cert

package
v0.1.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2023 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CertificateKey   = "CERTIFICATE"
	PrivateKeyKey    = "PRIVATE KEY"
	EcPrivateKeyKey  = "EC PRIVATE KEY"
	RsaPrivateKeyKey = "RSA PRIVATE KEY"

	// MaxSANLen is not an actual RFC5280 constraint, 4096 should suffice.
	MaxSANLen         = 4096
	MaxDomainSliceLen = 20
	// MaxIPSliceLen is not an actual RFC5280 constraint, 20 should suffice.
	MaxIPSliceLen = 20
	// MaxIPLen can contain either an IPv4 or IPv6 address.
	MaxIPLen                     = 39
	RFC5280SerialNumberLen       = 64
	RFC5280CommonNameLen         = 64
	RFC5280CountryLen            = 2
	RFC5280OrganizationLen       = 64
	RFC5280OrganizationalUnitLen = 64
	RFC5280StateLen              = 128
	RFC5280LocalityLen           = 128
)

Variables

View Source 
var (
	ErrNoSuchAlgorithm     = errors.New("no such algorithm implemented")
	ErrCipherMsgAuthFailed = errors.New("message authentication failed")
)

Functions

func AlgorithmToString 

func AlgorithmToString(a Algorithm) string

func ParsePublicEcdsa 

func ParsePublicEcdsa(c interface{}) (p *ecdsa.PublicKey, err error)

func ParsePublicRsa 

func ParsePublicRsa(c interface{}) (p *rsa.PublicKey, err error)

func ParseX509 

func ParseX509(b []byte) (crt *x509.Certificate, err error)

func ValidateCommonName 

func ValidateCommonName(cn string) error

func ValidateCountry 

func ValidateCountry(c string) error

func ValidateIPAddress 

func ValidateIPAddress(ip []net.IP) (err error)

func ValidateLocality 

func ValidateLocality(l string) error

func ValidateOrganization 

func ValidateOrganization(o string) error

func ValidateOrganizationalUnit 

func ValidateOrganizationalUnit(ou string) error

func ValidateSerialNumber 

func ValidateSerialNumber(sn *big.Int) error

func ValidateState 

func ValidateState(s string) error

func ValidateSubjectAltName 

func ValidateSubjectAltName(san []string) (err error)

func ValidateTime 

func ValidateTime(t time.Time) (err error)

Types

type Algorithm 

type Algorithm uint
const (
	None Algorithm = iota
	Rsa
	Ecdsa
	Ed25591
)

type Block 

type Block struct {
	Algorithm Algorithm
	Data      []byte
}

type Certificate 

type Certificate struct {
	ID uint64
	// Name is the user specified name for this certificate.
	Name string
	// PublicKey is the public certificate in DER format.
	PublicKey []byte
	// PrivateKey is the private key of this Certificate and may be encrypted.
	PrivateKey []byte
	// Algorithm is the used private key algorithm.
	Algorithm Algorithm
	// SignerID is the ID of the signing Certificate.
	SignerID uint64
	// IsCA indicates whether the certificate is a certificate authority or not.
	IsCA       bool
	Iterations uint
	Nonce      []byte
	Salt       []byte
	// contains filtered or unexported fields
}

func New 

func New(opts *Options) (c *Certificate, err error)

New creates a new RFC5280 compliant Certificate. The returned c is validated via Certificate.ValidateTemplate.

func NewWithIdentifier 

func NewWithIdentifier(id uint64, name string, opts *Options) (c *Certificate, err error)

NewWithIdentifier is like New but assigns the given name and id as well. The returned c is validated via Certificate.ValidateTemplate.

func (*Certificate) CopyPropertiesTo 

func (c *Certificate) CopyPropertiesTo(dst *Certificate, copyUnexported bool)

func (*Certificate) CreateEcdsaPrivateKey 

func (c *Certificate) CreateEcdsaPrivateKey(curve Curve) (err error)

CreateEcdsaPrivateKey creates an ECDSA private key.

func (*Certificate) CreateEd25519PrivateKey 

func (c *Certificate) CreateEd25519PrivateKey() (err error)

CreateEd25519PrivateKey creates an ED25519 private key.

func (*Certificate) CreatePrivateKey 

func (c *Certificate) CreatePrivateKey(keyType string) (err error)

CreatePrivateKey generates a private key for the certificate from keyType. The keyType is built via the syntax {{Algorithm}}.{{Option}}. The option can be omitted if the type does not have any option. Examples: RSA.4096, ECDSA.P521, ED25519.

func (*Certificate) CreateRsaPrivateKey 

func (c *Certificate) CreateRsaPrivateKey(size RsaSize) (err error)

CreateRsaPrivateKey creates an RSA private key.

func (*Certificate) DecryptPrivateKey 

func (c *Certificate) DecryptPrivateKey(pass []byte) (err error)

DecryptPrivateKey decrypts the private key.

func (*Certificate) Ecdsa 

func (c *Certificate) Ecdsa() *ecdsa.PrivateKey

func (*Certificate) EcdsaPublicKey 

func (c *Certificate) EcdsaPublicKey() (key *ecdsa.PublicKey)

EcdsaPublicKey returns the ecdsa.PublicKey of the Certificate.

func (*Certificate) EcdsaToPem 

func (c *Certificate) EcdsaToPem() (p *pem.Block, err error)

func (*Certificate) Ed25519 

func (c *Certificate) Ed25519() *ed25519.PrivateKey

func (*Certificate) Ed25519PublicCryptoKey 

func (c *Certificate) Ed25519PublicCryptoKey() (key crypto.PublicKey)

Ed25519PublicCryptoKey returns the uncasted crypto.PublicKey of the Certificate.

func (*Certificate) Ed25519PublicKey 

func (c *Certificate) Ed25519PublicKey() (key *ed25519.PublicKey, err error)

Ed25519PublicKey returns the ed25519.PublicKey of the Certificate.

func (*Certificate) Ed25519ToPem 

func (c *Certificate) Ed25519ToPem() (p *pem.Block, err error)

func (*Certificate) EnableAutoRelease 

func (c *Certificate) EnableAutoRelease() *Certificate

EnableAutoRelease raises Certificate.Release automatically after calling Certificate.EncryptPrivateKey or Certificate.SetUnsafePrivateKey.

func (*Certificate) EncryptPrivateKey 

func (c *Certificate) EncryptPrivateKey(pass []byte) (err error)

EncryptPrivateKey encrypts the private key with the given pass.

func (*Certificate) GetPrivateKey 

func (c *Certificate) GetPrivateKey() Block

GetPrivateKey gets the private key. The returned Block contains any of the available private key forms (rsa, ...). Note that the private key might be encrypted.

func (*Certificate) IsUnsafe 

func (c *Certificate) IsUnsafe() bool

func (*Certificate) LoadPrivateKey 

func (c *Certificate) LoadPrivateKey() (err error)

LoadPrivateKey loads the private key. Note that the private key might be encrypted. Get the key via *Certificate.GetPrivateKey or *Certificate.PrivateKey.

func (*Certificate) ParseX509 

func (c *Certificate) ParseX509() (crt *x509.Certificate, err error)

func (*Certificate) PrivateKeyBlock 

func (c *Certificate) PrivateKeyBlock() (blk pem.Block, err error)

PrivateKeyBlock returns the private key as a pem.Block.

func (*Certificate) Release 

func (c *Certificate) Release()

Release releases private key data. After calling, the private key needs to be loaded / decrypted again.

func (*Certificate) Renew 

func (c *Certificate) Renew(opts *Options, sc *Certificate) (renewed *Certificate, err error)

Renew renews the Certificate with the provided options. The caller must ensure, that the private key of sc is decrypted.

func (*Certificate) Rsa 

func (c *Certificate) Rsa() *rsa.PrivateKey

func (*Certificate) RsaPublicKey 

func (c *Certificate) RsaPublicKey() (key *rsa.PublicKey)

RsaPublicKey returns the rsa.PublicKey of the Certificate.

func (*Certificate) RsaToPem 

func (c *Certificate) RsaToPem() (p *pem.Block, err error)

func (*Certificate) SetUnsafePrivateKey 

func (c *Certificate) SetUnsafePrivateKey() (err error)

SetUnsafePrivateKey sets the private key without encrypting it.

func (*Certificate) SignSelf 

func (c *Certificate) SignSelf() (err error)

SignSelf signs the certificate itself.

func (*Certificate) SignWith 

func (c *Certificate) SignWith(sc *Certificate) (err error)

SignWith signs the certificate with the given *Certificate.

func (*Certificate) ValidateTemplate 

func (c *Certificate) ValidateTemplate() (err error)

ValidateTemplate validates the certificate's template via RFC5280. Source: https://www.ietf.org/rfc/rfc5280.txt.

type Curve 

type Curve uint
const (
	P224 Curve = iota
	P256
	P384
	P521
)

type Expiration 

type Expiration struct {
	NotBefore time.Time `json:"NotBefore"`
	NotAfter  time.Time `json:"NotAfter"`
}

type Options 

type Options struct {
	CommonName         string   `json:"CommonName"`
	Organization       string   `json:"Organization"`
	OrganizationalUnit string   `json:"OrganizationalUnit"`
	Country            string   `json:"Country"`
	State              string   `json:"State"`
	Locality           string   `json:"Locality"`
	DNSNames           []string `json:"DNSNames"`
	IPAddresses        []string `json:"IPAddresses"`
	IsCA               bool     `json:"IsCA"`
	Expiration
}

func ParseCertificateOptions 

func ParseCertificateOptions(crt *x509.Certificate) (opts *Options, err error)

type RsaSize 

type RsaSize int
const (
	RSA1024 RsaSize = 1024
	RSA2048 RsaSize = 2048
	RSA4096 RsaSize = 4096
)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.