Documentation
¶
Overview ¶
This source file is a downstream modification of the above-licensed file for use as part of Trustdeck.
Copyright 2014 Cory Benfield
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var (
InvalidCertificate error = errors.New("Invalid certificate.")
)
Functions ¶
func OutputAllLabels ¶
GetAllLabels returns all the certificate labels from the parsed certificates.
func WriteCerts ¶
func WriteCerts(out io.Writer, certs CertList, matcher CertMatcher)
WriteCerts writes certificates out if they match a specific filter criteria.
Types ¶
type CertList ¶
type CertList []*Certificate
func OutputTrustedCerts ¶
outputTrustedCerts writes a series of PEM encoded certificates to out by finding certificates and their trust records in objects.
type CertMatcher ¶
type CertMatcher func(*Certificate) bool
func BlacklistMatcher ¶
func BlacklistMatcher(blacklist map[string]interface{}) CertMatcher
BlacklistMatcher builds a matching function that only emits certificates that are not in the blacklist.
func SubstringBlacklistMatcher ¶
func SubstringBlacklistMatcher(blacklist []string) CertMatcher
SubstringBlacklistMatcher builds a matching function that emits certificates when the all-lowercase label contains any of the all-lowercase blacklist, and otherwise does not emit a certificate. This allows for strings like 'comodo' to match all comodo certificates while not matching others.
This is not the most secure way to match certificates! Verify the output.
func SubstringWhitelistMatcher ¶
func SubstringWhitelistMatcher(whitelist []string) CertMatcher
SubstringWhitelistMatcher builds a matching function that emits certificates when the all-lowercase label contains any of the all-lowercase whitelist, and otherwise does not emit a certificate. This allows for strings like 'comodo' to match all comodo certificates while not matching others.
This is not the most secure way to match certificates! Verify the output.
func WhitelistMatcher ¶
func WhitelistMatcher(whitelist map[string]interface{}) CertMatcher
WhitelistMatcher builds a matching function that only emits certificates that are in the whitelist.
type Certificate ¶
type Certificate struct {
Issuer string
Subject string
Label string
Serial string
MD5Fingerprint string
SHA1Fingerprint string
SHA256Fingerprint string
PEMBlock *pem.Block
}
Certificate is an in-memory representation of a certificate.
func DecodePEMBlock ¶
func DecodePEMBlock(data []byte, label string) ([]*Certificate, error)
DecodePEMBlock takes a single PEM file as provided by a user and decodes it into our intermediate certificate representation.
The special function of this code is to handle the case that the user has accidentally provided us with a concatenated set of certificates. In this case, all certificates will be added to the trust store, with the label manipulated slightly to distinguish between them.
Source Files