certutil

package

v0.9.0 Latest Latest Go to latest Published: Jan 8, 2022 License: Apache-2.0 Imports: 18 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/go-phorce/dolly

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certutil provides utilities to work with certificates.

Index ¶

Variables
func CreatePoolFromPEM(pemBytes []byte) (*x509.CertPool, error)
func Digest(hash crypto.Hash, data []byte) []byte
func EncodeToPEM(out io.Writer, withComments bool, certs ...*x509.Certificate) error
func EncodeToPEMString(withComments bool, certs ...*x509.Certificate) (string, error)
func FindIssuer(crt *x509.Certificate, chain []*x509.Certificate, root *x509.Certificate) *x509.Certificate
func GetAuthorityKeyID(c *x509.Certificate) string
func GetIssuerID(c *x509.Certificate) string
func GetSubjectID(c *x509.Certificate) string
func GetSubjectKeyID(c *x509.Certificate) string
func GetThumbprintStr(c *x509.Certificate) string
func HashAlgoToStr(hash crypto.Hash) string
func HashToBase64URL(hash crypto.Hash, data []byte) string
func HashToHex(hash crypto.Hash, data []byte) string
func JoinPEM(p1, p2 []byte) []byte
func LoadAndVerifyBundleFromPEM(certFile, intCAFile, rootFile string) (*Bundle, *BundleStatus, error)
func LoadChainFromPEM(certFile string) ([]*x509.Certificate, error)
func LoadFromPEM(certFile string) (*x509.Certificate, error)
func LoadPEMFiles(files ...string) ([]byte, error)
func NameToString(name *pkix.Name) string
func NewHash(algo string) (hash.Hash, error)
func ParseChainFromPEM(certificateChainPem []byte) ([]*x509.Certificate, error)
func ParseFromPEM(bytes []byte) (*x509.Certificate, error)
func ParseHexDigestWithPrefix(digest string) (hash.Hash, []byte, error)
func Random(byteLength int) []byte
func RandomString(byteLength int) string
func SHA1(data []byte) []byte
func SHA1Base64(data []byte) string
func SHA1Hex(data []byte) string
func SHA256(data []byte) []byte
func SHA256Base64(data []byte) string
func SHA256Hex(data []byte) string
func StrToHashAlgo(algo string) crypto.Hash
func VerifyBundleFromPEM(certPEM, intCAPEM, rootPEM []byte) (bundle *Bundle, status *BundleStatus, err error)
type Bundle
- func SortBundlesByExpiration(bundles []*Bundle) []*Bundle
- func (b *Bundle) ExpiresInHours() time.Duration
type BundleStatus
- func (b *BundleStatus) IsExpiring() bool
- func (b *BundleStatus) IsUntrusted() bool

Constants ¶

This section is empty.

Variables ¶

View Source

var RandReader randSource = rand.Reader

RandReader is used so that it can be replaced in tests that require deterministic output

Functions ¶

func CreatePoolFromPEM ¶

func CreatePoolFromPEM(pemBytes []byte) (*x509.CertPool, error)

CreatePoolFromPEM returns CertPool from PEM encoded certs

func Digest ¶

func Digest(hash crypto.Hash, data []byte) []byte

Digest returns computed digest bytes

func EncodeToPEM ¶

func EncodeToPEM(out io.Writer, withComments bool, certs ...*x509.Certificate) error

EncodeToPEM converts certificates to PEM format, with optional comments

func EncodeToPEMString ¶

func EncodeToPEMString(withComments bool, certs ...*x509.Certificate) (string, error)

EncodeToPEMString converts certificates to PEM format, with optional comments

func FindIssuer ¶

func FindIssuer(crt *x509.Certificate, chain []*x509.Certificate, root *x509.Certificate) *x509.Certificate

FindIssuer returns an issuer cert

func GetAuthorityKeyID ¶

func GetAuthorityKeyID(c *x509.Certificate) string

GetAuthorityKeyID returns Authority Key Identifier

func GetIssuerID ¶

func GetIssuerID(c *x509.Certificate) string

GetIssuerID returns ID of the issuer. If present, it uses Authority Key Identifier, otherwise SHA1 of the Issuer name

func GetSubjectID ¶

func GetSubjectID(c *x509.Certificate) string

GetSubjectID returns ID of the cert. If present, it uses Subject Key Identifier, otherwise SHA1 of the Subject name

func GetSubjectKeyID ¶

func GetSubjectKeyID(c *x509.Certificate) string

GetSubjectKeyID returns Subject Key Identifier

func GetThumbprintStr ¶

func GetThumbprintStr(c *x509.Certificate) string

GetThumbprintStr returns hex-encoded SHA1 of the certificate

func HashAlgoToStr ¶

func HashAlgoToStr(hash crypto.Hash) string

HashAlgoToStr converts hash algorithm to string

func HashToBase64URL ¶ added in v0.9.0

func HashToBase64URL(hash crypto.Hash, data []byte) string

HashToBase64URL returns Base64URL encoded digest

func HashToHex ¶

func HashToHex(hash crypto.Hash, data []byte) string

HashToHex returns hex-encoded digest

func JoinPEM ¶ added in v0.9.0

func JoinPEM(p1, p2 []byte) []byte

JoinPEM returns concantenated PEM

func LoadAndVerifyBundleFromPEM ¶

func LoadAndVerifyBundleFromPEM(certFile, intCAFile, rootFile string) (*Bundle, *BundleStatus, error)

LoadAndVerifyBundleFromPEM constructs and verifies the cert chain

func LoadChainFromPEM ¶

func LoadChainFromPEM(certFile string) ([]*x509.Certificate, error)

LoadChainFromPEM returns Certificates loaded from the file

func LoadFromPEM ¶

func LoadFromPEM(certFile string) (*x509.Certificate, error)

LoadFromPEM returns Certificate loaded from the file

func LoadPEMFiles ¶ added in v0.9.0

func LoadPEMFiles(files ...string) ([]byte, error)

LoadPEMFiles loads and concantenates PEM files into one slice

func NameToString ¶

func NameToString(name *pkix.Name) string

NameToString converts Name to string, compatable with openssl output

func NewHash ¶

func NewHash(algo string) (hash.Hash, error)

NewHash returns hash instance

func ParseChainFromPEM ¶

func ParseChainFromPEM(certificateChainPem []byte) ([]*x509.Certificate, error)

ParseChainFromPEM returns Certificates parsed from PEM

func ParseFromPEM ¶

func ParseFromPEM(bytes []byte) (*x509.Certificate, error)

ParseFromPEM returns Certificate parsed from PEM

func ParseHexDigestWithPrefix ¶

func ParseHexDigestWithPrefix(digest string) (hash.Hash, []byte, error)

ParseHexDigestWithPrefix parses encoded digest in {alg}:{hex} format

func Random ¶

func Random(byteLength int) []byte

Random returns a randomly generated bytes of the requested length.

func RandomString ¶

func RandomString(byteLength int) string

RandomString returns a randomly generated string of the requested length.

func SHA1 ¶

func SHA1(data []byte) []byte

SHA1 returns SHA1 digest

func SHA1Base64 ¶ added in v0.9.0

func SHA1Base64(data []byte) string

SHA1Base64 returns Base64URL encoded SHA1

func SHA1Hex ¶

func SHA1Hex(data []byte) string

SHA1Hex returns hex-encoded SHA1

func SHA256 ¶

func SHA256(data []byte) []byte

SHA256 returns SHA256 digest

func SHA256Base64 ¶ added in v0.9.0

func SHA256Base64(data []byte) string

SHA256Base64 returns Base64URL encoded SHA256

func SHA256Hex ¶

func SHA256Hex(data []byte) string

SHA256Hex returns hex-encoded SHA256

func StrToHashAlgo ¶

func StrToHashAlgo(algo string) crypto.Hash

StrToHashAlgo converts string to hash algorithm

func VerifyBundleFromPEM ¶

func VerifyBundleFromPEM(certPEM, intCAPEM, rootPEM []byte) (bundle *Bundle, status *BundleStatus, err error)

VerifyBundleFromPEM constructs and verifies the cert chain

Types ¶

type Bundle ¶

type Bundle struct {
	// Chain does not include the root anchor
	Chain       []*x509.Certificate
	Cert        *x509.Certificate
	IssuerCert  *x509.Certificate
	RootCert    *x509.Certificate
	Issuer      *pkix.Name
	Subject     *pkix.Name
	IssuerID    string
	SubjectID   string
	Expires     time.Time
	Hostnames   []string
	CertPEM     string
	CACertsPEM  string
	RootCertPEM string
}

A Bundle contains a certificate and its trust chain. It is intended to store the most widely applicable chain, with shortness an explicit goal.

func SortBundlesByExpiration ¶

func SortBundlesByExpiration(bundles []*Bundle) []*Bundle

SortBundlesByExpiration returns bundles sorted by expiration in descending order

func (*Bundle) ExpiresInHours ¶

func (b *Bundle) ExpiresInHours() time.Duration

ExpiresInHours returns cert expiration rounded up in hours

type BundleStatus ¶

type BundleStatus struct {
	// A list of SKIs of expiring certificates
	ExpiringSKIs []string `json:"expiring_SKIs"`
	// A list of untrusted root store names
	Untrusted []string `json:"untrusted_root_stores"`
	// A list of human readable warning messages based on the bundle status.
	Messages []string `json:"messages"`
}

BundleStatus is designated for various status reporting.

func (*BundleStatus) IsExpiring ¶

func (b *BundleStatus) IsExpiring() bool

IsExpiring returns true if bundle is expiring in less than 30 days

func (*BundleStatus) IsUntrusted ¶

func (b *BundleStatus) IsUntrusted() bool

IsUntrusted returns true if the cert's issuers are not trusted

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL