tsaservice

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 30, 2025 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package tsaservice provides a client for Time Stamping Authority (TSA) services.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func VerifyCertificate 

func VerifyCertificate(data []byte) ([]byte, error)

VerifyCertificate verifies a certificate using the EUDSS service.

Types

type Accuracy 

type Accuracy struct {
	Seconds int `asn1:"optional"`
	Millis  int `asn1:"optional,tag:0"`
	Micros  int `asn1:"optional,tag:1"`
}

type Attribute 

type Attribute struct {
	Type   asn1.ObjectIdentifier
	Values []asn1.RawValue `asn1:"set"`
}

Attribute

type ContentInfo 

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"explicit,optional,tag:0"`
}

ContentInfo (PKCS#7)

type EUDSSVerifyCertificateRequest 

type EUDSSVerifyCertificateRequest struct {
	Certificate struct {
		EncodedCertificate string `json:"encodedCertificate"`
	} `json:"certificate"`
	TokenExtractionStrategy string `json:"tokenExtractionStrategy"`
}

type EncapsulatedContentInfo 

type EncapsulatedContentInfo struct {
	EContentType asn1.ObjectIdentifier
	EContent     asn1.RawValue `asn1:"explicit,optional,tag:0"` // This contains the OCTET STRING which is the TSTInfo (DER encapsulated)
}

type IssuerAndSerial 

type IssuerAndSerial struct {
	IssuerName   asn1.RawValue
	SerialNumber *big.Int
}

IssuerAndSerial

type MessageImprint 

type MessageImprint struct {
	HashAlgorithm pkix.AlgorithmIdentifier
	HashedMessage []byte
}

MessageImprint structure

type PKIStatusInfo 

type PKIStatusInfo struct {
	Status       int
	StatusString []string       `asn1:"optional,utf8"`
	FailInfo     asn1.BitString `asn1:"optional"`
}

type SignedData 

type SignedData struct {
	Version          int
	DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"`
	EncapContentInfo EncapsulatedContentInfo
	Certificates     asn1.RawValue   `asn1:"optional,tag:0"` // IMPLICIT SET OF Certificate
	CRLs             []asn1.RawValue `asn1:"optional,tag:1"`
	SignerInfos      []SignerInfo    `asn1:"set"`
}

SignedData

type SignerInfo 

type SignerInfo struct {
	Version                   int
	IssuerAndSerial           IssuerAndSerial
	DigestAlgorithm           pkix.AlgorithmIdentifier
	AuthenticatedAttrs        []Attribute `asn1:"optional,tag:0"` // IMPLICIT SET OF Attribute
	DigestEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedDigest           []byte
	UnauthenticatedAttrs      []Attribute `asn1:"optional,tag:1"`
}

SignerInfo

type TSAConfig 

type TSAConfig struct {
	TSAURL      string
	TSAUser     string
	TSAPassword string
	CACertURL   string
	EUDSSURL    string
}

type TSAService 

type TSAService struct {
	CACert []byte
	// contains filtered or unexported fields
}

func NewTSAService 

func NewTSAService(cfg *TSAConfig) (*TSAService, error)

func (*TSAService) Timestamp 

func (s *TSAService) Timestamp(data []byte) ([]byte, error)

func (*TSAService) Verify 

func (s *TSAService) Verify(tsrBytes []byte, originalData []byte) (*time.Time, error)

Verify verifies the timestamp response using the service's CA certificate. It performs standard chain verification: 1. Checks if the response is signed by a cert that chains up to s.caCert. 2. Verifies the signature using that signing cert.

type TSTInfo 

type TSTInfo struct {
	Version        int
	Policy         asn1.ObjectIdentifier
	MessageImprint MessageImprint
	SerialNumber   *big.Int
	GenTime        time.Time
	Accuracy       Accuracy         `asn1:"optional"`
	Ordering       bool             `asn1:"optional,default:false"`
	Nonce          *big.Int         `asn1:"optional"`
	Tsa            asn1.RawValue    `asn1:"optional,tag:0"` // GeneralName
	Extensions     []pkix.Extension `asn1:"optional,tag:1"`
}

TSTInfo as per RFC 3161

type TimeStampReq 

type TimeStampReq struct {
	Version        int
	MessageImprint MessageImprint
	ReqPolicy      asn1.ObjectIdentifier `asn1:"optional"`
	Nonce          *big.Int              `asn1:"optional"`
	CertReq        bool                  `asn1:"optional,default:false"`
	Extensions     []pkix.Extension      `asn1:"optional,tag:0"`
}

TimestampReq structure as per RFC 3161

type TimeStampResp 

type TimeStampResp struct {
	Status         PKIStatusInfo
	TimeStampToken asn1.RawValue `asn1:"optional"` // This is a ContentInfo
}

TimeStampResp

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.