Documentation ¶
Index ¶
- Variables
- func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error)
- func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error)
- func IsEncryptedPEMBlock(b *pem.Block) bool
- func ParseCRL(crlBytes []byte) (certList *pkix.CertificateList, err error)
- func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error)
- type Certificate
- type CertificateRequest
- type CheckFlags
- type HostnameError
- type PEMCipher
- type X509Name
- type X509Store
Constants ¶
This section is empty.
Variables ¶
var IncorrectPasswordError = errors.New("x509: decryption password incorrect")
IncorrectPasswordError is returned when an incorrect password is detected.
Functions ¶
func DecryptPEMBlock ¶
DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.
func EncryptPEMBlock ¶
func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error)
EncryptPEMBlock returns a PEM block of the specified type holding the given DER-encoded data encrypted with the specified algorithm and password.
func IsEncryptedPEMBlock ¶
IsEncryptedPEMBlock returns if the PEM block is password encrypted.
func ParseCRL ¶
func ParseCRL(crlBytes []byte) (certList *pkix.CertificateList, err error)
ParseCRL parses a CRL from the given bytes. It's often the case that PEM encoded CRLs will appear where they should be DER encoded, so this function will transparently handle PEM encoding as long as there isn't any leading garbage.
func ParseDERCRL ¶
func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error)
ParseDERCRL parses a DER encoded CRL from the given bytes.
Types ¶
type Certificate ¶
type Certificate struct { Raw []byte Version int SerialNumber *big.Int Issuer string Subject string IPAddresses []net.IP DNSNames []string // contains filtered or unexported fields }
A Certificate represents an X.509 certificate.
func ParseCertificate ¶
func ParseCertificate(asn1Data []byte) (*Certificate, error)
ParseCertificate parses a single certificate from the given ASN.1 DER data.
func ParseCertificatePEM ¶
func ParseCertificatePEM(pemData []byte) (*Certificate, error)
Helper function that calls encoding/pem to convert DER to PEM
func ParseCertificates ¶
func ParseCertificates(asn1Data []byte) ([]*Certificate, error)
ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.
func (*Certificate) DumpDERCertificate ¶
func (self *Certificate) DumpDERCertificate() ([]byte, error)
Export an OpenSSL X509 to a DER buffer
func (*Certificate) GetX509 ¶
func (c *Certificate) GetX509() *C.X509
func (*Certificate) VerifyHostname ¶
func (c *Certificate) VerifyHostname(host string) error
VerifyHostname is a combination of CheckHost and CheckIP. If the provided hostname looks like an IP address, it will be checked as an IP address, otherwise it will be checked as a hostname. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.
type CertificateRequest ¶
type CertificateRequest struct {
// contains filtered or unexported fields
}
CertificateRequest represents a PKCS #10, certificate signature request.
func ParseCertificateRequest ¶
func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)
ParseCertificateRequest parses a single certificate request from the given ASN.1 DER data.
type CheckFlags ¶
type CheckFlags int
const ( AlwaysCheckSubject CheckFlags = C.X509_CHECK_FLAG_ALWAYS_CHECK_SUBJECT NoWildcards CheckFlags = C.X509_CHECK_FLAG_NO_WILDCARDS )
type HostnameError ¶
type HostnameError struct { Certificate *Certificate Host string }
func (HostnameError) Error ¶
func (h HostnameError) Error() string
TODO(runcom): extract IPAddresses and DNSNames form cert and put in struct
type PEMCipher ¶
type PEMCipher int
const ( PEMCipherDES PEMCipher PEMCipher3DES PEMCipherAES128 PEMCipherAES192 PEMCipherAES256 )
Possible values for the EncryptPEMBlock encryption algorithm.