default constraints for verifying the publications file PKI certificate.
Can be called multiple times in order to apply different X.509 distinguished names.
func FileHandlerSetFileCertConstraints ¶
func FileHandlerSetFileCertConstraints(cnstrs []pkix.AttributeTypeAndValue) FileHandlerSetting
FileHandlerSetFileCertConstraints see description of FileHandlerSetFileCertConstraint.
func FileHandlerSetFileTTL ¶
func FileHandlerSetFileTTL(d time.Duration) FileHandlerSetting
FileHandlerSetFileTTL specifies the downloaded publications file cache timeout.
After the timeout expires, a call to the ReceiveFile() will trigger a new publications file download. In order to disable the timeout, set the duration to 0.
func FileHandlerSetPublicationsURL ¶
func FileHandlerSetPublicationsURL(url string) FileHandlerSetting
FileHandlerSetPublicationsURL is configuration method for the publications file URL.
func FileHandlerSetTrustedCertificate ¶
func FileHandlerSetTrustedCertificate(certificate *x509.Certificate) FileHandlerSetting
FileHandlerSetTrustedCertificate is configuration method that appends certificate to pool of trusted certificates.
func FileHandlerSetTrustedCertificateDir ¶
func FileHandlerSetTrustedCertificateDir(path string) FileHandlerSetting
FileHandlerSetTrustedCertificateDir is configuration method that takes a directory path as input, locates all files with 'crt' extension and loads them as trusted certificates.
func FileHandlerSetTrustedCertificateFromFilePem ¶
func FileHandlerSetTrustedCertificateFromFilePem(fname string) FileHandlerSetting
FileHandlerSetTrustedCertificateFromFilePem is configuration method that appends certificate(s) from pem encoded file to pool of trusted certificates.
func FileHandlerUseSystemCertStore ¶
func FileHandlerUseSystemCertStore() FileHandlerSetting
FileHandlerUseSystemCertStore initializes the trust store with a copy of the system cert pool.
type PubRecSearchBy ¶
PubRecSearchBy specifies the publication record search criteria.
func PubRecSearchByPubData ¶
func PubRecSearchByPubData(pubData *pdu.PublicationData) PubRecSearchBy
PubRecSearchByPubData searches publication by publication record.
func PubRecSearchByPubString ¶
func PubRecSearchByPubString(pubString string) PubRecSearchBy
PubRecSearchByPubString searches publication by publication string.
func PubRecSearchByTime ¶
func PubRecSearchByTime(pubTime time.Time) PubRecSearchBy
PubRecSearchByTime searches publication by exact time.
func PubRecSearchLatest ¶
func PubRecSearchLatest(pubTime time.Time) PubRecSearchBy
PubRecSearchLatest searches for the latest available publication, it must be published after given time.
func PubRecSearchNearest ¶
func PubRecSearchNearest(pubTime time.Time) PubRecSearchBy
PubRecSearchNearest searches for the publication that is published after given time and is closest to it.
Source Files