certpool

package
v0.4.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 14, 2024 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

Package certpool provides an X.509 certificates store

Index

Constants

View Source 
const (
	// HashSize is the number of bytes of HashCert's output
	HashSize = 32
)

Variables

View Source 
var (
	// ErrNoCertificatesFound indicates we didn't find any certificate.
	ErrNoCertificatesFound = core.Wrap(core.ErrNotExists, "no certificates found")
)
View Source 
var (

	// SystemCAOnly indicates if SystemCertPool show ignore
	// non-CA certificates.
	//
	// Changing this after SystemCertPool() has been called
	// has no effect.
	SystemCAOnly bool
)

Functions

This section is empty.

Types

type CertPool 

type CertPool struct {
	// contains filtered or unexported fields
}

CertPool is a collection of x.509 Certificates.

func New 

func New() *CertPool

New creates a blank CertPool store.

func NewFromEnv 

func NewFromEnv(name string) (*CertPool, error)

NewFromEnv uses os.LookupEnv and the given variable name to create a CertPool using NewFromStrings.

func NewFromEnvFn 

func NewFromEnvFn(getEnv func(string) (string, bool), name string) (*CertPool, error)

NewFromEnvFn is like NewFromEnv but allows the user to provide a function to access the environment.

func NewFromStrings 

func NewFromStrings(certs ...string) (*CertPool, error)

NewFromStrings creates a CertPool using certificates in a string. it could be PEM content, a PEM file, or a directory containing PEM files. The populated CertPool will be returned even if errors were encountered. A core.CompoundError will be returned if there were errors.

func NewSystemCertPool 

func NewSystemCertPool() (*CertPool, error)

NewSystemCertPool returns a CertPool populated with all system valid certificates and an aggregation of errors.

func SystemCertPool 

func SystemCertPool() (*CertPool, error)

SystemCertPool returns a Pool populated with the system's valid certificates.

func (*CertPool) AddCert 

func (s *CertPool) AddCert(cert *x509.Certificate) bool

AddCert adds a certificate to the store if it wasn't known already.

func (*CertPool) Clone 

func (s *CertPool) Clone() x509utils.CertPool

Clone creates a copy of the CertPool store.

func (*CertPool) Copy 

func (s *CertPool) Copy(out *CertPool, cond func(*x509.Certificate) bool) *CertPool

Copy creates a copy of the CertPool store, optionally receiving the destination and a condition checker.

func (*CertPool) Count 

func (s *CertPool) Count() int

Count returns the number of certificates in the store.

func (*CertPool) Delete 

func (s *CertPool) Delete(ctx context.Context, name string) error

Delete remove from the store all certificates associated to the given name

func (*CertPool) DeleteCert 

func (s *CertPool) DeleteCert(ctx context.Context, cert *x509.Certificate) error

DeleteCert removes a certificate, by raw DER hash, from the store.

func (*CertPool) Export 

func (s *CertPool) Export() *x509.CertPool

Export assembles a x509.CertPool with all the certificates contained in the store.

func (*CertPool) ForEach 

func (s *CertPool) ForEach(ctx context.Context, fn func(context.Context, *x509.Certificate) bool)

ForEach calls a function for each certificate in the store until the context is cancelled or the function returns false.

func (*CertPool) Get 

func (s *CertPool) Get(ctx context.Context, name string) (*x509.Certificate, error)

Get attempts to find the certificate for a name.

func (*CertPool) Import 

func (s *CertPool) Import(ctx context.Context, src x509utils.CertPool) (int, error)

Import certificates from another CertPool.

func (*CertPool) ImportPEM 

func (s *CertPool) ImportPEM(ctx context.Context, b []byte) (int, error)

ImportPEM adds x509 certificates contained in the PEM encoded data.

func (*CertPool) IsCA 

func (s *CertPool) IsCA() bool

IsCA tells if all the certificates in the store are CA.

func (*CertPool) IsZero 

func (s *CertPool) IsZero() bool

IsZero tells if the non-nil store is empty.

func (*CertPool) Put 

func (s *CertPool) Put(ctx context.Context, name string, cert *x509.Certificate) error

Put inserts a certificate into the store, optionally including a reference name. The name will be appended to those included in the certificate.

func (*CertPool) Reset added in v0.2.6 

func (s *CertPool) Reset() error

Reset removes all certificates from the store.

type CertSet added in v0.3.1 

type CertSet struct {
	set.Set[*x509.Certificate, Hash, *x509.Certificate]
}

CertSet keeps a thread-safe set of unique [x509.Certificate]s.

func MustCertSet added in v0.3.1 

func MustCertSet(certs ...*x509.Certificate) *CertSet

MustCertSet is like NewCertSet but panics on errors.

func NewCertSet added in v0.3.1 

func NewCertSet(certs ...*x509.Certificate) (*CertSet, error)

NewCertSet creates a CertSet optionally taking its initial content as argument.

func (*CertSet) Clone added in v0.4.0 

func (cs *CertSet) Clone() *CertSet

Clone makes a copy of the CertSet.

func (*CertSet) Copy added in v0.4.0 

func (cs *CertSet) Copy(dst *CertSet, cond func(*x509.Certificate) bool) *CertSet

Copy copies all certificates satisfying the optional condition to the destination unless they are already there. If a destination isn't provided one will be created.

func (*CertSet) GetByKey added in v0.4.2 

func (cs *CertSet) GetByKey(pub crypto.PublicKey) []*x509.Certificate

GetByKey returns all certificates in the CertSet matching the given public key.

func (*CertSet) GetByPrivateKey added in v0.4.2 

func (cs *CertSet) GetByPrivateKey(key crypto.PrivateKey) []*x509.Certificate

GetByPrivateKey returns all certificates in the CertSet matching the given private key.

type Hash 

type Hash [HashSize]byte

Hash is a blake3.Sum256 representation of a DER encoded certificate

func HashCert 

func HashCert(cert *x509.Certificate) (Hash, bool)

HashCert produces a blake3 digest of the DER representation of a Certificate

func HashSubject 

func HashSubject(cert *x509.Certificate) (Hash, bool)

HashSubject produces a blake3 digest of the raw subject of the Certificate

func HashSubjectPublicKey 

func HashSubjectPublicKey(cert *x509.Certificate) (Hash, bool)

HashSubjectPublicKey produces a blake3 digest of the PublicKey of the Certificate

func Sum 

func Sum(data []byte) Hash

Sum is a shortcut to our preferred hash function, blake3.Sum256()

func (Hash) Equal 

func (hash Hash) Equal(other Hash) bool

Equal says if a hash is identical to this one.

func (Hash) EqualCert 

func (hash Hash) EqualCert(cert *x509.Certificate) bool

EqualCert says if the certificate matches the hash.

func (Hash) IsZero 

func (hash Hash) IsZero() bool

IsZero tells if the hash is at its zero value.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.