Documentation ¶
Overview ¶
Package cert provides a cryptographic certicate library.
Index ¶
- Constants
- Variables
- func AddSignature(verifier Verifier, signature Signature, rawCert []byte) ([]byte, error)
- func GetCertified(rawCert []byte) ([]byte, error)
- func Sign(signer Signer, data []byte, expiration int64) ([]byte, error)
- func SignMulti(signer Signer, rawCert []byte) ([]byte, error)
- func Verify(verifier Verifier, rawCert []byte) ([]byte, error)
- func VerifyAll(verifiers []Verifier, rawCert []byte) ([]byte, error)
- func VerifyThreshold(verifiers []Verifier, threshold int, rawCert []byte) ([]byte, []Verifier, []Verifier, error)
- type Signature
- type Signer
- type Verifier
Constants ¶
const (
// CertVersion is the certificate format version.
CertVersion = 0
)
Variables ¶
var ( // ErrImpossibleDecode is an impossible decoding error. ErrImpossibleDecode = errors.New("impossible to decode") // ErrImpossibleEncode is an impossible encoding error. ErrImpossibleEncode = errors.New("impossible to encode") // ErrImpossibleOutOfMemory is an impossible out of memory error. ErrImpossibleOutOfMemory = errors.New("impossible out of memory failure") // ErrBadSignature indicates that the given signature does not sign the certificate. ErrBadSignature = errors.New("signature does not sign certificate") // ErrDuplicateSignature indicates that the given signature is already present in the certificate. ErrDuplicateSignature = errors.New("signature must not be duplicate") // ErrInvalidCertified indicates that the certified field is invalid ErrInvalidCertified = errors.New("invalid certified field of certificate") // ErrKeyTypeMismatch indicates that the given signer's key type is different than the signatures present already. ErrKeyTypeMismatch = errors.New("certificate key type mismatch") // ErrInvalidKeyType indicates that the given signer's key type is different than the signatures present already. ErrInvalidKeyType = errors.New("invalid certificate key type") // ErrVersionMismatch indicates that the given certificate is the wrong format version. ErrVersionMismatch = errors.New("certificate expired") // ErrCertificateExpired indicates that the given certificate has expired. ErrCertificateExpired = errors.New("certificate expired") // ErrIdentitySignatureNotFound indicates that for the given signer identity there was no signature present in the certificate. ErrIdentitySignatureNotFound = errors.New("failure to find signature associated with the given identity") // ErrInvalidThreshold indicated the given threshold cannot be used. ErrInvalidThreshold = errors.New("threshold must be equal or less than the number of verifiers") // ErrThresholdNotMet indicates that there were not enough valid signatures to meet the threshold. ErrThresholdNotMet = errors.New("threshold failure") )
Functions ¶
func AddSignature ¶
AddSignature adds the signature to the certificate if the verifier can verify the signature signs the certificate.
func GetCertified ¶
GetCertified returns the certified data.
func SignMulti ¶
SignMulti uses the given signer to create a signature and appends it to the certificate and returns it.
func Verify ¶
Verify is used to verify one of the signatures attached to the certificate. It returns the certified data if the signature is valid.
func VerifyAll ¶
VerifyAll returns the certified data if all of the given verifiers can verify the certificate. Otherwise nil is returned along with an error.
func VerifyThreshold ¶
func VerifyThreshold(verifiers []Verifier, threshold int, rawCert []byte) ([]byte, []Verifier, []Verifier, error)
VerifyThreshold returns the certified data, the succeeded verifiers and the failed verifiers if at least a threshold number of verifiers can verify the certificate. Otherwise nil is returned along with an error.
Types ¶
type Signature ¶
type Signature struct { // Identity is the identity of the signer. Identity []byte // Payload is the actual signature value. Payload []byte }
Signature is a cryptographic signature which has an associated signer ID.
func GetSignature ¶
GetSignature returns a signature that signs the certificate if it matches with the given identity.
func GetSignatures ¶
GetSignatures returns all the signatures.