xmlsec

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 18, 2025 License: MIT Imports: 10 Imported by: 0

Documentation

Overview

Package xmlsec is a wrapper around the xmlsec1 command https://www.aleksey.com/xmlsec/index.html

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Decrypt 

func Decrypt(in []byte, privateKeyPath string) ([]byte, error)

Decrypt takes an encrypted XML document and decrypts it using the given private key.

func Encrypt 

func Encrypt(template *EncryptedData, in []byte, publicCertPath string, method string) ([]byte, error)

Encrypt encrypts a byte sequence into an EncryptedData template using the given certificate and encryption method.

func Sign 

func Sign(in []byte, privateKeyPath string, opts *ValidationOptions) (out []byte, err error)

Sign takes a XML document and produces a signature.

func Verify 

func Verify(in []byte, publicCertPath string, opts *ValidationOptions) error

Verify takes a signed XML document and validates its signature.

Types

type CipherData 

type CipherData struct {
	CipherValue string `xml:"CipherValue"`
}

CipherData represents the <CipherData> tag.

type EncryptedData 

type EncryptedData struct {
	XMLName          string     `xml:"http://www.w3.org/2001/04/xmlenc# EncryptedData"`
	Type             string     `xml:",attr"`
	EncryptionMethod Method     `xml:"EncryptionMethod"`
	KeyInfo          KeyInfo    `xml:"http://www.w3.org/2000/09/xmldsig# KeyInfo"`
	CipherData       CipherData `xml:"http://www.w3.org/2001/04/xmlenc# CipherData"`
}

EncryptedData represents the <EncryptedData> XML tag. See https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Usage

func NewEncryptedDataTemplate 

func NewEncryptedDataTemplate(dataEncryptionMethodAlgorithm string, keyEncryptionMethodAlgorithm string) *EncryptedData

NewEncryptedDataTemplate returns an EncryptedData object that uses the given data and key encryption algorithms.

type EncryptedKey 

type EncryptedKey struct {
	EncryptionMethod Method `xml:"EncryptionMethod"`
	KeyInfo          struct {
		X509Data string
	} `xml:"http://www.w3.org/2000/09/xmldsig# KeyInfo"`
	CipherData CipherData `xml:"http://www.w3.org/2001/04/xmlenc# CipherData"`
}

EncryptedKey represents the <EncryptedKey> XML element. See https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-EncryptedKey

type ErrSelfSignedCertificate 

type ErrSelfSignedCertificate struct {
	// contains filtered or unexported fields
}

ErrSelfSignedCertificate is a typed error returned when xmlsec1 detects a self-signed certificate.

func (ErrSelfSignedCertificate) Error 

func (e ErrSelfSignedCertificate) Error() string

Error returns the underlying error reported by xmlsec1.

type ErrUnknownIssuer 

type ErrUnknownIssuer struct {
	// contains filtered or unexported fields
}

ErrUnknownIssuer is a typed error returned when xmlsec1 detects a "unknown issuer" error.

func (ErrUnknownIssuer) Error 

func (e ErrUnknownIssuer) Error() string

Error returns the underlying error reported by xmlsec1.

type ErrValidityError 

type ErrValidityError struct {
	// contains filtered or unexported fields
}

ErrValidityError is a typed error returned when xmlsec1 detects a "unknown issuer" error.

func (ErrValidityError) Error 

func (e ErrValidityError) Error() string

Error returns the underlying error reported by xmlsec1.

type KeyInfo 

type KeyInfo struct {
	EncryptedKey EncryptedKey `xml:"http://www.w3.org/2001/04/xmlenc# EncryptedKey"`
}

KeyInfo represents the <KeyInfo> tag.

type Method 

type Method struct {
	Algorithm string `xml:",attr"`
}

Method is part of Signature.

type Reference 

type Reference struct {
	URI          string   `xml:"URI,attr,omitempty"`
	Transforms   []Method `xml:"Transforms>Transform"`
	DigestMethod Method   `xml:"DigestMethod"`
	DigestValue  string   `xml:"DigestValue"`
}

type Signature 

type Signature struct {
	XMLName xml.Name `xml:"http://www.w3.org/2000/09/xmldsig# Signature"`

	CanonicalizationMethod Method             `xml:"SignedInfo>CanonicalizationMethod"`
	SignatureMethod        Method             `xml:"SignedInfo>SignatureMethod"`
	Reference              Reference          `xml:"SignedInfo>Reference"`
	SignatureValue         string             `xml:"SignatureValue"`
	KeyName                string             `xml:"KeyInfo>KeyName,omitempty"`
	X509Certificate        *SignatureX509Data `xml:"KeyInfo>X509Data,omitempty"`
}

Signature is a model for the Signature object specified by XMLDSIG. This is convenience object when constructing XML that you'd like to sign. For example: 

type Foo struct {
   Stuff string
   Signature Signature
}

f := Foo{Suff: "hello"}
f.Signature = DefaultSignature()
buf, _ := xml.Marshal(f)
buf, _ = Sign(key, buf)

func DefaultSignature 

func DefaultSignature(pemEncodedPublicKey []byte) Signature

DefaultSignature returns a Signature struct that uses the default c14n and SHA1 settings.

type SignatureX509Data 

type SignatureX509Data struct {
	X509Certificate string `xml:"X509Certificate,omitempty"`
}

SignatureX509Data represents the <X509Data> element of <Signature>

type ValidationOptions 

type ValidationOptions struct {
	DTDFile          string
	EnableIDAttrHack bool
	IDAttrs          []string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.