本文整理汇总了Golang中github.com/jlmucb/cloudproxy/go/tao.Verifier类的典型用法代码示例。如果您正苦于以下问题:Golang Verifier类的具体用法?Golang Verifier怎么用?Golang Verifier使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Verifier类的4个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: newTempCAGuard
func newTempCAGuard(v *tao.Verifier) (tao.Guard, error) {
g := tao.NewTemporaryDatalogGuard()
vprin := v.ToPrincipal()
rule := fmt.Sprintf(subprinRule, vprin)
if err := g.AddRule(rule); err != nil {
return nil, err
}
return g, nil
}示例2: RequestProgramCert
// This function packages a host attestation into a DomainServiceRequest of the type
// DOMAIN_CERT_REQUEST, sends it to the domain service and deserializes the response
// into an attestation that contains the domain program certificate.
func RequestProgramCert(hostAtt *tao.Attestation, verifier *tao.Verifier,
network string, addr string) (*x509.Certificate, error) {
serAtt, err := proto.Marshal(hostAtt)
if err != nil {
return nil, err
}
reqType := DomainServiceRequest_DOMAIN_CERT_REQUEST
request := &DomainServiceRequest{
Type: &reqType,
SerializedHostAttestation: serAtt,
ProgramKey: verifier.MarshalKey(),
}
conn, err := net.Dial(network, addr)
if err != nil {
return nil, err
}
ms := util.NewMessageStream(conn)
_, err = ms.WriteMessage(request)
if err != nil {
return nil, err
}
log.Printf("Sent Program cert request to Domain Service using network %s at address %s.",
network, addr)
var response DomainServiceResponse
err = ms.ReadMessage(&response)
if err != nil {
return nil, err
}
log.Println("Got response from Domain Service.")
if errStr := response.GetErrorMessage(); errStr != "" {
return nil, errors.New(errStr)
}
cert, err := x509.ParseCertificate(response.GetDerProgramCert())
if err != nil {
return nil, err
}
return cert, nil
}示例3: printRequest
func printRequest(req *taoca.Request, subjectKey *tao.Verifier, serial int64, peer string) {
t := "Server (can't sign certificates)"
if *req.CSR.IsCa {
t = "Certificate Authority (can sign certificates)"
}
name := req.CSR.Name
fmt.Printf("\n"+
"A new Certificate Signing Request has been received:\n"+
" Country: %s\n"+
" Province: %s\n"+
" Locality: %s\n"+
" Organization: %s\n"+
" Organizational Unit: %s\n"+
" Common Name: %s\n"+
" Validity Period: %d years\n"+
" Type: %s\n"+
" Serial: %d\n"+
" Public Key Principal: %s\n"+
" Requesting Principal: %s\n"+
"\n",
*name.Country, *name.State, *name.City,
*name.Organization, *name.OrganizationalUnit, *name.CommonName,
*req.CSR.Years, t, serial, subjectKey.ToPrincipal(), peer)
}示例4: VerifySecretDisclosureDirective
// This function performs the following checks on a secret disclosure directive.
// (1) the directive signature is valid with respect to signerKey of directive
// (2) Either
// - policyKey matches the signerKey of directive
// - directive cert is a valid program cert (signed by policyKey) certifying the signerKey
// of directive as belonging to 'delegator'
// (3) the directive message is a statement of the form:
// 'policyKey/'delegator' says delegate can read protectedObjectId'
// where delegate is a Tao Principal and protectedObjectId is a (serialized) protected
// object message id.
func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin,
*auth.Prin, *string, *po.ObjectIdMessage, error) {
// Check type of directive
if directive.Type == nil || *(directive.Type) != DirectiveMessage_SECRET_DISCLOSURE {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive not of secret disclosure type.")
}
var verifier *tao.Verifier
var delegatorStr string
// Check directive signer matches policy key.
if bytes.Compare(
auth.Marshal(policyKey.SigningKey.ToPrincipal()), directive.GetSigner()) == 0 {
verifier = policyKey.SigningKey.GetVerifier()
delegatorStr = verifier.ToPrincipal().String()
} else {
// Check if program cert is valid, signed by policy key,
// cert public key matches signer and cert name matches speaker
// of says statement.
cert, err := x509.ParseCertificate(directive.Cert)
if err != nil {
return nil, nil, nil, nil, errors.New(
"error parsing directive program cert")
}
rootCert := x509.NewCertPool()
rootCert.AddCert(policyKey.Cert)
verifyOptions := x509.VerifyOptions{Roots: rootCert}
_, err = cert.Verify(verifyOptions)
if err != nil {
return nil, nil, nil, nil, errors.New(
"program cert not valid")
}
verifier, err = tao.FromX509(cert)
delegatorStr = cert.Subject.CommonName
if err != nil {
return nil, nil, nil, nil, err
}
if bytes.Compare(auth.Marshal(verifier.ToPrincipal()), directive.GetSigner()) != 0 {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive signer doesn't match program key.")
}
}
// Verify signature.
ok, err := verifier.Verify(directive.GetSerializedStatement(), SigningContext,
directive.GetSignature())
if err != nil {
return nil, nil, nil, nil, err
}
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive signature check failed.")
}
// Validate and return statement.
statement, err := auth.UnmarshalForm(directive.GetSerializedStatement())
if err != nil {
return nil, nil, nil, nil, err
}
var saysStatement *auth.Says
if ptr, ok := statement.(*auth.Says); ok {
saysStatement = ptr
} else if val, ok := statement.(auth.Says); ok {
saysStatement = &val
} else {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive statement not a 'Says'")
}
stmtSpeaker, ok := saysStatement.Speaker.(auth.Prin)
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive speaker not a 'Prin'")
}
if stmtSpeaker.String() != delegatorStr {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive statement speaker does not match signer")
}
pred, ok := saysStatement.Message.(auth.Pred)
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive message not a 'Pred'")
}
predName := pred.Name
if predName == "" {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive predicate name is empty")
}
if len(pred.Arg) != 2 {
//.........这里部分代码省略.........