| Overview |  |
xmlrat_dsig_verifier implementation, which uses
the built-in public_key module.
Behaviours: xmlrat_dsig_verifier.
The default xmlrat_dsig_verifier implementation, which uses
the built-in public_key module.
Supports:
options() for the format of the verifier_options map. If no
options are given, this module will deny all keys and certificates.
fingerprint() = {spki | ssh | x509, crypto:hash_algorithm(), binary()}
options() = #{fingerprints => [fingerprint()], ca_certs => [#'OTPCertificate'{}], ca_cert_file => path(), danger_trust_any_key => boolean(), danger_trust_any_cert => boolean(), danger_ignore_crl_fetch_errors => boolean()}
path() = string()
| retrieve_key/3 | Retrieves a key based on metadata about the key. |
| validate_cert/3 | Validate an X.509 certificate included in the XML DSIG payload. |
| validate_key/4 | Validate a bare public key. |
retrieve_key(Opts::options(), Details::xmlrat_dsig_verifier:key_details(), Algo::xmlrat_dsig_verifier:algo()) -> {ok, xmlrat_dsig_verifier:pubkey()} | {error, term()}
Retrieves a key based on metadata about the key.
Ccalled when the XML-DSIG payload does not include a certificate or the key itself. Thevalidate_key/2 callback will also be called for this key
after retrieval.
validate_cert(M0::options(), Cert::xmlrat_dsig_verifier:cert(), Algo::xmlrat_dsig_verifier:algo()) -> ok | {error, term()}
Validate an X.509 certificate included in the XML DSIG payload.
validate_key(X1::options(), PubKey::xmlrat_dsig_verifier:pubkey(), Details::xmlrat_dsig_verifier:key_details(), Algo::xmlrat_dsig_verifier:algo()) -> ok | {error, term()}
Validate a bare public key.
The public key was either included in the XML DSIG payload or retrieved viaretrieve_key/3 (not called if an X.509 certificate was included).
Generated by EDoc