x509

package
v0.0.0-...-956af9a Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 11, 2021 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var IncorrectPasswordError = errors.New("x509: decryption password incorrect")

IncorrectPasswordError is returned when an incorrect password is detected.

Functions

func DecryptPEMBlock 

func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

func EncryptPEMBlock 

func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error)

EncryptPEMBlock returns a PEM block of the specified type holding the given DER-encoded data encrypted with the specified algorithm and password.

func IsEncryptedPEMBlock 

func IsEncryptedPEMBlock(b *pem.Block) bool

IsEncryptedPEMBlock returns if the PEM block is password encrypted.

func ParseCRL 

func ParseCRL(crlBytes []byte) (certList *pkix.CertificateList, err error)

ParseCRL parses a CRL from the given bytes. It's often the case that PEM encoded CRLs will appear where they should be DER encoded, so this function will transparently handle PEM encoding as long as there isn't any leading garbage.

func ParseDERCRL 

func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error)

ParseDERCRL parses a DER encoded CRL from the given bytes.

Types

type Certificate 

type Certificate struct {
	Raw []byte

	Version      int
	SerialNumber *big.Int
	Issuer       string
	Subject      string

	IPAddresses []net.IP
	DNSNames    []string
	// contains filtered or unexported fields
}

A Certificate represents an X.509 certificate.

func ParseCertificate 

func ParseCertificate(asn1Data []byte) (*Certificate, error)

ParseCertificate parses a single certificate from the given ASN.1 DER data.

func ParseCertificatePEM 

func ParseCertificatePEM(pemData []byte) (*Certificate, error)

Helper function that calls encoding/pem to convert DER to PEM

func ParseCertificates 

func ParseCertificates(asn1Data []byte) ([]*Certificate, error)

ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.

func (*Certificate) DumpDERCertificate 

func (self *Certificate) DumpDERCertificate() ([]byte, error)

Export an OpenSSL X509 to a DER buffer

func (*Certificate) GetX509 

func (c *Certificate) GetX509() *C.X509

func (*Certificate) VerifyHostname 

func (c *Certificate) VerifyHostname(host string) error

VerifyHostname is a combination of CheckHost and CheckIP. If the provided hostname looks like an IP address, it will be checked as an IP address, otherwise it will be checked as a hostname. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

type CertificateRequest 

type CertificateRequest struct {
	// contains filtered or unexported fields
}

CertificateRequest represents a PKCS #10, certificate signature request.

func ParseCertificateRequest 

func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)

ParseCertificateRequest parses a single certificate request from the given ASN.1 DER data.

type CheckFlags 

type CheckFlags int
const (
	AlwaysCheckSubject CheckFlags = C.X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT
	NoWildcards        CheckFlags = C.X509_CHECK_FLAG_NO_WILDCARDS
)

type HostnameError 

type HostnameError struct {
	Certificate *Certificate
	Host        string
}

func (HostnameError) Error 

func (h HostnameError) Error() string

TODO(runcom): extract IPAddresses and DNSNames form cert and put in struct

type PEMCipher 

type PEMCipher int
const (
	PEMCipherDES PEMCipher
	PEMCipher3DES
	PEMCipherAES128
	PEMCipherAES192
	PEMCipherAES256
)

Possible values for the EncryptPEMBlock encryption algorithm.

type X509Name 

type X509Name struct {
	Name *C.X509_NAME
}

func (*X509Name) Print 

func (self *X509Name) Print() ([]byte, error)

type X509Store 

type X509Store struct {
	Store *C.X509_STORE
}

func NewX509Store 

func NewX509Store(ctx unsafe.Pointer) *X509Store

func (*X509Store) AddCert 

func (self *X509Store) AddCert(cert *Certificate) int

func (*X509Store) SetDepth 

func (self *X509Store) SetDepth(depth int) int

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.