certnames

Documentation

Overview

Package certnames contains helpers for validating X.509 client certificates.

Index

• Constants
• type CertNames
  • func (cns CertNames) AppendTo(out *strings.Builder)
  • func (cns CertNames) Check(cert *x509.Certificate) bool
  • func (cns *CertNames) FromList(list []string) error
  • func (cns CertNames) IsPermitAll() bool
  • func (cns CertNames) List() []string
  • func (cns CertNames) MarshalJSON() ([]byte, error)
  • func (cns *CertNames) Parse(str string) error
  • func (cns CertNames) String() string
  • func (cns *CertNames) UnmarshalJSON(raw []byte) error
• type ParseError
  • func (err ParseError) Error() string

Constants

const ANY = "ANY"

ANY is the string representation of a CertNames that permits all certificates.

Types

type CertNames

type CertNames struct {
	// contains filtered or unexported fields
}

CertNames is a set of permitted Subject Distinguished Name and Subject Alternative Name components that a client certificate can match.

func (CertNames) AppendTo

func (cns CertNames) AppendTo(out *strings.Builder)

AppendTo efficiently appends the string representation to the given Builder. See FromList for details about the format.

func (CertNames) Check

func (cns CertNames) Check(cert *x509.Certificate) bool

Check returns true if the given cert matches at least one permitted name.

func (*CertNames) FromList

func (cns *CertNames) FromList(list []string) error

FromList parses a list of names.

• "ANY" permits all certificates

• "O=<org>" permits certs with a Subject.Organization of <org>

• "OU=<unit>" permits certs with a Subject.OrganizationalUnit of <unit>

• "CN=<name>" permits certs with a Subject.CommonName of <name>

• "E=<email>" permits certs with a Subject.Name of Type OID(1.2.840.113549.1.9.1) (the obsolete DN field "emailAddress") and value <email>, or with an EmailAddress SAN of <email>

• If the list item isn't "KEY=VALUE"-shaped, then the parser will make an educated guess as to whether the list item is meant to be a commonName or an emailAddress.

func (CertNames) IsPermitAll

func (cns CertNames) IsPermitAll() bool

IsPermitAll returns true if all certificates are permitted.

func (CertNames) List

func (cns CertNames) List() []string

List returns the list of permitted names, or ["ANY"] if all certificates are permitted. See FromList for details about the format.

func (CertNames) MarshalJSON

func (cns CertNames) MarshalJSON() ([]byte, error)

MarshalJSON fulfills json.Marshaler.

func (*CertNames) Parse

func (cns *CertNames) Parse(str string) error

Parse parses a colon-delimited list of names. See FromList for details about the format.

func (CertNames) String

func (cns CertNames) String() string

String returns a colon-delimited list of permitted names, or "ANY" if all certificates are permitted. See FromList for details about the format.

func (*CertNames) UnmarshalJSON

func (cns *CertNames) UnmarshalJSON(raw []byte) error

UnmarshalJSON fulfills json.Unmarshaler.

type ParseError

type ParseError struct {
	Key   string
	Value string
}

ParseError represents a parsing error in CertNames.FromList.

func (ParseError) Error

func (err ParseError) Error() string

Error fulfills the error interface.