pkix

package

v0.0.0-...-fe4d2ff Latest Latest Go to latest Published: May 2, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openebl/openebl

Documentation ¶

Index ¶

Constants
Variables
func CreateCertificateRevocationList(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
func CreateCertificateSigningRequest(privKey interface{}, country, organization, organizationalUnit []string, ...) ([]byte, error)
func CreatePrivateKey(opt PrivateKeyOption) (any, error)
func GetAuthorityKeyIDFromCertificateRevocationList(crl *x509.RevocationList) string
func GetFingerPrintFromCertificate(cert *x509.Certificate) string
func GetPublicKey(privKey any) any
func GetPublicKeyID(pubKey any) string
func GetSignerFromPrivateKey(key any) crypto.Signer
func GetSubjectKeyIDFromCertificate(cert *x509.Certificate) string
func IsPublicKeyOf(privKey any, pubKey any) bool
func IsPublicKeySupported(pubKey any) error
func MarshalCertificates(certs ...*x509.Certificate) (string, error)
func MarshalPrivateKey(privateKey any) (string, error)
func ParseCertificate(certRaw []byte) ([]*x509.Certificate, error)
func ParseCertificateRequest(certRequest []byte) (*x509.CertificateRequest, error)
func ParseCertificateRevocationList(crl []byte) (*x509.RevocationList, error)
func ParsePrivateKey(key []byte) (interface{}, error)
func Verify(certs []*x509.Certificate, rootCerts []*x509.Certificate, ts int64, ...) error
type CertRevocationChecker
type ECDSACurveType
type EmptyCertRevocationChecker
- func (EmptyCertRevocationChecker) IsCertsRevoked(ts int64, certs []*x509.Certificate) []*x509.Certificate
type PrivateKeyOption
type PrivateKeyType

Constants ¶

View Source

const (
	PrivateKeyTypeRSA   PrivateKeyType = "RSA"
	PrivateKeyTypeECDSA PrivateKeyType = "ECDSA"

	ECDSACurveTypeP256 ECDSACurveType = "P-256"
	ECDSACurveTypeP384 ECDSACurveType = "P-384"
	ECDSACurveTypeP521 ECDSACurveType = "P-521"
)

Variables ¶

View Source

var ErrInvalidParameter = errors.New("")

Functions ¶

func CreateCertificateRevocationList ¶

func CreateCertificateRevocationList(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)

func CreateCertificateSigningRequest ¶

func CreateCertificateSigningRequest(privKey interface{}, country, organization, organizationalUnit []string, commonName string) ([]byte, error)

func CreatePrivateKey ¶

func CreatePrivateKey(opt PrivateKeyOption) (any, error)

func GetAuthorityKeyIDFromCertificateRevocationList ¶

func GetAuthorityKeyIDFromCertificateRevocationList(crl *x509.RevocationList) string

func GetFingerPrintFromCertificate ¶

func GetFingerPrintFromCertificate(cert *x509.Certificate) string

func GetPublicKey ¶

func GetPublicKey(privKey any) any

func GetPublicKeyID ¶

func GetPublicKeyID(pubKey any) string

func GetSignerFromPrivateKey ¶

func GetSignerFromPrivateKey(key any) crypto.Signer

func GetSubjectKeyIDFromCertificate ¶

func GetSubjectKeyIDFromCertificate(cert *x509.Certificate) string

func IsPublicKeyOf ¶

func IsPublicKeyOf(privKey any, pubKey any) bool

func IsPublicKeySupported ¶

func IsPublicKeySupported(pubKey any) error

func MarshalCertificates ¶

func MarshalCertificates(certs ...*x509.Certificate) (string, error)

func MarshalPrivateKey ¶

func MarshalPrivateKey(privateKey any) (string, error)

func ParseCertificate ¶

func ParseCertificate(certRaw []byte) ([]*x509.Certificate, error)

func ParseCertificateRequest ¶

func ParseCertificateRequest(certRequest []byte) (*x509.CertificateRequest, error)

func ParseCertificateRevocationList ¶

func ParseCertificateRevocationList(crl []byte) (*x509.RevocationList, error)

func ParsePrivateKey ¶

func ParsePrivateKey(key []byte) (interface{}, error)

func Verify ¶

func Verify(certs []*x509.Certificate, rootCerts []*x509.Certificate, ts int64, revocationChecker CertRevocationChecker) error

Verify verifies the certificate chain of trust.

The first certificate in the chain is the end-entity certificate. The rest of the certificates are intermediate certificates.

The rootCerts parameter is optional. If provided, the rootCerts and the system preinstalled trusted certs are used to verify the certificate chain.

ts is the timestamp to verify the certificate chain. If ts is 0, the current time is used.

!!! Current implementation doesn't check KeyUsage extension for better new user migration.

Types ¶

type CertRevocationChecker ¶

type CertRevocationChecker interface {
	IsCertsRevoked(ts int64, certs []*x509.Certificate) []*x509.Certificate
}

type ECDSACurveType ¶

type ECDSACurveType string

type EmptyCertRevocationChecker ¶

type EmptyCertRevocationChecker struct{}

func (EmptyCertRevocationChecker) IsCertsRevoked ¶

func (EmptyCertRevocationChecker) IsCertsRevoked(ts int64, certs []*x509.Certificate) []*x509.Certificate

type PrivateKeyOption ¶

type PrivateKeyOption struct {
	KeyType   PrivateKeyType `json:"key_type"`   // Type of the private key.
	BitLength int            `json:"bit_length"` // Bit length of the private key. Only used when KeyType is RSA.
	CurveType ECDSACurveType `json:"curve_type"` // Curve type of the private key. Only used when KeyType is ECDSA.
}

type PrivateKeyType ¶

type PrivateKeyType string // PrivateKeyType is the type of the private key.

Source Files ¶

View all Source files

cert.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL