revocation

package
v1.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2025 License: Apache-2.0 Imports: 13 Imported by: 3

Documentation

Overview

Package Revocation provides methods for checking the revocation status of a certificate chain

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Options added in v1.1.0 

type Options struct {
	// OCSPHTTPClient is the HTTP client for OCSP request. If not provided,
	// a default *http.Client with timeout of 2 seconds will be used.
	// OPTIONAL.
	OCSPHTTPClient *http.Client

	// CRLFetcher is a fetcher for CRL with cache. If not provided, a default
	// fetcher with an HTTP client and a timeout of 5 seconds will be used
	// without cache.
	CRLFetcher crlutil.Fetcher

	// CertChainPurpose is the purpose of the certificate chain. Supported
	// values are CodeSigning and Timestamping. Default value is CodeSigning.
	// OPTIONAL.
	CertChainPurpose purpose.Purpose
}

Options specifies values that are needed to check revocation

type Revocation deprecated 

type Revocation interface {
	// Validate checks the revocation status for a certificate chain using OCSP
	// and CRL if OCSP is not available. It returns an array of
	// CertRevocationResults that contain the results and any errors that are
	// encountered during the process
	Validate(certChain []*x509.Certificate, signingTime time.Time) ([]*result.CertRevocationResult, error)
}

Revocation is an interface that specifies methods used for revocation checking.

Deprecated: Revocation exists for backwards compatibility and should not be used. To perform revocation check, use Validator.

func New deprecated 

func New(httpClient *http.Client) (Revocation, error)

New constructs a revocation object for code signing certificate chain.

Deprecated: New exists for backwards compatibility and should not be used. To create a revocation object, use NewWithOptions.

type ValidateContextOptions added in v1.1.0 

type ValidateContextOptions struct {
	// CertChain denotes the certificate chain whose revocation status is
	// been validated. REQUIRED.
	CertChain []*x509.Certificate

	// AuthenticSigningTime denotes the authentic signing time of the signature.
	// It is used to compare with the InvalidityDate during revocation check.
	// OPTIONAL.
	//
	// Reference: https://github.com/notaryproject/specifications/blob/v1.0.0/specs/trust-store-trust-policy.md#revocation-checking-with-ocsp
	AuthenticSigningTime time.Time
}

ValidateContextOptions provides configuration options for revocation checks

type Validator added in v1.1.0 

type Validator interface {
	// ValidateContext checks the revocation status given caller provided options
	// and returns an array of CertRevocationResults that contain the results
	// and any errors that are encountered during the process
	ValidateContext(ctx context.Context, validateContextOpts ValidateContextOptions) ([]*result.CertRevocationResult, error)
}

Validator is an interface that provides revocation checking with context

func NewWithOptions added in v1.1.0 

func NewWithOptions(opts Options) (Validator, error)

NewWithOptions constructs a Validator with the specified options

Source Files

View all Source files

Directories

Path Synopsis
Package crl provides Fetcher interface with its implementation, and the Cache interface.
 Package crl provides Fetcher interface with its implementation, and the Cache interface.
internal
crl
Package crl provides methods for checking the revocation status of a certificate using CRL
 Package crl provides methods for checking the revocation status of a certificate using CRL
ocsp
Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
 Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
x509util
Package x509util provides the method to validate the certificate chain for a specific purpose, including code signing and timestamping.
 Package x509util provides the method to validate the certificate chain for a specific purpose, including code signing and timestamping.
Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
 Package ocsp provides methods for checking the OCSP revocation status of a certificate chain, as well as errors related to these checks
Package purpose provides purposes of the certificate chain whose revocation status is checked
 Package purpose provides purposes of the certificate chain whose revocation status is checked
Package result provides general objects that are used across revocation
 Package result provides general objects that are used across revocation

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.