Documentation ¶
Index ¶
- Constants
- Variables
- func AllAlternateNameWithTagAreIA5(ext *pkix.Extension, tag int) (bool, error)
- func AppendToStringSemicolonDelim(this *string, s string)
- func AuthIsFQDNOrIP(auth string) bool
- func CertificateSubjInTLD(c *x509.Certificate, label string) bool
- func CheckAlgorithmIDParamNotNULL(algorithmIdentifier []byte, requiredAlgoID asn1.ObjectIdentifier) error
- func CheckRDNSequenceWhiteSpace(raw []byte) (leading, trailing bool, err error)
- func CommonNameIsIP(cert *x509.Certificate) bool
- func DNSNamesExist(cert *x509.Certificate) bool
- func FindTimeType(firstDate, secondDate asn1.RawValue) (int, int)
- func GetAuthority(uri string) string
- func GetExtFromCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension
- func GetHost(auth string) string
- func GetMappedPolicies(polMap *pkix.Extension) ([][2]asn1.ObjectIdentifier, error)
- func GetPublicKeyAidEncoded(c *x509.Certificate) ([]byte, error)
- func GetPublicKeyOID(c *x509.Certificate) (asn1.ObjectIdentifier, error)
- func GetSignatureAlgorithmInTBSEncoded(c *x509.Certificate) ([]byte, error)
- func GetTimes(cert *x509.Certificate) (asn1.RawValue, asn1.RawValue)
- func HasEKU(cert *x509.Certificate, eku x509.ExtKeyUsage) bool
- func HasValidTLD(domain string, when time.Time) bool
- func ICANNPublicSuffixParse(domain string) (*publicsuffix.DomainName, error)
- func IntersectsIANAReserved(net net.IPNet) bool
- func IsAnyEtsiQcStatementPresent(extVal []byte) bool
- func IsCACert(c *x509.Certificate) bool
- func IsEV(in []asn1.ObjectIdentifier) bool
- func IsEmptyASN1Sequence(input []byte) bool
- func IsExtInCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) bool
- func IsFQDN(domain string) bool
- func IsFQDNOrIP(host string) bool
- func IsIA5String(raw []byte) bool
- func IsIANAReserved(ip net.IP) bool
- func IsISOCountryCode(in string) bool
- func IsInPrefSyn(name string) bool
- func IsInTLDMap(label string) bool
- func IsNameAttribute(oid asn1.ObjectIdentifier) bool
- func IsRootCA(c *x509.Certificate) bool
- func IsSelfSigned(c *x509.Certificate) bool
- func IsServerAuthCert(cert *x509.Certificate) bool
- func IsSubCA(c *x509.Certificate) bool
- func IsSubscriberCert(c *x509.Certificate) bool
- func NotAllNameFieldsAreEmpty(name *pkix.Name) bool
- func ParseBMPString(bmpString []byte) (string, error)
- func PrimeNoSmallerThan752(dividend *big.Int) bool
- func RemovePrependedQuestionMarks(domain string) string
- func RemovePrependedWildcard(domain string) string
- func SliceContainsOID(list []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier) bool
- func TypeInName(name *pkix.Name, oid asn1.ObjectIdentifier) bool
- type AttributeTypeAndRawValue
- type AttributeTypeAndRawValueSET
- type Etsi421QualEuCert
- type Etsi423QcType
- type EtsiMonetaryValueAlph
- type EtsiMonetaryValueNum
- type EtsiQcLimitValue
- type EtsiQcPds
- type EtsiQcRetentionPeriod
- type EtsiQcSscd
- type EtsiQcStmtIf
- type GTLDPeriod
- type PdsLocation
- type RawRDNSequence
Constants ¶
const (
// Tags
DNSNameTag = 2
)
const (
GTLDPeriodDateFormat = "2006-01-02"
)
const OnionTLD = ".onion"
Variables ¶
var ( //extension OIDs AiaOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1} // Authority Information Access AuthkeyOID = asn1.ObjectIdentifier{2, 5, 29, 35} // Authority Key Identifier BasicConstOID = asn1.ObjectIdentifier{2, 5, 29, 19} // Basic Constraints CertPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32} // Certificate Policies CrlDistOID = asn1.ObjectIdentifier{2, 5, 29, 31} // CRL Distribution Points CtPoisonOID = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} // CT Poison EkuSynOid = asn1.ObjectIdentifier{2, 5, 29, 37} // Extended Key Usage Syntax FreshCRLOID = asn1.ObjectIdentifier{2, 5, 29, 46} // Freshest CRL InhibitAnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 54} // Inhibit Any Policy IssuerAlternateNameOID = asn1.ObjectIdentifier{2, 5, 29, 18} // Issuer Alt Name KeyUsageOID = asn1.ObjectIdentifier{2, 5, 29, 15} // Key Usage LogoTypeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 12} // Logo Type Ext NameConstOID = asn1.ObjectIdentifier{2, 5, 29, 30} // Name Constraints OscpNoCheckOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1, 5} // OSCP No Check PolicyConstOID = asn1.ObjectIdentifier{2, 5, 29, 36} // Policy Constraints PolicyMapOID = asn1.ObjectIdentifier{2, 5, 29, 33} // Policy Mappings PrivKeyUsageOID = asn1.ObjectIdentifier{2, 5, 29, 16} // Private Key Usage Period QcStateOid = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 3} // QC Statements TimestampOID = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} // Signed Certificate Timestamp List SmimeOID = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 15} // Smime Capabilities SubjectAlternateNameOID = asn1.ObjectIdentifier{2, 5, 29, 17} // Subject Alt Name SubjectDirAttrOID = asn1.ObjectIdentifier{2, 5, 29, 9} // Subject Directory Attributes SubjectInfoAccessOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11} // Subject Info Access Syntax SubjectKeyIdentityOID = asn1.ObjectIdentifier{2, 5, 29, 14} // Subject Key Identifier // CA/B reserved policies BRDomainValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1} // CA/B BR Domain-Validated BROrganizationValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 2} // CA/B BR Organization-Validated BRIndividualValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 3} // CA/B BR Individual-Validated BRTorServiceDescriptor = asn1.ObjectIdentifier{2, 23, 140, 1, 31} // CA/B BR Tor Service Descriptor //X.500 attribute types CommonNameOID = asn1.ObjectIdentifier{2, 5, 4, 3} SurnameOID = asn1.ObjectIdentifier{2, 5, 4, 4} SerialOID = asn1.ObjectIdentifier{2, 5, 4, 5} CountryNameOID = asn1.ObjectIdentifier{2, 5, 4, 6} LocalityNameOID = asn1.ObjectIdentifier{2, 5, 4, 7} StateOrProvinceNameOID = asn1.ObjectIdentifier{2, 5, 4, 8} StreetAddressOID = asn1.ObjectIdentifier{2, 5, 4, 9} OrganizationNameOID = asn1.ObjectIdentifier{2, 5, 4, 10} OrganizationalUnitNameOID = asn1.ObjectIdentifier{2, 5, 4, 11} BusinessOID = asn1.ObjectIdentifier{2, 5, 4, 15} PostalCodeOID = asn1.ObjectIdentifier{2, 5, 4, 17} GivenNameOID = asn1.ObjectIdentifier{2, 5, 4, 42} // Hash algorithms - see https://golang.org/src/crypto/x509/x509.go SHA256OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} // other OIDs OidRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} OidRSASSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} OidMD2WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2} OidMD5WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} OidSHA1WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} AnyPolicyOID = asn1.ObjectIdentifier{2, 5, 29, 32, 0} UserNoticeOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2} CpsOID = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1} IdEtsiQcsQcCompliance = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1} IdEtsiQcsQcLimitValue = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2} IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3} IdEtsiQcsQcSSCD = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4} IdEtsiQcsQcEuPDS = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5} IdEtsiQcsQcType = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6} IdEtsiQcsQctEsign = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1} IdEtsiQcsQctEseal = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2} IdEtsiQcsQctWeb = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3} )
var ( ZeroDate = time.Date(0000, time.January, 1, 0, 0, 0, 0, time.UTC) RFC1035Date = time.Date(1987, time.January, 1, 0, 0, 0, 0, time.UTC) RFC2459Date = time.Date(1999, time.January, 1, 0, 0, 0, 0, time.UTC) RFC3280Date = time.Date(2002, time.April, 1, 0, 0, 0, 0, time.UTC) RFC3490Date = time.Date(2003, time.March, 1, 0, 0, 0, 0, time.UTC) RFC8399Date = time.Date(2018, time.May, 1, 0, 0, 0, 0, time.UTC) RFC4325Date = time.Date(2005, time.December, 1, 0, 0, 0, 0, time.UTC) RFC4630Date = time.Date(2006, time.August, 1, 0, 0, 0, 0, time.UTC) RFC5280Date = time.Date(2008, time.May, 1, 0, 0, 0, 0, time.UTC) RFC6818Date = time.Date(2013, time.January, 1, 0, 0, 0, 0, time.UTC) CABEffectiveDate = time.Date(2012, time.July, 1, 0, 0, 0, 0, time.UTC) CABReservedIPDate = time.Date(2016, time.October, 1, 0, 0, 0, 0, time.UTC) CABGivenNameDate = time.Date(2016, time.September, 7, 0, 0, 0, 0, time.UTC) CABSerialNumberEntropyDate = time.Date(2016, time.September, 30, 0, 0, 0, 0, time.UTC) CABV102Date = time.Date(2012, time.June, 8, 0, 0, 0, 0, time.UTC) CABV113Date = time.Date(2013, time.February, 21, 0, 0, 0, 0, time.UTC) CABV114Date = time.Date(2013, time.May, 3, 0, 0, 0, 0, time.UTC) CABV116Date = time.Date(2013, time.July, 29, 0, 0, 0, 0, time.UTC) CABV130Date = time.Date(2015, time.April, 16, 0, 0, 0, 0, time.UTC) CABV131Date = time.Date(2015, time.September, 28, 0, 0, 0, 0, time.UTC) NO_SHA1 = time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC) NoRSA1024RootDate = time.Date(2011, time.January, 1, 0, 0, 0, 0, time.UTC) NoRSA1024Date = time.Date(2014, time.January, 1, 0, 0, 0, 0, time.UTC) GeneralizedDate = time.Date(2050, time.January, 1, 0, 0, 0, 0, time.UTC) NoReservedIP = time.Date(2015, time.November, 1, 0, 0, 0, 0, time.UTC) SubCert39Month = time.Date(2016, time.July, 2, 0, 0, 0, 0, time.UTC) SubCert825Days = time.Date(2018, time.March, 2, 0, 0, 0, 0, time.UTC) CABV148Date = time.Date(2017, time.June, 8, 0, 0, 0, 0, time.UTC) EtsiEn319_412_5_V2_2_1_Date = time.Date(2017, time.November, 1, 0, 0, 0, 0, time.UTC) OnionOnlyEVDate = time.Date(2015, time.May, 1, 0, 0, 0, 0, time.UTC) CABV201Date = time.Date(2017, time.July, 28, 0, 0, 0, 0, time.UTC) AppleCTPolicyDate = time.Date(2018, time.October, 15, 0, 0, 0, 0, time.UTC) MozillaPolicy22Date = time.Date(2013, time.July, 26, 0, 0, 0, 0, time.UTC) MozillaPolicy24Date = time.Date(2017, time.February, 28, 0, 0, 0, 0, time.UTC) MozillaPolicy27Date = time.Date(2020, time.January, 1, 0, 0, 0, 0, time.UTC) CABFBRs_1_6_9_Date = time.Date(2020, time.March, 27, 0, 0, 0, 0, time.UTC) AppleReducedLifetimeDate = time.Date(2020, time.September, 1, 0, 0, 0, 0, time.UTC) )
var ( // KeyUsageToString maps an x509.KeyUsage bitmask to its name. KeyUsageToString = map[x509.KeyUsage]string{ x509.KeyUsageDigitalSignature: "KeyUsageDigitalSignature", x509.KeyUsageContentCommitment: "KeyUsageContentCommitment", x509.KeyUsageKeyEncipherment: "KeyUsageKeyEncipherment", x509.KeyUsageDataEncipherment: "KeyUsageDataEncipherment", x509.KeyUsageKeyAgreement: "KeyUsageKeyAgreement", x509.KeyUsageCertSign: "KeyUsageCertSign", x509.KeyUsageCRLSign: "KeyUsageCRLSign", x509.KeyUsageEncipherOnly: "KeyUsageEncipherOnly", x509.KeyUsageDecipherOnly: "KeyUsageDecipherOnly", } )
var ( // 1.2.840.10045.4.3.1 is SHA224withECDSA OidSignatureSHA224withECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 1} )
additional OIDs not provided by the x509 package.
var RSAAlgorithmIDToDER = map[string][]byte{
"1.2.840.113549.1.1.1": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0},
"1.2.840.113549.1.1.2": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x2, 0x5, 0x0},
"1.2.840.113549.1.1.4": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4, 0x5, 0x0},
"1.2.840.113549.1.1.5": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 0x5, 0x0},
"1.2.840.113549.1.1.14": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xe, 0x5, 0x0},
"1.2.840.113549.1.1.11": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xb, 0x5, 0x0},
"1.2.840.113549.1.1.12": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xc, 0x5, 0x0},
"1.2.840.113549.1.1.13": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xd, 0x5, 0x0},
}
RSAAlgorithmIDToDER contains DER representations of pkix.AlgorithmIdentifier for different RSA OIDs with Parameters as asn1.NULL.
Functions ¶
func AllAlternateNameWithTagAreIA5 ¶
AllAlternateNameWithTagAreIA5 returns true if all sequence members with the given tag are encoded as IA5 strings, and false otherwise. If it encounters errors parsing asn1, err will be non-nil.
func AuthIsFQDNOrIP ¶
func CertificateSubjInTLD ¶
func CertificateSubjInTLD(c *x509.Certificate, label string) bool
CertificateSubjContainsTLD checks whether the provided Certificate has a Subject Common Name or DNS Subject Alternate Name that ends in the provided TLD label. If IsInTLDMap(label) returns false then CertificateSubjInTLD will return false.
func CheckAlgorithmIDParamNotNULL ¶
func CheckAlgorithmIDParamNotNULL(algorithmIdentifier []byte, requiredAlgoID asn1.ObjectIdentifier) error
CheckAlgorithmIDParamNotNULL parses an AlgorithmIdentifier with algorithm OID rsaEncryption to check the Param field is asn1.NULL Expects DER-encoded AlgorithmIdentifier including tag and length.
func CheckRDNSequenceWhiteSpace ¶
CheckRDNSequenceWhiteSpace returns true if there is leading or trailing whitespace in any name attribute in the sequence, respectively.
func CommonNameIsIP ¶
func CommonNameIsIP(cert *x509.Certificate) bool
func DNSNamesExist ¶
func DNSNamesExist(cert *x509.Certificate) bool
func GetAuthority ¶
func GetExtFromCert ¶
func GetExtFromCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension
GetExtFromCert returns the extension with the matching OID, if present. If the extension if not present, it returns nil.
func GetMappedPolicies ¶
func GetMappedPolicies(polMap *pkix.Extension) ([][2]asn1.ObjectIdentifier, error)
helper function to parse policyMapping extensions, returns slices of CertPolicyIds separated by domain
func GetPublicKeyAidEncoded ¶
func GetPublicKeyAidEncoded(c *x509.Certificate) ([]byte, error)
Returns the algorithm field of the SubjectPublicKeyInfo of the certificate in its encoded form (containing Tag and Length) or an error if the algorithm field could not be extracted.
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
func GetPublicKeyOID ¶
func GetPublicKeyOID(c *x509.Certificate) (asn1.ObjectIdentifier, error)
Returns the algorithm field of the SubjectPublicKeyInfo of the certificate or an error if the algorithm field could not be extracted.
SubjectPublicKeyInfo ::= SEQUENCE { algorithm AlgorithmIdentifier, subjectPublicKey BIT STRING }
func GetSignatureAlgorithmInTBSEncoded ¶
func GetSignatureAlgorithmInTBSEncoded(c *x509.Certificate) ([]byte, error)
Returns the signature field of the tbsCertificate of this certificate in a DER encoded form or an error if the signature field could not be extracted. The encoded form contains the tag and the length.
TBSCertificate ::= SEQUENCE { version [0] EXPLICIT Version DEFAULT v1, serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, -- If present, version MUST be v2 or v3 extensions [3] EXPLICIT Extensions OPTIONAL -- If present, version MUST be v3 }
func GetTimes ¶
TODO(@cpu): This function is a little bit rough around the edges (especially after my quick fixes for the ineffassigns) and would be a good candidate for clean-up/refactoring.
func HasEKU ¶
func HasEKU(cert *x509.Certificate, eku x509.ExtKeyUsage) bool
HasEKU tests whether an Extended Key Usage (EKU) is present in a certificate.
func HasValidTLD ¶
HasValidTLD checks that a domain ends in a valid TLD that was delegated in the root DNS at the time specified.
func ICANNPublicSuffixParse ¶
func ICANNPublicSuffixParse(domain string) (*publicsuffix.DomainName, error)
func IntersectsIANAReserved ¶
IntersectsIANAReserved checks if a CIDR intersects any IANA reserved CIDRs
func IsEV ¶
func IsEV(in []asn1.ObjectIdentifier) bool
IsEV returns true if the input is a known Extended Validation OID.
func IsEmptyASN1Sequence ¶
func IsExtInCert ¶
func IsExtInCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) bool
IsExtInCert is equivalent to GetExtFromCert() != nil.
func IsFQDNOrIP ¶
func IsIA5String ¶
IsIA5String returns true if raw is an IA5String, and returns false otherwise.
func IsIANAReserved ¶
IsIANAReserved checks IP validity as per IANA reserved IPs
IPv4 https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml IPv6 https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml
func IsISOCountryCode ¶
IsISOCountryCode returns true if the input is a known two-letter country code.
TODO: Document where the list of known countries came from.
func IsInPrefSyn ¶
func IsInTLDMap ¶
IsInTLDMap checks that a label is present in the TLD map. It does not consider the TLD's validity period and whether the TLD may have been removed, only whether it was ever a TLD that was delegated.
func IsNameAttribute ¶
func IsNameAttribute(oid asn1.ObjectIdentifier) bool
IsNameAttribute returns true if the given ObjectIdentifier corresponds with the type of any name attribute for PKIX.
func IsRootCA ¶
func IsRootCA(c *x509.Certificate) bool
IsRootCA returns true if c has IsCA set and is also self-signed.
func IsSelfSigned ¶
func IsSelfSigned(c *x509.Certificate) bool
IsSelfSigned returns true if SelfSigned is set.
func IsServerAuthCert ¶
func IsServerAuthCert(cert *x509.Certificate) bool
func IsSubCA ¶
func IsSubCA(c *x509.Certificate) bool
IsSubCA returns true if c has IsCA set, but is not self-signed.
func IsSubscriberCert ¶
func IsSubscriberCert(c *x509.Certificate) bool
IsSubscriberCert returns true for if a certificate is not a CA and not self-signed.
func ParseBMPString ¶
ParseBMPString returns a uint16 encoded string following the specification for a BMPString type
func PrimeNoSmallerThan752 ¶
func RemovePrependedWildcard ¶
func SliceContainsOID ¶
func SliceContainsOID(list []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier) bool
Helper function that checks if an []asn1.ObjectIdentifier slice contains an asn1.ObjectIdentifier
func TypeInName ¶
func TypeInName(name *pkix.Name, oid asn1.ObjectIdentifier) bool
Helper function that checks for a name type in a pkix.Name
Types ¶
type AttributeTypeAndRawValue ¶
type AttributeTypeAndRawValue struct { Type asn1.ObjectIdentifier Value asn1.RawValue }
type AttributeTypeAndRawValueSET ¶
type AttributeTypeAndRawValueSET []AttributeTypeAndRawValue
type Etsi421QualEuCert ¶
type Etsi421QualEuCert struct {
// contains filtered or unexported fields
}
func (Etsi421QualEuCert) GetErrorInfo ¶
func (this Etsi421QualEuCert) GetErrorInfo() string
type Etsi423QcType ¶
type Etsi423QcType struct { TypeOids []asn1.ObjectIdentifier // contains filtered or unexported fields }
func (Etsi423QcType) GetErrorInfo ¶
func (this Etsi423QcType) GetErrorInfo() string
type EtsiMonetaryValueAlph ¶
type EtsiMonetaryValueNum ¶
type EtsiQcLimitValue ¶
type EtsiQcLimitValue struct { Amount int Exponent int IsNum bool CurrencyAlph string CurrencyNum int // contains filtered or unexported fields }
func (EtsiQcLimitValue) GetErrorInfo ¶
func (this EtsiQcLimitValue) GetErrorInfo() string
type EtsiQcPds ¶
type EtsiQcPds struct { PdsLocations []PdsLocation // contains filtered or unexported fields }
func (EtsiQcPds) GetErrorInfo ¶
func (this EtsiQcPds) GetErrorInfo() string
type EtsiQcRetentionPeriod ¶
type EtsiQcRetentionPeriod struct { Period int // contains filtered or unexported fields }
func (EtsiQcRetentionPeriod) GetErrorInfo ¶
func (this EtsiQcRetentionPeriod) GetErrorInfo() string
type EtsiQcSscd ¶
type EtsiQcSscd struct {
// contains filtered or unexported fields
}
func (EtsiQcSscd) GetErrorInfo ¶
func (this EtsiQcSscd) GetErrorInfo() string
type EtsiQcStmtIf ¶
func ParseQcStatem ¶
func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf
type GTLDPeriod ¶
type GTLDPeriod struct { // GTLD is the GTLD the period corresponds to. It is used only for friendly // error messages from `Valid` GTLD string // DelegationDate is the date at which ICANN delegated the gTLD into existence // from the root DNS, or is empty if the gTLD was never delegated. DelegationDate string // RemovalDate is the date at which ICANN removed the gTLD delegation from the // root DNS, or is empty if the gTLD is still delegated and has not been // removed. RemovalDate string }
GTLDPeriod is a struct representing a gTLD's validity period. The field names are chosen to match the data returned by the ICANN gTLD v2 JSON registry[0]. See the `zlint-gtld-update` command for more information. [0] - https://www.icann.org/resources/registries/gtlds/v2/gtlds.json
type PdsLocation ¶
type RawRDNSequence ¶
type RawRDNSequence []AttributeTypeAndRawValueSET