verify

package

v0.3.1 Latest Latest Go to latest Published: Jul 5, 2019 License: AGPL-3.0 Imports: 21 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Safing/portmaster

Links

Open Source Insights

Documentation ¶

Index ¶

func CheckKnownRevocation(verifiedChain []*x509.Certificate) (bool, error)
func CheckRecovation(verifiedChain []*x509.Certificate) (bool, error)
func CheckSignatures(name string, chain []*x509.Certificate) ([]*x509.Certificate, error)
func FullCheck(name string, chain []*x509.Certificate) (bool, error)
func FullCheckBytes(name string, certBytes [][]byte) (bool, error)
func GetOrFetchCert(urls []string) (*x509.Certificate, error)
func GetOrFetchIssuer(cert *x509.Certificate) (*x509.Certificate, error)
func ImportCert(urls []string) (*x509.Certificate, error)
func ParsePEMCertificate(certPEM []byte) (*x509.Certificate, error)
func UpdateCRL(caInfo *CARevocationInfo, ca *x509.Certificate, caID string) error
type CARevocationInfo
- func GetCARevocationInfo(name string) (*CARevocationInfo, error)
- func GetCARevocationInfoFromNamespace(namespace string, name string) (*CARevocationInfo, error)
type Cert

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CheckKnownRevocation ¶

func CheckKnownRevocation(verifiedChain []*x509.Certificate) (bool, error)

func CheckRecovation ¶

func CheckRecovation(verifiedChain []*x509.Certificate) (bool, error)

func CheckSignatures ¶

func CheckSignatures(name string, chain []*x509.Certificate) ([]*x509.Certificate, error)

func FullCheck ¶

func FullCheck(name string, chain []*x509.Certificate) (bool, error)

FullCheck does a full certificate check. Calls CheckSignatures, CheckRecovation and CheckCertificateTransparency(TODO).

func FullCheckBytes ¶

func FullCheckBytes(name string, certBytes [][]byte) (bool, error)

FullCheckBytes does a full certificate check, certificates are provided as raw bytes. It parses the raw certificates and calls FullCheck.

func GetOrFetchCert ¶

func GetOrFetchCert(urls []string) (*x509.Certificate, error)

func GetOrFetchIssuer ¶

func GetOrFetchIssuer(cert *x509.Certificate) (*x509.Certificate, error)

func ImportCert ¶

func ImportCert(urls []string) (*x509.Certificate, error)

func ParsePEMCertificate ¶

func ParsePEMCertificate(certPEM []byte) (*x509.Certificate, error)

ParsePEMCertificate parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.

func UpdateCRL ¶

func UpdateCRL(caInfo *CARevocationInfo, ca *x509.Certificate, caID string) error

UpdateCRL fetches and imports the CRL belonging to a CA, if expired.

Types ¶

type CARevocationInfo ¶

type CARevocationInfo struct {
	record.Record

	CRLDistributionPoints []string
	OCSPServers           []string
	CertificateURLs       []string

	LastCRLUpdate int64
	NextCRLUpdate int64

	Raw []byte

	Expires int64
	// contains filtered or unexported fields
}

CARevocationInfo saves Information on revokation of Certificates of a Certificate Authority.

func GetCARevocationInfo ¶

func GetCARevocationInfo(name string) (*CARevocationInfo, error)

GetCARevocationInfo fetches CARevocationInfo with the provided name from the default namespace.

func GetCARevocationInfoFromNamespace ¶

func GetCARevocationInfoFromNamespace(namespace string, name string) (*CARevocationInfo, error)

GetCARevocationInfoFromNamespace fetches CARevocationInfo with the provided name from the provided namespace.

func (*CARevocationInfo) Create ¶

func (m *CARevocationInfo) Create(name string) error

Create saves CARevocationInfo with the provided name in the default namespace.

func (*CARevocationInfo) CreateInNamespace ¶

func (m *CARevocationInfo) CreateInNamespace(namespace string, name string) error

CreateInNamespace saves CARevocationInfo with the provided name in the provided namespace.

func (*CARevocationInfo) CreateRevokedCert ¶

func (m *CARevocationInfo) CreateRevokedCert(cert *Cert, serialNumber *big.Int) error

func (*CARevocationInfo) GetRevokedCert ¶

func (m *CARevocationInfo) GetRevokedCert(serialNumber *big.Int) (*Cert, error)

func (*CARevocationInfo) Save ¶

func (m *CARevocationInfo) Save() error

Save saves CARevocationInfo.

func (*CARevocationInfo) UpdateCRLDistributionPoints ¶

func (m *CARevocationInfo) UpdateCRLDistributionPoints(newCRLDistributionPoints []string)

UpdateCRLDistributionPoints updates the CRL Distribution Points with new urls

type Cert ¶

type Cert struct {
	record.Record

	Raw []byte

	RevokedWithCRL    bool `*:",omitempty"`
	RevokedWithOneCRL bool `*:",omitempty"`
	RevokedWithCRLSet bool `*:",omitempty"`
	RevokedWithOCSP   bool `*:",omitempty"`

	OCSPFailed     bool
	NextOCSPUpdate int64

	LastSeen int64
	Expires  int64
	// contains filtered or unexported fields
}

Cert saves a certificate.

func GetCertFromNamespace ¶

func GetCertFromNamespace(namespace string, name string) (*Cert, error)

GetCertFromNamespace gets Cert with the provided name from the provided namespace.

func GetCertWithSPKI ¶

func GetCertWithSPKI(spki []byte) (*Cert, error)

GetCertWithSPKI fetches Cert from the default namespace using the certificate SPKI as the key.

func GetCertWithURL ¶

func GetCertWithURL(url string) (*Cert, error)

GetCertWithURL fetches Cert from the default namespace using the certificate URL as the key.

func GetRevokedCert ¶

func GetRevokedCert(caID string, serialNumber *big.Int) (*Cert, error)

GetRevokedCert gets Cert from its CA's namespace with its Serial Number

func UpdateOCSP ¶

func UpdateOCSP(rCert *Cert, cert, ca *x509.Certificate, caID string) (*Cert, error)

func (*Cert) CreateInNamespace ¶

func (m *Cert) CreateInNamespace(namespace string, name string) error

CreateInNamespace saves Cert with the provided name in the provided namespace.

func (*Cert) CreateRevokedCert ¶

func (m *Cert) CreateRevokedCert(caID string, serialNumber *big.Int) error

CreateRevokedCert creates a new Cert in its CA's namespace with its Serial Number

func (*Cert) CreateWithSPKI ¶

func (m *Cert) CreateWithSPKI(spki []byte) error

CreateWithSPKI saves Cert in the default namespace using the certificate SPKI as the key.

func (*Cert) CreateWithUrl ¶

func (m *Cert) CreateWithUrl(url string) error

CreateWithUrl saves Cert in the default namespace using the certificate URL as the key.

func (*Cert) GetCertificate ¶

func (m *Cert) GetCertificate() (*x509.Certificate, error)

GetCertificate returns the underlying x509.Certificate

func (*Cert) IsRevoked ¶

func (m *Cert) IsRevoked(hardFail bool) bool

IsRevoked returns if the certificate has been revoked.

func (*Cert) RevocationStatus ¶

func (m *Cert) RevocationStatus(hardFail bool) string

RevocationStatus returns the status of the certificate in form of a string to be appended to something like "The certificate is ".

func (*Cert) Save ¶

func (m *Cert) Save() error

Save saves Cert.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL