Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

cppki

package

Go to main page

Versions in this module

v0

v0.7.0

Mar 12, 2022

Changes in this version

+ var ErrInvalidTRCIDString = serrors.New("string is not valid TRC ID")

+ var OIDExtKeyUsageClientAuth = asn1.ObjectIdentifier

+ var OIDExtKeyUsageServerAuth = asn1.ObjectIdentifier

+ var OIDExtKeyUsageTimeStamping = asn1.ObjectIdentifier

+ var OIDExtensionAuthorityKeyID = asn1.ObjectIdentifier

+ var OIDExtensionBasicConstraints = asn1.ObjectIdentifier

+ var OIDExtensionExtendedKeyUsage = asn1.ObjectIdentifier

+ var OIDExtensionKeyUsage = asn1.ObjectIdentifier

+ var OIDExtensionSubjectKeyID = asn1.ObjectIdentifier

+ func ParsePEMCerts(raw []byte) ([]*x509.Certificate, error)

type CAPolicy

+ ForceECDSAWithSHA512 bool

+ type SignedTRCs []SignedTRC

+ func (t SignedTRCs) Len() int

+ func (t SignedTRCs) Less(i, j int) bool

+ func (t SignedTRCs) Swap(i, j int)

type TRCID

+ func TRCIDFromString(idStr string) (TRCID, error)

v0.6.0

Dec 4, 2020

Changes in this version

+ const CertVersion

+ var ErrCertForOtherISD = serrors.New("certificate for other ISD")

+ var ErrDuplicate = serrors.New("duplicate certificate")

+ var ErrDuplicateAS = serrors.New("duplicate AS")

+ var ErrGracePeriodNonZero = serrors.New("grace period non-zero")

+ var ErrInvalidCertType = serrors.New("invalid certificate type")

+ var ErrInvalidID = serrors.New("invalid ID")

+ var ErrInvalidQuorumSize = serrors.New("invalid quorum size")

+ var ErrInvalidTRCVersion = serrors.New("invalid TRC version")

+ var ErrInvalidValidityPeriod = serrors.New("NotAfter before NotBefore")

+ var ErrNoASes = serrors.New("no ASes")

+ var ErrNotEnoughVoters = serrors.New("not enough voters")

+ var ErrReservedNumber = serrors.New("reserved number")

+ var ErrSerialBeforeBase = serrors.New("serial before base")

+ var ErrTRCValidityNotCovered = serrors.New("TRC validity not covered by certificate")

+ var ErrUnclassifiedCertificate = serrors.New("unclassified certificate")

+ var ErrVotesOnBaseTRC = serrors.New("non-empty votes on base TRC")

+ var ErrWildcardAS = serrors.New("wildcard AS")

+ var ErrWildcardISD = serrors.New("wildcard ISD")

+ var OIDExtKeyUsageRegular = asn1.ObjectIdentifier

+ var OIDExtKeyUsageRoot = asn1.ObjectIdentifier

+ var OIDExtKeyUsageSensitive = asn1.ObjectIdentifier

+ var OIDNameIA = asn1.ObjectIdentifier

+ var ValidSCIONSignatureAlgs = []x509.SignatureAlgorithm

+ func ExtractIA(dn pkix.Name) (*addr.IA, error)

+ func ReadPEMCerts(file string) ([]*x509.Certificate, error)

+ func SubjectKeyID(pub crypto.PublicKey) ([]byte, error)

+ func ValidateChain(certs []*x509.Certificate) error

+ func VerifyChain(certs []*x509.Certificate, opts VerifyOptions) error

+ type CAPolicy struct

+ Certificate *x509.Certificate

+ CurrentTime time.Time

+ Signer crypto.Signer

+ Validity time.Duration

+ func (ca CAPolicy) CreateChain(csr *x509.CertificateRequest) ([]*x509.Certificate, error)

+ func (ca CAPolicy) Equal(o CAPolicy) bool

+ type CertType int

+ const AS

+ const CA

+ const Invalid

+ const Regular

+ const Root

+ const Sensitive

+ func ValidateCert(c *x509.Certificate) (CertType, error)

+ func (ct CertType) String() string

+ type SignedTRC struct

+ Raw []byte

+ SignerInfos []protocol.SignerInfo

+ TRC TRC

+ func DecodeSignedTRC(raw []byte) (SignedTRC, error)

+ func (s *SignedTRC) Encode() ([]byte, error)

+ func (s *SignedTRC) IsZero() bool

+ func (s *SignedTRC) Verify(predecessor *TRC) error

+ type TRC struct

+ AuthoritativeASes []addr.AS

+ Certificates []*x509.Certificate

+ CoreASes []addr.AS

+ Description string

+ GracePeriod time.Duration

+ ID TRCID

+ NoTrustReset bool

+ Quorum int

+ Raw []byte

+ Validity Validity

+ Version int

+ Votes []int

+ func DecodeTRC(raw []byte) (TRC, error)

+ func (pld *TRC) Encode() ([]byte, error)

+ func (trc *TRC) GracePeriodEnd() time.Time

+ func (trc *TRC) InGracePeriod(now time.Time) bool

+ func (trc *TRC) IsZero() bool

+ func (trc *TRC) RootCerts() ([]*x509.Certificate, error)

+ func (trc *TRC) RootPool() (*x509.CertPool, error)

+ func (trc *TRC) Validate() error

+ func (trc *TRC) ValidateUpdate(predecessor *TRC) (Update, error)

+ type TRCID struct

+ Base scrypto.Version

+ ISD addr.ISD

+ Serial scrypto.Version

+ func (id TRCID) IsBase() bool

+ func (id TRCID) String() string

+ func (id TRCID) Validate() error

+ type Update struct

+ NewVoters []*x509.Certificate

+ RootAcknowledgments []*x509.Certificate

+ Type UpdateType

+ Votes []*x509.Certificate

+ type UpdateType int

+ const RegularUpdate

+ const SensitiveUpdate

+ func (u UpdateType) String() string

+ type Validity struct

+ NotAfter time.Time

+ NotBefore time.Time

+ func (v Validity) Contains(t time.Time) bool

+ func (v Validity) Covers(other Validity) bool

+ func (v Validity) Validate() error

+ type VerifyOptions struct

+ CurrentTime time.Time

+ TRC *TRC