pkcs12

package
v1.0.2063 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 15, 2024 License: Apache-2.0 Imports: 41 Imported by: 1

Documentation

Index

Examples

Constants

View Source 
const (
	CertificateType = "CERTIFICATE"
	CRLType         = "X509 CRL"
	PrivateKeyType  = "PRIVATE KEY"
)

PEM block types

View Source 
const DefaultPassword = "cryptobin"

DefaultPassword is the string "cryptobin", a commonly-used password for PKCS#12 files. Due to the weak encryption used by PKCS#12, it is RECOMMENDED that you use DefaultPassword when encoding PKCS#12 files, and protect the PKCS#12 files using other means.

View Source 
const (
	// PKCS12 系列
	PKCS12Version = 3
)

Variables

View Source 
var (
	AddCipher = pbes1.AddCipher
	GetCipher = pbes1.GetCipher
)

别名

View Source 
var (
	CipherSHA1And3DES    = pbes1.SHA1And3DES
	CipherSHA1And2DES    = pbes1.SHA1And2DES
	CipherSHA1AndRC2_128 = pbes1.SHA1AndRC2_128
	CipherSHA1AndRC2_40  = pbes1.SHA1AndRC2_40
	CipherSHA1AndRC4_128 = pbes1.SHA1AndRC4_128
	CipherSHA1AndRC4_40  = pbes1.SHA1AndRC4_40
)

加密方式

View Source 
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
)
View Source 
var (
	// 获取 Cipher 类型
	GetPbes1CipherFromName = pbes1.GetCipherFromName
	// 检测 Cipher 类型
	CheckPbes1CipherFromName = pbes1.CheckCipherFromName

	// 获取 Cipher 类型
	GetPbes2CipherFromName = pbes2.GetCipherFromName
	// 获取 hash 类型
	GetPbes2HashFromName = pbes2.GetHashFromName
)
View Source 
var (
	// 默认 hash
	DefaultHash = SHA1
)
View Source 
var DefaultOpts = LegacyRC2Opts

Default Opts

View Source 
var EnvelopedCipher = envelopedCipher{}
View Source 
var LegacyDESOpts = Opts{
	KeyCipher:  pbes1.SHA1And3DES,
	CertCipher: CipherSHA1And3DES,
	MacKDFOpts: MacOpts{
		SaltSize:       8,
		IterationCount: 1,
		HMACHash:       SHA1,
	},
}

LegacyDES

View Source 
var LegacyGmsmOpts = Opts{
	KeyCipher: pbes2.SM4CBC,
	KeyKDFOpts: PBKDF2Opts{
		SaltSize:       16,
		IterationCount: 1000,
		HMACHash:       GetPbes2HashFromName("SM3"),
	},
	CertCipher: pbes2.SM4CBC,
	CertKDFOpts: PBKDF2Opts{
		SaltSize:       16,
		IterationCount: 1000,
		HMACHash:       GetPbes2HashFromName("SM3"),
	},
	MacKDFOpts: MacOpts{
		SaltSize:       16,
		IterationCount: 1000,
		HMACHash:       SM3,
	},
}

GmsmOpts

View Source 
var LegacyGostOpts = Opts{
	KeyCipher: pbes2.GostCipher,
	KeyKDFOpts: PBKDF2Opts{
		SaltSize:       32,
		IterationCount: 2000,
		HMACHash:       GetPbes2HashFromName("GOST34112012512"),
	},
	CertCipher: pbes2.GostCipher,
	CertKDFOpts: PBKDF2Opts{
		SaltSize:       32,
		IterationCount: 2000,
		HMACHash:       GetPbes2HashFromName("GOST34112012512"),
	},
	MacKDFOpts: MacOpts{
		SaltSize:       32,
		IterationCount: 2000,
		HMACHash:       GOST34112012512,
	},
}

LegacyGost

View Source 
var LegacyOpts = LegacyDESOpts

LegacyOpts

View Source 
var LegacyRC2Opts = Opts{
	KeyCipher:  pbes1.SHA1And3DES,
	CertCipher: CipherSHA1AndRC2_40,
	MacKDFOpts: MacOpts{
		SaltSize:       8,
		IterationCount: 1,
		HMACHash:       SHA1,
	},
}

LegacyRC2

View Source 
var LoadPKCS12 = LoadPKCS12FromBytes

别名

View Source 
var Modern2023Opts = Opts{
	KeyCipher: pbes2.AES256CBC,
	KeyKDFOpts: PBKDF2Opts{
		SaltSize:       16,
		IterationCount: 2048,
	},
	CertCipher: pbes2.AES256CBC,
	CertKDFOpts: PBKDF2Opts{
		SaltSize:       16,
		IterationCount: 2048,
	},
	MacKDFOpts: MacOpts{
		SaltSize:       16,
		IterationCount: 2048,
		HMACHash:       SHA256,
	},
}

Modern2023

View Source 
var ModernOpts = Modern2023Opts

ModernOpts

View Source 
var NewPKCS12Encode = NewPKCS12
View Source 
var PasswordlessOpts = Opts{
	KeyCipher:  nil,
	CertCipher: nil,
	MacKDFOpts: nil,
}

Passwordless

Functions

func AddKey 

func AddKey(name string, key KeyFunc)

添加 Key

func AllKey added in v1.0.2032 

func AllKey() map[string]KeyFunc

全部

func Decode 

func Decode(pfxData []byte, password string) (
	privateKey crypto.PrivateKey,
	certificate *x509.Certificate,
	err error,
)

Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file.

func DecodeChain 

func DecodeChain(pfxData []byte, password string) (
	privateKey crypto.PrivateKey,
	certificate *x509.Certificate,
	caCerts []*x509.Certificate,
	err error,
)

DecodeChain extracts a certificate, a CA certificate chain, and private key from pfxData, which must be a DER-encoded PKCS#12 file.

func DecodeSecret 

func DecodeSecret(pfxData []byte, password string) (secretKey []byte, err error)

DecodeSecret extracts the Secret key from pfxData, which must be a DER-encoded

func DecodeTrustStore 

func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error)

DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded

func Encode 

func Encode(
	rand io.Reader,
	privateKey crypto.PrivateKey,
	certificate *x509.Certificate,
	password string,
	opts ...Opts,
) (pfxData []byte, err error)

for go

func EncodeChain 

func EncodeChain(
	rand io.Reader,
	privateKey crypto.PrivateKey,
	certificate *x509.Certificate,
	caCerts []*x509.Certificate,
	password string,
	opts ...Opts,
) (pfxData []byte, err error)

EncodeChain produces pfxData containing one private key (privateKey), an end-entity certificate (certificate), and any number of CA certificates (caCerts).

func EncodeSecret 

func EncodeSecret(rand io.Reader, secretKey []byte, password string, opts ...Opts) (pfxData []byte, err error)

Encode Secret with der

func EncodeTrustStore 

func EncodeTrustStore(
	rand io.Reader,
	certs []*x509.Certificate,
	password string,
	opts ...Opts,
) (pfxData []byte, err error)

EncodeTrustStore produces pfxData containing any number of CA certificates (certs) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer.

func EncodeTrustStoreEntries 

func EncodeTrustStoreEntries(
	rand io.Reader,
	entries []TrustStoreEntry,
	password string,
	opts ...Opts,
) (pfxData []byte, err error)

EncodeTrustStoreEntries produces pfxData containing any number of CA certificates (entries) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer.

func GetStructName 

func GetStructName(s any) (name string)

反射获取结构体名称

func MarshalPKCS8PrivateKey 

func MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

从注册的 key 列表编码证书

func MarshalPrivateKey 

func MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

从注册的 key 列表编码证书

func ParsePKCS8PrivateKey 

func ParsePKCS8PrivateKey(pkData []byte) (privateKey crypto.PrivateKey, err error)

从注册的 key 列表解析证书

func ToPEM 

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ToPEM converts all "safe bags" contained in pfxData to PEM blocks.

Example 
p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {
	panic(err)
}

var pemData []byte
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
	panic(err)
}

config := &tls.Config{
	Certificates: []tls.Certificate{cert},
}

_ = config

Output:

Types

type CRLBagData added in v1.0.2034 

type CRLBagData struct {
	Id   asn1.ObjectIdentifier
	Data []byte `asn1:"tag:0,explicit"`
}

type CRLBagEntry added in v1.0.2034 

type CRLBagEntry struct{}

func NewCRLBagEntry added in v1.0.2034 

func NewCRLBagEntry() *CRLBagEntry

func (*CRLBagEntry) DecodeCertBag added in v1.0.2034 

func (this *CRLBagEntry) DecodeCertBag(asn1Data []byte) (cert []byte, err error)

func (*CRLBagEntry) EncodeCertBag added in v1.0.2034 

func (this *CRLBagEntry) EncodeCertBag(cert []byte) (asn1Data []byte, err error)

func (*CRLBagEntry) MakeCertBag added in v1.0.2034 

func (this *CRLBagEntry) MakeCertBag(certBytes []byte, attributes []PKCS12Attribute) (certBag *SafeBag, err error)

type CertBagCheckData added in v1.0.2034 

type CertBagCheckData struct {
	Id   asn1.ObjectIdentifier
	Data asn1.RawValue
}

type CertBagEntry added in v1.0.2034 

type CertBagEntry struct {
	Type CertType
}

func NewCertBagEntry added in v1.0.2034 

func NewCertBagEntry() *CertBagEntry

func (*CertBagEntry) DecodeCertBag added in v1.0.2034 

func (this *CertBagEntry) DecodeCertBag(asn1Data []byte) (cert []byte, err error)

func (*CertBagEntry) EncodeCertBag added in v1.0.2034 

func (this *CertBagEntry) EncodeCertBag(cert []byte) (asn1Data []byte, err error)

func (*CertBagEntry) GetType added in v1.0.2034 

func (this *CertBagEntry) GetType() CertType

func (*CertBagEntry) MakeCertBag added in v1.0.2034 

func (this *CertBagEntry) MakeCertBag(certBytes []byte, attributes []PKCS12Attribute) (certBag *SafeBag, err error)

func (*CertBagEntry) WithType added in v1.0.2034 

func (this *CertBagEntry) WithType(typ CertType) *CertBagEntry

type CertKDFOpts added in v1.0.2031 

type CertKDFOpts = pbes2.KDFOpts

type CertSdsiBagData added in v1.0.2034 

type CertSdsiBagData struct {
	Id   asn1.ObjectIdentifier
	Data string `asn1:"ia5"`
}

type CertType added in v1.0.2034 

type CertType uint
const (
	CertTypeX509 CertType = 1 + iota
	CertTypeSdsi
)

type CertX509BagData added in v1.0.2034 

type CertX509BagData struct {
	Id   asn1.ObjectIdentifier
	Data []byte `asn1:"tag:0,explicit"`
}

type Cipher 

type Cipher interface {
	// oid
	OID() asn1.ObjectIdentifier

	// 值大小
	KeySize() int

	// 是否有 KeyLength
	HasKeyLength() bool

	// 密码是否需要 Bmp 处理
	NeedPasswordBmpString() bool

	// 加密, 返回: [加密后数据, 参数, error]
	Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, []byte, error)

	// 解密
	Decrypt(key, params, ciphertext []byte) ([]byte, error)
}

加密接口

type ContentInfo added in v1.0.2032 

type ContentInfo struct {
	ContentType asn1.ObjectIdentifier
	Content     asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

type DigestInfo added in v1.0.2032 

type DigestInfo struct {
	Algorithm pkix.AlgorithmIdentifier
	Digest    []byte
}

from PKCS#7:

type EncryptedContentInfo added in v1.0.2032 

type EncryptedContentInfo struct {
	ContentType                asn1.ObjectIdentifier
	ContentEncryptionAlgorithm pkix.AlgorithmIdentifier
	EncryptedContent           []byte `asn1:"tag:0,optional"`
}

func (EncryptedContentInfo) Algorithm added in v1.0.2032 

func (this EncryptedContentInfo) Algorithm() pkix.AlgorithmIdentifier

func (EncryptedContentInfo) Data added in v1.0.2032 

func (this EncryptedContentInfo) Data() []byte

type EncryptedData added in v1.0.2032 

type EncryptedData struct {
	Version              int
	EncryptedContentInfo EncryptedContentInfo
}

type EnvelopedOpts added in v1.0.2034 

type EnvelopedOpts struct {
	// 加密方式
	Cipher     enveloped.Cipher
	KeyEncrypt enveloped.KeyEncrypt
	// 加密参数
	Recipients []*x509.Certificate
	// 解密参数
	Cert       *x509.Certificate
	PrivateKey crypto.PrivateKey
}

Enveloped 加密配置

type Hash 

type Hash uint

可使用的 hash 方式 

const (
	MD2 Hash = 1 + iota
	MD4
	MD5
	SHA1
	SHA224
	SHA256
	SHA384
	SHA512
	SHA512_224
	SHA512_256
	SM3
	GOST34112012256
	GOST34112012512
)

type ISafeBagData added in v1.0.2033 

type ISafeBagData interface {
	// Attributes return the PKCS12AttrSet of the safe bag
	Attributes() map[string]string

	// Data
	Data() []byte

	// Attrs
	Attrs() PKCS12Attributes

	// FriendlyName return the value of `friendlyName`
	// attribute if exists, otherwise it will return empty string
	FriendlyName() string
}

SafeBagData

type Key 

type Key interface {
	// 包装默认证书
	MarshalPrivateKey(privateKey crypto.PrivateKey) (pkData []byte, err error)

	// 包装 PKCS8 证书
	MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) (pkData []byte, err error)

	// 解析 PKCS8 证书
	ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
}

Key 接口

type KeyDSA 

type KeyDSA struct{}

DSA

func (KeyDSA) MarshalPKCS8PrivateKey 

func (this KeyDSA) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyDSA) MarshalPrivateKey 

func (this KeyDSA) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyDSA) ParsePKCS8PrivateKey 

func (this KeyDSA) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type KeyEcdsa 

type KeyEcdsa struct{}

Ecdsa

func (KeyEcdsa) MarshalPKCS8PrivateKey 

func (this KeyEcdsa) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyEcdsa) MarshalPrivateKey 

func (this KeyEcdsa) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyEcdsa) ParsePKCS8PrivateKey 

func (this KeyEcdsa) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type KeyEdDSA 

type KeyEdDSA struct{}

EdDSA

func (KeyEdDSA) MarshalPKCS8PrivateKey 

func (this KeyEdDSA) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyEdDSA) MarshalPrivateKey 

func (this KeyEdDSA) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyEdDSA) ParsePKCS8PrivateKey 

func (this KeyEdDSA) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type KeyFunc added in v1.0.2032 

type KeyFunc = func() Key

方法

func GetKey added in v1.0.2016 

func GetKey(name string) (KeyFunc, error)

获取 Key

type KeyGost added in v1.0.2050 

type KeyGost struct{}

Gost

func (KeyGost) MarshalPKCS8PrivateKey added in v1.0.2050 

func (this KeyGost) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyGost) MarshalPrivateKey added in v1.0.2050 

func (this KeyGost) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyGost) ParsePKCS8PrivateKey added in v1.0.2050 

func (this KeyGost) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type KeyKDFOpts added in v1.0.2031 

type KeyKDFOpts = pbes2.KDFOpts

KDF 设置接口

type KeyRsa 

type KeyRsa struct{}

rsa

func (KeyRsa) MarshalPKCS8PrivateKey 

func (this KeyRsa) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyRsa) MarshalPrivateKey 

func (this KeyRsa) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeyRsa) ParsePKCS8PrivateKey 

func (this KeyRsa) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type KeySM2 

type KeySM2 struct{}

SM2

func (KeySM2) MarshalPKCS8PrivateKey 

func (this KeySM2) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeySM2) MarshalPrivateKey 

func (this KeySM2) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)

包装

func (KeySM2) ParsePKCS8PrivateKey 

func (this KeySM2) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)

解析

type Keys added in v1.0.2032 

type Keys struct {
	// contains filtered or unexported fields
}

Key 数据

func CloneKeys added in v1.0.2032 

func CloneKeys() *Keys

克隆

func NewKeys added in v1.0.2032 

func NewKeys() *Keys

func (*Keys) AddKey added in v1.0.2032 

func (this *Keys) AddKey(name string, key KeyFunc)

添加 Key

func (*Keys) All added in v1.0.2032 

func (this *Keys) All() map[string]KeyFunc

全部

func (*Keys) Clone added in v1.0.2032 

func (this *Keys) Clone() *Keys

克隆

func (*Keys) GetKey added in v1.0.2032 

func (this *Keys) GetKey(name string) (KeyFunc, error)

获取 Key

type MacData added in v1.0.2032 

type MacData struct {
	Mac        DigestInfo
	MacSalt    []byte
	Iterations int `asn1:"optional,default:1"`
}

func (MacData) Verify added in v1.0.2032 

func (this MacData) Verify(message []byte, password []byte) (err error)

type MacKDFOpts added in v1.0.2031 

type MacKDFOpts interface {
	// 构造
	Compute(message []byte, password []byte) (data MacKDFParameters, err error)
}

KDF 设置接口

type MacKDFParameters added in v1.0.2031 

type MacKDFParameters interface {
	// 验证
	Verify(message []byte, password []byte) (err error)
}

数据接口

type MacOpts 

type MacOpts struct {
	SaltSize       int // 8
	IterationCount int // 1
	HMACHash       Hash
}

mac 配置

func (MacOpts) Compute 

func (this MacOpts) Compute(message []byte, password []byte) (data MacKDFParameters, err error)

type NotImplementedError 

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error 

func (e NotImplementedError) Error() string

type Opts 

type Opts struct {
	KeyCipher   Cipher
	KeyKDFOpts  KeyKDFOpts
	CertCipher  Cipher
	CertKDFOpts CertKDFOpts
	MacKDFOpts  MacKDFOpts
}

配置

func (Opts) WithCertCipher added in v1.0.2031 

func (this Opts) WithCertCipher(cipher Cipher) Opts

func (Opts) WithCertKDFOpts added in v1.0.2031 

func (this Opts) WithCertKDFOpts(opts CertKDFOpts) Opts

func (Opts) WithKeyCipher added in v1.0.2031 

func (this Opts) WithKeyCipher(cipher Cipher) Opts

func (Opts) WithKeyKDFOpts added in v1.0.2031 

func (this Opts) WithKeyKDFOpts(opts KeyKDFOpts) Opts

func (Opts) WithMacKDFOpts added in v1.0.2031 

func (this Opts) WithMacKDFOpts(opts MacKDFOpts) Opts

type PBKDF2Opts added in v1.0.2031 

type PBKDF2Opts = pbes2.PBKDF2Opts

PBKDF2 配置

type PKCS12 added in v1.0.2033 

type PKCS12 struct {
	// contains filtered or unexported fields
}

PKCS12 结构

func LoadPKCS12FromBytes added in v1.0.2033 

func LoadPKCS12FromBytes(data []byte, password string) (*PKCS12, error)

LoadPKCS12FromBytes loads the key store from the bytes data.

func LoadPKCS12FromReader added in v1.0.2033 

func LoadPKCS12FromReader(reader io.Reader, password string) (*PKCS12, error)

LoadPKCS12FromReader loads the key store from the specified file.

func NewPKCS12 added in v1.0.2033 

func NewPKCS12() *PKCS12

func (*PKCS12) AddCRL added in v1.0.2034 

func (this *PKCS12) AddCRL(crl *pkix.CertificateList) error

func (*PKCS12) AddCRLBytes added in v1.0.2034 

func (this *PKCS12) AddCRLBytes(crl []byte)

func (*PKCS12) AddCaCert added in v1.0.2033 

func (this *PKCS12) AddCaCert(ca *x509.Certificate)

func (*PKCS12) AddCaCertBytes added in v1.0.2033 

func (this *PKCS12) AddCaCertBytes(ca []byte)

func (*PKCS12) AddCaCerts added in v1.0.2033 

func (this *PKCS12) AddCaCerts(caCerts []*x509.Certificate)

func (*PKCS12) AddCaCertsBytes added in v1.0.2033 

func (this *PKCS12) AddCaCertsBytes(caCerts [][]byte)

func (*PKCS12) AddCert added in v1.0.2033 

func (this *PKCS12) AddCert(cert *x509.Certificate)

func (*PKCS12) AddCertBytes added in v1.0.2033 

func (this *PKCS12) AddCertBytes(cert []byte)

func (*PKCS12) AddPrivateKey added in v1.0.2033 

func (this *PKCS12) AddPrivateKey(privateKey crypto.PrivateKey) error

func (*PKCS12) AddPrivateKeyBytes added in v1.0.2033 

func (this *PKCS12) AddPrivateKeyBytes(privateKey []byte)

func (*PKCS12) AddSdsiCertBytes added in v1.0.2034 

func (this *PKCS12) AddSdsiCertBytes(cert []byte)

func (*PKCS12) AddSecretKey added in v1.0.2033 

func (this *PKCS12) AddSecretKey(secretKey []byte)

func (*PKCS12) AddTrustStore added in v1.0.2033 

func (this *PKCS12) AddTrustStore(cert *x509.Certificate)

func (*PKCS12) AddTrustStoreEntries added in v1.0.2033 

func (this *PKCS12) AddTrustStoreEntries(entries []TrustStoreData)

func (*PKCS12) AddTrustStoreEntry added in v1.0.2033 

func (this *PKCS12) AddTrustStoreEntry(cert *x509.Certificate, friendlyName string)

func (*PKCS12) AddTrustStoreEntryBytes added in v1.0.2033 

func (this *PKCS12) AddTrustStoreEntryBytes(cert []byte, friendlyName string)

func (*PKCS12) AddTrustStores added in v1.0.2033 

func (this *PKCS12) AddTrustStores(certs []*x509.Certificate)

func (*PKCS12) GetCRL added in v1.0.2034 

func (this *PKCS12) GetCRL() (crl *pkix.CertificateList, attrs PKCS12Attributes, err error)

func (*PKCS12) GetCRLBytes added in v1.0.2034 

func (this *PKCS12) GetCRLBytes() (crl []byte, attrs PKCS12Attributes, err error)

func (*PKCS12) GetCaCerts added in v1.0.2033 

func (this *PKCS12) GetCaCerts() (caCerts []*x509.Certificate, err error)

func (*PKCS12) GetCaCertsBytes added in v1.0.2033 

func (this *PKCS12) GetCaCertsBytes() (caCerts [][]byte, err error)

func (*PKCS12) GetCert added in v1.0.2033 

func (this *PKCS12) GetCert() (cert *x509.Certificate, attrs PKCS12Attributes, err error)

func (*PKCS12) GetCertBytes added in v1.0.2033 

func (this *PKCS12) GetCertBytes() (cert []byte, attrs PKCS12Attributes, err error)

func (*PKCS12) GetPrivateKey added in v1.0.2033 

func (this *PKCS12) GetPrivateKey() (prikey crypto.PrivateKey, attrs PKCS12Attributes, err error)

func (*PKCS12) GetPrivateKeyBytes added in v1.0.2033 

func (this *PKCS12) GetPrivateKeyBytes() (prikey []byte, attrs PKCS12Attributes, err error)

func (*PKCS12) GetSdsiCertBytes added in v1.0.2034 

func (this *PKCS12) GetSdsiCertBytes() (cert []byte, attrs PKCS12Attributes, err error)

func (*PKCS12) GetSecretKey added in v1.0.2033 

func (this *PKCS12) GetSecretKey() (secretKey []byte, attrs PKCS12Attributes, err error)

func (*PKCS12) GetTrustStoreEntries added in v1.0.2033 

func (this *PKCS12) GetTrustStoreEntries() (trustStores []trustStoreKeyData, err error)

func (*PKCS12) GetTrustStoreEntriesBytes added in v1.0.2033 

func (this *PKCS12) GetTrustStoreEntriesBytes() (trustStores []trustStoreKeyDataBytes, err error)

func (*PKCS12) GetTrustStores added in v1.0.2033 

func (this *PKCS12) GetTrustStores() (trustStores []*x509.Certificate, err error)

func (*PKCS12) GetTrustStoresBytes added in v1.0.2033 

func (this *PKCS12) GetTrustStoresBytes() (trustStores [][]byte, err error)

func (*PKCS12) GetUnknowsBytes added in v1.0.2034 

func (this *PKCS12) GetUnknowsBytes() (unknowDatas []unknowDataBytes, err error)

func (*PKCS12) HasCRL added in v1.0.2034 

func (this *PKCS12) HasCRL() bool

func (*PKCS12) HasCaCert added in v1.0.2033 

func (this *PKCS12) HasCaCert() bool

func (*PKCS12) HasCert added in v1.0.2033 

func (this *PKCS12) HasCert() bool

func (*PKCS12) HasPrivateKey added in v1.0.2033 

func (this *PKCS12) HasPrivateKey() bool

func (*PKCS12) HasSdsiCert added in v1.0.2034 

func (this *PKCS12) HasSdsiCert() bool

func (*PKCS12) HasSecretKey added in v1.0.2033 

func (this *PKCS12) HasSecretKey() bool

func (*PKCS12) HasTrustStore added in v1.0.2033 

func (this *PKCS12) HasTrustStore() bool

func (*PKCS12) HasUnknow added in v1.0.2034 

func (this *PKCS12) HasUnknow() bool

func (*PKCS12) Marshal added in v1.0.2033 

func (this *PKCS12) Marshal(rand io.Reader, password string, opts ...Opts) (pfxData []byte, err error)

func (*PKCS12) Parse added in v1.0.2033 

func (this *PKCS12) Parse(pfxData []byte, password string) (*PKCS12, error)

解析

func (*PKCS12) String added in v1.0.2033 

func (this *PKCS12) String() string

func (*PKCS12) ToOriginalPEM added in v1.0.2033 

func (this *PKCS12) ToOriginalPEM() ([]*pem.Block, error)

生成原始数据的PEM证书

func (*PKCS12) ToPEM added in v1.0.2033 

func (this *PKCS12) ToPEM() ([]*pem.Block, error)

生成PEM证书

func (*PKCS12) WithEnvelopedOpts added in v1.0.2034 

func (this *PKCS12) WithEnvelopedOpts(opts EnvelopedOpts) *PKCS12

func (*PKCS12) WithLocalKeyId added in v1.0.2034 

func (this *PKCS12) WithLocalKeyId(id []byte) *PKCS12

type PKCS12Attribute added in v1.0.2032 

type PKCS12Attribute struct {
	Id    asn1.ObjectIdentifier
	Value asn1.RawValue `asn1:"set"`
}

type PKCS12Attributes added in v1.0.2033 

type PKCS12Attributes struct {
	// contains filtered or unexported fields
}

额外数据

func NewPKCS12Attributes added in v1.0.2033 

func NewPKCS12Attributes(attrs []PKCS12Attribute) PKCS12Attributes

func NewPKCS12AttributesEmpty added in v1.0.2033 

func NewPKCS12AttributesEmpty() PKCS12Attributes

func (PKCS12Attributes) Attributes added in v1.0.2033 

func (this PKCS12Attributes) Attributes() []PKCS12Attribute

数据

func (PKCS12Attributes) GetAttr added in v1.0.2034 

func (this PKCS12Attributes) GetAttr(name string) string

获取

func (PKCS12Attributes) HasAttr added in v1.0.2034 

func (this PKCS12Attributes) HasAttr(name string) bool

判断

func (PKCS12Attributes) Names added in v1.0.2039 

func (this PKCS12Attributes) Names() []string

键值列表

func (PKCS12Attributes) String added in v1.0.2033 

func (this PKCS12Attributes) String() string

返回字符

func (PKCS12Attributes) ToArray added in v1.0.2033 

func (this PKCS12Attributes) ToArray() map[string]string

返回数据

func (PKCS12Attributes) Verify added in v1.0.2033 

func (this PKCS12Attributes) Verify(data []byte) bool

验证签名数据

type PfxPdu added in v1.0.2032 

type PfxPdu struct {
	Version  int
	AuthSafe ContentInfo
	MacData  MacData `asn1:"optional"`
}

type SafeBag added in v1.0.2032 

type SafeBag struct {
	Id         asn1.ObjectIdentifier
	Value      asn1.RawValue     `asn1:"tag:0,explicit"`
	Attributes []PKCS12Attribute `asn1:"set,optional"`
}

type SafeBagData added in v1.0.2033 

type SafeBagData struct {
	// contains filtered or unexported fields
}

func NewSafeBagData added in v1.0.2033 

func NewSafeBagData(data []byte, attrs PKCS12Attributes) SafeBagData

func NewSafeBagDataWithAttrs added in v1.0.2033 

func NewSafeBagDataWithAttrs(data []byte, attrs []PKCS12Attribute) SafeBagData

func (SafeBagData) Attributes added in v1.0.2033 

func (this SafeBagData) Attributes() map[string]string

func (SafeBagData) Attrs added in v1.0.2033 

func (this SafeBagData) Attrs() PKCS12Attributes

func (SafeBagData) Data added in v1.0.2033 

func (this SafeBagData) Data() []byte

func (SafeBagData) FriendlyName added in v1.0.2033 

func (this SafeBagData) FriendlyName() string

type ScryptOpts added in v1.0.2031 

type ScryptOpts = pbes2.ScryptOpts

Scrypt 配置

type TrustStoreData added in v1.0.2033 

type TrustStoreData struct {
	Cert         []byte
	FriendlyName string
}

TrustStoreData represents an entry in a Java TrustStore.

func NewTrustStoreData added in v1.0.2033 

func NewTrustStoreData(cert *x509.Certificate, friendlyName string) TrustStoreData

type TrustStoreEntry 

type TrustStoreEntry struct {
	Cert         *x509.Certificate
	FriendlyName string
}

TrustStoreEntry represents an entry in a Java TrustStore.

type TrustStoreKey added in v1.0.2031 

type TrustStoreKey interface {
	// Attributes return the PKCS12AttrSet of the safe bag
	// https://tools.ietf.org/html/rfc7292#section-4.2
	Attributes() map[string]string
	// Cert
	Cert() *x509.Certificate
	// FriendlyName return the value of `friendlyName`
	// attribute if exists, otherwise it will return empty string
	FriendlyName() string
}

func DecodeTrustStoreEntries added in v1.0.2031 

func DecodeTrustStoreEntries(pfxData []byte, password string) (trustStoreKeys []TrustStoreKey, err error)

DecodeTrustStoreEntries extracts the certificates from pfxData, which must be a DER-encoded

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.