Documentation ¶
Index ¶
- func Find(store Store, cert *x509.Certificate) ([]*x509.Certificate, error)
- func Sort(certs []*x509.Certificate) []*x509.Certificate
- func ToPEM(certs ...*x509.Certificate) ([]byte, error)
- func ToPEMs(certs ...*x509.Certificate) ([][]byte, error)
- func VerifyForCodeSigning(certs []*x509.Certificate, failWithoutFullChain bool) error
- type Collection
- func (p *Collection) AddIntermediate(certs ...*x509.Certificate) error
- func (p *Collection) AddIntermediatePEMs(pems ...[]byte) error
- func (p *Collection) AddRoot(certs ...*x509.Certificate) error
- func (p *Collection) AddRootPEMs(pems ...[]byte) error
- func (p *Collection) CertificatesByCN(commonName string) ([]*x509.Certificate, error)
- func (p *Collection) IntermediatePEMs() [][]byte
- func (p *Collection) RootPEMs() [][]byte
- func (p *Collection) WithEnumerator(enumerators ...Enumerator) *Collection
- func (p *Collection) WithSearchers(searchers ...Searcher) *Collection
- func (p *Collection) WithStores(stores ...Store) *Collection
- type Enumerator
- type Searcher
- type Store
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Find ¶
func Find(store Store, cert *x509.Certificate) ([]*x509.Certificate, error)
Find will look for the full certificate chain for the given certificate from the given cert store.
Implementation note: this searches for a set of candidates to include in the chain, however, this does NOT follow strict binding rules. Instead, the best candidate matches are found based on the key ID followed by CN.
If this function were following strict binding rules the key identifier, issuer name, and certificate serial numbers must match (which again, this function is NOT doing).
Specifically: "Issuer certificate must match all these values in the Subject Key Identifier (SKI) extension, Subject and Serial Number fields respectively. In other words: KeyID value in the particular certificate AKI extension must match the value in the Subject Key Identifier (SKI) extension of the issuer certificate. Certificate Issuer value in the particular certificate must match the value in the Subject field of the issuer certificate. And Serial Number in the particular certificate must match the value in the Serial Number of the issuer certificate. If one of them doesn't match, certificate binding will fail and CCE will attempt to find another certificate that can be considered as a particular certificate issuer."
source: https://www.sysadmins.lv/blog-en/certificate-chaining-engine-how-this-works.aspx
func Sort ¶
func Sort(certs []*x509.Certificate) []*x509.Certificate
func VerifyForCodeSigning ¶
func VerifyForCodeSigning(certs []*x509.Certificate, failWithoutFullChain bool) error
Types ¶
type Collection ¶
type Collection struct {
// contains filtered or unexported fields
}
func NewCollection ¶
func NewCollection() *Collection
func (*Collection) AddIntermediate ¶
func (p *Collection) AddIntermediate(certs ...*x509.Certificate) error
func (*Collection) AddIntermediatePEMs ¶
func (p *Collection) AddIntermediatePEMs(pems ...[]byte) error
func (*Collection) AddRoot ¶
func (p *Collection) AddRoot(certs ...*x509.Certificate) error
func (*Collection) AddRootPEMs ¶
func (p *Collection) AddRootPEMs(pems ...[]byte) error
func (*Collection) CertificatesByCN ¶
func (p *Collection) CertificatesByCN(commonName string) ([]*x509.Certificate, error)
func (*Collection) IntermediatePEMs ¶
func (p *Collection) IntermediatePEMs() [][]byte
func (*Collection) RootPEMs ¶
func (p *Collection) RootPEMs() [][]byte
func (*Collection) WithEnumerator ¶
func (p *Collection) WithEnumerator(enumerators ...Enumerator) *Collection
func (*Collection) WithSearchers ¶
func (p *Collection) WithSearchers(searchers ...Searcher) *Collection
func (*Collection) WithStores ¶
func (p *Collection) WithStores(stores ...Store) *Collection
type Enumerator ¶
type Searcher ¶
type Searcher interface {
CertificatesByCN(commonName string) ([]*x509.Certificate, error)
}
type Store ¶
type Store interface { Enumerator Searcher }