Documentation ¶
Index ¶
- Variables
- func BER2DER(ber []byte) ([]byte, error)
- func BadFormatGroup(data []byte) ([]byte, bool, error)
- func BundleRSAPublicKey(key rsa.PublicKey) (asn1.BitString, error)
- func CreateCRL(c *x509.Certificate, rand io.Reader, priv interface{}, ...) (crlBytes []byte, err error)
- func DecodeASN(data []byte) ([]ASNCertificateInformation, []ASNCertificateInformation, error)
- func DecodeIP(addrfamily []byte, addr asn1.BitString) (*net.IPNet, error)
- func DecodeIPMinMax(addrfamily []byte, addr asn1.BitString, max bool) (net.IP, error)
- func DecodeKeyAuthority(data []byte) ([]byte, error)
- func DecodeKeyIdentifier(data []byte) ([]byte, error)
- func DecryptSignatureRSA(signature []byte, pubKey *rsa.PublicKey) ([]byte, error)
- func DeleteLineEnd(line string) string
- func EContentToEncap(econtent []byte) ([]byte, error)
- func EContentToEncapBF(econtent []byte, skipbf bool) ([]byte, error)
- func EncodeASN(nums []ASNCertificateInformation, rdi []ASNCertificateInformation) (*pkix.Extension, error)
- func EncodeASNSeq(asns []ASNCertificateInformation) ([]asn1.RawValue, error)
- func EncodeIPAddressBlock(ips []IPCertificateInformation) (*pkix.Extension, error)
- func EncodeIPAddressBlockVersion(version byte, ips []IPCertificateInformation, safi byte, addSafi bool) ([]byte, error)
- func EncodeInfoAccess(authority bool, path string) (*pkix.Extension, error)
- func EncodePolicyInformation(cps string) (*pkix.Extension, error)
- func EncodeSIA(sias []*SIA) (*pkix.Extension, error)
- func EncodeTAL(tal *RPKITAL) ([]byte, error)
- func EncodeTALSize(tal *RPKITAL, split int) ([]byte, error)
- func EncryptSignatureRSA(rand io.Reader, signature []byte, privKey *rsa.PrivateKey) ([]byte, error)
- func GetRangeIP(ipnet *net.IPNet) (error, net.IP, net.IP)
- func GroupEntries(entries []*ROAEntry) map[byte][]*ROAEntry
- func GroupIPAddressBlock(ips []IPCertificateInformation) map[byte][]IPCertificateInformation
- func HashPublicKey(key interface{}) ([]byte, error)
- func HashRSAPublicKey(key rsa.PublicKey) ([]byte, error)
- func IPNetToBitString(ipnet net.IPNet) asn1.BitString
- func IPToBitString(ip net.IP) asn1.BitString
- func ManifestToEncap(mft *Manifest) ([]byte, error)
- func PrivateEncrypt(priv *rsa.PrivateKey, data []byte) (enc []byte, err error)
- func ROAToEncap(roa *ROA) ([]byte, error)
- func RSAPublicDecrypt(pubKey *rsa.PublicKey, data []byte) []byte
- func ValidateASNCertificateList(list []ASNCertificateInformation, parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, ...)
- func ValidateIPCertificateList(list []IPCertificateInformation, parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, ...)
- func ValidateIPRoaCertificateList(entries []*ROAEntry, cert *RPKICertificate) ([]*ROAEntry, []*ROAEntry, []*ROAEntry)
- type ASN
- type ASNCertificateInformation
- type ASNRange
- type ASNull
- type Attribute
- type CMS
- func (cms *CMS) AddCRLs(crls []byte) error
- func (cms *CMS) CheckSignaturesMatch() (bool, error)
- func (cms *CMS) GetRPKICertificate() (*RPKICertificate, error)
- func (cms *CMS) GetSigningTime() (time.Time, error)
- func (cms *CMS) Sign(rand io.Reader, ski []byte, encap []byte, priv interface{}, cert []byte) error
- func (cms *CMS) Validate(encap []byte, cert *x509.Certificate) error
- type CRLAuthKeyId
- type CmsSignedData
- type DecoderConfig
- type File
- type IPAddressNull
- type IPAddressRange
- type IPCertificateInformation
- type IPNet
- type Manifest
- type ManifestContent
- type ROA
- type ROAAddressFamily
- type ROAContent
- type ROAEntry
- type ROAIPAddresses
- type RPKICertificate
- func (cert *RPKICertificate) GetRRDPGeneralName() string
- func (cert *RPKICertificate) GetRsyncGeneralName() string
- func (cert *RPKICertificate) HasRRDP() bool
- func (cert *RPKICertificate) IsASRangeInCertificate(min int, max int) (bool, bool)
- func (cert *RPKICertificate) IsIPRangeInCertificate(min net.IP, max net.IP) (bool, bool)
- func (cert *RPKICertificate) String() string
- func (cert *RPKICertificate) Validate(parent *RPKICertificate) error
- func (cert *RPKICertificate) ValidateASNCertificate(parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, ...)
- func (cert *RPKICertificate) ValidateIPCertificate(parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, ...)
- func (cert *RPKICertificate) ValidateTime(comp time.Time) error
- type RPKIManifest
- type RPKIROA
- type RPKITAL
- type RPKIXML
- type SIA
- type SignatureDecoded
- type SignatureInner
- type SignedAttributesDigest
- type SignerInfo
- type XML
- type XMLContent
Constants ¶
This section is empty.
Variables ¶
View Source
var ( IpAddrBlock = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7} AutonomousSysIds = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 8} IpAddrBlockV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 28} AutonomousSysIdsV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 29} IpAddrAndASIdent = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30} CertPolicy = asn1.ObjectIdentifier{2, 5, 29, 32} ResourceCertPolicy = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 14, 2} CPS = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} SubjectInfoAccess = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11} AuthorityInfoAccess = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1} CAIssuer = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2} SignedObject = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 11} SubjectKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 14} AuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35} CertRepository = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 5} CertRRDP = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 13} )
View Source
var ( ContentTypeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 3} MessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4} SigningTime = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5} SignedDataOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 7, 2} SHA256OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} RSAOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} )
View Source
var ( OidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} OidSerialNumber = asn1.ObjectIdentifier{2, 5, 29, 20} )
View Source
var ( SIAManifest = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 10} ManifestOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 26} )
View Source
var ( DefaultDecoderConfig = &DecoderConfig{ ValidateStrict: true, } )
View Source
var (
RSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)
View Source
var (
RoaOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 24}
)
View Source
var (
XMLOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 16, 1, 28}
)
Functions ¶
func BundleRSAPublicKey ¶ added in v1.2.0
func CreateCRL ¶ added in v1.2.0
func DecodeASN ¶
func DecodeASN(data []byte) ([]ASNCertificateInformation, []ASNCertificateInformation, error)
func DecodeIPMinMax ¶
func DecodeKeyAuthority ¶
func DecodeKeyIdentifier ¶
func DecryptSignatureRSA ¶
func DeleteLineEnd ¶
func EContentToEncap ¶ added in v1.2.0
Pass fullbytes of any EContent Do one for ROA and MFT
func EContentToEncapBF ¶ added in v1.2.0
func EncodeASN ¶ added in v1.2.0
func EncodeASN(nums []ASNCertificateInformation, rdi []ASNCertificateInformation) (*pkix.Extension, error)
func EncodeASNSeq ¶ added in v1.2.0
func EncodeASNSeq(asns []ASNCertificateInformation) ([]asn1.RawValue, error)
func EncodeIPAddressBlock ¶ added in v1.2.0
func EncodeIPAddressBlock(ips []IPCertificateInformation) (*pkix.Extension, error)
func EncodeIPAddressBlockVersion ¶ added in v1.2.0
func EncodeInfoAccess ¶ added in v1.2.0
func EncodePolicyInformation ¶ added in v1.2.0
func EncryptSignatureRSA ¶ added in v1.2.0
func GroupEntries ¶ added in v1.2.0
func GroupIPAddressBlock ¶ added in v1.2.0
func GroupIPAddressBlock(ips []IPCertificateInformation) map[byte][]IPCertificateInformation
Put in ExtraExtensions https://tools.ietf.org/html/rfc3779
func HashPublicKey ¶ added in v1.2.0
func ManifestToEncap ¶ added in v1.2.0
func PrivateEncrypt ¶ added in v1.2.0
func PrivateEncrypt(priv *rsa.PrivateKey, data []byte) (enc []byte, err error)
func ROAToEncap ¶ added in v1.2.0
func RSAPublicDecrypt ¶ added in v1.2.0
https://stackoverflow.com/questions/44852289/decrypt-with-public-key
func ValidateASNCertificateList ¶
func ValidateASNCertificateList(list []ASNCertificateInformation, parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)
func ValidateIPCertificateList ¶
func ValidateIPCertificateList(list []IPCertificateInformation, parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)
func ValidateIPRoaCertificateList ¶
func ValidateIPRoaCertificateList(entries []*ROAEntry, cert *RPKICertificate) ([]*ROAEntry, []*ROAEntry, []*ROAEntry)
Types ¶
type ASNCertificateInformation ¶
type ASNCertificateInformation interface { GetRange() (int, int, bool) IsASNInRange(int) (bool, bool) String() string ASN1() ([]byte, error) }
func DecodeASIdentifier ¶
func DecodeASIdentifier(data asn1.RawValue) ([]ASNCertificateInformation, error)
type Attribute ¶
type Attribute struct { AttrType asn1.ObjectIdentifier AttrValue []asn1.RawValue `asn1:"set"` }
type CMS ¶
type CMS struct { OID asn1.ObjectIdentifier SignedData CmsSignedData `asn1:"explicit,tag:0"` }
func (*CMS) CheckSignaturesMatch ¶ added in v1.2.0
Checks for an explicit NULL object in AlgorithmIdentifier for both CMS and EE certificate.
func (*CMS) GetRPKICertificate ¶
func (cms *CMS) GetRPKICertificate() (*RPKICertificate, error)
type CRLAuthKeyId ¶ added in v1.2.0
type CRLAuthKeyId struct {
Id []byte `asn1:"optional,tag:0"`
}
type CmsSignedData ¶
type DecoderConfig ¶ added in v1.2.0
type DecoderConfig struct {
ValidateStrict bool
}
func (*DecoderConfig) DecodeManifest ¶ added in v1.2.0
func (cf *DecoderConfig) DecodeManifest(data []byte) (*RPKIManifest, error)
type IPAddressNull ¶
type IPAddressNull struct {
Family uint8
}
func (*IPAddressNull) ASN1 ¶ added in v1.2.0
func (ipan *IPAddressNull) ASN1() ([]byte, error)
func (*IPAddressNull) GetAfi ¶
func (ipan *IPAddressNull) GetAfi() uint8
func (*IPAddressNull) IsIPInRange ¶
func (ipan *IPAddressNull) IsIPInRange(ip net.IP) (bool, bool)
func (*IPAddressNull) String ¶
func (ipan *IPAddressNull) String() string
type IPAddressRange ¶
func (*IPAddressRange) ASN1 ¶ added in v1.2.0
func (ipr *IPAddressRange) ASN1() ([]byte, error)
func (*IPAddressRange) GetAfi ¶
func (ipr *IPAddressRange) GetAfi() uint8
func (*IPAddressRange) IsIPInRange ¶
func (ipr *IPAddressRange) IsIPInRange(ip net.IP) (bool, bool)
func (*IPAddressRange) String ¶
func (ipr *IPAddressRange) String() string
type IPCertificateInformation ¶
type IPCertificateInformation interface { GetRange() (net.IP, net.IP, bool) IsIPInRange(net.IP) (bool, bool) String() string GetAfi() uint8 ASN1() ([]byte, error) }
func DecodeIPAddressBlock ¶
func DecodeIPAddressBlock(data []byte) ([]IPCertificateInformation, error)
type Manifest ¶
type Manifest struct { OID asn1.ObjectIdentifier EContent asn1.RawValue `asn1:"tag:0,explicit,optional"` }
func EncodeManifestContent ¶ added in v1.2.0
func EncodeManifestContent(eContent ManifestContent) (*Manifest, error)
type ManifestContent ¶
type ROA ¶
type ROA struct { OID asn1.ObjectIdentifier EContent asn1.RawValue `asn1:"tag:0,explicit,optional"` }
type ROAAddressFamily ¶
type ROAAddressFamily struct { AddressFamily []byte Addresses []ROAIPAddresses }
type ROAContent ¶
type ROAContent struct { ASID int IpAddrBlocks []ROAAddressFamily }
type ROAEntry ¶ added in v1.2.0
func ConvertROAEntries ¶
func ConvertROAEntries(roacontent ROAContent) ([]*ROAEntry, int, error)
type ROAIPAddresses ¶
type RPKICertificate ¶ added in v1.2.0
type RPKICertificate struct { SubjectInformationAccess []SIA IPAddresses []IPCertificateInformation ASNums []ASNCertificateInformation ASNRDI []ASNCertificateInformation Certificate *x509.Certificate }
func DecodeCertificate ¶
func DecodeCertificate(data []byte) (*RPKICertificate, error)
func (*RPKICertificate) GetRRDPGeneralName ¶ added in v1.4.4
func (cert *RPKICertificate) GetRRDPGeneralName() string
func (*RPKICertificate) GetRsyncGeneralName ¶ added in v1.4.4
func (cert *RPKICertificate) GetRsyncGeneralName() string
func (*RPKICertificate) HasRRDP ¶ added in v1.4.4
func (cert *RPKICertificate) HasRRDP() bool
func (*RPKICertificate) IsASRangeInCertificate ¶ added in v1.2.0
func (cert *RPKICertificate) IsASRangeInCertificate(min int, max int) (bool, bool)
func (*RPKICertificate) IsIPRangeInCertificate ¶ added in v1.2.0
func (*RPKICertificate) String ¶ added in v1.2.0
func (cert *RPKICertificate) String() string
func (*RPKICertificate) Validate ¶ added in v1.2.0
func (cert *RPKICertificate) Validate(parent *RPKICertificate) error
func (*RPKICertificate) ValidateASNCertificate ¶ added in v1.2.0
func (cert *RPKICertificate) ValidateASNCertificate(parent *RPKICertificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)
func (*RPKICertificate) ValidateIPCertificate ¶ added in v1.2.0
func (cert *RPKICertificate) ValidateIPCertificate(parent *RPKICertificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)
func (*RPKICertificate) ValidateTime ¶ added in v1.2.0
func (cert *RPKICertificate) ValidateTime(comp time.Time) error
type RPKIManifest ¶ added in v1.2.0
type RPKIManifest struct { Certificate *RPKICertificate Content ManifestContent BadFormat bool InnerValid bool InnerValidityError error }
func DecodeManifest ¶
func DecodeManifest(data []byte) (*RPKIManifest, error)
type RPKIROA ¶ added in v1.2.0
type RPKIROA struct { ASN int Entries []*ROAEntry Certificate *RPKICertificate BadFormat bool SigningTime time.Time InnerValid bool InnerValidityError error Valids []*ROAEntry Invalids []*ROAEntry CheckParent []*ROAEntry }
func (*RPKIROA) ValidateEntries ¶ added in v1.2.0
func (*RPKIROA) ValidateIPRoaCertificate ¶ added in v1.2.0
func (roa *RPKIROA) ValidateIPRoaCertificate(cert *RPKICertificate) ([]*ROAEntry, []*ROAEntry, []*ROAEntry)
type RPKITAL ¶ added in v1.2.0
type RPKITAL struct { URI []string Algorithm x509.PublicKeyAlgorithm OID asn1.ObjectIdentifier PublicKey interface{} }
func (*RPKITAL) CheckCertificate ¶ added in v1.2.0
func (tal *RPKITAL) CheckCertificate(cert *x509.Certificate) bool
func (*RPKITAL) GetRsyncURI ¶ added in v1.2.0
Returns the rsync URL associated with the TAL certificate. If it does not exist (http only), return a made up URI
type RPKIXML ¶ added in v1.2.0
type RPKIXML struct { Content []byte Certificate *RPKICertificate InnerValid bool InnerValidityError error }
type SIA ¶
type SIA struct { AccessMethod asn1.ObjectIdentifier GeneralName []byte `asn1:"tag:6"` }
type SignatureDecoded ¶
type SignatureDecoded struct { Inner SignatureInner Hash []byte }
type SignatureInner ¶
type SignatureInner struct { OID asn1.ObjectIdentifier Null asn1.RawValue }
type SignedAttributesDigest ¶
type SignedAttributesDigest struct {
SignedAttrs []Attribute `asn1:"set"`
}
type SignerInfo ¶
type SignerInfo struct { Version int Sid asn1.RawValue // `asn1:"tag:0,implicit"` //Sid asn1.RawValue `asn1:"tag:0,implicit"` DigestAlgorithms []asn1.RawValue SignedAttrs []Attribute `asn1:"optional,tag:0,implicit,set"` SignatureAlgorithm asn1.RawValue Signature []byte UnsignedAttrs asn1.RawValue `asn1:"optional,tag:1,implicit"` }
type XML ¶ added in v1.2.0
type XML struct { OID asn1.ObjectIdentifier EContent asn1.RawValue `asn1:"tag:0,explicit,optional"` }
func EncodeXMLContent ¶ added in v1.2.0
func EncodeXMLData ¶ added in v1.2.0
type XMLContent ¶ added in v1.2.0
type XMLContent struct {
Message interface{}
}
Click to show internal directories.
Click to hide internal directories.