Package helpers implements utility functionality common to many CFSSL packages.
OneDay is a time.Duration representing a day's worth of seconds.
OneYear is a time.Duration representing a year's worth of seconds.
Apr2015 is the April 2015 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 39 months.
Jul2012 is the July 2012 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 5 years.
CreateTLSConfig creates a tls.Config object from certs and roots
DeserializeSCTList deserializes a list of SCTs.
EncodeCertificatePEM encodes a single x509 certificates to PEM
EncodeCertificatesPEM encodes a number of x509 certificates to PEM
ExpiryTime returns the time when the certificate chain is expired.
GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.
HashAlgoString returns the hash algorithm name contains in the signature method.
InclusiveDate returns the time.Time representation of a date - 1 nanosecond. This allows time.After to be used inclusively.
KeyLength returns the bit size of ECDSA or RSA PublicKey
LoadClientCertificate load key/certificate from pem files
LoadPEMCertPool loads a pool of PEM certificates from file.
MonthsValid returns the number of months for which a certificate is valid.
PEMToCertPool concerts PEM certificates to a CertPool.
ParseCSR parses a PEM- or DER-encoded PKCS #10 certificate signing request.
ParseCSRPEM parses a PEM-encoded certificate signing request. It does not check the signature. This is useful for dumping data from a CSR locally.
ParseCertificatePEM parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.
ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key, either PKCS #7, PKCS #12, or raw x509.
ParseCertificatesPEM parses a sequence of PEM-encoded certificate and returns them, can handle PEM encoded PKCS #7 structures.
ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object, either a raw x509 certificate or a PKCS #7 structure possibly containing multiple certificates, from the top of certsPEM, which itself may contain multiple PEM encoded certificate objects.
ParsePrivateKeyPEM parses and returns a PEM-encoded private key. The private key may be either an unencrypted PKCS#8, PKCS#1, or elliptic private key.
ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private key. The private key may be a potentially encrypted PKCS#8, PKCS#1, or elliptic private key.
ParseSelfSignedCertificatePEM parses a PEM-encoded certificate and check if it is self-signed.
ReadBytes reads a byte either from a file or an environment variable. If valFile has a prefix of 'env:', the byte is read from the environment using the subsequent name. If the prefix is 'file:' the byte is read from the subsequent file. If no prefix is provided, valFile is assumed to be a file path.
SCTListFromOCSPResponse extracts the SCTList from an ocsp.Response, returning an empty list if the SCT extension was not found or could not be unmarshalled.
SerializeSCTList serializes a list of SCTs.
SignatureString returns the TLS signature string corresponding to an X509 signature algorithm.
SignerAlgo returns an X.509 signature algorithm from a crypto.Signer.
StringTLSVersion returns underlying enum values from human names for TLS versions, defaults to current golang default of TLS 1.0
ValidExpiry determines if a certificate is valid for an acceptable length of time per the CA/Browser Forum baseline requirements. See https://cabforum.org/wp-content/uploads/CAB-Forum-BR-1.3.0.pdf
|derhelpers||Package derhelpers implements common functionality on DER encoded data|