本文整理汇总了Golang中github.com/jlmucb/cloudproxy/go/tao.Verifier.Verify方法的典型用法代码示例。如果您正苦于以下问题:Golang Verifier.Verify方法的具体用法?Golang Verifier.Verify怎么用?Golang Verifier.Verify使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类github.com/jlmucb/cloudproxy/go/tao.Verifier的用法示例。
在下文中一共展示了Verifier.Verify方法的1个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: VerifySecretDisclosureDirective
// This function performs the following checks on a secret disclosure directive.
// (1) the directive signature is valid with respect to signerKey of directive
// (2) Either
// - policyKey matches the signerKey of directive
// - directive cert is a valid program cert (signed by policyKey) certifying the signerKey
// of directive as belonging to 'delegator'
// (3) the directive message is a statement of the form:
// 'policyKey/'delegator' says delegate can read protectedObjectId'
// where delegate is a Tao Principal and protectedObjectId is a (serialized) protected
// object message id.
func VerifySecretDisclosureDirective(policyKey *tao.Keys, directive *DirectiveMessage) (*auth.Prin,
*auth.Prin, *string, *po.ObjectIdMessage, error) {
// Check type of directive
if directive.Type == nil || *(directive.Type) != DirectiveMessage_SECRET_DISCLOSURE {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive not of secret disclosure type.")
}
var verifier *tao.Verifier
var delegatorStr string
// Check directive signer matches policy key.
if bytes.Compare(
auth.Marshal(policyKey.SigningKey.ToPrincipal()), directive.GetSigner()) == 0 {
verifier = policyKey.SigningKey.GetVerifier()
delegatorStr = verifier.ToPrincipal().String()
} else {
// Check if program cert is valid, signed by policy key,
// cert public key matches signer and cert name matches speaker
// of says statement.
cert, err := x509.ParseCertificate(directive.Cert)
if err != nil {
return nil, nil, nil, nil, errors.New(
"error parsing directive program cert")
}
rootCert := x509.NewCertPool()
rootCert.AddCert(policyKey.Cert)
verifyOptions := x509.VerifyOptions{Roots: rootCert}
_, err = cert.Verify(verifyOptions)
if err != nil {
return nil, nil, nil, nil, errors.New(
"program cert not valid")
}
verifier, err = tao.FromX509(cert)
delegatorStr = cert.Subject.CommonName
if err != nil {
return nil, nil, nil, nil, err
}
if bytes.Compare(auth.Marshal(verifier.ToPrincipal()), directive.GetSigner()) != 0 {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive signer doesn't match program key.")
}
}
// Verify signature.
ok, err := verifier.Verify(directive.GetSerializedStatement(), SigningContext,
directive.GetSignature())
if err != nil {
return nil, nil, nil, nil, err
}
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive signature check failed.")
}
// Validate and return statement.
statement, err := auth.UnmarshalForm(directive.GetSerializedStatement())
if err != nil {
return nil, nil, nil, nil, err
}
var saysStatement *auth.Says
if ptr, ok := statement.(*auth.Says); ok {
saysStatement = ptr
} else if val, ok := statement.(auth.Says); ok {
saysStatement = &val
} else {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive statement not a 'Says'")
}
stmtSpeaker, ok := saysStatement.Speaker.(auth.Prin)
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive speaker not a 'Prin'")
}
if stmtSpeaker.String() != delegatorStr {
return nil, nil, nil, nil, errors.New(
"secret_disclosure: directive statement speaker does not match signer")
}
pred, ok := saysStatement.Message.(auth.Pred)
if !ok {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive message not a 'Pred'")
}
predName := pred.Name
if predName == "" {
return nil, nil, nil, nil,
errors.New("secret_disclosure: directive predicate name is empty")
}
if len(pred.Arg) != 2 {
//.........这里部分代码省略.........