Documentation
¶
Index ¶
- Constants
- func BaseRootPool() (*x509.CertPool, error)deprecated
- func CreateAndVerifyX509Certificate(cert, intermediateCAsCerts, rootCACert []byte) (*x509.Certificate, error)
- func CreateAndVerifyX509CertificateFromFiles(certPath, intermediateCAsCertsPath, rootCACertPath string) (*x509.Certificate, error)
- func CreateCertificate(subject pkix.Name, validFrom *time.Time, validity time.Duration, ...) ([]byte, error)deprecated
- func DecryptionKeyName(name string) string
- func GetCertificate(in interface{}) (*x509.Certificate, error)deprecated
- func Hash(hash hash.Hash, data []byte) (string, error)
- func IsLegacyHashAlgorithm(algo string) bool
- func LegacyHashAlgorithm(algo string) string
- func Normalize(n Normalization, v interface{}, ex ExcludeRules) ([]byte, error)
- func NormalizeHashAlgorithm(algo string) string
- func ParsePrivateKey(data []byte) (interface{}, error)deprecated
- func ParsePublicKey(data []byte) (interface{}, error)deprecated
- func ResolvePrivateKey(reg KeyRegistryFuncs, name string) (interface{}, error)
- func VerifyCert(intermediate signutils.GenericCertificateChain, ...) error
- func VerifyCertDN(intermediate signutils.GenericCertificateChain, ...) error
- type ArrayExcludes
- type ConditionalArrayExcludes
- type ConditionalExclude
- type ConditionalMapExcludes
- type DefaultSigningContext
- func (d *DefaultSigningContext) GetHash() crypto.Hash
- func (d *DefaultSigningContext) GetIssuer() *pkix.Name
- func (d *DefaultSigningContext) GetPrivateKey() signutils.GenericPrivateKey
- func (d *DefaultSigningContext) GetPublicKey() signutils.GenericPublicKey
- func (d *DefaultSigningContext) GetRootCerts() signutils.GenericCertificatePool
- type DefaultedListEntries
- type DefaultedMapFields
- func (r DefaultedMapFields) Element(value interface{}) (bool, interface{}, ExcludeRules)
- func (r DefaultedMapFields) EnforceEmptyList(fields ...string) DefaultedMapFields
- func (r DefaultedMapFields) EnforceEmptyMap(fields ...string) DefaultedMapFields
- func (r DefaultedMapFields) EnforceNull(fields ...string) DefaultedMapFields
- func (r DefaultedMapFields) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
- type DynamicArrayExcludes
- type DynamicExclude
- type DynamicInclude
- type DynamicMapExcludes
- type DynamicMapIncludes
- type ExcludeEmpty
- type ExcludeRules
- type HandlerRegistry
- type HandlerRegistryFuncs
- type HandlerRegistryProvider
- type Hasher
- type HasherProvider
- type HasherRegistry
- type HasherRegistryFuncs
- type HasherRegistryProvider
- type KeyRegistry
- type KeyRegistryFuncs
- type KeyRegistryProvider
- type MapExcludes
- type MapIncludes
- type MapValue
- type NoExcludes
- type Normalization
- type NormalizationFilter
- type Normalized
- type Registry
- type RegistryFuncs
- type Signature
- type SignatureHandler
- type Signer
- type SignerRegistry
- type SignerRegistryFuncs
- type SignerRegistryProvider
- type SigningContext
- type ValueChecker
- type ValueMapper
- type ValueMappingRule
- type Verifier
Constants ¶
View Source
const DECRYPTION_PREFIX = "decrypt:"
View Source
const DEFAULT_TSA_URL = "http://timestamp.digicert.com"
View Source
const KIND_DECRYPTION_KEY = "decryption key"
Variables ¶
This section is empty.
Functions ¶
func BaseRootPool
deprecated
func CreateAndVerifyX509Certificate ¶
func CreateAndVerifyX509Certificate(cert, intermediateCAsCerts, rootCACert []byte) (*x509.Certificate, error)
CreateAndVerifyX509Certificate creates and verifies a x509 certificate from in-memory raw certificates. The certificates must be in PEM format.
func CreateAndVerifyX509CertificateFromFiles ¶
func CreateAndVerifyX509CertificateFromFiles(certPath, intermediateCAsCertsPath, rootCACertPath string) (*x509.Certificate, error)
CreateAndVerifyX509CertificateFromFiles creates and verifies a x509 certificate from certificate files. The certificates must be in PEM format.
func DecryptionKeyName ¶ added in v0.4.1
func GetCertificate
deprecated
func GetCertificate(in interface{}) (*x509.Certificate, error)
Deprecated: use signutils.GetCertificate.
func IsLegacyHashAlgorithm ¶ added in v0.3.0
func LegacyHashAlgorithm ¶ added in v0.3.0
func Normalize ¶
func Normalize(n Normalization, v interface{}, ex ExcludeRules) ([]byte, error)
func NormalizeHashAlgorithm ¶
func ParsePrivateKey
deprecated
func ParsePublicKey
deprecated
func ResolvePrivateKey ¶ added in v0.4.1
func ResolvePrivateKey(reg KeyRegistryFuncs, name string) (interface{}, error)
func VerifyCert ¶
func VerifyCert(intermediate signutils.GenericCertificateChain, root signutils.GenericCertificatePool, name string, cert *x509.Certificate) error
func VerifyCertDN ¶ added in v0.6.0
func VerifyCertDN(intermediate signutils.GenericCertificateChain, root signutils.GenericCertificatePool, name *pkix.Name, cert *x509.Certificate) error
Types ¶
type ArrayExcludes ¶
type ArrayExcludes struct {
Continue ExcludeRules
}
func (ArrayExcludes) Element ¶
func (r ArrayExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ArrayExcludes) Field ¶
func (r ArrayExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type ConditionalArrayExcludes ¶ added in v0.3.0
type ConditionalArrayExcludes struct {
ValueChecker ValueChecker
ValueMapper ValueMapper
ContinueTrue ExcludeRules
ContinueFalse ExcludeRules
}
func (ConditionalArrayExcludes) Check ¶ added in v0.3.0
func (r ConditionalArrayExcludes) Check(value interface{}) ExcludeRules
func (ConditionalArrayExcludes) Element ¶ added in v0.3.0
func (r ConditionalArrayExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ConditionalArrayExcludes) Field ¶ added in v0.3.0
func (r ConditionalArrayExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type ConditionalExclude ¶ added in v0.3.0
type ConditionalExclude struct {
ValueChecker ValueChecker
ValueMapper ValueMapper
ContinueTrue ExcludeRules
ContinueFalse ExcludeRules
Name string
}
func (ConditionalExclude) Check ¶ added in v0.3.0
func (r ConditionalExclude) Check(value interface{}) ExcludeRules
type ConditionalMapExcludes ¶ added in v0.3.0
type ConditionalMapExcludes map[string]*ConditionalExclude
func (ConditionalMapExcludes) Element ¶ added in v0.3.0
func (r ConditionalMapExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ConditionalMapExcludes) Field ¶ added in v0.3.0
func (r ConditionalMapExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DefaultSigningContext ¶ added in v0.6.0
type DefaultSigningContext struct {
Hash crypto.Hash
PrivateKey signutils.GenericPrivateKey
PublicKey signutils.GenericPublicKey
RootCerts signutils.GenericCertificatePool
Issuer *pkix.Name
}
func (*DefaultSigningContext) GetHash ¶ added in v0.6.0
func (d *DefaultSigningContext) GetHash() crypto.Hash
func (*DefaultSigningContext) GetIssuer ¶ added in v0.6.0
func (d *DefaultSigningContext) GetIssuer() *pkix.Name
func (*DefaultSigningContext) GetPrivateKey ¶ added in v0.6.0
func (d *DefaultSigningContext) GetPrivateKey() signutils.GenericPrivateKey
func (*DefaultSigningContext) GetPublicKey ¶ added in v0.6.0
func (d *DefaultSigningContext) GetPublicKey() signutils.GenericPublicKey
func (*DefaultSigningContext) GetRootCerts ¶ added in v0.6.0
func (d *DefaultSigningContext) GetRootCerts() signutils.GenericCertificatePool
type DefaultedListEntries ¶ added in v0.3.0
type DefaultedListEntries struct {
Default interface{}
Continue ExcludeRules
Next ExcludeRules
}
func (DefaultedListEntries) Element ¶ added in v0.3.0
func (r DefaultedListEntries) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DefaultedListEntries) Field ¶ added in v0.3.0
func (r DefaultedListEntries) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DefaultedMapFields ¶ added in v0.3.0
type DefaultedMapFields struct {
// Name of the field for map entries, for lists this field must be left blank.
Name string
Fields map[string]interface{}
Continue ExcludeRules
Next ExcludeRules
}
DefaultedMapFields can be used to default map fields in maps or lists. For map entries the Name field must be set to the fieldname to default. For list entries the Name field is ignored.
func (DefaultedMapFields) Element ¶ added in v0.3.0
func (r DefaultedMapFields) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DefaultedMapFields) EnforceEmptyList ¶ added in v0.3.0
func (r DefaultedMapFields) EnforceEmptyList(fields ...string) DefaultedMapFields
func (DefaultedMapFields) EnforceEmptyMap ¶ added in v0.3.0
func (r DefaultedMapFields) EnforceEmptyMap(fields ...string) DefaultedMapFields
func (DefaultedMapFields) EnforceNull ¶ added in v0.3.0
func (r DefaultedMapFields) EnforceNull(fields ...string) DefaultedMapFields
func (DefaultedMapFields) Field ¶ added in v0.3.0
func (r DefaultedMapFields) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicArrayExcludes ¶
type DynamicArrayExcludes struct {
ValueChecker ValueChecker
ValueMapper ValueMapper
Continue ExcludeRules
}
func (DynamicArrayExcludes) Check ¶
func (r DynamicArrayExcludes) Check(value interface{}) bool
func (DynamicArrayExcludes) Element ¶
func (r DynamicArrayExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicArrayExcludes) Field ¶
func (r DynamicArrayExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicExclude ¶
type DynamicExclude struct {
ValueChecker ValueChecker
ValueMapper ValueMapper
Continue ExcludeRules
Name string
}
func (*DynamicExclude) Check ¶
func (r *DynamicExclude) Check(value interface{}) bool
type DynamicInclude ¶
type DynamicInclude struct {
ValueChecker ValueChecker
ValueMapper ValueMapper
Continue ExcludeRules
Name string
}
func (*DynamicInclude) Check ¶
func (r *DynamicInclude) Check(value interface{}) bool
type DynamicMapExcludes ¶
type DynamicMapExcludes map[string]*DynamicExclude
func (DynamicMapExcludes) Element ¶
func (r DynamicMapExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicMapExcludes) Field ¶
func (r DynamicMapExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type DynamicMapIncludes ¶
type DynamicMapIncludes map[string]*DynamicInclude
func (DynamicMapIncludes) Element ¶
func (r DynamicMapIncludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (DynamicMapIncludes) Field ¶
func (r DynamicMapIncludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type ExcludeEmpty ¶
type ExcludeEmpty struct {
ExcludeRules
}
func (ExcludeEmpty) Element ¶
func (e ExcludeEmpty) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (ExcludeEmpty) Field ¶
func (e ExcludeEmpty) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
func (ExcludeEmpty) Filter ¶
func (ExcludeEmpty) Filter(v Normalized) (Normalized, error)
type ExcludeRules ¶
type ExcludeRules interface {
Field(name string, value interface{}) (string, interface{}, ExcludeRules)
Element(v interface{}) (bool, interface{}, ExcludeRules)
}
ExcludeRules defines the rules for normalization excludes.
type HandlerRegistry ¶
type HandlerRegistry interface {
HandlerRegistryFuncs
Copy() HandlerRegistry
}
func DefaultHandlerRegistry ¶
func DefaultHandlerRegistry() HandlerRegistry
func NewHandlerRegistry ¶
func NewHandlerRegistry(parents ...HandlerRegistry) HandlerRegistry
type HandlerRegistryFuncs ¶ added in v0.4.1
type HandlerRegistryFuncs interface {
SignerRegistryFuncs
HasherRegistryFuncs
SignerRegistryProvider
HasherRegistryProvider
}
type HandlerRegistryProvider ¶ added in v0.4.1
type HandlerRegistryProvider interface {
HandlerRegistry() HandlerRegistry
}
type HasherProvider ¶ added in v0.4.1
type HasherRegistry ¶ added in v0.4.1
type HasherRegistry interface {
HasherRegistryFuncs
Copy() HasherRegistry
}
func NewHasherRegistry ¶ added in v0.4.1
func NewHasherRegistry(parents ...HasherRegistry) HasherRegistry
type HasherRegistryFuncs ¶ added in v0.4.1
type HasherRegistryFuncs interface {
HasherProvider
RegisterHasher(hasher Hasher)
HasherNames() []string
}
type HasherRegistryProvider ¶ added in v0.4.1
type HasherRegistryProvider interface {
HasherRegistry() HasherRegistry
}
type KeyRegistry ¶
type KeyRegistry interface {
KeyRegistryFuncs
Copy() KeyRegistry
}
func DefaultKeyRegistry ¶
func DefaultKeyRegistry() KeyRegistry
func NewKeyRegistry ¶
func NewKeyRegistry(parents ...KeyRegistry) KeyRegistry
type KeyRegistryFuncs ¶ added in v0.4.1
type KeyRegistryFuncs interface {
RegisterPublicKey(name string, key interface{})
RegisterPrivateKey(name string, key interface{})
GetPublicKey(name string) interface{}
GetPrivateKey(name string) interface{}
HasKeys() bool
RegisterIssuer(name string, is *pkix.Name)
GetIssuer(name string) *pkix.Name
HasIssuers() bool
}
type KeyRegistryProvider ¶ added in v0.4.1
type KeyRegistryProvider interface {
KeyRegistry() KeyRegistry
}
type MapExcludes ¶
type MapExcludes map[string]ExcludeRules
func (MapExcludes) Element ¶
func (r MapExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (MapExcludes) Field ¶
func (r MapExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type MapIncludes ¶
type MapIncludes map[string]ExcludeRules
func (MapIncludes) Element ¶
func (r MapIncludes) Element(v interface{}) (bool, interface{}, ExcludeRules)
func (MapIncludes) Field ¶
func (r MapIncludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type MapValue ¶ added in v0.4.0
type MapValue struct {
Mapping ValueMapper
Continue ExcludeRules
}
func (MapValue) Element ¶ added in v0.4.0
func (m MapValue) Element(value interface{}) (bool, interface{}, ExcludeRules)
type NoExcludes ¶
type NoExcludes struct{}
func (NoExcludes) Element ¶
func (r NoExcludes) Element(value interface{}) (bool, interface{}, ExcludeRules)
func (NoExcludes) Field ¶
func (r NoExcludes) Field(name string, value interface{}) (string, interface{}, ExcludeRules)
type Normalization ¶ added in v0.3.0
type Normalization interface {
NewArray() Normalized
NewMap() Normalized
NewValue(v interface{}) Normalized
String() string
}
type NormalizationFilter ¶
type NormalizationFilter interface {
Filter(Normalized) (Normalized, error)
}
type Normalized ¶
type Normalized interface {
Value() interface{}
IsEmpty() bool
Marshal(gap string) ([]byte, error)
ToString(gap string) string
String() string
Formatted() string
Append(Normalized)
SetField(name string, value Normalized)
}
var Null Normalized = (*null)(nil)
func Prepare ¶
func Prepare(n Normalization, v interface{}, ex ExcludeRules) (r Normalized, err error)
func PrepareNormalization ¶
func PrepareNormalization(n Normalization, v interface{}, excludes ExcludeRules) (Normalized, error)
type Registry ¶
type Registry interface {
RegistryFuncs
Copy() Registry
}
func DefaultRegistry ¶
func DefaultRegistry() Registry
func NewRegistry ¶
func NewRegistry(h HandlerRegistry, k KeyRegistry) Registry
func RegistryWithPreferredKeys ¶ added in v0.4.1
func RegistryWithPreferredKeys(reg Registry, keys KeyRegistry) Registry
type RegistryFuncs ¶ added in v0.6.0
type RegistryFuncs interface {
HandlerRegistryFuncs
KeyRegistryFuncs
HandlerRegistryProvider
KeyRegistryProvider
TSAUrl() string
SetTSAUrl(url string)
}
type SignatureHandler ¶
SignatureHandler can create and verify signature of a dedicated type.
type Signer ¶
type Signer interface {
// Sign returns the signature for the given digest.
// If known a given public key can be passed. The signer may
// decide to put a trusted public key into the signature,
// for example for public keys provided by organization validated
// certificates.
// If used the key and/or certificate must be validated, for certificates
// the distinguished name must match the issuer.
Sign(cctx credentials.Context, digest string, sctx SigningContext) (*Signature, error)
// Algorithm is the name of the finally used signature algorithm.
// A signer might be registered using a logical name, so there might
// be multiple signer registration providing the same signature algorithm
Algorithm() string
}
Signer interface is used to implement different signing algorithms. Each Signer should have a matching Verifier.
type SignerRegistry ¶ added in v0.4.1
type SignerRegistry interface {
SignerRegistryFuncs
Copy() SignerRegistry
}
func NewSignerRegistry ¶ added in v0.4.1
func NewSignerRegistry(parents ...SignerRegistry) SignerRegistry
type SignerRegistryFuncs ¶ added in v0.4.1
type SignerRegistryProvider ¶ added in v0.4.1
type SignerRegistryProvider interface {
SignerRegistry() SignerRegistry
}
type SigningContext ¶ added in v0.6.0
type SigningContext interface {
GetHash() crypto.Hash
GetPrivateKey() signutils.GenericPrivateKey
GetPublicKey() signutils.GenericPublicKey
GetRootCerts() signutils.GenericCertificatePool
GetIssuer() *pkix.Name
}
type ValueChecker ¶
type ValueChecker func(value interface{}) bool
type ValueMapper ¶
type ValueMapper func(v interface{}) interface{}
type ValueMappingRule ¶ added in v0.4.0
type ValueMappingRule interface {
MapValue(v interface{}) interface{}
}
ValueMappingRule is an optional interface to implement to map a value before it is applied to the actual rule.
type Verifier ¶
type Verifier interface {
// Verify checks the signature, returns an error on verification failure
Verify(digest string, sig *Signature, sctx SigningContext) error
Algorithm() string
}
Verifier interface is used to implement different verification algorithms. Each Verifier should have a matching Signer.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.