pkix

package

v1.1.1 Latest Latest Go to latest Published: Sep 25, 2017 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cezmunsta/certstrap

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error)
func ParseAndValidateIPs(ipList string) (res []net.IP, err error)
type Certificate
type CertificateAuthorityInfo
- func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo
- func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)
- func (n *CertificateAuthorityInfo) Export() ([]byte, error)
- func (n *CertificateAuthorityInfo) IncSerialNumber()
type CertificateRevocationList
- func (c *CertificateRevocationList) Export() ([]byte, error)
type CertificateSigningRequest
type Key
- func (k *Key) ExportEncryptedPrivate(password []byte) ([]byte, error)
- func (k *Key) ExportPrivate() ([]byte, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateSubjectKeyID ¶

func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyID generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

func ParseAndValidateIPs ¶

func ParseAndValidateIPs(ipList string) (res []net.IP, err error)

ParseAndValidateIPs parses a comma-delimited list of IP addresses into an array of IP addresses

Types ¶

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate is a wrapper around a x509 Certificate and its DER-formatted bytes

func CreateCertificateAuthority ¶

func CreateCertificateAuthority(key *Key, organizationalUnit string, expiry time.Time, organization string, country string, province string, locality string, commonName string) (*Certificate, error)

CreateCertificateAuthority creates Certificate Authority using existing key. CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.

func CreateCertificateHost ¶

func CreateCertificateHost(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, proposedExpiry time.Time) (*Certificate, error)

CreateCertificateHost creates certificate for host. The arguments include CA certificate, CA key, certificate request.

func CreateIntermediateCertificateAuthority ¶ added in v1.1.0

func CreateIntermediateCertificateAuthority(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, proposedExpiry time.Time) (*Certificate, error)

CreateIntermediateCertificateAuthority creates an intermediate CA certificate signed by the given authority.

func NewCertificateFromDER ¶

func NewCertificateFromDER(derBytes []byte) *Certificate

NewCertificateFromDER inits Certificate from DER-format bytes

func NewCertificateFromPEM ¶

func NewCertificateFromPEM(data []byte) (c *Certificate, err error)

NewCertificateFromPEM inits Certificate from PEM-format bytes data should contain at most one certificate

func (*Certificate) CheckAuthority ¶

func (c *Certificate) CheckAuthority() error

CheckAuthority checks the authority of certificate against itself. It only ensures that certificate is self-explanatory, and cannot promise the validity and security.

func (*Certificate) Export ¶

func (c *Certificate) Export() ([]byte, error)

Export returns PEM-format bytes

func (*Certificate) GetExpirationDuration ¶

func (c *Certificate) GetExpirationDuration() time.Duration

GetExpirationDuration gets time duration before expiration

func (*Certificate) GetRawCertificate ¶

func (c *Certificate) GetRawCertificate() (*x509.Certificate, error)

GetRawCertificate returns a copy of this certificate as an x509.Certificate

func (*Certificate) VerifyHost ¶

func (c *Certificate) VerifyHost(hostCert *Certificate, name string) error

VerifyHost verifies the host certificate using host name. Only certificate of authority could call this function successfully. Current implementation allows one CA and direct hosts only, so the organization is always this:

       CA
host1 host2 host3

type CertificateAuthorityInfo ¶

type CertificateAuthorityInfo struct {
	// SerialNumber that has been used so far
	// Recorded to ensure all serial numbers issued by the CA are different
	SerialNumber *big.Int
}

CertificateAuthorityInfo includes extra information required for CA

func NewCertificateAuthorityInfo ¶

func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo

NewCertificateAuthorityInfo creates a new CertifaceAuthorityInfo with the given serial number

func NewCertificateAuthorityInfoFromJSON ¶

func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)

NewCertificateAuthorityInfoFromJSON creates a new CertifaceAuthorityInfo with the given JSON information

func (*CertificateAuthorityInfo) Export ¶

func (n *CertificateAuthorityInfo) Export() ([]byte, error)

Export transfers the serial number to a JSON format

func (*CertificateAuthorityInfo) IncSerialNumber ¶

func (n *CertificateAuthorityInfo) IncSerialNumber()

IncSerialNumber increments the given CA Info's serial number

type CertificateRevocationList ¶

type CertificateRevocationList struct {
	// contains filtered or unexported fields
}

CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes

func CreateCertificateRevocationList ¶

func CreateCertificateRevocationList(key *Key, ca *Certificate, expiry time.Time) (*CertificateRevocationList, error)

func NewCertificateRevocationListFromDER ¶

func NewCertificateRevocationListFromDER(derBytes []byte) *CertificateRevocationList

NewCertificateRevocationListFromDER inits CertificateRevocationList from DER-format bytes

func NewCertificateRevocationListFromPEM ¶

func NewCertificateRevocationListFromPEM(data []byte) (*CertificateRevocationList, error)

NewCertificateRevocationListFromPEM inits CertificateRevocationList from PEM-format bytes

func (*CertificateRevocationList) Export ¶

func (c *CertificateRevocationList) Export() ([]byte, error)

Export returns PEM-format bytes

type CertificateSigningRequest ¶

type CertificateSigningRequest struct {
	// contains filtered or unexported fields
}

CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes

func CreateCertificateSigningRequest ¶

func CreateCertificateSigningRequest(key *Key, organizationalUnit string, ipList []net.IP, domainList []string, organization string, country string, province string, locality string, commonName string) (*CertificateSigningRequest, error)

CreateCertificateSigningRequest sets up a request to create a csr file with the given parameters

func NewCertificateSigningRequestFromDER ¶

func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest

NewCertificateSigningRequestFromDER inits CertificateSigningRequest from DER-format bytes

func NewCertificateSigningRequestFromPEM ¶

func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)

NewCertificateSigningRequestFromPEM inits CertificateSigningRequest from PEM-format bytes data should contain at most one certificate

func (*CertificateSigningRequest) CheckSignature ¶

func (c *CertificateSigningRequest) CheckSignature() error

CheckSignature verifies that the signature is a valid signature using the public key in CertificateSigningRequest.

func (*CertificateSigningRequest) Export ¶

func (c *CertificateSigningRequest) Export() ([]byte, error)

Export returns PEM-format bytes

func (*CertificateSigningRequest) GetRawCertificateSigningRequest ¶

func (c *CertificateSigningRequest) GetRawCertificateSigningRequest() (*x509.CertificateRequest, error)

GetRawCertificateSigningRequest returns a copy of this certificate request as an x509.CertificateRequest.

type Key ¶

type Key struct {
	Public  crypto.PublicKey
	Private crypto.PrivateKey
}

Key contains a public-private keypair

func CreateRSAKey ¶

func CreateRSAKey(rsaBits int) (*Key, error)

CreateRSAKey creates a new Key using RSA algorithm

func NewKey ¶

func NewKey(pub crypto.PublicKey, priv crypto.PrivateKey) *Key

NewKey returns a new public-private keypair Key type

func NewKeyFromEncryptedPrivateKeyPEM ¶

func NewKeyFromEncryptedPrivateKeyPEM(data []byte, password []byte) (*Key, error)

NewKeyFromEncryptedPrivateKeyPEM inits Key from encrypted PEM-format rsa private key bytes

func NewKeyFromPrivateKeyPEM ¶

func NewKeyFromPrivateKeyPEM(data []byte) (*Key, error)

NewKeyFromPrivateKeyPEM inits Key from PEM-format rsa private key bytes

func (*Key) ExportEncryptedPrivate ¶

func (k *Key) ExportEncryptedPrivate(password []byte) ([]byte, error)

ExportEncryptedPrivate exports encrypted PEM-format private key

func (*Key) ExportPrivate ¶

func (k *Key) ExportPrivate() ([]byte, error)

ExportPrivate exports PEM-format private key

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL