Documentation ¶
Index ¶
- func BaseRootPool() (*x509.CertPool, error)
- func CheckIgnoreResourcesWithAccessType(t string, v interface{}) bool
- func CreateAndVerifyX509Certificate(cert, intermediateCAsCerts, rootCACert []byte) (*x509.Certificate, error)
- func CreateAndVerifyX509CertificateFromFiles(certPath, intermediateCAsCertsPath, rootCACertPath string) (*x509.Certificate, error)
- func CreateCertificate(subject pkix.Name, validFrom *time.Time, validity time.Duration, ...) ([]byte, error)
- func GetCertificate(data interface{}) (*x509.Certificate, error)
- func Hash(hash hash.Hash, data []byte) (string, error)
- func IgnoreLabelsWithoutSignature(v interface{}) bool
- func IgnoreResourcesWithAccessType(t string) func(v interface{}) bool
- func IgnoreResourcesWithNoneAccess(v interface{}) bool
- func IntermediatePool(pemfile string, fss ...vfs.FileSystem) (*x509.CertPool, error)
- func Marshal(gap string, entries Entries) ([]byte, error)
- func Normalize(v interface{}, ex ExcludeRules) ([]byte, error)
- func ParseCertificate(data []byte) (*x509.Certificate, error)
- func ParsePrivateKey(data string) (interface{}, error)
- func ParsePublicKey(data []byte) (interface{}, error)
- func RootPool(pemfile string, useOS bool, fss ...vfs.FileSystem) (*x509.CertPool, error)
- func VerifyCert(intermediate, root *x509.CertPool, cn string, cert *x509.Certificate) error
- type ArrayExcludes
- type DynamicArrayExcludes
- type DynamicExclude
- type DynamicInclude
- type DynamicMapExcludes
- type DynamicMapIncludes
- type Entries
- type Entry
- type ExcludeEmpty
- type ExcludeRules
- type HandlerRegistry
- type Hasher
- type KeyRegistry
- type MapExcludes
- type MapIncludes
- type NoExcludes
- type NormalizationFilter
- type Normalized
- type Registry
- type Signature
- type SignatureHandler
- type Signer
- type ValueChecker
- type ValueMapper
- type Verifier
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BaseRootPool ¶
func CreateAndVerifyX509Certificate ¶
func CreateAndVerifyX509Certificate(cert, intermediateCAsCerts, rootCACert []byte) (*x509.Certificate, error)
CreateAndVerifyX509Certificate creates and verifies a x509 certificate from in-memory raw certificates. The certificates must be in PEM format.
func CreateAndVerifyX509CertificateFromFiles ¶
func CreateAndVerifyX509CertificateFromFiles(certPath, intermediateCAsCertsPath, rootCACertPath string) (*x509.Certificate, error)
CreateAndVerifyX509CertificateFromFiles creates and verifies a x509 certificate from certificate files. The certificates must be in PEM format.
func CreateCertificate ¶
func GetCertificate ¶
func GetCertificate(data interface{}) (*x509.Certificate, error)
func IgnoreLabelsWithoutSignature ¶
func IgnoreLabelsWithoutSignature(v interface{}) bool
func IgnoreResourcesWithNoneAccess ¶
func IgnoreResourcesWithNoneAccess(v interface{}) bool
func IntermediatePool ¶
func Normalize ¶
func Normalize(v interface{}, ex ExcludeRules) ([]byte, error)
func ParseCertificate ¶
func ParseCertificate(data []byte) (*x509.Certificate, error)
func ParsePrivateKey ¶
func ParsePublicKey ¶
func VerifyCert ¶
Types ¶
type ArrayExcludes ¶
type ArrayExcludes struct {
Continue ExcludeRules
}
func (ArrayExcludes) Element ¶
func (r ArrayExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ArrayExcludes) Field ¶
func (r ArrayExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicArrayExcludes ¶
type DynamicArrayExcludes struct { ValueChecker ValueChecker ValueMapper ValueMapper Continue ExcludeRules }
func (DynamicArrayExcludes) Check ¶
func (r DynamicArrayExcludes) Check(value interface{}) bool
func (DynamicArrayExcludes) Element ¶
func (r DynamicArrayExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicArrayExcludes) Field ¶
func (r DynamicArrayExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicExclude ¶
type DynamicExclude struct { ValueChecker ValueChecker ValueMapper ValueMapper Continue ExcludeRules Name string }
func (*DynamicExclude) Check ¶
func (r *DynamicExclude) Check(value interface{}) bool
type DynamicInclude ¶
type DynamicInclude struct { ValueChecker ValueChecker ValueMapper ValueMapper Continue ExcludeRules Name string }
func (*DynamicInclude) Check ¶
func (r *DynamicInclude) Check(value interface{}) bool
type DynamicMapExcludes ¶
type DynamicMapExcludes map[string]*DynamicExclude
func (DynamicMapExcludes) Element ¶
func (r DynamicMapExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicMapExcludes) Field ¶
func (r DynamicMapExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicMapIncludes ¶
type DynamicMapIncludes map[string]*DynamicInclude
func (DynamicMapIncludes) Element ¶
func (r DynamicMapIncludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicMapIncludes) Field ¶
func (r DynamicMapIncludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type Entries ¶
type Entries []Entry
func PrepareNormalization ¶
func PrepareNormalization(v interface{}, excludes ExcludeRules) (Entries, error)
type Entry ¶
type Entry struct {
// contains filtered or unexported fields
}
Entry is used to keep exactly one key/value pair.
func (Entry) MarshalJSON ¶
type ExcludeEmpty ¶
type ExcludeEmpty struct {
ExcludeRules
}
func (ExcludeEmpty) Element ¶
func (e ExcludeEmpty) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ExcludeEmpty) Field ¶
func (e ExcludeEmpty) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
func (ExcludeEmpty) Filter ¶
func (ExcludeEmpty) Filter(v Normalized) (Normalized, error)
type ExcludeRules ¶
type ExcludeRules interface { Field(name string, value interface{}) (string, interface{}, ExcludeRules) Element(v interface{}) (bool, interface{}, ExcludeRules) }
ExcludeRules defines the rules for normalization excludes.
type HandlerRegistry ¶
type HandlerRegistry interface { RegisterSignatureHandler(handler SignatureHandler) RegisterSigner(algo string, signer Signer) RegisterVerifier(algo string, verifier Verifier) GetSigner(name string) Signer GetVerifier(name string) Verifier SignerNames() []string RegisterHasher(hasher Hasher) GetHasher(name string) Hasher HasherNames() []string }
func DefaultHandlerRegistry ¶
func DefaultHandlerRegistry() HandlerRegistry
func NewHandlerRegistry ¶
func NewHandlerRegistry() HandlerRegistry
type KeyRegistry ¶
type KeyRegistry interface { RegisterPublicKey(name string, key interface{}) RegisterPrivateKey(name string, key interface{}) GetPublicKey(name string) interface{} GetPrivateKey(name string) interface{} }
func DefaultKeyRegistry ¶
func DefaultKeyRegistry() KeyRegistry
func NewKeyRegistry ¶
func NewKeyRegistry() KeyRegistry
type MapExcludes ¶
type MapExcludes map[string]ExcludeRules
func (MapExcludes) Element ¶
func (r MapExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (MapExcludes) Field ¶
func (r MapExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type MapIncludes ¶
type MapIncludes map[string]ExcludeRules
func (MapIncludes) Element ¶
func (r MapIncludes) Element(v interface{}) (bool, interface{}, ExcludeRules)
func (MapIncludes) Field ¶
func (r MapIncludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type NoExcludes ¶
type NoExcludes struct{}
func (NoExcludes) Element ¶
func (r NoExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (NoExcludes) Field ¶
func (r NoExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type NormalizationFilter ¶
type NormalizationFilter interface {
Filter(Normalized) (Normalized, error)
}
type Normalized ¶
type Normalized interface{}
func Prepare ¶
func Prepare(v interface{}, ex ExcludeRules) (r Normalized, err error)
type Registry ¶
type Registry interface { HandlerRegistry KeyRegistry }
func DefaultRegistry ¶
func DefaultRegistry() Registry
func NewRegistry ¶
func NewRegistry(h HandlerRegistry, k KeyRegistry) Registry
type SignatureHandler ¶
SignatureHandler can create and verify signature of a dedicated type.
type Signer ¶
type Signer interface { // Sign returns the signature for the given digest Sign(digest string, hash crypto.Hash, issuer string, privatekey interface{}) (*Signature, error) // Algorithm is the name of the finally used signature algorithm. // A signer might be registered using a logical name, so there might // be multiple signer registration providing the same signature algorithm Algorithm() string }
Signer interface is used to implement different signing algorithms. Each Signer should have a matching Verifier.
type ValueChecker ¶
type ValueChecker func(value interface{}) bool
type ValueMapper ¶
type ValueMapper func(v interface{}) interface{}
type Verifier ¶
type Verifier interface { // Verify checks the signature, returns an error on verification failure Verify(digest string, hash crypto.Hash, sig *Signature, publickey interface{}) error Algorithm() string }
Verifier interface is used to implement different verification algorithms. Each Verifier should have a matching Signer.