Concluído

Addition to GO based service to add chain verification and signature verification for X509, CRL and OCSP

The existing API looks like this:

Decode an X509 certificate

curl --fail -F "content=@[url removed, login to view]" "[url removed, login to view]"

Request and issue an X509 certificate

openssl genrsa -out [url removed, login to view] 2048

openssl req -config [url removed, login to view] -subj "/CN=[url removed, login to view]" -new -x509 -set_serial 01 -days 1 -key [url removed, login to view] -out [url removed, login to view]

curl --fail -F "content=@[url removed, login to view]" "[url removed, login to view]"

Decode a set of X509 certificates

curl --fail -F "content=@[url removed, login to view]" "[url removed, login to view]"

Decode an X509 crl

curl --fail -F "content=@[url removed, login to view]" "[url removed, login to view]"

Decode an OCSP response

openssl ocsp -noverify -no_nonce -respout [url removed, login to view] -reqout [url removed, login to view] -issuer [url removed, login to view] -cert [url removed, login to view] -url "[url removed, login to view]" -header "HOST" "[url removed, login to view]" -text

curl --fail -F "content=@[url removed, login to view]" "[url removed, login to view]"

I want the following added:

----- X509Certificate\action=verify

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

[url removed, login to view]

curl --fail -F "content=@[url removed, login to view]" [url removed, login to view],example.com&time=zzz

action = verify -- generic certificate validation

Passin:

A certificate to be verified

A bag of certificates that may be usefull for validating the certificate to be verified (aka a bag of intermediate CA certificates)

Hostnames to make sure the certificte is good for (Only required for action eku=ExtKeyUsageServerAuth)

ku=KeyUsageDigitalSignature,KeyUsageContentCommitment,KeyUsageKeyEncipherment,KeyUsageDataEncipherment,KeyUsageKeyAgreement,KeyUsageCertSign,KeyUsageCRLSign,KeyUsageEncipherOnly,KeyUsageDecipherOnly,

eku=ExtKeyUsageAny, ExtKeyUsageServerAuth, ExtKeyUsageClientAuth, ExtKeyUsageCodeSigning, ExtKeyUsageEmailProtection, ExtKeyUsageTimeStamping, ExtKeyUsageOCSPSigning

time=time

If hostnames passed in call VerifyHostname if verify passes

If eku=ExtKeyUsageServerAuth and no hostname error

If hostnames provided they go in [url removed, login to view]

If time not specified use current time.

Use host side configured nss roots as trust anchors

Passout:

Success / Fail

If fail why:

CANotAuthorizedForThisName, Expired, NotAuthorizedToSign, TooManyIntermediates, HostnameError, ConstraintViolationError, CertificateInvalidError(Reason), UnhandledCriticalExtension, UnknownAuthorityError

Returns bags of PEM encoded certificates, each bag representing a chain, bag is ordered.

----- X509crl\action=verify

Call [url removed, login to view]

Passin:

A certificate to be verified

A certificate to verify against

time=time

Passout:

Success / Fail

If fail why:

Invalid siganture, unsupported algorithm, expired,

---- X509ocsp\action=verify&type=response

Passin:

A ocsp response to be verified

time=time

Passout:

Success / Fail

If fail why:

Invalid siganture, unsupported algorithm, expired,

Habilidades: Segurança de computadores, Golang, Arquitetura de software

Veja mais: example of an algorithm in computer, example for algorithm, computer algorithm example, api certs, algorithm in computer, algorithm header, algorithm computer, curl software, service architecture, roots, openssl, ku, go, Cert, c# api service, c api service, architecture f, api response time, service request, json request response

Acerca do Empregador:
( 14 comentários ) Woodinville, United States

ID do Projeto: #2489735

Concedido a:

efrey

I look forward to the prospect of working on this project.

$600 USD em 4 dias
(1 Comentário)
4.1