x509util

package

v0.0.0-...-00b7a0f Latest Latest Go to latest Published: Oct 7, 2022 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/g0rbe/certificate-transparency-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package x509util includes utility code for working with X.509 certificates from the x509 package.

Index ¶

func CRLToString(crl *x509.CertificateList) string
func CertificateFromPEM(pemBytes []byte) (*x509.Certificate, error)
func CertificateToString(cert *x509.Certificate) string
func CertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error)
func ExtractSCT(sctData *x509.SerializedSCT) (*ct.SignedCertificateTimestamp, error)
func Fuzz(data []byte) int
func GeneralNamesToString(gname *x509.GeneralNames) string
func GetIssuer(cert *x509.Certificate, client *http.Client) (*x509.Certificate, error)
func MarshalSCTsIntoSCTList(scts []*ct.SignedCertificateTimestamp) (*x509.SignedCertificateTimestampList, error)
func NameToString(name pkix.Name) string
func OIDForStandardExtension(oid asn1.ObjectIdentifier) bool
func OIDInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) (int, bool)
func OtherNameToString(other x509.OtherName) string
func ParseSCTsFromCertificate(certBytes []byte) ([]*ct.SignedCertificateTimestamp, error)
func ParseSCTsFromSCTList(sctList *x509.SignedCertificateTimestampList) ([]*ct.SignedCertificateTimestamp, error)
func ReadFileOrURL(target string, client *http.Client) ([]byte, error)
func ReadPossiblePEMFile(filename, blockname string) ([][]byte, error)
func ReadPossiblePEMURL(target, blockname string) ([][]byte, error)
func RevocationReasonToString(reason x509.RevocationReasonCode) string
type PEMCertPool
- func NewPEMCertPool() *PEMCertPool
- func (p *PEMCertPool) AddCert(cert *x509.Certificate)
- func (p *PEMCertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool)
- func (p *PEMCertPool) AppendCertsFromPEMFile(pemFile string) error
- func (p *PEMCertPool) CertPool() *x509.CertPool
- func (p *PEMCertPool) Included(cert *x509.Certificate) bool
- func (p *PEMCertPool) RawCertificates() []*x509.Certificate
- func (p *PEMCertPool) Subjects() (res [][]byte)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CRLToString ¶

func CRLToString(crl *x509.CertificateList) string

CRLToString generates a string describing the given certificate revocation list. The output roughly resembles that from openssl crl -text.

func CertificateFromPEM ¶

func CertificateFromPEM(pemBytes []byte) (*x509.Certificate, error)

CertificateFromPEM takes a certificate in PEM format and returns the corresponding x509.Certificate object.

func CertificateToString ¶

func CertificateToString(cert *x509.Certificate) string

CertificateToString generates a string describing the given certificate. The output roughly resembles that from openssl x509 -text.

func CertificatesFromPEM ¶

func CertificatesFromPEM(pemBytes []byte) ([]*x509.Certificate, error)

CertificatesFromPEM parses one or more certificates from the given PEM data. The PEM certificates must be concatenated. This function can be used for parsing PEM-formatted certificate chains, but does not verify that the resulting chain is a valid certificate chain.

func ExtractSCT ¶

func ExtractSCT(sctData *x509.SerializedSCT) (*ct.SignedCertificateTimestamp, error)

ExtractSCT deserializes an SCT from a TLS-encoded SCT.

func Fuzz ¶

func Fuzz(data []byte) int

Fuzz is a go-fuzz (https://github.com/dvyukov/go-fuzz) entrypoint for fuzzing the parsing of X509 certificates.

func GeneralNamesToString ¶

func GeneralNamesToString(gname *x509.GeneralNames) string

GeneralNamesToString creates a string description of an x509.GeneralNames object.

func GetIssuer ¶

func GetIssuer(cert *x509.Certificate, client *http.Client) (*x509.Certificate, error)

GetIssuer attempts to retrieve the issuer for a certificate, by examining the cert's Authority Information Access extension (if present) for the issuer's URL and retrieving from there.

func MarshalSCTsIntoSCTList ¶

func MarshalSCTsIntoSCTList(scts []*ct.SignedCertificateTimestamp) (*x509.SignedCertificateTimestampList, error)

MarshalSCTsIntoSCTList serializes SCTs into SCT list.

func NameToString ¶

func NameToString(name pkix.Name) string

NameToString creates a string description of a pkix.Name object.

func OIDForStandardExtension ¶

func OIDForStandardExtension(oid asn1.ObjectIdentifier) bool

OIDForStandardExtension indicates whether oid identifies a standard extension. Standard extensions are listed in RFC 5280 (and other RFCs).

func OIDInExtensions ¶

func OIDInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) (int, bool)

OIDInExtensions checks whether the extension identified by oid is present in extensions and returns how many times it occurs together with an indication of whether any of them are marked critical.

func OtherNameToString ¶

func OtherNameToString(other x509.OtherName) string

OtherNameToString creates a string description of an x509.OtherName object.

func ParseSCTsFromCertificate ¶

func ParseSCTsFromCertificate(certBytes []byte) ([]*ct.SignedCertificateTimestamp, error)

ParseSCTsFromCertificate parses any SCTs that are embedded in the certificate provided. The certificate bytes provided can be either DER or PEM, provided the PEM data starts with the PEM block marker (i.e. has no leading text).

func ParseSCTsFromSCTList ¶

func ParseSCTsFromSCTList(sctList *x509.SignedCertificateTimestampList) ([]*ct.SignedCertificateTimestamp, error)

ParseSCTsFromSCTList parses each of the SCTs contained within an SCT list.

func ReadFileOrURL ¶

func ReadFileOrURL(target string, client *http.Client) ([]byte, error)

ReadFileOrURL returns the data from a target which may be either a filename or an HTTP(S) URL.

func ReadPossiblePEMFile ¶

func ReadPossiblePEMFile(filename, blockname string) ([][]byte, error)

ReadPossiblePEMFile loads data from a file which may be in DER format or may be in PEM format (with the given blockname).

func ReadPossiblePEMURL ¶

func ReadPossiblePEMURL(target, blockname string) ([][]byte, error)

ReadPossiblePEMURL attempts to determine if the given target is a local file or a URL, and return the file contents regardless. It also copes with either PEM or DER format data.

func RevocationReasonToString ¶

func RevocationReasonToString(reason x509.RevocationReasonCode) string

RevocationReasonToString generates a string describing a revocation reason code.

Types ¶

type PEMCertPool ¶

type PEMCertPool struct {
	// contains filtered or unexported fields
}

PEMCertPool is a wrapper / extension to x509.CertPool. It allows us to access the raw certs, which we need to serve get-roots request and has stricter handling on loading certs into the pool. CertPool ignores errors if at least one cert loads correctly but PEMCertPool requires all certs to load.

func NewPEMCertPool ¶

func NewPEMCertPool() *PEMCertPool

NewPEMCertPool creates a new, empty, instance of PEMCertPool.

func (*PEMCertPool) AddCert ¶

func (p *PEMCertPool) AddCert(cert *x509.Certificate)

AddCert adds a certificate to a pool. Uses fingerprint to weed out duplicates. cert must not be nil.

func (*PEMCertPool) AppendCertsFromPEM ¶

func (p *PEMCertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool)

AppendCertsFromPEM adds certs to the pool from a byte slice assumed to contain PEM encoded data. Skips over non certificate blocks in the data. Returns true if all certificates in the data were parsed and added to the pool successfully and at least one certificate was found.

func (*PEMCertPool) AppendCertsFromPEMFile ¶

func (p *PEMCertPool) AppendCertsFromPEMFile(pemFile string) error

AppendCertsFromPEMFile adds certs from a file that contains concatenated PEM data.

func (*PEMCertPool) CertPool ¶

func (p *PEMCertPool) CertPool() *x509.CertPool

CertPool returns the underlying CertPool.

func (*PEMCertPool) Included ¶

func (p *PEMCertPool) Included(cert *x509.Certificate) bool

Included indicates whether the given cert is included in the pool.

func (*PEMCertPool) RawCertificates ¶

func (p *PEMCertPool) RawCertificates() []*x509.Certificate

RawCertificates returns a list of the raw bytes of certificates that are in this pool

func (*PEMCertPool) Subjects ¶

func (p *PEMCertPool) Subjects() (res [][]byte)

Subjects returns a list of the DER-encoded subjects of all of the certificates in the pool.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
certcheck certcheck is a utility to show and check the contents of certificates.	certcheck is a utility to show and check the contents of certificates.
crlcheck crlcheck is a utility to show and check the contents of certificate revocation lists (CRLs).	crlcheck is a utility to show and check the contents of certificate revocation lists (CRLs).

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL