forked from clocklock/go-rfc3161
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrfc3161.go
103 lines (83 loc) · 2.91 KB
/
rfc3161.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
package rfc3161
import (
"crypto/x509"
"encoding/asn1"
"errors"
"mime"
"github.com/cryptoballot/entropychecker"
)
// Misc Errors
var (
ErrUnrecognizedData = errors.New("rfc3161: Got unrecognized data and end of DER")
)
// OID Identifiers
var (
// RFC-5280: { id-kp 8 }
// RFC-3161: {iso(1) identified-organization(3) dod(6) internet(1) security(5) mechanisms(5) pkix(7) kp (3) timestamping (8)}
OidExtKeyUsageTimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
// Certificate extension: "extKeyUsage": {joint-iso-itu-t(2) ds(5) certificateExtension(29) extKeyUsage(37)}
OidExtKeyUsage = asn1.ObjectIdentifier{2, 5, 29, 37}
// RFC-5652: Content Type: {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) contentType(3)}
OidContentType = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3}
// RFC-5652: Message Digest: {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) messageDigest(4)}
OidMessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
// RFC-5652: iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs7(7) 2
OidSignedData = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2}
// RFC-3161: iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 4
OidContentTypeTSTInfo = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 4}
)
// Supported Extensions.
var supportedExtensions []asn1.ObjectIdentifier
// RootCerts is any additional trusted root certificates.
// It should only be used for testing.
// It must be initialized with x509.NewCertPool
var RootCerts *x509.CertPool
// RegisterExtension registers a supported Extension.
// This is intended to be called from the init function in
// packages that implement support for these extensions.
// A TimeStampReq or TimeStampResp with an unregistered
// critical extension will return an error when verified.
func RegisterExtension(extension asn1.ObjectIdentifier) {
if supportedExtensions == nil {
supportedExtensions = make([]asn1.ObjectIdentifier, 0, 0)
}
// Check if it already exists
for _, ext := range supportedExtensions {
if ext.Equal(extension) {
return
}
}
// Add it
supportedExtensions = append(supportedExtensions, extension)
}
// ListExtensions lists all supported extensions
func ListExtensions() []asn1.ObjectIdentifier {
if supportedExtensions == nil {
return make([]asn1.ObjectIdentifier, 0, 0)
} else {
return supportedExtensions
}
}
func setMimeTypes() error {
err := mime.AddExtensionType(".tsq", "application/timestamp-query")
if err != nil {
return err
}
err = mime.AddExtensionType(".tsr", "application/timestamp-reply")
if err != nil {
return err
}
return nil
}
func init() {
// Make sure we have sufficient entropy and fail to start if there isn't
// This only works on Linux.
err := entropychecker.WaitForEntropy()
if err != nil && err != entropychecker.ErrUnsupportedOS {
panic(err)
}
err = setMimeTypes()
if err != nil {
panic(err)
}
}