Documentation ¶
Overview ¶
Package helpers implements utility functionality common to many CFSSL packages.
Index ¶
- Constants
- Variables
- func CreateTLSConfig(remoteCAs *x509.CertPool, cert *tls.Certificate) *tls.Config
- func DeserializeSCTList(serializedSCTList []byte) ([]ct.SignedCertificateTimestamp, error)
- func EncodeCertificatePEM(cert *x509.Certificate) []byte
- func EncodeCertificatesPEM(certs []*x509.Certificate) []byte
- func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time)
- func GetKeyDERFromPEM(in []byte, password []byte) ([]byte, error)
- func HashAlgoString(alg x509.SignatureAlgorithm) string
- func InclusiveDate(year int, month time.Month, day int) time.Time
- func KeyLength(key interface{}) int
- func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, error)
- func LoadPEMCertPool(certsFile string) (*x509.CertPool, error)
- func MonthsValid(c *x509.Certificate) int
- func PEMToCertPool(pemCerts []byte) (*x509.CertPool, error)
- func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
- func ParseCSRDER(csrDER []byte) (*x509.CertificateRequest, error)
- func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error)
- func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)
- func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error)
- func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error)
- func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error)
- func ParsePrivateKeyPEM(keyPEM []byte) (key crypto.Signer, err error)
- func ParsePrivateKeyPEMWithPassword(keyPEM []byte, password []byte) (key crypto.Signer, err error)
- func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error)
- func ReadBytes(valFile string) ([]byte, error)
- func SCTListFromOCSPResponse(response *ocsp.Response) ([]ct.SignedCertificateTimestamp, error)
- func SerializeSCTList(sctList []ct.SignedCertificateTimestamp) ([]byte, error)
- func SignatureString(alg x509.SignatureAlgorithm) string
- func SignerAlgo(priv crypto.Signer) x509.SignatureAlgorithm
- func StringTLSVersion(version string) uint16
- func ValidExpiry(c *x509.Certificate) bool
Constants ¶
const OneDay = 24 * time.Hour
OneDay is a time.Duration representing a day's worth of seconds.
const OneYear = 8760 * time.Hour
OneYear is a time.Duration representing a year's worth of seconds.
Variables ¶
var Apr2015 = InclusiveDate(2015, time.April, 01)
Apr2015 is the April 2015 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 39 months.
var DelegationExtension = pkix.Extension{ Id: DelegationUsage, Critical: false, Value: []byte{0x05, 0x00}, }
DelegationExtension
var DelegationUsage = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 44363, 44}
DelegationUsage is the OID for the DelegationUseage extensions
var Jul2012 = InclusiveDate(2012, time.July, 01)
Jul2012 is the July 2012 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 5 years.
Functions ¶
func CreateTLSConfig ¶
CreateTLSConfig creates a tls.Config object from certs and roots
func DeserializeSCTList ¶
func DeserializeSCTList(serializedSCTList []byte) ([]ct.SignedCertificateTimestamp, error)
DeserializeSCTList deserializes a list of SCTs.
func EncodeCertificatePEM ¶
func EncodeCertificatePEM(cert *x509.Certificate) []byte
EncodeCertificatePEM encodes a single x509 certificates to PEM
func EncodeCertificatesPEM ¶
func EncodeCertificatesPEM(certs []*x509.Certificate) []byte
EncodeCertificatesPEM encodes a number of x509 certificates to PEM
func ExpiryTime ¶
func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time)
ExpiryTime returns the time when the certificate chain is expired.
func GetKeyDERFromPEM ¶
GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.
func HashAlgoString ¶
func HashAlgoString(alg x509.SignatureAlgorithm) string
HashAlgoString returns the hash algorithm name contained in the signature method.
func InclusiveDate ¶
InclusiveDate returns the time.Time representation of a date - 1 nanosecond. This allows time.After to be used inclusively.
func KeyLength ¶
func KeyLength(key interface{}) int
KeyLength returns the bit size of ECDSA, RSA or Ed25519 PublicKey
func LoadClientCertificate ¶
func LoadClientCertificate(certFile string, keyFile string) (*tls.Certificate, error)
LoadClientCertificate load key/certificate from pem files
func LoadPEMCertPool ¶
LoadPEMCertPool loads a pool of PEM certificates from file.
func MonthsValid ¶
func MonthsValid(c *x509.Certificate) int
MonthsValid returns the number of months for which a certificate is valid.
func PEMToCertPool ¶
PEMToCertPool concerts PEM certificates to a CertPool.
func ParseCSR ¶
func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
ParseCSR parses a PEM- or DER-encoded PKCS #10 certificate signing request.
func ParseCSRDER ¶ added in v1.6.5
func ParseCSRDER(csrDER []byte) (*x509.CertificateRequest, error)
ParseCSRDER parses a PEM-encoded certificate signing request. It does not check the signature. This is useful for dumping data from a CSR locally.
func ParseCSRPEM ¶
func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error)
ParseCSRPEM parses a PEM-encoded certificate signing request. It does not check the signature. This is useful for dumping data from a CSR locally.
func ParseCertificatePEM ¶
func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)
ParseCertificatePEM parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.
func ParseCertificatesDER ¶
func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error)
ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key, either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesPEM ¶
func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error)
ParseCertificatesPEM parses a sequence of PEM-encoded certificate and returns them, can handle PEM encoded PKCS #7 structures.
func ParseOneCertificateFromPEM ¶
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error)
ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object, either a raw x509 certificate or a PKCS #7 structure possibly containing multiple certificates, from the top of certsPEM, which itself may contain multiple PEM encoded certificate objects.
func ParsePrivateKeyPEM ¶
ParsePrivateKeyPEM parses and returns a PEM-encoded private key. The private key may be either an unencrypted PKCS#8, PKCS#1, or elliptic private key.
func ParsePrivateKeyPEMWithPassword ¶
ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private key. The private key may be a potentially encrypted PKCS#8, PKCS#1, or elliptic private key.
func ParseSelfSignedCertificatePEM ¶
func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error)
ParseSelfSignedCertificatePEM parses a PEM-encoded certificate and check if it is self-signed.
func ReadBytes ¶
ReadBytes reads a []byte either from a file or an environment variable. If valFile has a prefix of 'env:', the []byte is read from the environment using the subsequent name. If the prefix is 'file:' the []byte is read from the subsequent file. If no prefix is provided, valFile is assumed to be a file path.
func SCTListFromOCSPResponse ¶
func SCTListFromOCSPResponse(response *ocsp.Response) ([]ct.SignedCertificateTimestamp, error)
SCTListFromOCSPResponse extracts the SCTList from an ocsp.Response, returning an empty list if the SCT extension was not found or could not be unmarshalled.
func SerializeSCTList ¶
func SerializeSCTList(sctList []ct.SignedCertificateTimestamp) ([]byte, error)
SerializeSCTList serializes a list of SCTs.
func SignatureString ¶
func SignatureString(alg x509.SignatureAlgorithm) string
SignatureString returns the TLS signature string corresponding to an X509 signature algorithm.
func SignerAlgo ¶
func SignerAlgo(priv crypto.Signer) x509.SignatureAlgorithm
SignerAlgo returns an X.509 signature algorithm from a crypto.Signer.
func StringTLSVersion ¶
StringTLSVersion returns underlying enum values from human names for TLS versions, defaults to current golang default of TLS 1.0
func ValidExpiry ¶
func ValidExpiry(c *x509.Certificate) bool
ValidExpiry determines if a certificate is valid for an acceptable length of time per the CA/Browser Forum baseline requirements. See https://cabforum.org/wp-content/uploads/CAB-Forum-BR-1.3.0.pdf
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package derhelpers implements common functionality on DER encoded data
|
Package derhelpers implements common functionality on DER encoded data |