cert

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 27, 2018 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	EarlyUsage      = "Certificate IssuingTime in the future"
	Expired         = "Certificate expired"
	InvalidSubject  = "Invalid subject"
	ReservedVersion = "Invalid version 0"
	UnableSigPack   = "Cert: Unable to create signature input"
)
View Source
const (
	MaxChainByteLength uint32 = 1 << 20
	// DefaultLeafCertValidity is the default validity time of a leaf certificate in seconds.
	DefaultLeafCertValidity = 3 * 24 * 60 * 60
	// DefaultIssuerCertValidity is the default validity time of an issuer certificate in seconds.
	DefaultIssuerCertValidity = 7 * 24 * 60 * 60

	// Error strings
	IssCertInvalid   = "Issuer certificate invalid"
	IssExpiresAfter  = "Issuer certificate expires after TRC"
	IssASNotFound    = "Issuing AS not found"
	LeafCertInvalid  = "Leaf certificate invalid"
	LeafExpiresAfter = "Leaf certificate expires after issuer certificate"
	LeafIssuedBefore = "Leaf certificate issued before issuer certificate"
)
View Source
const (
	InvalidNumFields     = "Invalid number of fields"
	MissingField         = "Missing json field"
	UnableValidateFields = "Unable to validate fields"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Certificate

type Certificate struct {
	// CanIssue describes whether the subject is able to issue certificates.
	CanIssue bool
	// Comment is an arbitrary and optional string used by the subject to describe the certificate.
	Comment string
	// EncAlgorithm is the algorithm associated with SubjectEncKey.
	EncAlgorithm string
	// ExpirationTime is the unix timestamp in seconds at which the certificate expires.
	ExpirationTime uint32
	// Issuer is the certificate issuer. It can only be a issuing AS.
	Issuer addr.IA
	// IssuingTime is the unix timestamp in seconds at which the certificate was created.
	IssuingTime uint32
	// SignAlgorithm is the algorithm associated with SubjectSigKey.
	SignAlgorithm string
	// Signature is the certificate signature. It is computed over the rest of the certificate.
	Signature common.RawBytes `json:",omitempty"`
	// Subject is the certificate subject.
	Subject addr.IA
	// SubjectEncKey is the public key used for encryption.
	SubjectEncKey common.RawBytes
	// SubjectSignKey the public key used for signature verification.
	SubjectSignKey common.RawBytes
	// TRCVersion is the version of the issuing trc.
	TRCVersion uint64
	// Version is the certificate version. The value 0 is reserved and shall not be used.
	Version uint64
}

func CertificateFromRaw

func CertificateFromRaw(raw common.RawBytes) (*Certificate, error)

func (*Certificate) Copy

func (c *Certificate) Copy() *Certificate

func (*Certificate) Eq

func (c *Certificate) Eq(o *Certificate) bool

func (*Certificate) JSON

func (c *Certificate) JSON(indent bool) ([]byte, error)

func (*Certificate) Sign

func (c *Certificate) Sign(signKey common.RawBytes, signAlgo string) error

Sign adds signature to the certificate. The signature is computed over the certificate without the signature field.

func (*Certificate) String

func (c *Certificate) String() string

func (*Certificate) UnmarshalJSON

func (c *Certificate) UnmarshalJSON(b []byte) error

func (*Certificate) Verify

func (c *Certificate) Verify(subject addr.IA, verifyKey common.RawBytes, signAlgo string) error

Verify checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm. Further, it verifies that the certificate belongs to the given subject, and that it is valid at the current time.

func (*Certificate) VerifySignature

func (c *Certificate) VerifySignature(verifyKey common.RawBytes, signAlgo string) error

VerifySignature checks the signature of the certificate based on a trusted verifying key and the associated signature algorithm.

func (*Certificate) VerifyTime

func (c *Certificate) VerifyTime(ts uint32) error

VerifyTime checks that the time ts is between issuing and expiration time. This function does not check the validity of the signature.

type Chain

type Chain struct {
	// Leaf is the leaf certificate of the chain. It is signed by the Issuer certificate.
	Leaf *Certificate `json:"0"`
	// Issuer is the issuer AS certificate of the chain. It is signed by the TRC of the ISD.
	Issuer *Certificate `json:"1"`
}

Chain contains two certificates, one for the leaf and one for the issuer. The leaf certificate is signed by the issuer certificate, which is signed by the TRC of the corresponding ISD.

func ChainFromDir

func ChainFromDir(dir string, ia addr.IA, f func(err error)) (*Chain, error)

ChainFromDir reads all the {IA}-V*.crt (e.g., ISD1-ASff00_0_1-V17.crt) files contained directly in dir (no subdirectories), and out of those that match IA ia returns the newest one. The chains must not be compressed. If an error occurs when parsing one of the files, f() is called with the error as argument. Execution continues with the remaining files.

If no chain is found, the returned chain is nil and the error is set to nil.

func ChainFromFile

func ChainFromFile(path string, lz4_ bool) (*Chain, error)

func ChainFromRaw

func ChainFromRaw(raw common.RawBytes, lz4_ bool) (*Chain, error)

func ChainFromSlice

func ChainFromSlice(certs []*Certificate) (*Chain, error)

ChainFromSlice creates a certificate chain from a list of certificates. The first certificate is the leaf certificate. The second certificate is the issuer certificate. Only chains with length of two are supported.

func (*Chain) Compress

func (c *Chain) Compress() (common.RawBytes, error)

Compress compresses the JSON generated from the certificate chain using lz4 block mode and prepends the original length (4 bytes, little endian, unsigned). This is necessary, since the python lz4 library expects this format.

func (*Chain) Copy

func (c *Chain) Copy() *Chain

func (*Chain) Eq

func (c *Chain) Eq(o *Chain) bool

func (*Chain) IAVer

func (c *Chain) IAVer() (addr.IA, uint64)

func (*Chain) JSON

func (c *Chain) JSON(indent bool) ([]byte, error)

func (*Chain) Key

func (c *Chain) Key() *Key

func (*Chain) String

func (c *Chain) String() string

func (*Chain) UnmarshalJSON

func (c *Chain) UnmarshalJSON(b []byte) error

func (*Chain) Verify

func (c *Chain) Verify(subject addr.IA, t *trc.TRC) error

type Key

type Key struct {
	IA  addr.IA
	Ver uint64
}

func NewKey

func NewKey(ia addr.IA, ver uint64) *Key

func (*Key) String

func (k *Key) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL