pkix

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2017 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateSubjectKeyID 

func GenerateSubjectKeyID(pub crypto.PublicKey) ([]byte, error)

GenerateSubjectKeyID generates SubjectKeyId used in Certificate Id is 160-bit SHA-1 hash of the value of the BIT STRING subjectPublicKey

func ParseAndValidateIPs 

func ParseAndValidateIPs(ipList string) (res []net.IP, err error)

ParseAndValidateIPs parses a comma-delimited list of IP addresses into an array of IP addresses

Types

type Certificate 

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate is a wrapper around a x509 Certificate and its DER-formatted bytes

func CreateCertificateAuthority 

func CreateCertificateAuthority(key *Key, organizationalUnit string, expiry time.Time, organization string, country string, province string, locality string, commonName string) (*Certificate, error)

CreateCertificateAuthority creates Certificate Authority using existing key. CertificateAuthorityInfo returned is the extra infomation required by Certificate Authority.

func CreateCertificateHost 

func CreateCertificateHost(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, proposedExpiry time.Time) (*Certificate, error)

CreateCertificateHost creates certificate for host. The arguments include CA certificate, CA key, certificate request.

func CreateIntermediateCertificateAuthority added in v1.1.0 

func CreateIntermediateCertificateAuthority(crtAuth *Certificate, keyAuth *Key, csr *CertificateSigningRequest, proposedExpiry time.Time) (*Certificate, error)

CreateIntermediateCertificateAuthority creates an intermediate CA certificate signed by the given authority.

func NewCertificateFromDER 

func NewCertificateFromDER(derBytes []byte) *Certificate

NewCertificateFromDER inits Certificate from DER-format bytes

func NewCertificateFromPEM 

func NewCertificateFromPEM(data []byte) (c *Certificate, err error)

NewCertificateFromPEM inits Certificate from PEM-format bytes data should contain at most one certificate

func (*Certificate) CheckAuthority 

func (c *Certificate) CheckAuthority() error

CheckAuthority checks the authority of certificate against itself. It only ensures that certificate is self-explanatory, and cannot promise the validity and security.

func (*Certificate) Export 

func (c *Certificate) Export() ([]byte, error)

Export returns PEM-format bytes

func (*Certificate) GetExpirationDuration 

func (c *Certificate) GetExpirationDuration() time.Duration

GetExpirationDuration gets time duration before expiration

func (*Certificate) GetRawCertificate 

func (c *Certificate) GetRawCertificate() (*x509.Certificate, error)

GetRawCertificate returns a copy of this certificate as an x509.Certificate

func (*Certificate) VerifyHost 

func (c *Certificate) VerifyHost(hostCert *Certificate, name string) error

VerifyHost verifies the host certificate using host name. Only certificate of authority could call this function successfully. Current implementation allows one CA and direct hosts only, so the organization is always this: 

       CA
host1 host2 host3

type CertificateAuthorityInfo 

type CertificateAuthorityInfo struct {
	// SerialNumber that has been used so far
	// Recorded to ensure all serial numbers issued by the CA are different
	SerialNumber *big.Int
}

CertificateAuthorityInfo includes extra information required for CA

func NewCertificateAuthorityInfo 

func NewCertificateAuthorityInfo(serialNumber int64) *CertificateAuthorityInfo

NewCertificateAuthorityInfo creates a new CertifaceAuthorityInfo with the given serial number

func NewCertificateAuthorityInfoFromJSON 

func NewCertificateAuthorityInfoFromJSON(data []byte) (*CertificateAuthorityInfo, error)

NewCertificateAuthorityInfoFromJSON creates a new CertifaceAuthorityInfo with the given JSON information

func (*CertificateAuthorityInfo) Export 

func (n *CertificateAuthorityInfo) Export() ([]byte, error)

Export transfers the serial number to a JSON format

func (*CertificateAuthorityInfo) IncSerialNumber 

func (n *CertificateAuthorityInfo) IncSerialNumber()

IncSerialNumber increments the given CA Info's serial number

type CertificateRevocationList 

type CertificateRevocationList struct {
	// contains filtered or unexported fields
}

CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes

func CreateCertificateRevocationList 

func CreateCertificateRevocationList(key *Key, ca *Certificate, expiry time.Time) (*CertificateRevocationList, error)

func NewCertificateRevocationListFromDER 

func NewCertificateRevocationListFromDER(derBytes []byte) *CertificateRevocationList

NewCertificateRevocationListFromDER inits CertificateRevocationList from DER-format bytes

func NewCertificateRevocationListFromPEM 

func NewCertificateRevocationListFromPEM(data []byte) (*CertificateRevocationList, error)

NewCertificateRevocationListFromPEM inits CertificateRevocationList from PEM-format bytes

func (*CertificateRevocationList) Export 

func (c *CertificateRevocationList) Export() ([]byte, error)

Export returns PEM-format bytes

type CertificateSigningRequest 

type CertificateSigningRequest struct {
	// contains filtered or unexported fields
}

CertificateSigningRequest is a wrapper around a x509 CertificateRequest and its DER-formatted bytes

func CreateCertificateSigningRequest 

func CreateCertificateSigningRequest(key *Key, organizationalUnit string, ipList []net.IP, domainList []string, organization string, country string, province string, locality string, commonName string) (*CertificateSigningRequest, error)

CreateCertificateSigningRequest sets up a request to create a csr file with the given parameters

func NewCertificateSigningRequestFromDER 

func NewCertificateSigningRequestFromDER(derBytes []byte) *CertificateSigningRequest

NewCertificateSigningRequestFromDER inits CertificateSigningRequest from DER-format bytes

func NewCertificateSigningRequestFromPEM 

func NewCertificateSigningRequestFromPEM(data []byte) (*CertificateSigningRequest, error)

NewCertificateSigningRequestFromPEM inits CertificateSigningRequest from PEM-format bytes data should contain at most one certificate

func (*CertificateSigningRequest) CheckSignature 

func (c *CertificateSigningRequest) CheckSignature() error

CheckSignature verifies that the signature is a valid signature using the public key in CertificateSigningRequest.

func (*CertificateSigningRequest) Export 

func (c *CertificateSigningRequest) Export() ([]byte, error)

Export returns PEM-format bytes

func (*CertificateSigningRequest) GetRawCertificateSigningRequest 

func (c *CertificateSigningRequest) GetRawCertificateSigningRequest() (*x509.CertificateRequest, error)

GetRawCertificateSigningRequest returns a copy of this certificate request as an x509.CertificateRequest.

type Key 

type Key struct {
	Public  crypto.PublicKey
	Private crypto.PrivateKey
}

Key contains a public-private keypair

func CreateRSAKey 

func CreateRSAKey(rsaBits int) (*Key, error)

CreateRSAKey creates a new Key using RSA algorithm

func NewKey 

func NewKey(pub crypto.PublicKey, priv crypto.PrivateKey) *Key

NewKey returns a new public-private keypair Key type

func NewKeyFromEncryptedPrivateKeyPEM 

func NewKeyFromEncryptedPrivateKeyPEM(data []byte, password []byte) (*Key, error)

NewKeyFromEncryptedPrivateKeyPEM inits Key from encrypted PEM-format rsa private key bytes

func NewKeyFromPrivateKeyPEM 

func NewKeyFromPrivateKeyPEM(data []byte) (*Key, error)

NewKeyFromPrivateKeyPEM inits Key from PEM-format rsa private key bytes

func (*Key) ExportEncryptedPrivate 

func (k *Key) ExportEncryptedPrivate(password []byte) ([]byte, error)

ExportEncryptedPrivate exports encrypted PEM-format private key

func (*Key) ExportPrivate 

func (k *Key) ExportPrivate() ([]byte, error)

ExportPrivate exports PEM-format private key

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.