certlib

package
v1.7.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2023 License: BSD-2-Clause, ISC Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const OneDay = 24 * time.Hour

OneDay is a time.Duration representing a day's worth of seconds.

View Source 
const OneYear = 8760 * time.Hour

OneYear is a time.Duration representing a year's worth of seconds.

Variables

View Source 
var Apr2015 = InclusiveDate(2015, time.April, 01)

Apr2015 is the April 2015 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 39 months.

View Source 
var DelegationExtension = pkix.Extension{
	Id:       DelegationUsage,
	Critical: false,
	Value:    []byte{0x05, 0x00},
}

DelegationExtension

View Source 
var DelegationUsage = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 44}

DelegationUsage is the OID for the DelegationUseage extensions

View Source 
var Jul2012 = InclusiveDate(2012, time.July, 01)

Jul2012 is the July 2012 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 5 years.

Functions

func CreateTLSConfig 

func CreateTLSConfig(remoteCAs *x509.CertPool, cert *tls.Certificate) *tls.Config

CreateTLSConfig creates a tls.Config object from certs and roots

func DeserializeSCTList 

func DeserializeSCTList(serializedSCTList []byte) ([]ct.SignedCertificateTimestamp, error)

DeserializeSCTList deserializes a list of SCTs.

func EncodeCertificatePEM 

func EncodeCertificatePEM(cert *x509.Certificate) []byte

EncodeCertificatePEM encodes a single x509 certificates to PEM

func EncodeCertificatesPEM 

func EncodeCertificatesPEM(certs []*x509.Certificate) []byte

EncodeCertificatesPEM encodes a number of x509 certificates to PEM

func ExpiryTime 

func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time)

ExpiryTime returns the time when the certificate chain is expired.

func GetKeyDERFromPEM 

func GetKeyDERFromPEM(in []byte, password []byte) ([]byte, error)

GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.

func HashAlgoString 

func HashAlgoString(alg x509.SignatureAlgorithm) string

HashAlgoString returns the hash algorithm name contains in the signature method.

func InclusiveDate 

func InclusiveDate(year int, month time.Month, day int) time.Time

InclusiveDate returns the time.Time representation of a date - 1 nanosecond. This allows time.After to be used inclusively.

func KeyLength 

func KeyLength(key interface{}) int

KeyLength returns the bit size of ECDSA or RSA PublicKey

func LoadCertificate 

func LoadCertificate(path string) (*x509.Certificate, error)

LoadCertificate tries to read a single certificate from disk. If the file contains multiple certificates (e.g. a chain), only the first certificate is returned.

func LoadCertificates 

func LoadCertificates(path string) ([]*x509.Certificate, error)

LoadCertificates tries to read all the certificates in a file, returning them in the order that it found them in the file.

func LoadClientCertificate 

func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, error)

LoadClientCertificate load key/certificate from pem files

func LoadPEMCertPool 

func LoadPEMCertPool(certsFile string) (*x509.CertPool, error)

LoadPEMCertPool loads a pool of PEM certificates from file.

func MarshalEd25519PrivateKey 

func MarshalEd25519PrivateKey(sk crypto.PrivateKey) ([]byte, error)

MarshalEd25519PrivateKey returns a DER encoding of the input private key as specified in https://tools.ietf.org/html/draft-ietf-curdle-pkix-04.

func MarshalEd25519PublicKey 

func MarshalEd25519PublicKey(pk crypto.PublicKey) ([]byte, error)

MarshalEd25519PublicKey creates a DER-encoded SubjectPublicKeyInfo for an ed25519 public key, as defined in https://tools.ietf.org/html/draft-ietf-curdle-pkix-04. This is analogous to MarshalPKIXPublicKey in crypto/x509, which doesn't currently support Ed25519.

func MonthsValid 

func MonthsValid(c *x509.Certificate) int

MonthsValid returns the number of months for which a certificate is valid.

func PEMToCertPool 

func PEMToCertPool(pemCerts []byte) (*x509.CertPool, error)

PEMToCertPool concerts PEM certificates to a CertPool.

func ParseCSR 

func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)

ParseCSR parses a PEM- or DER-encoded PKCS #10 certificate signing request.

func ParseCSRPEM 

func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error)

ParseCSRPEM parses a PEM-encoded certificate signing request. It does not check the signature. This is useful for dumping data from a CSR locally.

func ParseCertificatePEM 

func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)

ParseCertificatePEM parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.

func ParseCertificatesDER 

func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error)

ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key, either PKCS #7, PKCS #12, or raw x509.

func ParseCertificatesPEM 

func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error)

ParseCertificatesPEM parses a sequence of PEM-encoded certificate and returns them, can handle PEM encoded PKCS #7 structures.

func ParseEd25519PrivateKey 

func ParseEd25519PrivateKey(der []byte) (crypto.PrivateKey, error)

ParseEd25519PrivateKey returns the Ed25519 private key encoded by the input.

func ParseEd25519PublicKey 

func ParseEd25519PublicKey(der []byte) (crypto.PublicKey, error)

ParseEd25519PublicKey returns the Ed25519 public key encoded by the input.

func ParseOneCertificateFromPEM 

func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error)

ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object, either a raw x509 certificate or a PKCS #7 structure possibly containing multiple certificates, from the top of certsPEM, which itself may contain multiple PEM encoded certificate objects.

func ParsePrivateKeyDER 

func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error)

ParsePrivateKeyDER parses a PKCS #1, PKCS #8, ECDSA, or Ed25519 DER-encoded private key. The key must not be in PEM format. If an error is returned, it may contain information about the private key, so care should be taken when displaying it directly.

func ParsePrivateKeyPEM 

func ParsePrivateKeyPEM(keyPEM []byte) (key crypto.Signer, err error)

ParsePrivateKeyPEM parses and returns a PEM-encoded private key. The private key may be either an unencrypted PKCS#8, PKCS#1, or elliptic private key.

func ParsePrivateKeyPEMWithPassword 

func ParsePrivateKeyPEMWithPassword(keyPEM []byte, password []byte) (key crypto.Signer, err error)

ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private key. The private key may be a potentially encrypted PKCS#8, PKCS#1, or elliptic private key.

func ParseSelfSignedCertificatePEM 

func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error)

ParseSelfSignedCertificatePEM parses a PEM-encoded certificate and check if it is self-signed.

func ReadBytes 

func ReadBytes(valFile string) ([]byte, error)

ReadBytes reads a []byte either from a file or an environment variable. If valFile has a prefix of 'env:', the []byte is read from the environment using the subsequent name. If the prefix is 'file:' the []byte is read from the subsequent file. If no prefix is provided, valFile is assumed to be a file path.

func ReadCertificate 

func ReadCertificate(in []byte) (cert *x509.Certificate, rest []byte, err error)

ReadCertificate reads a DER or PEM-encoded certificate from the byte slice.

func ReadCertificates 

func ReadCertificates(in []byte) (certs []*x509.Certificate, err error)

ReadCertificates tries to read all the certificates in a PEM-encoded collection.

func SCTListFromOCSPResponse 

func SCTListFromOCSPResponse(response *ocsp.Response) ([]ct.SignedCertificateTimestamp, error)

SCTListFromOCSPResponse extracts the SCTList from an ocsp.Response, returning an empty list if the SCT extension was not found or could not be unmarshalled.

func SerializeSCTList 

func SerializeSCTList(sctList []ct.SignedCertificateTimestamp) ([]byte, error)

SerializeSCTList serializes a list of SCTs.

func SignatureString 

func SignatureString(alg x509.SignatureAlgorithm) string

SignatureString returns the TLS signature string corresponding to an X509 signature algorithm.

func SignerAlgo 

func SignerAlgo(priv crypto.Signer) x509.SignatureAlgorithm

SignerAlgo returns an X.509 signature algorithm from a crypto.Signer.

func StringTLSVersion 

func StringTLSVersion(version string) uint16

StringTLSVersion returns underlying enum values from human names for TLS versions, defaults to current golang default of TLS 1.0

func ValidExpiry 

func ValidExpiry(c *x509.Certificate) bool

ValidExpiry determines if a certificate is valid for an acceptable length of time per the CA/Browser Forum baseline requirements. See https://cabforum.org/wp-content/uploads/CAB-Forum-BR-1.3.0.pdf

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package revoke provides functionality for checking the validity of a cert.
 Package revoke provides functionality for checking the validity of a cert.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.