Documentation ¶
Overview ¶
Package certutil provides utilities to work with certificates.
Index ¶
- Variables
- func CreatePoolFromPEM(pemBytes []byte) (*x509.CertPool, error)
- func Digest(hash crypto.Hash, data []byte) []byte
- func EncodeToPEM(out io.Writer, withComments bool, certs ...*x509.Certificate) error
- func EncodeToPEMString(withComments bool, certs ...*x509.Certificate) (string, error)
- func FindIssuer(crt *x509.Certificate, chain []*x509.Certificate, root *x509.Certificate) *x509.Certificate
- func GetAuthorityKeyID(c *x509.Certificate) string
- func GetIssuerID(c *x509.Certificate) string
- func GetSubjectID(c *x509.Certificate) string
- func GetSubjectKeyID(c *x509.Certificate) string
- func GetThumbprintStr(c *x509.Certificate) string
- func HashAlgoToStr(hash crypto.Hash) string
- func HashToHex(hash crypto.Hash, data []byte) string
- func LoadAndVerifyBundleFromPEM(certFile, intCAFile, rootFile string) (*Bundle, *BundleStatus, error)
- func LoadChainFromPEM(certFile string) ([]*x509.Certificate, error)
- func LoadFromPEM(certFile string) (*x509.Certificate, error)
- func NameToString(name *pkix.Name) string
- func NewHash(algo string) (hash.Hash, error)
- func ParseChainFromPEM(certificateChainPem []byte) ([]*x509.Certificate, error)
- func ParseFromPEM(bytes []byte) (*x509.Certificate, error)
- func ParseHexDigestWithPrefix(digest string) (hash.Hash, []byte, error)
- func Random(byteLength int) []byte
- func RandomString(byteLength int) string
- func SHA1(data []byte) []byte
- func SHA1Hex(data []byte) string
- func SHA256(data []byte) []byte
- func SHA256Hex(data []byte) string
- func StrToHashAlgo(algo string) crypto.Hash
- func VerifyBundleFromPEM(certPEM, intCAPEM, rootPEM []byte) (bundle *Bundle, status *BundleStatus, err error)
- type Bundle
- type BundleStatus
Constants ¶
This section is empty.
Variables ¶
var RandReader randSource = rand.Reader
RandReader is used so that it can be replaced in tests that require deterministic output
Functions ¶
func CreatePoolFromPEM ¶
CreatePoolFromPEM returns CertPool from PEM encoded certs
func EncodeToPEM ¶
EncodeToPEM converts certificates to PEM format, with optional comments
func EncodeToPEMString ¶
func EncodeToPEMString(withComments bool, certs ...*x509.Certificate) (string, error)
EncodeToPEMString converts certificates to PEM format, with optional comments
func FindIssuer ¶
func FindIssuer(crt *x509.Certificate, chain []*x509.Certificate, root *x509.Certificate) *x509.Certificate
FindIssuer returns an issuer cert
func GetAuthorityKeyID ¶
func GetAuthorityKeyID(c *x509.Certificate) string
GetAuthorityKeyID returns Authority Key Identifier
func GetIssuerID ¶
func GetIssuerID(c *x509.Certificate) string
GetIssuerID returns ID of the issuer. If present, it uses Authority Key Identifier, otherwise SHA1 of the Issuer name
func GetSubjectID ¶
func GetSubjectID(c *x509.Certificate) string
GetSubjectID returns ID of the cert. If present, it uses Subject Key Identifier, otherwise SHA1 of the Subject name
func GetSubjectKeyID ¶
func GetSubjectKeyID(c *x509.Certificate) string
GetSubjectKeyID returns Subject Key Identifier
func GetThumbprintStr ¶
func GetThumbprintStr(c *x509.Certificate) string
GetThumbprintStr returns hex-encoded SHA1 of the certificate
func HashAlgoToStr ¶
HashAlgoToStr converts hash algorithm to string
func LoadAndVerifyBundleFromPEM ¶
func LoadAndVerifyBundleFromPEM(certFile, intCAFile, rootFile string) (*Bundle, *BundleStatus, error)
LoadAndVerifyBundleFromPEM constructs and verifies the cert chain
func LoadChainFromPEM ¶
func LoadChainFromPEM(certFile string) ([]*x509.Certificate, error)
LoadChainFromPEM returns Certificates loaded from the file
func LoadFromPEM ¶
func LoadFromPEM(certFile string) (*x509.Certificate, error)
LoadFromPEM returns Certificate loaded from the file
func NameToString ¶
NameToString converts Name to string, compatable with openssl output
func ParseChainFromPEM ¶
func ParseChainFromPEM(certificateChainPem []byte) ([]*x509.Certificate, error)
ParseChainFromPEM returns Certificates parsed from PEM
func ParseFromPEM ¶
func ParseFromPEM(bytes []byte) (*x509.Certificate, error)
ParseFromPEM returns Certificate parsed from PEM
func ParseHexDigestWithPrefix ¶
ParseHexDigestWithPrefix parses encoded digest in {alg}:{hex} format
func RandomString ¶
RandomString returns a randomly generated string of the requested length.
func StrToHashAlgo ¶
StrToHashAlgo converts string to hash algorithm
func VerifyBundleFromPEM ¶
func VerifyBundleFromPEM(certPEM, intCAPEM, rootPEM []byte) (bundle *Bundle, status *BundleStatus, err error)
VerifyBundleFromPEM constructs and verifies the cert chain
Types ¶
type Bundle ¶
type Bundle struct { // Chain does not include the root anchor Chain []*x509.Certificate Cert *x509.Certificate IssuerCert *x509.Certificate RootCert *x509.Certificate Issuer *pkix.Name Subject *pkix.Name IssuerID string SubjectID string Expires time.Time Hostnames []string CertPEM string CACertsPEM string RootCertPEM string }
A Bundle contains a certificate and its trust chain. It is intended to store the most widely applicable chain, with shortness an explicit goal.
func SortBundlesByExpiration ¶
SortBundlesByExpiration returns bundles sorted by expiration in descending order
func (*Bundle) ExpiresInHours ¶
ExpiresInHours returns cert expiration rounded up in hours
type BundleStatus ¶
type BundleStatus struct { // A list of SKIs of expiring certificates ExpiringSKIs []string `json:"expiring_SKIs"` // A list of untrusted root store names Untrusted []string `json:"untrusted_root_stores"` // A list of human readable warning messages based on the bundle status. Messages []string `json:"messages"` }
BundleStatus is designated for various status reporting.
func (*BundleStatus) IsExpiring ¶
func (b *BundleStatus) IsExpiring() bool
IsExpiring returns true if bundle is expiring in less than 30 days
func (*BundleStatus) IsUntrusted ¶
func (b *BundleStatus) IsUntrusted() bool
IsUntrusted returns true if the cert's issuers are not trusted