verify

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2019 License: AGPL-3.0 Imports: 21 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckKnownRevocation 

func CheckKnownRevocation(verifiedChain []*x509.Certificate) (bool, error)

func CheckRecovation 

func CheckRecovation(verifiedChain []*x509.Certificate) (bool, error)

func CheckSignatures 

func CheckSignatures(name string, chain []*x509.Certificate) ([]*x509.Certificate, error)

func FullCheck 

func FullCheck(name string, chain []*x509.Certificate) (bool, error)

FullCheck does a full certificate check. Calls CheckSignatures, CheckRecovation and CheckCertificateTransparency(TODO).

func FullCheckBytes 

func FullCheckBytes(name string, certBytes [][]byte) (bool, error)

FullCheckBytes does a full certificate check, certificates are provided as raw bytes. It parses the raw certificates and calls FullCheck.

func GetOrFetchCert 

func GetOrFetchCert(urls []string) (*x509.Certificate, error)

func GetOrFetchIssuer 

func GetOrFetchIssuer(cert *x509.Certificate) (*x509.Certificate, error)

func ImportCert 

func ImportCert(urls []string) (*x509.Certificate, error)

func ParsePEMCertificate 

func ParsePEMCertificate(certPEM []byte) (*x509.Certificate, error)

ParsePEMCertificate parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.

func UpdateCRL 

func UpdateCRL(caInfo *CARevocationInfo, ca *x509.Certificate, caID string) error

UpdateCRL fetches and imports the CRL belonging to a CA, if expired.

Types

type CARevocationInfo 

type CARevocationInfo struct {
	record.Record

	CRLDistributionPoints []string
	OCSPServers           []string
	CertificateURLs       []string

	LastCRLUpdate int64
	NextCRLUpdate int64

	Raw []byte

	Expires int64
	// contains filtered or unexported fields
}

CARevocationInfo saves Information on revokation of Certificates of a Certificate Authority.

func GetCARevocationInfo 

func GetCARevocationInfo(name string) (*CARevocationInfo, error)

GetCARevocationInfo fetches CARevocationInfo with the provided name from the default namespace.

func GetCARevocationInfoFromNamespace 

func GetCARevocationInfoFromNamespace(namespace string, name string) (*CARevocationInfo, error)

GetCARevocationInfoFromNamespace fetches CARevocationInfo with the provided name from the provided namespace.

func (*CARevocationInfo) Create 

func (m *CARevocationInfo) Create(name string) error

Create saves CARevocationInfo with the provided name in the default namespace.

func (*CARevocationInfo) CreateInNamespace 

func (m *CARevocationInfo) CreateInNamespace(namespace string, name string) error

CreateInNamespace saves CARevocationInfo with the provided name in the provided namespace.

func (*CARevocationInfo) CreateRevokedCert 

func (m *CARevocationInfo) CreateRevokedCert(cert *Cert, serialNumber *big.Int) error

func (*CARevocationInfo) GetRevokedCert 

func (m *CARevocationInfo) GetRevokedCert(serialNumber *big.Int) (*Cert, error)

func (*CARevocationInfo) Save 

func (m *CARevocationInfo) Save() error

Save saves CARevocationInfo.

func (*CARevocationInfo) UpdateCRLDistributionPoints 

func (m *CARevocationInfo) UpdateCRLDistributionPoints(newCRLDistributionPoints []string)

UpdateCRLDistributionPoints updates the CRL Distribution Points with new urls

type Cert 

type Cert struct {
	record.Record

	Raw []byte

	RevokedWithCRL    bool `*:",omitempty"`
	RevokedWithOneCRL bool `*:",omitempty"`
	RevokedWithCRLSet bool `*:",omitempty"`
	RevokedWithOCSP   bool `*:",omitempty"`

	OCSPFailed     bool
	NextOCSPUpdate int64

	LastSeen int64
	Expires  int64
	// contains filtered or unexported fields
}

Cert saves a certificate.

func GetCertFromNamespace 

func GetCertFromNamespace(namespace string, name string) (*Cert, error)

GetCertFromNamespace gets Cert with the provided name from the provided namespace.

func GetCertWithSPKI 

func GetCertWithSPKI(spki []byte) (*Cert, error)

GetCertWithSPKI fetches Cert from the default namespace using the certificate SPKI as the key.

func GetCertWithURL 

func GetCertWithURL(url string) (*Cert, error)

GetCertWithURL fetches Cert from the default namespace using the certificate URL as the key.

func GetRevokedCert 

func GetRevokedCert(caID string, serialNumber *big.Int) (*Cert, error)

GetRevokedCert gets Cert from its CA's namespace with its Serial Number

func UpdateOCSP 

func UpdateOCSP(rCert *Cert, cert, ca *x509.Certificate, caID string) (*Cert, error)

func (*Cert) CreateInNamespace 

func (m *Cert) CreateInNamespace(namespace string, name string) error

CreateInNamespace saves Cert with the provided name in the provided namespace.

func (*Cert) CreateRevokedCert 

func (m *Cert) CreateRevokedCert(caID string, serialNumber *big.Int) error

CreateRevokedCert creates a new Cert in its CA's namespace with its Serial Number

func (*Cert) CreateWithSPKI 

func (m *Cert) CreateWithSPKI(spki []byte) error

CreateWithSPKI saves Cert in the default namespace using the certificate SPKI as the key.

func (*Cert) CreateWithUrl 

func (m *Cert) CreateWithUrl(url string) error

CreateWithUrl saves Cert in the default namespace using the certificate URL as the key.

func (*Cert) GetCertificate 

func (m *Cert) GetCertificate() (*x509.Certificate, error)

GetCertificate returns the underlying x509.Certificate

func (*Cert) IsRevoked 

func (m *Cert) IsRevoked(hardFail bool) bool

IsRevoked returns if the certificate has been revoked.

func (*Cert) RevocationStatus 

func (m *Cert) RevocationStatus(hardFail bool) string

RevocationStatus returns the status of the certificate in form of a string to be appended to something like "The certificate is ".

func (*Cert) Save 

func (m *Cert) Save() error

Save saves Cert.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.