HomeUniDoc
...

Package sighandler

Overview ▾

Package sighandler implements digital signature handlers for PDF signature validation and signing.

Index ▾

func NewAdobePKCS7Detached(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (model.SignatureHandler, error)
func NewAdobeX509RSASHA1(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (model.SignatureHandler, error)
func NewAdobeX509RSASHA1Custom(certificate *x509.Certificate, signFunc SignFunc) (model.SignatureHandler, error)
func NewAdobeX509RSASHA1CustomWithOpts(certificate *x509.Certificate, signFunc SignFunc, opts *AdobeX509RSASHA1Opts) (model.SignatureHandler, error)
func NewDocMDPHandler(handler model.SignatureHandler, permission mdp.DocMDPPermission) (model.SignatureHandler, error)
func NewDocTimeStamp(timestampServerURL string, hashAlgorithm crypto.Hash) (model.SignatureHandler, error)
func NewDocTimeStampWithOpts(timestampServerURL string, hashAlgorithm crypto.Hash, opts *DocTimeStampOpts) (model.SignatureHandler, error)
func NewEmptyAdobePKCS7Detached(signatureLen int) (model.SignatureHandler, error)
func NewEtsiPAdESLevelB(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate) (model.SignatureHandler, error)
func NewEtsiPAdESLevelLT(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate, certificateTimestampServerURL string, appender *model.PdfAppender) (model.SignatureHandler, error)
func NewEtsiPAdESLevelT(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate, certificateTimestampServerURL string) (model.SignatureHandler, error)
type AdobeX509RSASHA1Opts
type DocMDPHandler
    func (dm *DocMDPHandler) InitSignature(sig *model.PdfSignature) error
    func (dm *DocMDPHandler) IsApplicable(sig *model.PdfSignature) bool
    func (dm *DocMDPHandler) NewDigest(sig *model.PdfSignature) (model.Hasher, error)
    func (dm *DocMDPHandler) Sign(sig *model.PdfSignature, digest model.Hasher) error
    func (dm *DocMDPHandler) Validate(sig *model.PdfSignature, digest model.Hasher) (model.SignatureValidationResult, error)
    func (dm *DocMDPHandler) ValidateWithOpts(sig *model.PdfSignature, digest model.Hasher, params model.SignatureHandlerDocMDPParams) (model.SignatureValidationResult, error)
type DocTimeStampOpts
type RevocationInfoArchival
type SignFunc

Package files

doc.go sighandler_docmdp.go sighandler_pades.go sighandler_pkcs7.go sighandler_rsa_sha1.go sighandler_timestamp.go

func NewAdobePKCS7Detached

func NewAdobePKCS7Detached(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (model.SignatureHandler, error)

NewAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler. Both parameters may be nil for the signature validation.

func NewAdobeX509RSASHA1

func NewAdobeX509RSASHA1(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (model.SignatureHandler, error)

NewAdobeX509RSASHA1 creates a new Adobe.PPKMS/Adobe.PPKLite adbe.x509.rsa_sha1 signature handler. Both the private key and the certificate can be nil for the signature validation.

func NewAdobeX509RSASHA1Custom

func NewAdobeX509RSASHA1Custom(certificate *x509.Certificate, signFunc SignFunc) (model.SignatureHandler, error)

NewAdobeX509RSASHA1Custom creates a new Adobe.PPKMS/Adobe.PPKLite adbe.x509.rsa_sha1 signature handler with a custom signing function. Both the certificate and the sign function can be nil for the signature validation. NOTE: the handler will do a mock Sign when initializing the signature in order to estimate the signature size. Use NewAdobeX509RSASHA1CustomWithOpts for configuring the handler to estimate the signature size.

func NewAdobeX509RSASHA1CustomWithOpts

func NewAdobeX509RSASHA1CustomWithOpts(certificate *x509.Certificate, signFunc SignFunc,
    opts *AdobeX509RSASHA1Opts) (model.SignatureHandler, error)

NewAdobeX509RSASHA1CustomWithOpts creates a new Adobe.PPKMS/Adobe.PPKLite adbe.x509.rsa_sha1 signature handler with a custom signing function. The handler is configured based on the provided options. If no options are provided, default options will be used. Both the certificate and the sign function can be nil for the signature validation.

func NewDocMDPHandler

func NewDocMDPHandler(handler model.SignatureHandler, permission mdp.DocMDPPermission) (model.SignatureHandler, error)

NewDocMDPHandler returns the new DocMDP handler with the specific DocMDP restriction level.

func NewDocTimeStamp

func NewDocTimeStamp(timestampServerURL string, hashAlgorithm crypto.Hash) (model.SignatureHandler, error)

NewDocTimeStamp creates a new DocTimeStamp signature handler. Both the timestamp server URL and the hash algorithm can be empty for the signature validation. The following hash algorithms are supported: crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512. NOTE: the handler will do a mock Sign when initializing the signature in order to estimate the signature size. Use NewDocTimeStampWithOpts for providing the signature size.

func NewDocTimeStampWithOpts

func NewDocTimeStampWithOpts(timestampServerURL string, hashAlgorithm crypto.Hash, opts *DocTimeStampOpts) (model.SignatureHandler, error)

NewDocTimeStampWithOpts returns a new DocTimeStamp configured using the specified options. If no options are provided, default options will be used. Both the timestamp server URL and the hash algorithm can be empty for the signature validation. The following hash algorithms are supported: crypto.SHA1, crypto.SHA256, crypto.SHA384, crypto.SHA512.

func NewEmptyAdobePKCS7Detached

func NewEmptyAdobePKCS7Detached(signatureLen int) (model.SignatureHandler, error)

NewEmptyAdobePKCS7Detached creates a new Adobe.PPKMS/Adobe.PPKLite adbe.pkcs7.detached signature handler. The generated signature is empty and of size signatureLen. The signatureLen parameter can be 0 for the signature validation.

func NewEtsiPAdESLevelB

func NewEtsiPAdESLevelB(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate) (model.SignatureHandler, error)

NewEtsiPAdESLevelB creates a new Adobe.PPKLite ETSI.CAdES.detached Level B signature handler.

func NewEtsiPAdESLevelLT

func NewEtsiPAdESLevelLT(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate, certificateTimestampServerURL string, appender *model.PdfAppender) (model.SignatureHandler, error)

NewEtsiPAdESLevelLT creates a new Adobe.PPKLite ETSI.CAdES.detached Level LT signature handler.

func NewEtsiPAdESLevelT

func NewEtsiPAdESLevelT(privateKey *rsa.PrivateKey, certificate *x509.Certificate, caCert *x509.Certificate, certificateTimestampServerURL string) (model.SignatureHandler, error)

NewEtsiPAdESLevelT creates a new Adobe.PPKLite ETSI.CAdES.detached Level T signature handler.

type AdobeX509RSASHA1Opts

AdobeX509RSASHA1Opts defines options for configuring the adbe.x509.rsa_sha1 signature handler.

type AdobeX509RSASHA1Opts struct {
    // EstimateSize specifies whether the size of the signature contents
    // should be estimated based on the modulus size of the public key
    // extracted from the signing certificate. If set to false, a mock Sign
    // call is made in order to estimate the size of the signature contents.
    EstimateSize bool

    // Algorithm specifies the algorithm used for performing signing.
    // If not specified, defaults to SHA1.
    Algorithm crypto.Hash
}

type DocMDPHandler

DocMDPHandler describes handler for the DocMDP realization.

type DocMDPHandler struct {
    Permission mdp.DocMDPPermission
    // contains filtered or unexported fields
}

func (*DocMDPHandler) InitSignature

func (dm *DocMDPHandler) InitSignature(sig *model.PdfSignature) error

InitSignature initialization of the DocMDP signature.

func (*DocMDPHandler) IsApplicable

func (dm *DocMDPHandler) IsApplicable(sig *model.PdfSignature) bool

IsApplicable returns true if the signature handler is applicable for the PdfSignature.

func (*DocMDPHandler) NewDigest

func (dm *DocMDPHandler) NewDigest(sig *model.PdfSignature) (model.Hasher, error)

NewDigest creates a new digest.

func (*DocMDPHandler) Sign

func (dm *DocMDPHandler) Sign(sig *model.PdfSignature, digest model.Hasher) error

Sign adds a new reference to signature's references array.

func (*DocMDPHandler) Validate

func (dm *DocMDPHandler) Validate(sig *model.PdfSignature, digest model.Hasher) (model.SignatureValidationResult, error)

Validate implementation of the SignatureHandler interface This check is impossible without checking the document's content. Please, use ValidateWithOpts with the PdfParser.

func (*DocMDPHandler) ValidateWithOpts

func (dm *DocMDPHandler) ValidateWithOpts(sig *model.PdfSignature, digest model.Hasher, params model.SignatureHandlerDocMDPParams) (model.SignatureValidationResult, error)

ValidateWithOpts validates a PDF signature by checking PdfReader or PdfParser by the DiffPolicy params describes parameters for the DocMDP checks.

type DocTimeStampOpts

DocTimeStampOpts defines options for configuring the timestamp handler.

type DocTimeStampOpts struct {
    // SignatureSize is the estimated size of the signature contents in bytes.
    // If not provided, a default signature size of 4192 is used.
    // The signing process will report the model.ErrSignNotEnoughSpace error
    // if the estimated signature size is smaller than the actual size of the
    // signature.
    SignatureSize int

    // Client is the timestamp client used to make the signature request.
    // If no client is provided, a default one is used.
    Client *sigutil.TimestampClient
}

type RevocationInfoArchival

RevocationInfoArchival is OIDAttributeAdobeRevocation attribute.

type RevocationInfoArchival struct {
    Crl          []asn1.RawValue `asn1:"explicit,tag:0,optional"`
    Ocsp         []asn1.RawValue `asn1:"explicit,tag:1,optional"`
    OtherRevInfo []asn1.RawValue `asn1:"explicit,tag:2,optional"`
}

type SignFunc

SignFunc represents a custom signing function. The function should return the computed signature.

type SignFunc func(sig *model.PdfSignature, digest model.Hasher) ([]byte, error)