Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

x509

package

Go to main page

Versions in this module

v2

v2.3.3

Oct 19, 2023

Changes in this version

+ var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")

+ var OidNodeId = asn1.ObjectIdentifier

+ func ChainMakerCertCsrToX509CertCsr(cert *CertificateRequest) (*x509.CertificateRequest, error)

+ func ChainMakerCertToX509Cert(cert *Certificate) (*x509.Certificate, error)

+ func CreateCRL(rand io.Reader, cert *x509.Certificate, priv interface{}, ...) (crlBytes []byte, err error)

+ func CreateCertificate(rand io.Reader, template, parent *x509.Certificate, pub, priv interface{}) (cert []byte, err error)

+ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error)

+ func GetAKIFromExtensions(extensions []pkix.Extension) ([]byte, bool, error)

+ func GetExtByOid(oid asn1.ObjectIdentifier, extensions []pkix.Extension) ([]byte, error)

+ func GetHashFromSignatureAlgorithm(algo SignatureAlgorithm) (bccrypto.HashType, error)

+ func GetNodeIdFromCertificate(oid asn1.ObjectIdentifier, cert x509.Certificate) ([]byte, error)

+ func GetNodeIdFromSm2Certificate(oid asn1.ObjectIdentifier, cert Certificate) ([]byte, error)

+ func GetOUFromPEM(certPEM []byte) ([]string, error)

+ func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error)

+ func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte

+ func MarshalPKCS1PublicKey(key *rsa.PublicKey) []byte

+ func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error)

+ func MarshalPKIXPublicKey(pub interface{}) ([]byte, error)

+ func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error)

+ func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error)

+ func ParsePKCS1PublicKey(der []byte) (*rsa.PublicKey, error)

+ func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)

+ type CertPool struct

+ func NewCertPool() *CertPool

+ func (s *CertPool) AddCert(cert *Certificate)

+ func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool)

+ func (s *CertPool) Subjects() [][]byte

+ type Certificate struct

+ AuthorityKeyId []byte

+ BasicConstraintsValid bool

+ CRLDistributionPoints []string

+ DNSNames []string

+ EmailAddresses []string

+ ExcludedDNSDomains []string

+ ExcludedEmailAddresses []string

+ ExcludedIPRanges []*net.IPNet

+ ExcludedURIDomains []string

+ ExtKeyUsage []x509.ExtKeyUsage

+ Extensions []pkix.Extension

+ ExtraExtensions []pkix.Extension

+ IPAddresses []net.IP

+ IsCA bool

+ Issuer pkix.Name

+ IssuingCertificateURL []string

+ KeyUsage x509.KeyUsage

+ MaxPathLen int

+ MaxPathLenZero bool

+ NotAfter time.Time

+ NotBefore time.Time

+ OCSPServer []string

+ PermittedDNSDomains []string

+ PermittedDNSDomainsCritical bool

+ PermittedEmailAddresses []string

+ PermittedIPRanges []*net.IPNet

+ PermittedURIDomains []string

+ PolicyIdentifiers []asn1.ObjectIdentifier

+ PublicKey bccrypto.PublicKey

+ PublicKeyAlgorithm PublicKeyAlgorithm

+ Raw []byte

+ RawIssuer []byte

+ RawSubject []byte

+ RawSubjectPublicKeyInfo []byte

+ RawTBSCertificate []byte

+ SerialNumber *big.Int

+ Signature []byte

+ SignatureAlgorithm SignatureAlgorithm

+ Subject pkix.Name

+ SubjectKeyId []byte

+ URIs []*url.URL

+ UnhandledCriticalExtensions []asn1.ObjectIdentifier

+ UnknownExtKeyUsage []asn1.ObjectIdentifier

+ Version int

+ func BuildCertificateChain(certs []*Certificate) []*Certificate

+ func ParseCertificate(asn1Data []byte) (*Certificate, error)

+ func ParseCertificates(asn1Data []byte) ([]*Certificate, error)

+ func X509CertToChainMakerCert(cert *x509.Certificate) (*Certificate, error)

+ func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error

+ func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error

+ func (c *Certificate) CheckSignatureFrom(parent *Certificate) error

+ func (c *Certificate) Equal(other *Certificate) bool

+ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error)

+ func (c *Certificate) VerifyHostname(h string) error

+ type CertificateInvalidError struct

+ Cert *Certificate

+ Detail string

+ Reason InvalidReason

+ func (e CertificateInvalidError) Error() string

+ type CertificateRequest struct

+ Attributes []pkix.AttributeTypeAndValueSET

+ DNSNames []string

+ EmailAddresses []string

+ Extensions []pkix.Extension

+ ExtraExtensions []pkix.Extension

+ IPAddresses []net.IP

+ PublicKey bccrypto.PublicKey

+ PublicKeyAlgorithm PublicKeyAlgorithm

+ Raw []byte

+ RawSubject []byte

+ RawSubjectPublicKeyInfo []byte

+ RawTBSCertificateRequest []byte

+ Signature []byte

+ SignatureAlgorithm SignatureAlgorithm

+ Subject pkix.Name

+ URIs []*url.URL

+ Version int

+ func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)

+ func X509CertCsrToChainMakerCertCsr(cert *x509.CertificateRequest) (*CertificateRequest, error)

+ func (c *CertificateRequest) CheckSignature() error

+ type ConstraintViolationError struct

+ func (ConstraintViolationError) Error() string

+ type HostnameError struct

+ Certificate *Certificate

+ Host string

+ func (h HostnameError) Error() string

+ type InsecureAlgorithmError SignatureAlgorithm

+ func (e InsecureAlgorithmError) Error() string

+ type InvalidReason int

+ const CANotAuthorizedForExtKeyUsage

+ const CANotAuthorizedForThisName

+ const Expired

+ const IncompatibleUsage

+ const NameConstraintsWithoutSANs

+ const NameMismatch

+ const NotAuthorizedToSign

+ const TooManyConstraints

+ const TooManyIntermediates

+ const UnconstrainedName

+ type PublicKeyAlgorithm int

+ const DSA

+ const ECDSA

+ const RSA

+ const SM2

+ const UnknownPublicKeyAlgorithm

+ func (algo PublicKeyAlgorithm) String() string

+ type SignatureAlgorithm int

+ const DSAWithSHA1

+ const DSAWithSHA256

+ const ECDSAWithSHA1

+ const ECDSAWithSHA256

+ const ECDSAWithSHA384

+ const ECDSAWithSHA512

+ const MD2WithRSA

+ const MD5WithRSA

+ const SHA1WithRSA

+ const SHA256WithRSA

+ const SHA256WithRSAPSS

+ const SHA256WithSM2

+ const SHA384WithRSA

+ const SHA384WithRSAPSS

+ const SHA512WithRSA

+ const SHA512WithRSAPSS

+ const SM3WithSM2

+ const UnknownSignatureAlgorithm

+ func (algo SignatureAlgorithm) String() string

+ type SystemRootsError struct

+ Err error

+ func (se SystemRootsError) Error() string

+ type UnhandledCriticalExtension struct

+ func (h UnhandledCriticalExtension) Error() string

+ type UnknownAuthorityError struct

+ Cert *Certificate

+ func (e UnknownAuthorityError) Error() string

+ type VerifyOptions struct

+ CurrentTime time.Time

+ DNSName string

+ Intermediates *CertPool

+ KeyUsages []x509.ExtKeyUsage

+ MaxConstraintComparisions int

+ Roots *CertPool