...

Package xmldsig

import "github.com/sassoftware/relic/lib/xmldsig"
Overview
Index

Overview ▾

Implements a useful subset of the xmldsig specification for creating signatures over XML documents.

Constants

const (
    NsXMLDsig        = "http://www.w3.org/2000/09/xmldsig#"
    NsXMLDsigMore    = "http://www.w3.org/2001/04/xmldsig-more#"
    NsXMLEnc         = "http://www.w3.org/2001/04/xmlenc#"
    NsXsi            = "http://www.w3.org/2001/XMLSchema-instance"
    AlgXMLExcC14n    = "http://www.w3.org/2001/10/xml-exc-c14n#"
    AlgXMLExcC14nRec = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" // draft version

    AlgDsigEnvelopedSignature = "http://www.w3.org/2000/09/xmldsig#enveloped-signature"
)

Variables

var HashUris = map[crypto.Hash]string{
    crypto.SHA1:   NsXMLDsig + "sha1",
    crypto.SHA224: NsXMLDsigMore + "sha224",
    crypto.SHA256: NsXMLEnc + "sha256",
    crypto.SHA384: NsXMLDsigMore + "sha384",
    crypto.SHA512: NsXMLEnc + "sha512",
}

func HashAlgorithm 

func HashAlgorithm(hashAlg string) (string, crypto.Hash)

func RemoveElements 

func RemoveElements(root *etree.Element, tag string)

Remove all child elements with this tag from the element

func SerializeCanonical 

func SerializeCanonical(oldroot *etree.Element) ([]byte, error)

Canonicalize a document starting from the given element and return the serialized bytes. Implements something vaguely like xml-exc-c14n. Namespaces declared in parent nodes are pulled in, and namespaces not used in the element where they are declared are pushed further down to the elements that use them.

This is not a standards-conforming implementation. Use at your own peril.

func Sign 

func Sign(root, parent *etree.Element, hash crypto.Hash, privKey crypto.Signer, certs []*x509.Certificate, opts SignOptions) error

Create an enveloped signature from the document rooted at "root", replacing any existing signature and adding it as a last child of "parent".

func SignEnveloping 

func SignEnveloping(object *etree.Element, hash crypto.Hash, privKey crypto.Signer, certs []*x509.Certificate, opts SignOptions) (*etree.Element, error)

Build an enveloping Signature document around the given Object element

type SignOptions 

type SignOptions struct {
    // Use non-standard namespace for SHA-256 found in Microsoft ClickOnce manifests
    MsCompatHashNames bool
    // Use REC namespace for c14n method instead of the finalized one
    UseRecC14n bool
    // Add the X509 certificate chain to the KeyInfo
    IncludeX509 bool
    // Add a KeyValue element with the public key
    IncludeKeyValue bool
}

type Signature 

type Signature struct {
    PublicKey       crypto.PublicKey
    Certificates    []*x509.Certificate
    Hash            crypto.Hash
    EncryptedDigest []byte
    Reference       *etree.Element
}

func Verify 

func Verify(root *etree.Element, sigpath string, extraCerts []*x509.Certificate) (*Signature, error)

Extract and verify an enveloped signature at the given root

func (Signature) Leaf 

func (s Signature) Leaf() *x509.Certificate