Documentation ¶
Index ¶
- Constants
- Variables
- func B64Decode(str string) (buf []byte, err error)
- func B64Encode(buf []byte) string
- func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
- func CreateToken(csp apicryptosuite.CryptoSuite, cert []byte, key apicryptosuite.Key, ...) (string, error)
- func GenECDSAToken(csp apicryptosuite.CryptoSuite, cert []byte, key apicryptosuite.Key, ...) (string, error)
- func GetEnrollmentIDFromPEM(cert []byte) (string, error)
- func GetEnrollmentIDFromX509Certificate(cert *x509.Certificate) string
- func GetMaskedURL(url string) string
- func GetSerialAsHex(serial *big.Int) string
- func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
- func GetSignerFromSM2Cert(cert *sm2.Certificate, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
- func GetX509CertificateFromPEM(cert []byte) (*x509.Certificate, error)
- func HTTPRequestToString(req *http.Request) string
- func HTTPResponseToString(resp *http.Response) string
- func ImportBCCSPKeyFromPEM(keyFile string, myCSP apicryptosuite.CryptoSuite, temporary bool) (apicryptosuite.Key, error)
- func ImportBCCSPKeyFromPEMBytes(keyBuff []byte, myCSP apicryptosuite.CryptoSuite, temporary bool) (apicryptosuite.Key, error)
- func LoadX509KeyPair(certFile, keyFile string, csp apicryptosuite.CryptoSuite) (*tls.Certificate, error)
- func LoadX509KeyPairSM2(certFile, keyFile string, csp apicryptosuite.CryptoSuite) (*gtls.Certificate, error)
- func MakeFileAbs(file, dir string) (string, error)
- func Marshal(from interface{}, what string) ([]byte, error)
- func ParseSm2Certificate2X509(sm2Cert *sm2.Certificate) *x509.Certificate
- func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *sm2.Certificate
- func ReadFile(file string) ([]byte, error)
- func StructToString(si interface{}) string
- type ECDSASignature
Constants ¶
const SecretTag = "mask"
SecretTag to tag a field as secret as in password, token
Variables ¶
var ( // ErrNotImplemented used to return errors for functions not implemented ErrNotImplemented = errors.New("NOT YET IMPLEMENTED") )
var RevocationReasonCodes = map[string]int{ "unspecified": ocsp.Unspecified, "keycompromise": ocsp.KeyCompromise, "cacompromise": ocsp.CACompromise, "affiliationchanged": ocsp.AffiliationChanged, "superseded": ocsp.Superseded, "cessationofoperation": ocsp.CessationOfOperation, "certificatehold": ocsp.CertificateHold, "removefromcrl": ocsp.RemoveFromCRL, "privilegewithdrawn": ocsp.PrivilegeWithdrawn, "aacompromise": ocsp.AACompromise, }
RevocationReasonCodes is a map between string reason codes to integers as defined in RFC 5280
var URLRegex = regexp.MustCompile("(ldap|http)s*://(\\S+):(\\S+)@")
URLRegex is the regular expression to check if a value is an URL
Functions ¶
func BCCSPKeyRequestGenerate ¶
func BCCSPKeyRequestGenerate(req *csr.CertificateRequest, myCSP apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
BCCSPKeyRequestGenerate generates keys through BCCSP somewhat mirroring to cfssl/req.KeyRequest.Generate()
func CreateToken ¶
func CreateToken(csp apicryptosuite.CryptoSuite, cert []byte, key apicryptosuite.Key, body []byte) (string, error)
CreateToken creates a JWT-like token. In a normal JWT token, the format of the token created is:
<algorithm,claims,signature>
where each part is base64-encoded string separated by a period. In this JWT-like token, there are two differences:
- the claims section is a certificate, so the format is: <certificate,signature>
- the signature uses the private key associated with the certificate, and the signature is across both the certificate and the "body" argument, which is the body of an HTTP request, though could be any arbitrary bytes.
@param cert The pem-encoded certificate @param key The pem-encoded key @param body The body of an HTTP request
func GenECDSAToken ¶
func GenECDSAToken(csp apicryptosuite.CryptoSuite, cert []byte, key apicryptosuite.Key, body []byte) (string, error)
GenECDSAToken signs the http body and cert with ECDSA using EC private key
func GetEnrollmentIDFromPEM ¶
GetEnrollmentIDFromPEM returns the EnrollmentID from a PEM buffer
func GetEnrollmentIDFromX509Certificate ¶
func GetEnrollmentIDFromX509Certificate(cert *x509.Certificate) string
GetEnrollmentIDFromX509Certificate returns the EnrollmentID from the X509 certificate
func GetMaskedURL ¶
GetMaskedURL returns masked URL. It masks username and password from the URL if present
func GetSerialAsHex ¶
GetSerialAsHex returns the serial number from certificate as hex format
func GetSignerFromCert ¶
func GetSignerFromCert(cert *x509.Certificate, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
GetSignerFromCert load private key represented by ski and return bccsp signer that conforms to crypto.Signer
func GetSignerFromSM2Cert ¶
func GetSignerFromSM2Cert(cert *sm2.Certificate, csp apicryptosuite.CryptoSuite) (apicryptosuite.Key, crypto.Signer, error)
GetSignerFromSM2Cert load private key represented by ski and return bccsp signer that conforms to crypto.Signer
func GetX509CertificateFromPEM ¶
func GetX509CertificateFromPEM(cert []byte) (*x509.Certificate, error)
GetX509CertificateFromPEM get an X509 certificate from bytes in PEM format
func HTTPRequestToString ¶
HTTPRequestToString returns a string for an HTTP request for debuggging
func HTTPResponseToString ¶
HTTPResponseToString returns a string for an HTTP response for debuggging
func ImportBCCSPKeyFromPEM ¶
func ImportBCCSPKeyFromPEM(keyFile string, myCSP apicryptosuite.CryptoSuite, temporary bool) (apicryptosuite.Key, error)
ImportBCCSPKeyFromPEM attempts to create a private BCCSP key from a pem file keyFile
func ImportBCCSPKeyFromPEMBytes ¶
func ImportBCCSPKeyFromPEMBytes(keyBuff []byte, myCSP apicryptosuite.CryptoSuite, temporary bool) (apicryptosuite.Key, error)
ImportBCCSPKeyFromPEMBytes attempts to create a private BCCSP key from a pem byte slice
func LoadX509KeyPair ¶
func LoadX509KeyPair(certFile, keyFile string, csp apicryptosuite.CryptoSuite) (*tls.Certificate, error)
LoadX509KeyPair reads and parses a public/private key pair from a pair of files. The files must contain PEM encoded data. The certificate file may contain intermediate certificates following the leaf certificate to form a certificate chain. On successful return, Certificate.Leaf will be nil because the parsed form of the certificate is not retained.
This function originated from crypto/tls/tls.go and was adapted to use a BCCSP Signer
func LoadX509KeyPairSM2 ¶
func LoadX509KeyPairSM2(certFile, keyFile string, csp apicryptosuite.CryptoSuite) (*gtls.Certificate, error)
func MakeFileAbs ¶
MakeFileAbs makes 'file' absolute relative to 'dir' if not already absolute
func ParseSm2Certificate2X509 ¶
func ParseSm2Certificate2X509(sm2Cert *sm2.Certificate) *x509.Certificate
sm2 证书转换 x509 证书
func ParseX509Certificate2Sm2 ¶
func ParseX509Certificate2Sm2(x509Cert *x509.Certificate) *sm2.Certificate
X509证书格式转换为 SM2证书格式
func StructToString ¶
func StructToString(si interface{}) string
StructToString converts a struct to a string. If a field has a 'secret' tag, it is masked in the returned string
Types ¶
type ECDSASignature ¶
ECDSASignature forms the structure for R and S value for ECDSA