x509

package
v0.0.0-...-e61308d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 17, 2017 License: MIT Imports: 11 Imported by: 2

Documentation

Index

Constants

This section is empty.

Variables

View Source
var IncorrectPasswordError = errors.New("x509: decryption password incorrect")

IncorrectPasswordError is returned when an incorrect password is detected.

Functions

func DecryptPEMBlock

func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes. It inspects the DEK-Info header to determine the algorithm used for decryption. If no DEK-Info header is present, an error is returned. If an incorrect password is detected an IncorrectPasswordError is returned. Because of deficiencies in the encrypted-PEM format, it's not always possible to detect an incorrect password. In these cases no error will be returned but the decrypted DER bytes will be random noise.

func EncryptPEMBlock

func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error)

EncryptPEMBlock returns a PEM block of the specified type holding the given DER-encoded data encrypted with the specified algorithm and password.

func IsEncryptedPEMBlock

func IsEncryptedPEMBlock(b *pem.Block) bool

IsEncryptedPEMBlock returns if the PEM block is password encrypted.

func ParseCRL

func ParseCRL(crlBytes []byte) (certList *pkix.CertificateList, err error)

ParseCRL parses a CRL from the given bytes. It's often the case that PEM encoded CRLs will appear where they should be DER encoded, so this function will transparently handle PEM encoding as long as there isn't any leading garbage.

func ParseDERCRL

func ParseDERCRL(derBytes []byte) (certList *pkix.CertificateList, err error)

ParseDERCRL parses a DER encoded CRL from the given bytes.

Types

type Certificate

type Certificate struct {
	Raw []byte

	Version      int
	SerialNumber *big.Int
	Issuer       string
	Subject      string

	IPAddresses []net.IP
	DNSNames    []string
	// contains filtered or unexported fields
}

A Certificate represents an X.509 certificate.

func ParseCertificate

func ParseCertificate(asn1Data []byte) (*Certificate, error)

ParseCertificate parses a single certificate from the given ASN.1 DER data.

func ParseCertificatePEM

func ParseCertificatePEM(pemData []byte) (*Certificate, error)

Helper function that calls encoding/pem to convert DER to PEM

func ParseCertificates

func ParseCertificates(asn1Data []byte) ([]*Certificate, error)

ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.

func (*Certificate) DumpDERCertificate

func (self *Certificate) DumpDERCertificate() ([]byte, error)

Export an OpenSSL X509 to a DER buffer

func (*Certificate) GetX509

func (c *Certificate) GetX509() *C.X509

func (*Certificate) VerifyHostname

func (c *Certificate) VerifyHostname(host string) error

VerifyHostname is a combination of CheckHost and CheckIP. If the provided hostname looks like an IP address, it will be checked as an IP address, otherwise it will be checked as a hostname. Specifically returns ValidationError if the Certificate didn't match but there was no internal error.

type CertificateRequest

type CertificateRequest struct {
	// contains filtered or unexported fields
}

CertificateRequest represents a PKCS #10, certificate signature request.

func ParseCertificateRequest

func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)

ParseCertificateRequest parses a single certificate request from the given ASN.1 DER data.

type CheckFlags

type CheckFlags int

type HostnameError

type HostnameError struct {
	Certificate *Certificate
	Host        string
}

func (HostnameError) Error

func (h HostnameError) Error() string

TODO(runcom): extract IPAddresses and DNSNames form cert and put in struct

type PEMCipher

type PEMCipher int
const (
	PEMCipherDES PEMCipher
	PEMCipher3DES
	PEMCipherAES128
	PEMCipherAES192
	PEMCipherAES256
)

Possible values for the EncryptPEMBlock encryption algorithm.

type X509Name

type X509Name struct {
	Name *C.X509_NAME
}

func (*X509Name) Print

func (self *X509Name) Print() ([]byte, error)

type X509Store

type X509Store struct {
	Store *C.X509_STORE
}

func NewX509Store

func NewX509Store(ctx unsafe.Pointer) *X509Store

func (*X509Store) AddCert

func (self *X509Store) AddCert(cert *Certificate) int

func (*X509Store) SetDepth

func (self *X509Store) SetDepth(depth int) int

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL