pkix

package
v0.0.0-...-ebee8aa Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2014 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateCertificateAuthority

func CreateCertificateAuthority(key *Key) (*Certificate, *CertificateAuthorityInfo, error)

CreateCertificateAuthority creates Certificate Authority using existing key. CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.

func GenerateSubjectKeyId

func GenerateSubjectKeyId(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyId generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

Types

type Certificate

type Certificate struct {
	// contains filtered or unexported fields
}

func CreateCertificateHost

func CreateCertificateHost(crtAuth *Certificate, info *CertificateAuthorityInfo, keyAuth *Key, csr *CertificateSigningRequest) (*Certificate, error)

CreateCertificateHost creates certificate for host. The arguments include CA certificate, CA certificate info, CA key, certificate request.

func NewCertificateFromDER

func NewCertificateFromDER(derBytes []byte) *Certificate

NewCertificateFromDER inits Certificate from DER-format bytes

func NewCertificateFromPEM

func NewCertificateFromPEM(data []byte) (c *Certificate, err error)

NewCertificateFromPEM inits Certificate from PEM-format bytes data should contain at most one certificate

func (*Certificate) CheckAuthority

func (c *Certificate) CheckAuthority() error

CheckAuthority checks the authority of certificate against itself. It only ensures that certificate is self-explanatory, and cannot promise the validity and security.

func (*Certificate) Export

func (c *Certificate) Export() ([]byte, error)

Export returns PEM-format bytes

func (*Certificate) GetExpirationDuration

func (c *Certificate) GetExpirationDuration() time.Duration

GetExpirationDuration gets time duration before expiration

func (*Certificate) GetRawCertificate

func (c *Certificate) GetRawCertificate() (*x509.Certificate, error)

GetRawCertificate returns a copy of this certificate as an x509.Certificate

func (*Certificate) VerifyHost

func (c *Certificate) VerifyHost(hostCert *Certificate, name string) error

VerifyHost verifies the host certificate using host name. Only certificate of authority could call this function successfully. Current implementation allows one CA and direct hosts only, so the organization is always this:

       CA
host1 host2 host3

type CertificateAuthorityInfo

type CertificateAuthorityInfo struct {
	// SerialNumber that has been used so far
	// Recorded to ensure all serial numbers issued by the CA are different
	SerialNumber *big.Int
}

CertificateAuthorityInfo includes extra information required for CA

func NewCertificateAuthorityInfo

func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo

func NewCertificateAuthorityInfoFromJSON

func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)

func (*CertificateAuthorityInfo) Export

func (n *CertificateAuthorityInfo) Export() ([]byte, error)

func (*CertificateAuthorityInfo) IncSerialNumber

func (n *CertificateAuthorityInfo) IncSerialNumber()

type CertificateSigningRequest

type CertificateSigningRequest struct {
	// contains filtered or unexported fields
}

func CreateCertificateSigningRequest

func CreateCertificateSigningRequest(key *Key, name string, ip string) (*CertificateSigningRequest, error)

func NewCertificateSigningRequestFromDER

func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest

NewCertificateSigningRequestFromDER inits CertificateSigningRequest from DER-format bytes

func NewCertificateSigningRequestFromPEM

func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)

NewCertificateSigningRequestFromPEM inits CertificateSigningRequest from PEM-format bytes data should contain at most one certificate

func (*CertificateSigningRequest) CheckSignature

func (c *CertificateSigningRequest) CheckSignature() error

CheckSignature verifies that the signature is a valid signature using the public key in CertificateSigningRequest.

func (*CertificateSigningRequest) Export

func (c *CertificateSigningRequest) Export() ([]byte, error)

Export returns PEM-format bytes

func (*CertificateSigningRequest) GetRawCertificateSigningRequest

func (c *CertificateSigningRequest) GetRawCertificateSigningRequest() (*pkcs10.CertificateSigningRequest, error)

GetRawCertificateSigningRequest returns a copy of this certificate request as an pkcs10.Certificate

type Key

type Key struct {
	Public  crypto.PublicKey
	Private crypto.PrivateKey
}

func CreateRSAKey

func CreateRSAKey(rsaBits int) (*Key, error)

CreateRSAKey creates a new Key using RSA algorithm

func NewKey

func NewKey(pub crypto.PublicKey, priv crypto.PrivateKey) *Key

func NewKeyFromEncryptedPrivateKeyPEM

func NewKeyFromEncryptedPrivateKeyPEM(data []byte, password []byte) (*Key, error)

NewKeyFromEncryptedPrivateKeyPEM inits Key from encrypted PEM-format rsa private key bytes

func NewKeyFromPrivateKeyPEM

func NewKeyFromPrivateKeyPEM(data []byte) (*Key, error)

NewKeyFromPrivateKeyPEM inits Key from PEM-format rsa private key bytes

func (*Key) ExportEncryptedPrivate

func (k *Key) ExportEncryptedPrivate(password []byte) ([]byte, error)

ExportEncryptedPrivate exports encrypted PEM-format private key

func (*Key) ExportPrivate

func (k *Key) ExportPrivate() ([]byte, error)

ExportPrivate exports PEM-format private key

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL