Documentation ¶
Overview ¶
Package zamane is a client library to get signed timestamps from the timestamp server operated by KamuSM. It also provides extra functionality to verify timestamps and query the amount of credit remaining.
Index ¶
Constants ¶
const ( // DefaultServerURL is the address of the timestamp server operated in // production by KamuSM. DefaultServerURL = "http://zd.kamusm.gov.tr" )
Variables ¶
var ErrInvalidAuthentication = errors.New("authentication token is not valid")
ErrInvalidAuthentication indicates the auth token is can not be authorized.
Functions ¶
This section is empty.
Types ¶
type AuthToken ¶
type AuthToken struct { UserID int // customer number used in KamuSM Salt []byte // a cryptorandom value to derive AES key IterationCount int // PBKDF2 iteration count IV []byte // initial vector to encrypt the payload Ciphertext []byte // encrypted payload that must be part of the request }
AuthToken is used to authenticate requests to Zamane servers.
func NewAuthToken ¶
func NewAuthToken(rand io.Reader, customerID int, password string, payload []byte) (*AuthToken, error)
NewAuthToken builds a token to prove that client knows the user credentials. AuthToken has also the binding property with the payload which can be a part of the request.
func (*AuthToken) MarshalASN1 ¶
MarshalASN1 returns the ASN.1 encoding of the token.
func (*AuthToken) UnmarshalASN1 ¶
UnmarshalASN1 parses the DER-encoded ASN.1 data structure into the token.
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
Client provides an interface to access functionalities providing by the KamuSM's timestamp server.
func NewClient ¶
func NewClient(customerID, password string, options ...ClientOption) (*Client, error)
NewClient creates a Client instance with the credentials issued by KamuSM to be used for authentication. It can be customized with options e.g., to use a proxy.
func (*Client) RemainingCredit ¶
RemainingCredit returns the available amount of credit remaining for the authenticated user on the KamuSM's timestamp server. Note that the spend of credits is processed asynchronously by the server with a delay. Therefore, after spending the credits, it may be necessary to wait a bit to check the remaining credits.
RemainingCredit also uses the system time to authenticate to the server. It means the system date and time must be synchronized with time servers, i.e., using NTP. KamuSM servers allow clock drift up to 10 minutes.
Example usage:
client, _ := zamane.NewClient("999999", "12345678") credit, _ := client.RemainingCredit(nil) fmt.Printf("Remaining credit: %d\n", credit)
func (*Client) RequestTimestamp ¶
func (c *Client) RequestTimestamp(ctx context.Context, sum []byte, algo cryptoid.HashAlgorithm) (tsq *rfc3161.TimeStampReq, tsr *rfc3161.TimeStampResp, err error)
RequestTimestamp makes a request to the server to get signed timestamp for the given hash sum and algorithm. If successful, it returns the request and its response.
It is recommended that both be kept next to the digested file or data for future verifications. Both can be serialized in ASN.1 encoding, and revert.
RequestTimestamp also verifies the response given by the timestamp server. The signature is verified with the certificate in the response, and that certificate is also verified by the KamuSM root certificates. It also considers intermediate certificates if the server provides.
Warning: This function doesn't check the certificate revocation list provided by KamuSM. Note that all of the root certificates are defined statically in file kamusm_ca.go. It can be checked if they are identical with certificates provided by KamuSM site https://sertifikalar.kamusm.gov.tr
Example usage:
algo := cryptoid.SHA512 digester := algo.Hash.New() file, _ := os.Open("file-to-be-timestamped.txt") io.Copy(digester, file) client, _ := zamane.NewClient("999999", "12345678") tsq, tsr, _ := client.RequestTimestamp(nil, digester.Sum(nil), algo) tsqDER, _ := asn1.Marshal(*tsq) tsrDER, _ := asn1.Marshal(*tsr) ioutil.WriteFile("file-to-be-timestamped.tsq", tsqDER, 0644) ioutil.WriteFile("file-to-be-timestamped.tsr", tsrDER, 0644)
type ClientOption ¶
ClientOption is implemented by Client options. They can be used to customize the client behavior. See functions prefixed by With... for available options.
func WithHTTPClient ¶
func WithHTTPClient(client HTTPDoer) ClientOption
WithHTTPClient returns an option to be used the given HTTP client for the requests.
func WithRandomSource ¶
func WithRandomSource(rnd io.Reader) ClientOption
WithRandomSource returns an option to be used the given random source for generating random numbers. It must be a cryptographically secure random source.
func WithServerURL ¶
func WithServerURL(serverURL string) ClientOption
WithServerURL returns an option to be used the given timestamp server URL for the requests.