librpki

package
v1.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2019 License: BSD-3-Clause Imports: 13 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	IpAddrBlock      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 7}
	AutonomousSysIds = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 8}

	IpAddrBlockV2      = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 28}
	AutonomousSysIdsV2 = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 29}
	IpAddrAndASIdent   = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 30}

	SubjectInfoAccess = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}

	SubjectKeyIdentifier   = asn1.ObjectIdentifier{2, 5, 29, 14}
	AuthorityKeyIdentifier = asn1.ObjectIdentifier{2, 5, 29, 35}
)
View Source 
var (
	MessageDigest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 4}
	SigningTime   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 5}
)
View Source 
var (
	RSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
)

Functions

func BER2DER 

func BER2DER(ber []byte) ([]byte, error)

BER2DER attempts to convert BER encoded data to DER encoding.

func BadFormatGroup 

func BadFormatGroup(data []byte) ([]byte, bool, error)

func DecodeASN 

func DecodeASN(data []byte) ([]ASNCertificateInformation, []ASNCertificateInformation, error)

func DecodeIP 

func DecodeIP(addrfamily []byte, addr asn1.BitString) (*net.IPNet, error)

func DecodeIPMinMax 

func DecodeIPMinMax(addrfamily []byte, addr asn1.BitString, max bool) (net.IP, error)

func DecodeKeyAuthority 

func DecodeKeyAuthority(data []byte) ([]byte, error)

https://tools.ietf.org/html/rfc5280#section-4.2.1.2

func DecodeKeyIdentifier 

func DecodeKeyIdentifier(data []byte) ([]byte, error)

func DecryptSignatureRSA 

func DecryptSignatureRSA(signature []byte, pubKey *rsa.PublicKey) ([]byte, error)

func DeleteLineEnd 

func DeleteLineEnd(line string) string

func GetRangeIP 

func GetRangeIP(ipnet *net.IPNet) (net.IP, net.IP)

func RSA_public_decrypt 

func RSA_public_decrypt(pubKey *rsa.PublicKey, data []byte) []byte

https://stackoverflow.com/questions/44852289/decrypt-with-public-key

func ValidateASNCertificateList 

func ValidateASNCertificateList(list []ASNCertificateInformation, parent *RPKI_Certificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func ValidateIPCertificateList 

func ValidateIPCertificateList(list []IPCertificateInformation, parent *RPKI_Certificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

https://tools.ietf.org/html/rfc6487#section-7.2

func ValidateIPRoaCertificateList 

func ValidateIPRoaCertificateList(entries []*ROA_Entry, cert *RPKI_Certificate) ([]*ROA_Entry, []*ROA_Entry, []*ROA_Entry)

Types

type ASN 

type ASN struct {
	ASN int
}

func (*ASN) GetRange 

func (a *ASN) GetRange() (int, int, bool)

func (*ASN) IsASNInRange 

func (a *ASN) IsASNInRange(asn int) (bool, bool)

func (*ASN) String 

func (a *ASN) String() string

type ASNCertificateInformation 

type ASNCertificateInformation interface {
	GetRange() (int, int, bool)
	IsASNInRange(int) (bool, bool)
	String() string
}

func DecodeASIdentifier 

func DecodeASIdentifier(data asn1.RawValue) ([]ASNCertificateInformation, error)

type ASNRange 

type ASNRange struct {
	Min int
	Max int
}

func (*ASNRange) GetRange 

func (ar *ASNRange) GetRange() (int, int, bool)

func (*ASNRange) IsASNInRange 

func (ar *ASNRange) IsASNInRange(asn int) (bool, bool)

func (*ASNRange) String 

func (ar *ASNRange) String() string

type ASNull 

type ASNull struct {
}

func (*ASNull) GetRange 

func (an *ASNull) GetRange() (int, int, bool)

func (*ASNull) IsASNInRange 

func (an *ASNull) IsASNInRange(asn int) (bool, bool)

func (*ASNull) String 

func (an *ASNull) String() string

type Attribute 

type Attribute struct {
	AttrType  asn1.ObjectIdentifier
	AttrValue []asn1.RawValue `asn1:"set"`
}

type CMS 

type CMS struct {
	OID        asn1.ObjectIdentifier
	SignedData CmsSignedData `asn1:"explicit,tag:0"`
}

func DecodeCMS 

func DecodeCMS(data []byte) (*CMS, error)

func (*CMS) GetRPKICertificate 

func (cms *CMS) GetRPKICertificate() (*RPKI_Certificate, error)

func (*CMS) GetSigningTime 

func (cms *CMS) GetSigningTime() (time.Time, error)

func (*CMS) Validate 

func (cms *CMS) Validate(encap []byte, cert *x509.Certificate) error

Won't validate if signedattributes is empty

type CmsSignedData 

type CmsSignedData struct {
	Version          int
	DigestAlgorithms []asn1.RawValue `asn1:"set"`
	EncapContentInfo asn1.RawValue
	Certificates     asn1.RawValue `asn1:"tag:0,optional"`
	CRLs             asn1.RawValue `asn1:"tag:1,optional"`
	SignerInfos      []SignerInfo  `asn1:"set"`
}

type FileList 

type FileList struct {
	File string
	Hash asn1.BitString
}

type IPAddressNull 

type IPAddressNull struct {
	Family uint8
}

func (*IPAddressNull) GetAfi 

func (ipan *IPAddressNull) GetAfi() uint8

func (*IPAddressNull) GetRange 

func (ipan *IPAddressNull) GetRange() (net.IP, net.IP, bool)

func (*IPAddressNull) IsIPInRange 

func (ipan *IPAddressNull) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressNull) String 

func (ipan *IPAddressNull) String() string

type IPAddressRange 

type IPAddressRange struct {
	Min net.IP
	Max net.IP
}

func (*IPAddressRange) GetAfi 

func (ipr *IPAddressRange) GetAfi() uint8

func (*IPAddressRange) GetRange 

func (ipr *IPAddressRange) GetRange() (net.IP, net.IP, bool)

func (*IPAddressRange) IsIPInRange 

func (ipr *IPAddressRange) IsIPInRange(ip net.IP) (bool, bool)

func (*IPAddressRange) String 

func (ipr *IPAddressRange) String() string

type IPCertificateInformation 

type IPCertificateInformation interface {
	GetRange() (net.IP, net.IP, bool)
	IsIPInRange(net.IP) (bool, bool)
	String() string
	GetAfi() uint8
}

func DecodeIPAddressBlock 

func DecodeIPAddressBlock(data []byte) ([]IPCertificateInformation, error)

type IPNet 

type IPNet struct {
	IPNet *net.IPNet
}

func (*IPNet) GetAfi 

func (ipn *IPNet) GetAfi() uint8

func (*IPNet) GetRange 

func (ipn *IPNet) GetRange() (net.IP, net.IP, bool)

func (*IPNet) IsIPInRange 

func (ipn *IPNet) IsIPInRange(ip net.IP) (bool, bool)

func (*IPNet) String 

func (ipn *IPNet) String() string

type Manifest 

type Manifest struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

type ManifestContent 

type ManifestContent struct {
	ManifestNumber *big.Int
	ThisUpdate     time.Time
	NextUpdate     time.Time
	FileHashAlg    asn1.ObjectIdentifier
	FileList       []FileList
}

type ROA 

type ROA struct {
	OID      asn1.ObjectIdentifier
	EContent asn1.RawValue `asn1:"tag:0,explicit,optional"`
}

type ROAAddressFamily 

type ROAAddressFamily struct {
	AddressFamily []byte
	Addresses     []ROAIPAddresses
}

type ROAContent 

type ROAContent struct {
	ASID         int
	IpAddrBlocks []ROAAddressFamily
}

type ROAIPAddresses 

type ROAIPAddresses struct {
	Address   asn1.BitString
	MaxLength int `asn1:"optional,default:-1"`
}

type ROA_Entry 

type ROA_Entry struct {
	IPNet     *net.IPNet
	MaxLength int
}

func ConvertROAEntries 

func ConvertROAEntries(roacontent ROAContent) ([]*ROA_Entry, int, error)

func (*ROA_Entry) Validate 

func (entry *ROA_Entry) Validate() error

type RPKI_Certificate 

type RPKI_Certificate struct {
	SubjectInformationAccess []SIA
	IPAddresses              []IPCertificateInformation
	ASNums                   []ASNCertificateInformation
	ASNRDI                   []ASNCertificateInformation

	Certificate *x509.Certificate
}

func DecodeCertificate 

func DecodeCertificate(data []byte) (*RPKI_Certificate, error)

func (*RPKI_Certificate) IsASRangeInCertificate 

func (cert *RPKI_Certificate) IsASRangeInCertificate(min int, max int) (bool, bool)

func (*RPKI_Certificate) IsIPRangeInCertificate 

func (cert *RPKI_Certificate) IsIPRangeInCertificate(min net.IP, max net.IP) (bool, bool)

func (*RPKI_Certificate) String 

func (cert *RPKI_Certificate) String() string

func (*RPKI_Certificate) Validate 

func (cert *RPKI_Certificate) Validate(parent *RPKI_Certificate) error

func (*RPKI_Certificate) ValidateASNCertificate 

func (cert *RPKI_Certificate) ValidateASNCertificate(parent *RPKI_Certificate) ([]ASNCertificateInformation, []ASNCertificateInformation, []ASNCertificateInformation)

func (*RPKI_Certificate) ValidateIPCertificate 

func (cert *RPKI_Certificate) ValidateIPCertificate(parent *RPKI_Certificate) ([]IPCertificateInformation, []IPCertificateInformation, []IPCertificateInformation)

func (*RPKI_Certificate) ValidateTime 

func (cert *RPKI_Certificate) ValidateTime(comp time.Time) error

type RPKI_Manifest 

type RPKI_Manifest struct {
	Certificate        *RPKI_Certificate
	Content            ManifestContent
	BadFormat          bool
	InnerValid         bool
	InnerValidityError error
}

func DecodeManifest 

func DecodeManifest(data []byte) (*RPKI_Manifest, error)

type RPKI_ROA 

type RPKI_ROA struct {
	ASN         int
	Entries     []*ROA_Entry
	Certificate *RPKI_Certificate
	BadFormat   bool
	SigningTime time.Time

	InnerValid         bool
	InnerValidityError error

	Valids      []*ROA_Entry
	Invalids    []*ROA_Entry
	CheckParent []*ROA_Entry
}

func DecodeROA 

func DecodeROA(data []byte) (*RPKI_ROA, error)

func (*RPKI_ROA) ValidateEntries 

func (roa *RPKI_ROA) ValidateEntries() error

func (*RPKI_ROA) ValidateIPRoaCertificate 

func (roa *RPKI_ROA) ValidateIPRoaCertificate(cert *RPKI_Certificate) ([]*ROA_Entry, []*ROA_Entry, []*ROA_Entry)

func (*RPKI_ROA) ValidateTime 

func (roa *RPKI_ROA) ValidateTime(comp time.Time) error

type RPKI_TAL 

type RPKI_TAL struct {
	URI       string
	Algorithm x509.PublicKeyAlgorithm
	OID       asn1.ObjectIdentifier
	PublicKey interface{}
}

func DecodeTAL 

func DecodeTAL(data []byte) (*RPKI_TAL, error)

func (*RPKI_TAL) CheckCertificate 

func (tal *RPKI_TAL) CheckCertificate(cert *x509.Certificate) bool

type SIA 

type SIA struct {
	AccessMethod asn1.ObjectIdentifier
	GeneralName  []byte `asn1:"tag:6"`
}

func DecodeSubjectInformationAccess 

func DecodeSubjectInformationAccess(data []byte) ([]SIA, error)

func (*SIA) String 

func (sia *SIA) String() string

type SignatureDecoded 

type SignatureDecoded struct {
	Inner SignatureInner
	Hash  []byte
}

type SignatureInner 

type SignatureInner struct {
	OID asn1.ObjectIdentifier
}

type SignedAttributesDigest 

type SignedAttributesDigest struct {
	SignedAttrs []Attribute `asn1:"set"`
}

type SignerInfo 

type SignerInfo struct {
	Version            int
	Sid                asn1.RawValue
	DigestAlgorithms   []asn1.RawValue
	SignedAttrs        []Attribute `asn1:"optional,tag:0,implicit,set"`
	SignatureAlgorithm asn1.RawValue
	Signature          []byte
	UnsignedAttrs      asn1.RawValue `asn1:"optional,tag:1,implicit"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.