util

package
v3.0.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 29, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Tags
	DNSNameTag = 2
)
View Source
const (
	GTLDPeriodDateFormat = "2006-01-02"
)
View Source
const OnionTLD = ".onion"

Variables

View Source
var (
	//extension OIDs
	AiaOID                  = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}        // Authority Information Access
	AuthkeyOID              = asn1.ObjectIdentifier{2, 5, 29, 35}                     // Authority Key Identifier
	BasicConstOID           = asn1.ObjectIdentifier{2, 5, 29, 19}                     // Basic Constraints
	CertPolicyOID           = asn1.ObjectIdentifier{2, 5, 29, 32}                     // Certificate Policies
	CrlDistOID              = asn1.ObjectIdentifier{2, 5, 29, 31}                     // CRL Distribution Points
	CtPoisonOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} // CT Poison
	EkuSynOid               = asn1.ObjectIdentifier{2, 5, 29, 37}                     // Extended Key Usage Syntax
	FreshCRLOID             = asn1.ObjectIdentifier{2, 5, 29, 46}                     // Freshest CRL
	InhibitAnyPolicyOID     = asn1.ObjectIdentifier{2, 5, 29, 54}                     // Inhibit Any Policy
	IssuerAlternateNameOID  = asn1.ObjectIdentifier{2, 5, 29, 18}                     // Issuer Alt Name
	KeyUsageOID             = asn1.ObjectIdentifier{2, 5, 29, 15}                     // Key Usage
	LogoTypeOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 12}       // Logo Type Ext
	NameConstOID            = asn1.ObjectIdentifier{2, 5, 29, 30}                     // Name Constraints
	OscpNoCheckOID          = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1, 5}    // OSCP No Check
	PolicyConstOID          = asn1.ObjectIdentifier{2, 5, 29, 36}                     // Policy Constraints
	PolicyMapOID            = asn1.ObjectIdentifier{2, 5, 29, 33}                     // Policy Mappings
	PrivKeyUsageOID         = asn1.ObjectIdentifier{2, 5, 29, 16}                     // Private Key Usage Period
	QcStateOid              = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 3}        // QC Statements
	TimestampOID            = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} // Signed Certificate Timestamp List
	SmimeOID                = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 15}      // Smime Capabilities
	SubjectAlternateNameOID = asn1.ObjectIdentifier{2, 5, 29, 17}                     // Subject Alt Name
	SubjectDirAttrOID       = asn1.ObjectIdentifier{2, 5, 29, 9}                      // Subject Directory Attributes
	SubjectInfoAccessOID    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}       // Subject Info Access Syntax
	SubjectKeyIdentityOID   = asn1.ObjectIdentifier{2, 5, 29, 14}                     // Subject Key Identifier
	// CA/B reserved policies
	BRDomainValidatedOID       = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1} // CA/B BR Domain-Validated
	BROrganizationValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 2} // CA/B BR Organization-Validated
	BRIndividualValidatedOID   = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 3} // CA/B BR Individual-Validated
	BRTorServiceDescriptor     = asn1.ObjectIdentifier{2, 23, 140, 1, 31}   // CA/B BR Tor Service Descriptor
	//X.500 attribute types
	CommonNameOID             = asn1.ObjectIdentifier{2, 5, 4, 3}
	SurnameOID                = asn1.ObjectIdentifier{2, 5, 4, 4}
	SerialOID                 = asn1.ObjectIdentifier{2, 5, 4, 5}
	CountryNameOID            = asn1.ObjectIdentifier{2, 5, 4, 6}
	LocalityNameOID           = asn1.ObjectIdentifier{2, 5, 4, 7}
	StateOrProvinceNameOID    = asn1.ObjectIdentifier{2, 5, 4, 8}
	StreetAddressOID          = asn1.ObjectIdentifier{2, 5, 4, 9}
	OrganizationNameOID       = asn1.ObjectIdentifier{2, 5, 4, 10}
	OrganizationalUnitNameOID = asn1.ObjectIdentifier{2, 5, 4, 11}
	BusinessOID               = asn1.ObjectIdentifier{2, 5, 4, 15}
	PostalCodeOID             = asn1.ObjectIdentifier{2, 5, 4, 17}
	GivenNameOID              = asn1.ObjectIdentifier{2, 5, 4, 42}
	// Hash algorithms - see https://golang.org/src/crypto/x509/x509.go
	SHA256OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
	SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
	// other OIDs
	OidRSAEncryption           = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OidRSASSAPSS               = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
	OidMD2WithRSAEncryption    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2}
	OidMD5WithRSAEncryption    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4}
	OidSHA1WithRSAEncryption   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
	OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14}
	OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12}
	OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13}
	AnyPolicyOID               = asn1.ObjectIdentifier{2, 5, 29, 32, 0}
	UserNoticeOID              = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2}
	CpsOID                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1}
	IdEtsiQcsQcCompliance      = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1}
	IdEtsiQcsQcLimitValue      = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2}
	IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3}
	IdEtsiQcsQcSSCD            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4}
	IdEtsiQcsQcEuPDS           = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5}
	IdEtsiQcsQcType            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6}
	IdEtsiQcsQctEsign          = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1}
	IdEtsiQcsQctEseal          = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2}
	IdEtsiQcsQctWeb            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3}
)
View Source
var (
	ZeroDate                    = time.Date(0000, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC1035Date                 = time.Date(1987, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC2459Date                 = time.Date(1999, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC3280Date                 = time.Date(2002, time.April, 1, 0, 0, 0, 0, time.UTC)
	RFC3490Date                 = time.Date(2003, time.March, 1, 0, 0, 0, 0, time.UTC)
	RFC8399Date                 = time.Date(2018, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC4325Date                 = time.Date(2005, time.December, 1, 0, 0, 0, 0, time.UTC)
	RFC4630Date                 = time.Date(2006, time.August, 1, 0, 0, 0, 0, time.UTC)
	RFC5280Date                 = time.Date(2008, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC6818Date                 = time.Date(2013, time.January, 1, 0, 0, 0, 0, time.UTC)
	CABEffectiveDate            = time.Date(2012, time.July, 1, 0, 0, 0, 0, time.UTC)
	CABReservedIPDate           = time.Date(2016, time.October, 1, 0, 0, 0, 0, time.UTC)
	CABGivenNameDate            = time.Date(2016, time.September, 7, 0, 0, 0, 0, time.UTC)
	CABSerialNumberEntropyDate  = time.Date(2016, time.September, 30, 0, 0, 0, 0, time.UTC)
	CABV102Date                 = time.Date(2012, time.June, 8, 0, 0, 0, 0, time.UTC)
	CABV113Date                 = time.Date(2013, time.February, 21, 0, 0, 0, 0, time.UTC)
	CABV114Date                 = time.Date(2013, time.May, 3, 0, 0, 0, 0, time.UTC)
	CABV116Date                 = time.Date(2013, time.July, 29, 0, 0, 0, 0, time.UTC)
	CABV130Date                 = time.Date(2015, time.April, 16, 0, 0, 0, 0, time.UTC)
	CABV131Date                 = time.Date(2015, time.September, 28, 0, 0, 0, 0, time.UTC)
	NO_SHA1                     = time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024RootDate           = time.Date(2011, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024Date               = time.Date(2014, time.January, 1, 0, 0, 0, 0, time.UTC)
	GeneralizedDate             = time.Date(2050, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoReservedIP                = time.Date(2015, time.November, 1, 0, 0, 0, 0, time.UTC)
	SubCert39Month              = time.Date(2016, time.July, 2, 0, 0, 0, 0, time.UTC)
	SubCert825Days              = time.Date(2018, time.March, 2, 0, 0, 0, 0, time.UTC)
	CABV148Date                 = time.Date(2017, time.June, 8, 0, 0, 0, 0, time.UTC)
	EtsiEn319_412_5_V2_2_1_Date = time.Date(2017, time.November, 1, 0, 0, 0, 0, time.UTC)
	OnionOnlyEVDate             = time.Date(2015, time.May, 1, 0, 0, 0, 0, time.UTC)
	CABV201Date                 = time.Date(2017, time.July, 28, 0, 0, 0, 0, time.UTC)
	AppleCTPolicyDate           = time.Date(2018, time.October, 15, 0, 0, 0, 0, time.UTC)
	MozillaPolicy22Date         = time.Date(2013, time.July, 26, 0, 0, 0, 0, time.UTC)
	MozillaPolicy24Date         = time.Date(2017, time.February, 28, 0, 0, 0, 0, time.UTC)
	MozillaPolicy27Date         = time.Date(2020, time.January, 1, 0, 0, 0, 0, time.UTC)
	CABFBRs_1_6_9_Date          = time.Date(2020, time.March, 27, 0, 0, 0, 0, time.UTC)
	AppleReducedLifetimeDate    = time.Date(2020, time.September, 1, 0, 0, 0, 0, time.UTC)
)
View Source
var (
	// KeyUsageToString maps an x509.KeyUsage bitmask to its name.
	KeyUsageToString = map[x509.KeyUsage]string{
		x509.KeyUsageDigitalSignature:  "KeyUsageDigitalSignature",
		x509.KeyUsageContentCommitment: "KeyUsageContentCommitment",
		x509.KeyUsageKeyEncipherment:   "KeyUsageKeyEncipherment",
		x509.KeyUsageDataEncipherment:  "KeyUsageDataEncipherment",
		x509.KeyUsageKeyAgreement:      "KeyUsageKeyAgreement",
		x509.KeyUsageCertSign:          "KeyUsageCertSign",
		x509.KeyUsageCRLSign:           "KeyUsageCRLSign",
		x509.KeyUsageEncipherOnly:      "KeyUsageEncipherOnly",
		x509.KeyUsageDecipherOnly:      "KeyUsageDecipherOnly",
	}
)
View Source
var (
	// 1.2.840.10045.4.3.1 is SHA224withECDSA
	OidSignatureSHA224withECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 1}
)

additional OIDs not provided by the x509 package.

View Source
var RSAAlgorithmIDToDER = map[string][]byte{

	"1.2.840.113549.1.1.1": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0},

	"1.2.840.113549.1.1.2": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x2, 0x5, 0x0},

	"1.2.840.113549.1.1.4": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4, 0x5, 0x0},

	"1.2.840.113549.1.1.5": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 0x5, 0x0},

	"1.2.840.113549.1.1.14": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xe, 0x5, 0x0},

	"1.2.840.113549.1.1.11": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xb, 0x5, 0x0},

	"1.2.840.113549.1.1.12": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xc, 0x5, 0x0},

	"1.2.840.113549.1.1.13": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xd, 0x5, 0x0},
}

RSAAlgorithmIDToDER contains DER representations of pkix.AlgorithmIdentifier for different RSA OIDs with Parameters as asn1.NULL.

Functions

func AllAlternateNameWithTagAreIA5

func AllAlternateNameWithTagAreIA5(ext *pkix.Extension, tag int) (bool, error)

AllAlternateNameWithTagAreIA5 returns true if all sequence members with the given tag are encoded as IA5 strings, and false otherwise. If it encounters errors parsing asn1, err will be non-nil.

func AppendToStringSemicolonDelim

func AppendToStringSemicolonDelim(this *string, s string)

func AuthIsFQDNOrIP

func AuthIsFQDNOrIP(auth string) bool

func CertificateSubjInTLD

func CertificateSubjInTLD(c *x509.Certificate, label string) bool

CertificateSubjContainsTLD checks whether the provided Certificate has a Subject Common Name or DNS Subject Alternate Name that ends in the provided TLD label. If IsInTLDMap(label) returns false then CertificateSubjInTLD will return false.

func CheckAlgorithmIDParamNotNULL

func CheckAlgorithmIDParamNotNULL(algorithmIdentifier []byte, requiredAlgoID asn1.ObjectIdentifier) error

CheckAlgorithmIDParamNotNULL parses an AlgorithmIdentifier with algorithm OID rsaEncryption to check the Param field is asn1.NULL Expects DER-encoded AlgorithmIdentifier including tag and length.

func CheckRDNSequenceWhiteSpace

func CheckRDNSequenceWhiteSpace(raw []byte) (leading, trailing bool, err error)

CheckRDNSequenceWhiteSpace returns true if there is leading or trailing whitespace in any name attribute in the sequence, respectively.

func CommonNameIsIP

func CommonNameIsIP(cert *x509.Certificate) bool

func DNSNamesExist

func DNSNamesExist(cert *x509.Certificate) bool

func FindTimeType

func FindTimeType(firstDate, secondDate asn1.RawValue) (int, int)

func GetAuthority

func GetAuthority(uri string) string

func GetExtFromCert

func GetExtFromCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension

GetExtFromCert returns the extension with the matching OID, if present. If the extension if not present, it returns nil.

func GetHost

func GetHost(auth string) string

func GetMappedPolicies

func GetMappedPolicies(polMap *pkix.Extension) ([][2]asn1.ObjectIdentifier, error)

helper function to parse policyMapping extensions, returns slices of CertPolicyIds separated by domain

func GetPublicKeyAidEncoded

func GetPublicKeyAidEncoded(c *x509.Certificate) ([]byte, error)

Returns the algorithm field of the SubjectPublicKeyInfo of the certificate in its encoded form (containing Tag and Length) or an error if the algorithm field could not be extracted.

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  }

func GetPublicKeyOID

func GetPublicKeyOID(c *x509.Certificate) (asn1.ObjectIdentifier, error)

Returns the algorithm field of the SubjectPublicKeyInfo of the certificate or an error if the algorithm field could not be extracted.

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  }

func GetSignatureAlgorithmInTBSEncoded

func GetSignatureAlgorithmInTBSEncoded(c *x509.Certificate) ([]byte, error)

Returns the signature field of the tbsCertificate of this certificate in a DER encoded form or an error if the signature field could not be extracted. The encoded form contains the tag and the length.

TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version MUST be v3
    }

func GetTimes

func GetTimes(cert *x509.Certificate) (asn1.RawValue, asn1.RawValue)

TODO(@cpu): This function is a little bit rough around the edges (especially after my quick fixes for the ineffassigns) and would be a good candidate for clean-up/refactoring.

func HasEKU

func HasEKU(cert *x509.Certificate, eku x509.ExtKeyUsage) bool

HasEKU tests whether an Extended Key Usage (EKU) is present in a certificate.

func HasValidTLD

func HasValidTLD(domain string, when time.Time) bool

HasValidTLD checks that a domain ends in a valid TLD that was delegated in the root DNS at the time specified.

func ICANNPublicSuffixParse

func ICANNPublicSuffixParse(domain string) (*publicsuffix.DomainName, error)

func IntersectsIANAReserved

func IntersectsIANAReserved(net net.IPNet) bool

IntersectsIANAReserved checks if a CIDR intersects any IANA reserved CIDRs

func IsAnyEtsiQcStatementPresent

func IsAnyEtsiQcStatementPresent(extVal []byte) bool

func IsCACert

func IsCACert(c *x509.Certificate) bool

IsCACert returns true if c has IsCA set.

func IsEV

func IsEV(in []asn1.ObjectIdentifier) bool

IsEV returns true if the input is a known Extended Validation OID.

func IsEmptyASN1Sequence

func IsEmptyASN1Sequence(input []byte) bool

func IsExtInCert

func IsExtInCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) bool

IsExtInCert is equivalent to GetExtFromCert() != nil.

func IsFQDN

func IsFQDN(domain string) bool

func IsFQDNOrIP

func IsFQDNOrIP(host string) bool

func IsIA5String

func IsIA5String(raw []byte) bool

IsIA5String returns true if raw is an IA5String, and returns false otherwise.

func IsIANAReserved

func IsIANAReserved(ip net.IP) bool

IsIANAReserved checks IP validity as per IANA reserved IPs

IPv4
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
IPv6
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

func IsISOCountryCode

func IsISOCountryCode(in string) bool

IsISOCountryCode returns true if the input is a known two-letter country code.

TODO: Document where the list of known countries came from.

func IsInPrefSyn

func IsInPrefSyn(name string) bool

func IsInTLDMap

func IsInTLDMap(label string) bool

IsInTLDMap checks that a label is present in the TLD map. It does not consider the TLD's validity period and whether the TLD may have been removed, only whether it was ever a TLD that was delegated.

func IsNameAttribute

func IsNameAttribute(oid asn1.ObjectIdentifier) bool

IsNameAttribute returns true if the given ObjectIdentifier corresponds with the type of any name attribute for PKIX.

func IsRootCA

func IsRootCA(c *x509.Certificate) bool

IsRootCA returns true if c has IsCA set and is also self-signed.

func IsSelfSigned

func IsSelfSigned(c *x509.Certificate) bool

IsSelfSigned returns true if SelfSigned is set.

func IsServerAuthCert

func IsServerAuthCert(cert *x509.Certificate) bool

func IsSubCA

func IsSubCA(c *x509.Certificate) bool

IsSubCA returns true if c has IsCA set, but is not self-signed.

func IsSubscriberCert

func IsSubscriberCert(c *x509.Certificate) bool

IsSubscriberCert returns true for if a certificate is not a CA and not self-signed.

func NotAllNameFieldsAreEmpty

func NotAllNameFieldsAreEmpty(name *pkix.Name) bool

func ParseBMPString

func ParseBMPString(bmpString []byte) (string, error)

ParseBMPString returns a uint16 encoded string following the specification for a BMPString type

func PrimeNoSmallerThan752

func PrimeNoSmallerThan752(dividend *big.Int) bool

func RemovePrependedQuestionMarks

func RemovePrependedQuestionMarks(domain string) string

func RemovePrependedWildcard

func RemovePrependedWildcard(domain string) string

func SliceContainsOID

func SliceContainsOID(list []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier) bool

Helper function that checks if an []asn1.ObjectIdentifier slice contains an asn1.ObjectIdentifier

func TypeInName

func TypeInName(name *pkix.Name, oid asn1.ObjectIdentifier) bool

Helper function that checks for a name type in a pkix.Name

Types

type AttributeTypeAndRawValue

type AttributeTypeAndRawValue struct {
	Type  asn1.ObjectIdentifier
	Value asn1.RawValue
}

type AttributeTypeAndRawValueSET

type AttributeTypeAndRawValueSET []AttributeTypeAndRawValue

type Etsi421QualEuCert

type Etsi421QualEuCert struct {
	// contains filtered or unexported fields
}

func (Etsi421QualEuCert) GetErrorInfo

func (this Etsi421QualEuCert) GetErrorInfo() string

func (Etsi421QualEuCert) IsPresent

func (this Etsi421QualEuCert) IsPresent() bool

type Etsi423QcType

type Etsi423QcType struct {
	TypeOids []asn1.ObjectIdentifier
	// contains filtered or unexported fields
}

func (Etsi423QcType) GetErrorInfo

func (this Etsi423QcType) GetErrorInfo() string

func (Etsi423QcType) IsPresent

func (this Etsi423QcType) IsPresent() bool

type EtsiMonetaryValueAlph

type EtsiMonetaryValueAlph struct {
	Iso4217CurrencyCodeAlph string `asn1:"printable"`
	Amount                  int
	Exponent                int
}

type EtsiMonetaryValueNum

type EtsiMonetaryValueNum struct {
	Iso4217CurrencyCodeNum int
	Amount                 int
	Exponent               int
}

type EtsiQcLimitValue

type EtsiQcLimitValue struct {
	Amount       int
	Exponent     int
	IsNum        bool
	CurrencyAlph string
	CurrencyNum  int
	// contains filtered or unexported fields
}

func (EtsiQcLimitValue) GetErrorInfo

func (this EtsiQcLimitValue) GetErrorInfo() string

func (EtsiQcLimitValue) IsPresent

func (this EtsiQcLimitValue) IsPresent() bool

type EtsiQcPds

type EtsiQcPds struct {
	PdsLocations []PdsLocation
	// contains filtered or unexported fields
}

func (EtsiQcPds) GetErrorInfo

func (this EtsiQcPds) GetErrorInfo() string

func (EtsiQcPds) IsPresent

func (this EtsiQcPds) IsPresent() bool

type EtsiQcRetentionPeriod

type EtsiQcRetentionPeriod struct {
	Period int
	// contains filtered or unexported fields
}

func (EtsiQcRetentionPeriod) GetErrorInfo

func (this EtsiQcRetentionPeriod) GetErrorInfo() string

func (EtsiQcRetentionPeriod) IsPresent

func (this EtsiQcRetentionPeriod) IsPresent() bool

type EtsiQcSscd

type EtsiQcSscd struct {
	// contains filtered or unexported fields
}

func (EtsiQcSscd) GetErrorInfo

func (this EtsiQcSscd) GetErrorInfo() string

func (EtsiQcSscd) IsPresent

func (this EtsiQcSscd) IsPresent() bool

type EtsiQcStmtIf

type EtsiQcStmtIf interface {
	GetErrorInfo() string
	IsPresent() bool
}

func ParseQcStatem

func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf

type GTLDPeriod

type GTLDPeriod struct {
	// GTLD is the GTLD the period corresponds to. It is used only for friendly
	// error messages from `Valid`
	GTLD string
	// DelegationDate is the date at which ICANN delegated the gTLD into existence
	// from the root DNS, or is empty if the gTLD was never delegated.
	DelegationDate string
	// RemovalDate is the date at which ICANN removed the gTLD delegation from the
	// root DNS, or is empty if the gTLD is still delegated and has not been
	// removed.
	RemovalDate string
}

GTLDPeriod is a struct representing a gTLD's validity period. The field names are chosen to match the data returned by the ICANN gTLD v2 JSON registry[0]. See the `zlint-gtld-update` command for more information. [0] - https://www.icann.org/resources/registries/gtlds/v2/gtlds.json

func (GTLDPeriod) Valid

func (p GTLDPeriod) Valid(when time.Time) error

Valid determines if the provided `when` time is within the GTLDPeriod for the gTLD. E.g. whether a certificate issued at `when` with a subject identifier using the specified gTLD can be considered a valid use of the gTLD.

type PdsLocation

type PdsLocation struct {
	Url      string `asn1:"ia5"`
	Language string `asn1:"printable"`
}

type RawRDNSequence

type RawRDNSequence []AttributeTypeAndRawValueSET

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL