util

package
v0.0.0-...-67fb4aa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2022 License: Apache-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Tags
	DNSNameTag = 2
)

Variables

View Source 
var (
	//extension OIDs
	AiaOID                  = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}        // Authority Information Access
	AuthkeyOID              = asn1.ObjectIdentifier{2, 5, 29, 35}                     // Authority Key Identifier
	BasicConstOID           = asn1.ObjectIdentifier{2, 5, 29, 19}                     // Basic Constraints
	CertPolicyOID           = asn1.ObjectIdentifier{2, 5, 29, 32}                     // Certificate Policies
	CrlDistOID              = asn1.ObjectIdentifier{2, 5, 29, 31}                     // CRL Distribution Points
	CtPoisonOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} // CT Poison
	EkuSynOid               = asn1.ObjectIdentifier{2, 5, 29, 37}                     // Extended Key Usage Syntax
	FreshCRLOID             = asn1.ObjectIdentifier{2, 5, 29, 46}                     // Freshest CRL
	InhibitAnyPolicyOID     = asn1.ObjectIdentifier{2, 5, 29, 54}                     // Inhibit Any Policy
	IssuerAlternateNameOID  = asn1.ObjectIdentifier{2, 5, 29, 18}                     // Issuer Alt Name
	KeyUsageOID             = asn1.ObjectIdentifier{2, 5, 29, 15}                     // Key Usage
	LogoTypeOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 12}       // Logo Type Ext
	NameConstOID            = asn1.ObjectIdentifier{2, 5, 29, 30}                     // Name Constraints
	OscpNoCheckOID          = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1, 5}    // OSCP No Check
	PolicyConstOID          = asn1.ObjectIdentifier{2, 5, 29, 36}                     // Policy Constraints
	PolicyMapOID            = asn1.ObjectIdentifier{2, 5, 29, 33}                     // Policy Mappings
	PrivKeyUsageOID         = asn1.ObjectIdentifier{2, 5, 29, 16}                     // Private Key Usage Period
	QcStateOid              = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 3}        // QC Statements
	TimestampOID            = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} // Signed Certificate Timestamp List
	SmimeOID                = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 15}      // Smime Capabilities
	SubjectAlternateNameOID = asn1.ObjectIdentifier{2, 5, 29, 17}                     // Subject Alt Name
	SubjectDirAttrOID       = asn1.ObjectIdentifier{2, 5, 29, 9}                      // Subject Directory Attributes
	SubjectInfoAccessOID    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}       // Subject Info Access Syntax
	SubjectKeyIdentityOID   = asn1.ObjectIdentifier{2, 5, 29, 14}                     // Subject Key Identifier
	// CA/B reserved policies
	BRDomainValidatedOID       = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1} // CA/B BR Domain-Validated
	BROrganizationValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 2} // CA/B BR Organization-Validated
	BRIndividualValidatedOID   = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 3} // CA/B BR Individual-Validated
	//X.500 attribute types
	CommonNameOID             = asn1.ObjectIdentifier{2, 5, 4, 3}
	SurnameOID                = asn1.ObjectIdentifier{2, 5, 4, 4}
	SerialOID                 = asn1.ObjectIdentifier{2, 5, 4, 5}
	CountryNameOID            = asn1.ObjectIdentifier{2, 5, 4, 6}
	LocalityNameOID           = asn1.ObjectIdentifier{2, 5, 4, 7}
	StateOrProvinceNameOID    = asn1.ObjectIdentifier{2, 5, 4, 8}
	StreetAddressOID          = asn1.ObjectIdentifier{2, 5, 4, 9}
	OrganizationNameOID       = asn1.ObjectIdentifier{2, 5, 4, 10}
	OrganizationalUnitNameOID = asn1.ObjectIdentifier{2, 5, 4, 11}
	BusinessOID               = asn1.ObjectIdentifier{2, 5, 4, 15}
	PostalCodeOID             = asn1.ObjectIdentifier{2, 5, 4, 17}
	GivenNameOID              = asn1.ObjectIdentifier{2, 5, 4, 42}
	// other OIDs
	OidRSASSAPSS  = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
	AnyPolicyOID  = asn1.ObjectIdentifier{2, 5, 29, 32, 0}
	UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2}
	CpsOID        = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1}
)
View Source 
var (
	ZeroDate                   = time.Date(0000, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC1035Date                = time.Date(1987, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC2459Date                = time.Date(1999, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC3280Date                = time.Date(2002, time.April, 1, 0, 0, 0, 0, time.UTC)
	RFC3490Date                = time.Date(2003, time.March, 1, 0, 0, 0, 0, time.UTC)
	RFC8399Date                = time.Date(2018, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC4325Date                = time.Date(2005, time.December, 1, 0, 0, 0, 0, time.UTC)
	RFC4630Date                = time.Date(2006, time.August, 1, 0, 0, 0, 0, time.UTC)
	RFC5280Date                = time.Date(2008, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC6818Date                = time.Date(2013, time.January, 1, 0, 0, 0, 0, time.UTC)
	CABEffectiveDate           = time.Date(2012, time.July, 1, 0, 0, 0, 0, time.UTC)
	CABReservedIPDate          = time.Date(2016, time.October, 1, 0, 0, 0, 0, time.UTC)
	CABGivenNameDate           = time.Date(2016, time.September, 7, 0, 0, 0, 0, time.UTC)
	CABSerialNumberEntropyDate = time.Date(2016, time.September, 30, 0, 0, 0, 0, time.UTC)
	CABV102Date                = time.Date(2012, time.June, 8, 0, 0, 0, 0, time.UTC)
	CABV113Date                = time.Date(2013, time.February, 21, 0, 0, 0, 0, time.UTC)
	CABV114Date                = time.Date(2013, time.May, 3, 0, 0, 0, 0, time.UTC)
	CABV116Date                = time.Date(2013, time.July, 29, 0, 0, 0, 0, time.UTC)
	CABV130Date                = time.Date(2015, time.April, 16, 0, 0, 0, 0, time.UTC)
	CABV131Date                = time.Date(2015, time.September, 28, 0, 0, 0, 0, time.UTC)
	NO_SHA1                    = time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024RootDate          = time.Date(2011, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024Date              = time.Date(2014, time.January, 1, 0, 0, 0, 0, time.UTC)
	GeneralizedDate            = time.Date(2050, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoReservedIP               = time.Date(2015, time.November, 1, 0, 0, 0, 0, time.UTC)
	SubCert39Month             = time.Date(2016, time.July, 2, 0, 0, 0, 0, time.UTC)
	SubCert825Days             = time.Date(2018, time.March, 2, 0, 0, 0, 0, time.UTC)
	CABV148Date                = time.Date(2017, time.June, 8, 0, 0, 0, 0, time.UTC)
)

Functions

func AllAlternateNameWithTagAreIA5 

func AllAlternateNameWithTagAreIA5(ext *pkix.Extension, tag int) (bool, error)

AllAlternateNameWithTagAreIA5 returns true if all sequence members with the given tag are encoded as IA5 strings, and false otherwise. If it encounters errors parsing asn1, err will be non-nil.

func AuthIsFQDNOrIP 

func AuthIsFQDNOrIP(auth string) bool

func CheckRDNSequenceWhiteSpace 

func CheckRDNSequenceWhiteSpace(raw []byte) (leading, trailing bool, err error)

CheckRDNSequenceWhiteSpace returns true if there is leading or trailing whitespace in any name attribute in the sequence, respectively.

func CommonNameIsIP 

func CommonNameIsIP(cert *x509.Certificate) bool

func DNSNamesExist 

func DNSNamesExist(cert *x509.Certificate) bool

func FindTimeType 

func FindTimeType(firstDate, secondDate asn1.RawValue) (int, int)

func GetAuthority 

func GetAuthority(uri string) string

func GetExtFromCert 

func GetExtFromCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension

GetExtFromCert returns the extension with the matching OID, if present. If the extension if not present, it returns nil.

func GetHost 

func GetHost(auth string) string

func GetMappedPolicies 

func GetMappedPolicies(polMap *pkix.Extension) (out [][2]asn1.ObjectIdentifier, err error)

helper function to parse policyMapping extensions, returns slices of CertPolicyIds separated by domain

func GetTimes 

func GetTimes(cert *x509.Certificate) (asn1.RawValue, asn1.RawValue)

func HasValidTLD 

func HasValidTLD(domain string) bool

func ICANNPublicSuffixParse 

func ICANNPublicSuffixParse(domain string) (*publicsuffix.DomainName, error)

func IsCACert 

func IsCACert(c *x509.Certificate) bool

IsCACert returns true if c has IsCA set.

func IsEV 

func IsEV(in []asn1.ObjectIdentifier) bool

IsEV returns true if the input is a known Extended Validation OID.

func IsEmptyASN1Sequence 

func IsEmptyASN1Sequence(input []byte) bool

func IsExtInCert 

func IsExtInCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) bool

IsExtInCert is equivalent to GetExtFromCert() != nil.

func IsFQDN 

func IsFQDN(domain string) bool

func IsFQDNOrIP 

func IsFQDNOrIP(host string) bool

func IsIA5String 

func IsIA5String(raw []byte) bool

IsIA5String returns true if raw is an IA5String, and returns false otherwise.

func IsIANAReserved 

func IsIANAReserved(ip net.IP) bool

IsIANAReserved checks IP validity as per IANA reserved IPs 

IPv4
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
IPv6
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

func IsISOCountryCode 

func IsISOCountryCode(in string) bool

IsISOCountryCode returns true if the input is a known two-letter country code.

TODO: Document where the list of known countries came from.

func IsInPrefSyn 

func IsInPrefSyn(name string) bool

func IsInTLDMap 

func IsInTLDMap(label string) bool

func IsNameAttribute 

func IsNameAttribute(oid asn1.ObjectIdentifier) bool

IsNameAttribute returns true if the given ObjectIdentifier corresponds with the type of any name attribute for PKIX.

func IsRootCA 

func IsRootCA(c *x509.Certificate) bool

IsRootCA returns true if c has IsCA set and is also self-signed.

func IsSelfSigned 

func IsSelfSigned(c *x509.Certificate) bool

IsSelfSigned returns true if SelfSigned is set.

func IsServerAuthCert 

func IsServerAuthCert(cert *x509.Certificate) bool

func IsSubCA 

func IsSubCA(c *x509.Certificate) bool

IsSubCA returns true if c has IsCA set, but is not self-signed.

func IsSubscriberCert 

func IsSubscriberCert(c *x509.Certificate) bool

IsSubscriberCert returns true for if a certificate is not a CA and not self-signed.

func NotAllNameFieldsAreEmpty 

func NotAllNameFieldsAreEmpty(name *pkix.Name) bool

func PrimeNoSmallerThan752 

func PrimeNoSmallerThan752(dividend *big.Int) bool

func RemovePrependedQuestionMarks 

func RemovePrependedQuestionMarks(domain string) string

func RemovePrependedWildcard 

func RemovePrependedWildcard(domain string) string

func SliceContainsOID 

func SliceContainsOID(list []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier) bool

Helper function that checks if an []asn1.ObjectIdentifier slice contains an asn1.ObjectIdentifier

func TypeInName 

func TypeInName(name *pkix.Name, oid asn1.ObjectIdentifier) bool

Helper function that checks for a name type in a pkix.Name

Types

type AttributeTypeAndRawValue 

type AttributeTypeAndRawValue struct {
	Type  asn1.ObjectIdentifier
	Value asn1.RawValue
}

type AttributeTypeAndRawValueSET 

type AttributeTypeAndRawValueSET []AttributeTypeAndRawValue

type RawRDNSequence 

type RawRDNSequence []AttributeTypeAndRawValueSET

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.