x509utils

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 2, 2023 License: MIT Imports: 23 Imported by: 2

Documentation

Overview

Package x509utils provides abstract access to collections of x509 certificates

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrIgnored is used when we ask the user to try a different function instead
	ErrIgnored = errors.New("type of value out of scope")
)

Functions

func BlockToCertificate

func BlockToCertificate(block *pem.Block) (*x509.Certificate, error)

BlockToCertificate attempts to parse a pem.Block to extract a x509.Certificate

func BlockToRSAPrivateKey

func BlockToRSAPrivateKey(block *pem.Block) (*rsa.PrivateKey, error)

BlockToRSAPrivateKey attempts to parse a pem.Block to extract an rsa.PrivateKey

func EncodeBytes

func EncodeBytes(label string, body []byte, headers map[string]string) []byte

EncodeBytes produces a PEM encoded block

func EncodeCertificate

func EncodeCertificate(der []byte) []byte

EncodeCertificate produces a PEM encoded x509 Certificate without optional headers

func EncodePKCS1PrivateKey

func EncodePKCS1PrivateKey(key *rsa.PrivateKey) []byte

EncodePKCS1PrivateKey produces a PEM encoded RSA Private Key

func EncodePKCS8PrivateKey

func EncodePKCS8PrivateKey(key PrivateKey) []byte

EncodePKCS8PrivateKey produces a PEM encoded Private Key

func Hostname

func Hostname(u *url.URL) (string, bool)

Hostname returns a sanitised hostname for a parsed URL

func IsSelfSigned

func IsSelfSigned(c *x509.Certificate) bool

IsSelfSigned tests if a certificate corresponds to a self-signed CA

func NameAsIP

func NameAsIP(name string) (string, bool)

NameAsIP prepares a sanitised IP address name for matching certificates

func NameAsSuffix

func NameAsSuffix(name string) (string, bool)

NameAsSuffix prepares a santised hostname for matching certificate patterns

func Names

func Names(cert *x509.Certificate) ([]string, []string)

Names returns a list of exact names and patterns the certificate supports

func ReadFilePEM

func ReadFilePEM(filename string, cb DecodePEMBlockFunc) error

ReadFilePEM reads a PEM file calling cb for each block

func ReadPEM

func ReadPEM(b []byte, cb DecodePEMBlockFunc) error

ReadPEM invoques a callback for each PEM block found it can receive raw PEM data

func ReadStringPEM

func ReadStringPEM(s string, cb DecodePEMBlockFunc) error

ReadStringPEM invoques a callback for each PEM block found it can receive raw PEM data, a filename or a directory to scan

func SanitiseName

func SanitiseName(name string) (string, bool)

SanitiseName takes a Hostname and returns the name (or address) we will use for matching certificates

func SubjectPublicKeyBytes

func SubjectPublicKeyBytes(pub crypto.PublicKey) ([]byte, error)

SubjectPublicKeyBytes extracts the SubjectPublicKey bytes from a crypto.PublicKey

func SubjectPublicKeySHA1

func SubjectPublicKeySHA1(pub crypto.PublicKey) (hash [sha1.Size]byte, err error)

SubjectPublicKeySHA1 returns the SHA1 hash of the SubjectPublicKey of a crypto.PublicKey

func WriteCert

func WriteCert(w io.Writer, cert *x509.Certificate) (int64, error)

WriteCert writes a PEM encoded certificate

func WriteKey

func WriteKey(w io.Writer, key PrivateKey) (int64, error)

WriteKey writes a PEM encoded private key

Types

type Bundler

type Bundler interface {
	Bundle(cert *x509.Certificate, key PrivateKey, roots CertPooler) (*tls.Certificate, error)
}

Bundler is an object that bundles tls.Certificates

type CertPoolWriter

type CertPoolWriter interface {
	WriteStore

	AddCert(cert *x509.Certificate) bool
	AppendCertsFromPEM(b []byte) bool
}

CertPoolWriter represents the write-only interface of our CertPool

type CertPooler

type CertPooler interface {
	ReadStore

	Clone() CertPooler
	Export() *x509.CertPool
}

CertPooler represents the read-only interface of our CertPool

type DecodePEMBlockFunc

type DecodePEMBlockFunc func(filename string, block *pem.Block) bool

DecodePEMBlockFunc is called for each PEM block coded. it returns true to terminate the loop

type PrivateKey

type PrivateKey interface {
	Public() crypto.PublicKey
	Equal(x crypto.PrivateKey) bool
}

PrivateKey implements what crypto.PrivateKey should have

func BlockToPrivateKey

func BlockToPrivateKey(block *pem.Block) (PrivateKey, error)

BlockToPrivateKey parses a pem Block looking for rsa, ecdsa or ed25519 Private Keys

type PublicKey

type PublicKey interface {
	Equal(x crypto.PublicKey) bool
}

PublicKey implements what crypto.PublicKey should have

type ReadStore

type ReadStore interface {
	Get(ctx context.Context, name string) (*x509.Certificate, error)
	ForEach(ctx context.Context, f StoreIterFunc) error
}

ReadStore represents the methods to access a x509 Store

type StoreIterFunc

type StoreIterFunc func(*x509.Certificate) error

StoreIterFunc defines the type of function passed to ReadStore.ForEach

type WriteStore

type WriteStore interface {
	Put(ctx context.Context, name string, cert *x509.Certificate) error
	Delete(ctx context.Context, name string) error
	DeleteCert(ctx context.Context, cert *x509.Certificate) error
}

WriteStore represents the methods to alter a x509 Store

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL