cert

package
v0.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2020 License: AGPL-3.0 Imports: 6 Imported by: 8

Documentation

Overview

Package cert provides a cryptographic certicate library.

Index

Constants

View Source 
const (
	// CertVersion is the certificate format version.
	CertVersion = 0
)

Variables

View Source 
var (
	// ErrImpossibleDecode is an impossible decoding error.
	ErrImpossibleDecode = errors.New("impossible to decode")

	// ErrImpossibleEncode is an impossible encoding error.
	ErrImpossibleEncode = errors.New("impossible to encode")

	// ErrImpossibleOutOfMemory is an impossible out of memory error.
	ErrImpossibleOutOfMemory = errors.New("impossible out of memory failure")

	// ErrBadSignature indicates that the given signature does not sign the certificate.
	ErrBadSignature = errors.New("signature does not sign certificate")

	// ErrDuplicateSignature indicates that the given signature is already present in the certificate.
	ErrDuplicateSignature = errors.New("signature must not be duplicate")

	// ErrInvalidCertified indicates that the certified field is invalid
	ErrInvalidCertified = errors.New("invalid certified field of certificate")

	// ErrKeyTypeMismatch indicates that the given signer's key type is different than the signatures present already.
	ErrKeyTypeMismatch = errors.New("certificate key type mismatch")

	// ErrInvalidKeyType indicates that the given signer's key type is different than the signatures present already.
	ErrInvalidKeyType = errors.New("invalid certificate key type")

	// ErrVersionMismatch indicates that the given certificate is the wrong format version.
	ErrVersionMismatch = errors.New("certificate version mismatch")

	// ErrCertificateExpired indicates that the given certificate has expired.
	ErrCertificateExpired = errors.New("certificate expired")

	// ErrIdentitySignatureNotFound indicates that for the given signer identity there was no signature present in the certificate.
	ErrIdentitySignatureNotFound = errors.New("failure to find signature associated with the given identity")

	// ErrInvalidThreshold indicated the given threshold cannot be used.
	ErrInvalidThreshold = errors.New("threshold must be equal or less than the number of verifiers")

	// ErrThresholdNotMet indicates that there were not enough valid signatures to meet the threshold.
	ErrThresholdNotMet = errors.New("threshold failure")
)

Functions

func AddSignature 

func AddSignature(verifier Verifier, signature Signature, rawCert []byte) ([]byte, error)

AddSignature adds the signature to the certificate if the verifier can verify the signature signs the certificate.

func GetCertified 

func GetCertified(rawCert []byte) ([]byte, error)

GetCertified returns the certified data.

func Sign 

func Sign(signer Signer, data []byte, expiration int64) ([]byte, error)

Sign uses the given Signer to create a certificate which certifies the given data.

func SignMulti 

func SignMulti(signer Signer, rawCert []byte) ([]byte, error)

SignMulti uses the given signer to create a signature and appends it to the certificate and returns it.

func Verify 

func Verify(verifier Verifier, rawCert []byte) ([]byte, error)

Verify is used to verify one of the signatures attached to the certificate. It returns the certified data if the signature is valid.

func VerifyAll 

func VerifyAll(verifiers []Verifier, rawCert []byte) ([]byte, error)

VerifyAll returns the certified data if all of the given verifiers can verify the certificate. Otherwise nil is returned along with an error.

func VerifyThreshold 

func VerifyThreshold(verifiers []Verifier, threshold int, rawCert []byte) ([]byte, []Verifier, []Verifier, error)

VerifyThreshold returns the certified data, the succeeded verifiers and the failed verifiers if at least a threshold number of verifiers can verify the certificate. Otherwise nil is returned along with an error.

Types

type Signature 

type Signature struct {
	// Identity is the identity of the signer.
	Identity []byte
	// Payload is the actual signature value.
	Payload []byte
}

Signature is a cryptographic signature which has an associated signer ID.

func GetSignature 

func GetSignature(identity []byte, rawCert []byte) (*Signature, error)

GetSignature returns a signature that signs the certificate if it matches with the given identity.

func GetSignatures 

func GetSignatures(rawCert []byte) ([]Signature, error)

GetSignatures returns all the signatures.

type Signer 

type Signer interface {
	// Sign signs the message and returns the signature.
	Sign(msg []byte) []byte

	// Identity returns the Signer identity.
	Identity() []byte

	// KeyType returns the key type string.
	KeyType() string
}

Signer signs messages.

type Verifier 

type Verifier interface {
	// Verify verifies a signature.
	Verify(sig, msg []byte) bool

	// Identity returns the Verifier identity.
	Identity() []byte
}

Verifier is used to verify signatures.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.