find

package
v0.29.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 19, 2025 License: Unlicense Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KindRegistrationProposal = 30100 // Parameterized replaceable
	KindAttestation          = 20100 // Ephemeral
	KindTrustGraph           = 30101 // Parameterized replaceable
	KindNameState            = 30102 // Parameterized replaceable
	KindNameRecords          = 30103 // Parameterized replaceable
	KindCertificate          = 30104 // Parameterized replaceable
	KindWitnessService       = 30105 // Parameterized replaceable
)

Event kind constants as defined in the NIP

View Source 
const (
	ActionRegister = "register"
	ActionTransfer = "transfer"
)

Action types for registration proposals

View Source 
const (
	DecisionApprove = "approve"
	DecisionReject  = "reject"
	DecisionAbstain = "abstain"
)

Decision types for attestations

View Source 
const (
	RecordTypeA     = "A"
	RecordTypeAAAA  = "AAAA"
	RecordTypeCNAME = "CNAME"
	RecordTypeMX    = "MX"
	RecordTypeTXT   = "TXT"
	RecordTypeNS    = "NS"
	RecordTypeSRV   = "SRV"
)

DNS record types

View Source 
const (
	ProposalExpiry          = 5 * time.Minute      // Proposals expire after 5 minutes
	AttestationExpiry       = 3 * time.Minute      // Attestations expire after 3 minutes
	TrustGraphExpiry        = 30 * 24 * time.Hour  // Trust graphs expire after 30 days
	NameRegistrationPeriod  = 365 * 24 * time.Hour // Names expire after 1 year
	PreferentialRenewalDays = 30                   // Final 30 days before expiration
	CertificateValidity     = 90 * 24 * time.Hour  // Recommended certificate validity
	WitnessServiceExpiry    = 180 * 24 * time.Hour // Witness service info expires after 180 days
)

Time constants

Variables

View Source 
var (
	ErrInvalidName         = errors.New("invalid name format")
	ErrNameTooLong         = errors.New("name exceeds 253 characters")
	ErrLabelTooLong        = errors.New("label exceeds 63 characters")
	ErrLabelEmpty          = errors.New("label is empty")
	ErrInvalidCharacter    = errors.New("invalid character in name")
	ErrInvalidHyphen       = errors.New("label cannot start or end with hyphen")
	ErrAllNumericLabel     = errors.New("label cannot be all numeric")
	ErrInvalidRecordValue  = errors.New("invalid record value")
	ErrRecordLimitExceeded = errors.New("record limit exceeded")
	ErrNotOwner            = errors.New("not the name owner")
	ErrNameExpired         = errors.New("name registration expired")
	ErrInRenewalWindow     = errors.New("name is in renewal window")
	ErrNotRenewalWindow    = errors.New("not in renewal window")
)
View Source 
var RecordLimits = map[string]int{
	RecordTypeA:     5,
	RecordTypeAAAA:  5,
	RecordTypeCNAME: 1,
	RecordTypeMX:    5,
	RecordTypeTXT:   10,
	RecordTypeNS:    5,
	RecordTypeSRV:   10,
}

RecordLimits defines per-type record limits

Functions

func AuthorizeTransfer 

func AuthorizeTransfer(name, newOwnerPubkey string, ownerSigner signer.I) (prevSig string, timestamp time.Time, err error)

AuthorizeTransfer creates a transfer authorization signature This is meant to be used by the current owner to authorize a transfer to a new owner

func CanRegister 

func CanRegister(nameState *NameState, proposerPubkey string) error

CanRegister checks if a name can be registered based on its state and expiration

func CheckCertificateExpiry 

func CheckCertificateExpiry(cert *Certificate) (time.Duration, error)

CheckCertificateExpiry returns the time until expiration, or error if expired

func CreateCertificateWithWitnesses 

func CreateCertificateWithWitnesses(req *CertificateRequest, witnesses []WitnessSignature,
	algorithm, usage string, ownerSigner signer.I) (*event.E, error)

CreateCertificateWithWitnesses creates a complete certificate event with witness signatures

func CreateChallengeProof 

func CreateChallengeProof(challenge, name, certPubkey string, validUntil time.Time, signer signer.I) (string, error)

CreateChallengeProof creates a challenge proof signature

func CreateChallengeProofMessage 

func CreateChallengeProofMessage(challenge, name, certPubkey string, validUntil time.Time) []byte

CreateChallengeProofMessage constructs the challenge proof message This is used for verification

func CreateChallengeTXTRecord 

func CreateChallengeTXTRecord(name, challenge string, ttl int, signer signer.I) (*event.E, error)

CreateChallengeTXTRecord creates a TXT record event for challenge-response verification

func CreateTransferAuthMessage 

func CreateTransferAuthMessage(name, newOwner string, timestamp time.Time) []byte

CreateTransferAuthMessage constructs the transfer authorization message This is used for verification

func CreateTransferProposal 

func CreateTransferProposal(name string, prevOwnerSigner, newOwnerSigner signer.I) (*event.E, error)

CreateTransferProposal creates a complete transfer proposal with authorization from previous owner

func CreateTransferProposalWithAuth 

func CreateTransferProposalWithAuth(name, prevOwnerPubkey, prevSig string, newOwnerSigner signer.I) (*event.E, error)

CreateTransferProposalWithAuth creates a transfer proposal using a pre-existing authorization This is useful when the previous owner has already provided their signature

func CreateWitnessMessage 

func CreateWitnessMessage(certPubkey, name string, validFrom, validUntil time.Time, challenge string) []byte

CreateWitnessMessage constructs the witness message This is used for verification

func ExtractChallengeFromTXTRecord 

func ExtractChallengeFromTXTRecord(txtValue string) (string, error)

ExtractChallengeFromTXTRecord extracts the challenge token from a TXT record value

func FormatChallengeProofString 

func FormatChallengeProofString(challenge, name, certPubkey string, validUntil time.Time) string

FormatChallengeProofString formats the challenge proof message for display/debugging

func FormatTransferAuthString 

func FormatTransferAuthString(name, newOwner string, timestamp time.Time) string

FormatTransferAuthString formats the transfer auth message for display/debugging

func FormatWitnessString 

func FormatWitnessString(certPubkey, name string, validFrom, validUntil time.Time, challenge string) string

FormatWitnessString formats the witness message for display/debugging

func GenerateChallenge 

func GenerateChallenge() (string, error)

GenerateChallenge generates a random 32-byte challenge token

func GetParentDomain 

func GetParentDomain(name string) string

GetParentDomain returns the parent domain of a name e.g., "www.example.com" -> "example.com", "example.com" -> "com", "com" -> ""

func IsExpired 

func IsExpired(expiration time.Time) bool

IsExpired checks if a time-based expiration has passed

func IsInRenewalWindow 

func IsInRenewalWindow(expiration time.Time) bool

IsInRenewalWindow checks if the current time is within the preferential renewal window (final 30 days before expiration)

func IsTLD 

func IsTLD(name string) bool

IsTLD returns true if the name is a top-level domain (single label)

func NewAttestation 

func NewAttestation(proposalID, decision string, weight int, reason, serviceURL string, signer signer.I) (*event.E, error)

NewAttestation creates a new attestation event (kind 20100)

func NewCertificate 

func NewCertificate(name, certPubkey string, validFrom, validUntil time.Time,
	challenge, challengeProof string, witnesses []WitnessSignature,
	algorithm, usage string, signer signer.I) (*event.E, error)

NewCertificate creates a new certificate event (kind 30104)

func NewNameRecord 

func NewNameRecord(name, recordType, value string, ttl int, signer signer.I) (*event.E, error)

NewNameRecord creates a new name record event (kind 30103)

func NewNameRecordWithPriority 

func NewNameRecordWithPriority(name, recordType, value string, ttl, priority int, signer signer.I) (*event.E, error)

NewNameRecordWithPriority creates a name record with priority (for MX, SRV)

func NewNameState 

func NewNameState(name, owner string, registeredAt time.Time, proposalID string,
	attestations int, confidence float64, signer signer.I) (*event.E, error)

NewNameState creates a new name state event (kind 30102)

func NewRegistrationProposal 

func NewRegistrationProposal(name, action string, signer signer.I) (*event.E, error)

NewRegistrationProposal creates a new registration proposal event (kind 30100)

func NewRegistrationProposalWithTransfer 

func NewRegistrationProposalWithTransfer(name, prevOwner, prevSig string, signer signer.I) (*event.E, error)

NewRegistrationProposalWithTransfer creates a transfer proposal with previous owner signature

func NewSRVRecord 

func NewSRVRecord(name, value string, ttl, priority, weight, port int, signer signer.I) (*event.E, error)

NewSRVRecord creates an SRV record with all required fields

func NewTrustGraph 

func NewTrustGraph(entries []TrustEntry, signer signer.I) (*event.E, error)

NewTrustGraph creates a new trust graph event (kind 30101)

func NewWitnessService 

func NewWitnessService(endpoint string, challenges []string, maxValidity, fee int,
	reputationID, description, contact string, signer signer.I) (*event.E, error)

NewWitnessService creates a new witness service info event (kind 30105)

func NormalizeName 

func NormalizeName(name string) string

NormalizeName converts a name to lowercase

func ParseTimestampFromProposal 

func ParseTimestampFromProposal(proposalTime time.Time) time.Time

ParseTimestampFromProposal extracts the timestamp from a transfer authorization message Used for verification when the timestamp is embedded in the signature

func ShouldRenewCertificate 

func ShouldRenewCertificate(cert *Certificate) bool

ShouldRenewCertificate checks if a certificate should be renewed (< 30 days until expiry)

func SignAttestation 

func SignAttestation(ev *event.E, s signer.I) error

SignAttestation signs an attestation event

func SignCertificate 

func SignCertificate(ev *event.E, s signer.I) error

SignCertificate signs a certificate event

func SignChallengeProof 

func SignChallengeProof(challenge, name, certPubkey string, validUntil time.Time, s signer.I) (string, error)

SignChallengeProof creates a signature for certificate challenge proof Message format: challenge||name||cert_pubkey||valid_until

func SignNameRecord 

func SignNameRecord(ev *event.E, s signer.I) error

SignNameRecord signs a name record event

func SignNameState 

func SignNameState(ev *event.E, s signer.I) error

SignNameState signs a name state event

func SignProposal 

func SignProposal(ev *event.E, s signer.I) error

SignProposal signs a registration proposal event

func SignTransferAuth 

func SignTransferAuth(name, newOwner string, timestamp time.Time, s signer.I) (string, error)

SignTransferAuth creates a signature for transfer authorization Message format: transfer:<name>:<new_owner_pubkey>:<timestamp>

func SignTrustGraph 

func SignTrustGraph(ev *event.E, s signer.I) error

SignTrustGraph signs a trust graph event

func SignWitnessMessage 

func SignWitnessMessage(certPubkey, name string, validFrom, validUntil time.Time, challenge string, s signer.I) (string, error)

SignWitnessMessage creates a witness signature for a certificate Message format: cert_pubkey||name||valid_from||valid_until||challenge

func SignWitnessService 

func SignWitnessService(ev *event.E, s signer.I) error

SignWitnessService signs a witness service event

func ValidateIPv4 

func ValidateIPv4(ip string) error

ValidateIPv4 validates an IPv4 address format

func ValidateIPv6 

func ValidateIPv6(ip string) error

ValidateIPv6 validates an IPv6 address format (simplified check)

func ValidateName 

func ValidateName(name string) error

ValidateName validates a name according to DNS naming rules

func ValidatePort 

func ValidatePort(port int) error

ValidatePort validates port value (0-65535)

func ValidatePriority 

func ValidatePriority(priority int) error

ValidatePriority validates priority value (0-65535)

func ValidateRecordLimit 

func ValidateRecordLimit(recordType string, currentCount int) error

ValidateRecordLimit checks if adding a record would exceed type limits

func ValidateRecordValue 

func ValidateRecordValue(recordType, value string) error

ValidateRecordValue validates a record value based on its type

func ValidateTransferProposal 

func ValidateTransferProposal(proposal *RegistrationProposal, currentOwner string) error

ValidateTransferProposal validates a transfer proposal against the current owner

func ValidateTrustScore 

func ValidateTrustScore(score float64) error

ValidateTrustScore validates trust score (0.0-1.0)

func ValidateWeight 

func ValidateWeight(weight int) error

ValidateWeight validates weight value (0-65535)

func VerifyAttestationExpiration 

func VerifyAttestationExpiration(attestation *Attestation) error

VerifyAttestationExpiration checks if an attestation has expired

func VerifyCertificate 

func VerifyCertificate(cert *Certificate, nameState *NameState, trustedWitnesses []string) error

VerifyCertificate performs complete certificate verification

func VerifyCertificateValidity 

func VerifyCertificateValidity(cert *Certificate) error

VerifyCertificateValidity checks if a certificate is currently valid

func VerifyChallengeProof 

func VerifyChallengeProof(challenge, name, certPubkey, owner string, validUntil time.Time, sigHex string) (bool, error)

VerifyChallengeProof verifies a certificate challenge proof signature

func VerifyChallengeTXTRecord 

func VerifyChallengeTXTRecord(record *NameRecord, expectedChallenge string, nameOwner string) error

VerifyChallengeTXTRecord verifies that a TXT record contains the expected challenge

func VerifyEvent 

func VerifyEvent(ev *event.E) error

VerifyEvent verifies the signature of a Nostr event

func VerifyNameOwnership 

func VerifyNameOwnership(nameState *NameState, record *NameRecord) error

VerifyNameOwnership checks if a record's owner matches the name state owner

func VerifyNameStateExpiration 

func VerifyNameStateExpiration(nameState *NameState) error

VerifyNameStateExpiration checks if a name state has expired

func VerifyProposalExpiration 

func VerifyProposalExpiration(proposal *RegistrationProposal) error

VerifyProposalExpiration checks if a proposal has expired

func VerifySubdomainAuthority 

func VerifySubdomainAuthority(name string, proposerPubkey string, parentNameState *NameState) error

VerifySubdomainAuthority checks if the proposer owns the parent domain

func VerifyTransferAuth 

func VerifyTransferAuth(name, newOwner, prevOwner string, timestamp time.Time, sigHex string) (bool, error)

VerifyTransferAuth verifies a transfer authorization signature

func VerifyTransferProposalSignature 

func VerifyTransferProposalSignature(proposal *RegistrationProposal) error

VerifyTransferProposalSignature verifies both the event signature and transfer authorization

func VerifyTrustGraphExpiration 

func VerifyTrustGraphExpiration(trustGraph *TrustGraph) error

VerifyTrustGraphExpiration checks if a trust graph has expired

func VerifyWitnessSignature 

func VerifyWitnessSignature(certPubkey, name string, validFrom, validUntil time.Time,
	challenge, witnessPubkey, sigHex string) (bool, error)

VerifyWitnessSignature verifies a witness signature on a certificate

Types

type Attestation 

type Attestation struct {
	Event      *event.E
	ProposalID string // Event ID of the proposal being attested
	Decision   string // "approve", "reject", or "abstain"
	Weight     int    // Stake/confidence weight (default 100)
	Reason     string // Human-readable justification
	ServiceURL string // Registry service endpoint
	Expiration time.Time
}

Attestation represents a kind 20100 event

func ParseAttestation 

func ParseAttestation(ev *event.E) (*Attestation, error)

ParseAttestation parses a kind 20100 event into an Attestation

type Certificate 

type Certificate struct {
	Event          *event.E
	Name           string
	CertPubkey     string // Public key for the service
	ValidFrom      time.Time
	ValidUntil     time.Time
	Challenge      string // Challenge token for ownership proof
	ChallengeProof string // Signature over challenge
	Witnesses      []WitnessSignature
	Algorithm      string // e.g., "secp256k1-schnorr"
	Usage          string // e.g., "tls-replacement"
}

Certificate represents a kind 30104 event

func IssueCertificate 

func IssueCertificate(name, certPubkey string, validityDuration time.Duration,
	ownerSigner signer.I, witnessSigners []signer.I) (*Certificate, error)

IssueCertificate is a helper that goes through the full certificate issuance process This would typically be used by a name owner to request a certificate

func ParseCertificate 

func ParseCertificate(ev *event.E) (*Certificate, error)

ParseCertificate parses a kind 30104 event into a Certificate

func RenewCertificate 

func RenewCertificate(oldCert *Certificate, newValidityDuration time.Duration,
	ownerSigner signer.I, witnessSigners []signer.I) (*Certificate, error)

RenewCertificate creates a renewed certificate with a new validity period

type CertificateRequest 

type CertificateRequest struct {
	Name           string
	CertPubkey     string
	ValidFrom      time.Time
	ValidUntil     time.Time
	Challenge      string
	ChallengeProof string
}

PrepareCertificateRequest prepares all the data needed for a certificate request

func CreateCertificateRequest 

func CreateCertificateRequest(name, certPubkey string, validityDuration time.Duration,
	challenge string, ownerSigner signer.I) (*CertificateRequest, error)

CreateCertificateRequest creates a certificate request with challenge-response

type ChallengeProofMessage 

type ChallengeProofMessage struct {
	Challenge  string
	Name       string
	CertPubkey string
	ValidUntil time.Time
}

ChallengeProofMessage represents the message signed for certificate challenge proof

type NameRecord 

type NameRecord struct {
	Event    *event.E
	Name     string
	Type     string // A, AAAA, CNAME, MX, TXT, NS, SRV
	Value    string
	TTL      int // Cache TTL in seconds
	Priority int // For MX and SRV records
	Weight   int // For SRV records
	Port     int // For SRV records
}

NameRecord represents a kind 30103 event

func ParseNameRecord 

func ParseNameRecord(ev *event.E) (*NameRecord, error)

ParseNameRecord parses a kind 30103 event into a NameRecord

type NameState 

type NameState struct {
	Event        *event.E
	Name         string
	Owner        string // Current owner pubkey
	RegisteredAt time.Time
	ProposalID   string  // Event ID of the registration proposal
	Attestations int     // Number of attestations
	Confidence   float64 // Consensus confidence score (0.0 to 1.0)
	Expiration   time.Time
}

NameState represents a kind 30102 event

func ParseNameState 

func ParseNameState(ev *event.E) (*NameState, error)

ParseNameState parses a kind 30102 event into a NameState

type RegistrationProposal 

type RegistrationProposal struct {
	Event      *event.E
	Name       string
	Action     string // "register" or "transfer"
	PrevOwner  string // Previous owner pubkey (for transfers)
	PrevSig    string // Signature from previous owner (for transfers)
	Expiration time.Time
}

RegistrationProposal represents a kind 30100 event

func ParseRegistrationProposal 

func ParseRegistrationProposal(ev *event.E) (*RegistrationProposal, error)

ParseRegistrationProposal parses a kind 30100 event into a RegistrationProposal

type TransferAuthorization 

type TransferAuthorization struct {
	Name      string
	NewOwner  string
	Timestamp time.Time
}

TransferAuthorization represents the message signed for transfer authorization

func PrepareTransferAuth 

func PrepareTransferAuth(name, newOwner string, timestamp time.Time) TransferAuthorization

PrepareTransferAuth prepares the transfer authorization data that needs to be signed This is a helper for wallets/clients that want to show what they're signing

type TrustEntry 

type TrustEntry struct {
	Pubkey     string
	ServiceURL string
	TrustScore float64 // 0.0 to 1.0
}

TrustEntry represents a single trust relationship

type TrustGraph 

type TrustGraph struct {
	Event      *event.E
	Entries    []TrustEntry
	Expiration time.Time
}

TrustGraph represents a kind 30101 event

func ParseTrustGraph 

func ParseTrustGraph(ev *event.E) (*TrustGraph, error)

ParseTrustGraph parses a kind 30101 event into a TrustGraph

type WitnessMessage 

type WitnessMessage struct {
	CertPubkey string
	Name       string
	ValidFrom  time.Time
	ValidUntil time.Time
	Challenge  string
}

WitnessMessage represents the message signed by witnesses

type WitnessService 

type WitnessService struct {
	Event        *event.E
	Endpoint     string
	Challenges   []string // Supported challenge types: "txt", "http", "event"
	MaxValidity  int      // Maximum certificate validity in seconds
	Fee          int      // Fee in sats per certificate
	ReputationID string   // Event ID of reputation event
	Description  string
	Contact      string
	Expiration   time.Time
}

WitnessService represents a kind 30105 event

func ParseWitnessService 

func ParseWitnessService(ev *event.E) (*WitnessService, error)

ParseWitnessService parses a kind 30105 event into a WitnessService

type WitnessSignature 

type WitnessSignature struct {
	Pubkey    string
	Signature string
}

WitnessSignature represents a witness attestation on a certificate

func RequestWitnessSignature 

func RequestWitnessSignature(cert *Certificate, witnessSigner signer.I) (WitnessSignature, error)

RequestWitnessSignature creates a witness signature for a certificate This would typically be called by a witness service

Source Files

  • builder.go
  • certificate.go
  • parser.go
  • sign.go
  • transfer.go
  • types.go
  • validation.go
  • verify.go

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.