pkix

package

v0.0.0-...-4a5abb3 Latest Latest Go to latest Published: Dec 10, 2015 License: MIT Imports: 22 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dnascimento/symbios

Links

Open Source Insights

Documentation ¶

Index ¶

func CreateCertificateAuthority(key *Key, expires time.Time, organization string, country string) (*Certificate, *CertificateAuthorityInfo, error)
func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)
func ParseAndValidateIPs(ip_list string) (res []net.IP, e error)
type Certificate
type CertificateAuthorityInfo
- func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo
- func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)
- func (n *CertificateAuthorityInfo) Export() ([]byte, error)
- func (n *CertificateAuthorityInfo) IncSerialNumber()
type CertificateSigningRequest
type Key

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateCertificateAuthority ¶

func CreateCertificateAuthority(key *Key, expires time.Time, organization string, country string) (*Certificate, *CertificateAuthorityInfo, error)

CreateCertificateAuthority creates Certificate Authority using existing key. CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.

func GenerateSubjectKeyId ¶

func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyId generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

func ParseAndValidateIPs ¶

func ParseAndValidateIPs(ip_list string) (res []net.IP, e error)

Types ¶

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

func CreateCertificateHost ¶

func CreateCertificateHost(crtAuth *Certificate, info *CertificateAuthorityInfo, keyAuth *Key, csr *CertificateSigningRequest, days int) (*Certificate, error)

CreateCertificateHost creates certificate for host. The arguments include CA certificate, CA certificate info, CA key, certificate request.

func CreateUserCertificate ¶

func CreateUserCertificate(key *Key, username string, expires time.Time) (*Certificate, error)

CreateUserCertificate create a simple self-signed cert

func NewCertificateFromDER ¶

func NewCertificateFromDER(derBytes []byte) *Certificate

NewCertificateFromDER inits Certificate from DER-format bytes

func NewCertificateFromPEM ¶

func NewCertificateFromPEM(data []byte) (c *Certificate, err error)

NewCertificateFromPEM inits Certificate from PEM-format bytes data should contain at most one certificate

func (*Certificate) CheckAuthority ¶

func (c *Certificate) CheckAuthority() error

CheckAuthority checks the authority of certificate against itself. It only ensures that certificate is self-explanatory, and cannot promise the validity and security.

func (*Certificate) EncodeBase64 ¶

func (c *Certificate) EncodeBase64() (*string, error)

func (*Certificate) Export ¶

func (c *Certificate) Export() ([]byte, error)

Export returns PEM-format bytes

func (*Certificate) Fingerprint ¶

func (c *Certificate) Fingerprint() ([]byte, error)

func (*Certificate) GetExpirationDuration ¶

func (c *Certificate) GetExpirationDuration() time.Duration

GetExpirationDuration gets time duration before expiration

func (*Certificate) GetRawCertificate ¶

func (c *Certificate) GetRawCertificate() (*x509.Certificate, error)

GetRawCertificate returns a copy of this certificate as an x509.Certificate

func (*Certificate) Save ¶

func (c *Certificate) Save(out *string) error

func (*Certificate) VerifyFingerprint ¶

func (c *Certificate) VerifyFingerprint(expectedFingerprint *[]byte) error

func (*Certificate) VerifyHost ¶

func (c *Certificate) VerifyHost(hostCert *Certificate, name string) error

VerifyHost verifies the host certificate using host name. Only certificate of authority could call this function successfully. Current implementation allows one CA and direct hosts only, so the organization is always this:

       CA
host1 host2 host3

type CertificateAuthorityInfo ¶

type CertificateAuthorityInfo struct {
	// SerialNumber that has been used so far
	// Recorded to ensure all serial numbers issued by the CA are different
	SerialNumber *big.Int
}

CertificateAuthorityInfo includes extra information required for CA

func NewCertificateAuthorityInfo ¶

func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo

func NewCertificateAuthorityInfoFromJSON ¶

func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)

func (*CertificateAuthorityInfo) Export ¶

func (n *CertificateAuthorityInfo) Export() ([]byte, error)

func (*CertificateAuthorityInfo) IncSerialNumber ¶

func (n *CertificateAuthorityInfo) IncSerialNumber()

type CertificateSigningRequest ¶

type CertificateSigningRequest struct {
	// contains filtered or unexported fields
}

func CreateCertificateSigningRequest ¶

func CreateCertificateSigningRequest(key *Key, name string, ip_list string, domain_list string, organization string, country string) (*CertificateSigningRequest, error)

func NewCertificateSigningRequestFromDER ¶

func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest

NewCertificateSigningRequestFromDER inits CertificateSigningRequest from DER-format bytes

func NewCertificateSigningRequestFromPEM ¶

func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)

NewCertificateSigningRequestFromPEM inits CertificateSigningRequest from PEM-format bytes data should contain at most one certificate

func (*CertificateSigningRequest) CheckSignature ¶

func (c *CertificateSigningRequest) CheckSignature() error

CheckSignature verifies that the signature is a valid signature using the public key in CertificateSigningRequest.

func (*CertificateSigningRequest) Export ¶

func (c *CertificateSigningRequest) Export() ([]byte, error)

Export returns PEM-format bytes

func (*CertificateSigningRequest) GetCommonNameCertificateSigningRequest ¶

func (c *CertificateSigningRequest) GetCommonNameCertificateSigningRequest() (string, error)

func (*CertificateSigningRequest) GetRawCertificateSigningRequest ¶

func (c *CertificateSigningRequest) GetRawCertificateSigningRequest() (*x509.CertificateRequest, error)

GetRawCertificateSigningRequest returns a copy of this certificate request as an x509.CertificateRequest.

type Key ¶

type Key struct {
	Public  crypto.PublicKey
	Private crypto.PrivateKey
}

func CreateRSAKey ¶

func CreateRSAKey(rsaBits int) (*Key, error)

CreateRSAKey creates a new Key using RSA algorithm

func NewKey ¶

func NewKey(pub crypto.PublicKey, priv crypto.PrivateKey) *Key

func NewKeyFromEncryptedPrivateKeyPEM ¶

func NewKeyFromEncryptedPrivateKeyPEM(data []byte, password []byte) (*Key, error)

NewKeyFromEncryptedPrivateKeyPEM inits Key from encrypted PEM-format rsa private key bytes

func NewKeyFromPrivateKeyPEM ¶

func NewKeyFromPrivateKeyPEM(data []byte) (*Key, error)

NewKeyFromPrivateKeyPEM inits Key from PEM-format rsa private key bytes

func (*Key) ExportEncryptedPrivate ¶

func (k *Key) ExportEncryptedPrivate(password []byte) ([]byte, error)

ExportEncryptedPrivate exports encrypted PEM-format private key

func (*Key) ExportPrivate ¶

func (k *Key) ExportPrivate() ([]byte, error)

ExportPrivate exports PEM-format private key

func (*Key) SavePrivate ¶

func (k *Key) SavePrivate(out *string) error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL