x509tools

package
v7.2.1+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2019 License: Apache-2.0 Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source 
const InvalidName = "<invalid>"

returned by the Format* functions in case there's something cripplingly wrong with it

Variables

View Source 
var (
	// RFC 3279
	OidDigestMD5  = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5}
	OidDigestSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	// RFC 5758
	OidDigestSHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4}
	OidDigestSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	OidDigestSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
	OidDigestSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
)
View Source 
var (
	// RFC 3279
	OidPublicKeyRSA   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OidPublicKeyDSA   = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
	OidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}

	// RFC 4055
	OidMGF1            = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8}
	OidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}

	Asn1TagBMPString = 30
)
View Source 
var (
	ArgCountry            string
	ArgOrganization       string
	ArgOrganizationalUnit string
	ArgLocality           string
	ArgProvince           string
	ArgCommonName         string
	ArgDNSNames           string
	ArgEmailNames         string
	ArgKeyUsage           string
	ArgExpireDays         uint
	ArgCertAuthority      bool
	ArgSerial             string
	ArgInteractive        bool
	ArgRSAPSS             bool
)
View Source 
var DefinedCurves = []CurveDefinition{
	{256, elliptic.P256(), asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}},
	{384, elliptic.P384(), asn1.ObjectIdentifier{1, 3, 132, 0, 34}},
	{521, elliptic.P521(), asn1.ObjectIdentifier{1, 3, 132, 0, 35}},
}
View Source 
var HashNames = map[crypto.Hash]string{
	crypto.MD5:    "MD5",
	crypto.SHA1:   "SHA1",
	crypto.SHA224: "SHA-224",
	crypto.SHA256: "SHA-256",
	crypto.SHA384: "SHA-384",
	crypto.SHA512: "SHA-512",
}
View Source 
var HashOids = map[crypto.Hash]asn1.ObjectIdentifier{
	crypto.MD5:    OidDigestMD5,
	crypto.SHA1:   OidDigestSHA1,
	crypto.SHA224: OidDigestSHA224,
	crypto.SHA256: OidDigestSHA256,
	crypto.SHA384: OidDigestSHA384,
	crypto.SHA512: OidDigestSHA512,
}

Functions

func AddCertFlags 

func AddCertFlags(cmd *cobra.Command)

Add flags associated with X509 certificate creation to the given command

func AddRequestFlags 

func AddRequestFlags(cmd *cobra.Command)

Add flags associated with X509 requests to the given command

func CrossSign 

func CrossSign(certBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate) (string, error)

CrossSign takes a certificate as input and re-signs it using the given key. Any command-line flags set will override the CSR contents.

func DerToPoint 

func DerToPoint(curve elliptic.Curve, der []byte) (*big.Int, *big.Int)

Decode an ECDSA public key from its DER encoding. Both octet and bitstring encodings are supported.

func FormatIssuer 

func FormatIssuer(cert *x509.Certificate) string

Format the certificate issuer name in LDAP style

func FormatPkixName 

func FormatPkixName(der []byte, style NameStyle) string

Format the name (RDN sequence) from its raw DER to a readable style.

func FormatSubject 

func FormatSubject(cert *x509.Certificate) string

Format the certificate subject name in LDAP style

func FprintCertificate 

func FprintCertificate(w io.Writer, cert *x509.Certificate)

FprintCertificate formats a certificate for display

func GetPublicKeyAlgorithm 

func GetPublicKeyAlgorithm(key interface{}) x509.PublicKeyAlgorithm

Determine the type of a public or private key

func HashByName 

func HashByName(name string) crypto.Hash

func HashShortName 

func HashShortName(hash crypto.Hash) string

func LoadCertPool 

func LoadCertPool(path string, tconf *tls.Config) error

Load a certificate pool from a file and set it as the root CA for a TLS config. If path is empty then the system pool will be used. If the filename starts with + then both the system pool and the contents of the file will be used.

func MakeCertificate 

func MakeCertificate(rand io.Reader, key crypto.Signer) (string, error)

Make a self-signed X509 certificate using command-line arguments and return the PEM string

func MakeRequest 

func MakeRequest(rand io.Reader, key crypto.Signer) (string, error)

Make a X509 certificate request using command-line arguments and return the PEM string

func MakeSerial 

func MakeSerial() *big.Int

Make a random 12 byte big.Int

func MarshalDigest 

func MarshalDigest(hash crypto.Hash, digest []byte) (der []byte, ok bool)

Pack a digest along with an algorithm identifier. Mainly useful for PKCS#1v1.5 padding (RSA).

func MarshalRSAPSSParameters 

func MarshalRSAPSSParameters(pub *rsa.PublicKey, opts *rsa.PSSOptions) (asn1.RawValue, error)

func ParseBMPString 

func ParseBMPString(raw asn1.RawValue) string

func PkixAlgorithms 

func PkixAlgorithms(pub crypto.PublicKey, opts crypto.SignerOpts) (digestAlg, sigAlg pkix.AlgorithmIdentifier, err error)

Given a public key and signer options, return the appropriate X.509 digest and signature algorithms

func PkixDigestAlgorithm 

func PkixDigestAlgorithm(hash crypto.Hash) (alg pkix.AlgorithmIdentifier, ok bool)

Convert a crypto.Hash to a X.509 AlgorithmIdentifier

func PkixDigestToHash 

func PkixDigestToHash(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, ok bool)

Convert a X.509 AlgorithmIdentifier to a crypto.Hash

func PkixDigestToHashE 

func PkixDigestToHashE(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, err error)

Convert a X.509 AlgorithmIdentifier to a crypto.Hash

func PkixPublicKeyAlgorithm 

func PkixPublicKeyAlgorithm(pub crypto.PublicKey) (alg pkix.AlgorithmIdentifier, ok bool)

Convert a crypto.PublicKey to a X.509 AlgorithmIdentifier

func PkixVerify 

func PkixVerify(pub crypto.PublicKey, digestAlg, sigAlg pkix.AlgorithmIdentifier, digest, sig []byte) error

Verify a signature using the algorithm specified by the given X.509 AlgorithmIdentifier

func PointToDer 

func PointToDer(pub *ecdsa.PublicKey) []byte

func SameKey 

func SameKey(pub1, pub2 interface{}) bool

Test whether two public or private keys have the same public key

func SetKeyLogFile 

func SetKeyLogFile(tconf *tls.Config)

If the SSLKEYLOGFILE environment variable is set, then open it for appending and write TLS master secrets there in the "NSS Key Log Format". Use this for debugging TLS and HTTP problems with Wireshark.

func SignCSR 

func SignCSR(csrBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate, copyExtensions bool) (string, error)

SignCSR takes a PKCS#10 signing request in PEM or DER format as input and produces a signed certificate in PEM format. Any command-line flags set will override the CSR contents.

func SubjectKeyID 

func SubjectKeyID(pub crypto.PublicKey) ([]byte, error)

Calculcate subject key identifier from a public key per RFC 3280

func SupportedCurves 

func SupportedCurves() string

Return the names of all supported ECDSA curves

func ToBMPString 

func ToBMPString(value string) asn1.RawValue

func UnmarshalRSAPSSParameters 

func UnmarshalRSAPSSParameters(hash crypto.Hash, raw asn1.RawValue) (*rsa.PSSOptions, error)

func Verify 

func Verify(pub interface{}, hash crypto.Hash, hashed []byte, sig []byte) error

Verify an RSA or ECDSA signature

func X509SignatureAlgorithm 

func X509SignatureAlgorithm(pub crypto.PublicKey) x509.SignatureAlgorithm

Choose a X509 signature algorithm suitable for the specified public key

Types

type CurveDefinition 

type CurveDefinition struct {
	Bits  uint
	Curve elliptic.Curve
	Oid   asn1.ObjectIdentifier
}

Predefined named ECDSA curve

func CurveByBits 

func CurveByBits(bits uint) (*CurveDefinition, error)

Get a curve by a number of bits

func CurveByCurve 

func CurveByCurve(curve elliptic.Curve) (*CurveDefinition, error)

Get a curve by an elliptic.Curve value

func CurveByDer 

func CurveByDer(der []byte) (*CurveDefinition, error)

Get a curve by the DER encoding of its OID

func CurveByOid 

func CurveByOid(oid asn1.ObjectIdentifier) (*CurveDefinition, error)

Get a curve by its ASN.1 object identifier

func CurveByOidString 

func CurveByOidString(oidstr string) (*CurveDefinition, error)

Get a curve by a dotted decimal OID string

func (*CurveDefinition) ToDer 

func (def *CurveDefinition) ToDer() []byte

Return the DER encoding of the ASN.1 OID of this named curve

type EcdsaSignature 

type EcdsaSignature struct {
	R, S *big.Int
}

ASN.1 structure used to encode an ECDSA signature

func UnmarshalEcdsaSignature 

func UnmarshalEcdsaSignature(der []byte) (sig EcdsaSignature, err error)

Unpack an ECDSA signature from an ASN.1 DER sequence

func UnpackEcdsaSignature 

func UnpackEcdsaSignature(packed []byte) (sig EcdsaSignature, err error)

Unpack an ECDSA signature consisting of two numbers concatenated per IEEE 1363

func (EcdsaSignature) Marshal 

func (sig EcdsaSignature) Marshal() []byte

Marshal an ECDSA signature as an ASN.1 structure

func (EcdsaSignature) Pack 

func (sig EcdsaSignature) Pack() []byte

Pack an ECDSA signature by concatenating the two numbers per IEEE 1363

type NameStyle 

type NameStyle int
const (
	NameStyleOpenSsl NameStyle = iota
	NameStyleLdap
	NameStyleMsOsco
)

type UnknownDigestError 

type UnknownDigestError struct {
	Algorithm asn1.ObjectIdentifier
}

func (UnknownDigestError) Error 

func (e UnknownDigestError) Error() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.