Tryanks/pdfsign
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c327f686d5605dade7885a162e4e30a017d4e5b1
pdfsign/revocation/revocation.go
Paul van Brouwershaven c327f686d5 Added a dedicated revocation subpackage 
The newly created dedicated revocation package is used to encode and
decode revocation information. Signing and verification can now use the
same structures.

While the InfoArchival stucsture can now be created this stucture is currenlty
not embedded into the document. Test cases for obtaining and embedding revocation
information into the InfoArchival struct are also availible.
2017-07-12 20:53:06 +02:00

56 lines
1.7 KiB
Go
Raw Blame History

package revocation
import (
"encoding/asn1"
"crypto/x509"
)
// InfoArchival is the pkcs7 container containing the revocation information for
// all embedded certificates.
//
// Currently the internal structure is exposed but I don't like to expose the
// asn1.RawValue objects. We can probably make them private and expose the
// information with functions.
type InfoArchival struct {
CRL CRL `asn1:"tag:0,optional,explicit"`
OCSP OCSP `asn1:"tag:1,optional,explicit"`
Other Other `asn1:"tag:2,optional,explicit"`
}
// AddCRL is used to embed an CRL to revocation.InfoArchival object. You directly
// pass the bytes of a downloaded CRL to this function.
func (r *InfoArchival) AddCRL(b []byte) error {
r.CRL = append(r.CRL, asn1.RawValue{FullBytes: b})
return nil
}
// AddOCSP is used to embed the raw bytes of an OCSP response.
func (r *InfoArchival) AddOCSP(b []byte) error {
r.OCSP = append(r.OCSP, asn1.RawValue{FullBytes: b})
return nil
}
// IsRevoked checks if there is a status inclded for the certificate and returns
// true if the certificate is marked as revoked.
//
// TODO: We should report if there is no CRL or OCSP response embeded for this certificate
// TODO: Information about the revocation (time, reason, etc) must be extractable
func (r *InfoArchival) IsRevoked(c *x509.Certificate) bool {
// check the crl and ocsp to see if this certificate is revoked
return true
}
// CRL contains the raw bytes of a pkix.CertificateList and can be parsed with
// x509.PParseCRL.
type CRL []asn1.RawValue
// OCSP contains the raw bytes of an OCSP response and can be parsed with
// x/crypto/ocsp.ParseResponse
type OCSP []asn1.RawValue
// ANS.1 Object OtherRevInfo
type Other struct {
Type asn1.ObjectIdentifier
Value []byte
}
Reference in New Issue View Git Blame Copy Permalink