Documentation ¶
Index ¶
- Variables
- func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)
- func CertificateMatchesPublicKey(certificate *x509.Certificate, publicKey crypto.PublicKey) (bool, error)
- func CheckForWildcardOverlap(names []string) error
- func CreateCertificate(template, parent *x509.Certificate, pub, priv any) (*x509.Certificate, error)
- func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)
- func DedupeCertificates(bundles ...[]*x509.Certificate) []*x509.Certificate
- func GetSubjectKeyID(pubKey any) ([]byte, error)
- func IsSignedByRoot(chain []*x509.Certificate, rootCAs []*x509.Certificate) (bool, error)
- func IsUnknownAuthorityError(err error) bool
- func NewSerialNumber() (*big.Int, error)
- func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte
- func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)
- func SubjectKeyIDToString(ski []byte) string
- func ValidateLabel(domain string) error
- type Keypair
- type MemoryKeypair
Constants ¶
This section is empty.
Variables ¶
var ( ErrTooManyWildcards = errors.New("too many wildcards") ErrWildcardMustBeFirstLabel = errors.New("wildcard must be first label") ErrEmptyDomain = errors.New("empty or only whitespace") ErrIDNAError = errors.New("idna error") ErrDomainEndsWithDot = errors.New("domain ends with dot") ErrWildcardOverlap = errors.New("wildcard overlap") ErrNameMustBeASCII = errors.New("name must be ascii") ErrLabelMismatchAfterIDNA = errors.New("label mismatch after idna") )
Functions ¶
func CertificateMatchesPrivateKey ¶
func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)
func CheckForWildcardOverlap ¶ added in v1.9.0
func CreateCertificate ¶
func CreateCertificate(template, parent *x509.Certificate, pub, priv any) (*x509.Certificate, error)
func DERFromCertificates ¶
func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)
func DedupeCertificates ¶ added in v0.11.1
func DedupeCertificates(bundles ...[]*x509.Certificate) []*x509.Certificate
func GetSubjectKeyID ¶
GetSubjectKeyID calculates a subject key identifier by doing a SHA-1 hash over the ASN.1 encoding of the public key.
func IsSignedByRoot ¶ added in v1.11.0
func IsSignedByRoot(chain []*x509.Certificate, rootCAs []*x509.Certificate) (bool, error)
IsSignedByRoot checks if the provided certificate chain is signed by one of the specified root CAs.
func IsUnknownAuthorityError ¶ added in v1.11.0
IsUnknownAuthorityError returns tru if the Server returned an unknow authority error when verifying presented SVID
func NewSerialNumber ¶
NewSerialNumber creates a random certificate serial number according to CA/Browser forum spec Section 7.1: "Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG"
func RawCertsFromCertificates ¶ added in v0.10.1
func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte
RawCertsFromCertificates parses ASN.1 DER data from given slice of X.509 Certificates
func RawCertsToCertificates ¶ added in v0.10.0
func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)
RawCertsToCertificates parses certificates from the given slice of ASN.1 DER data
func SubjectKeyIDToString ¶ added in v1.7.2
SubjectKeyIDToString parse Subject Key ID into string
func ValidateLabel ¶ added in v1.9.0
Types ¶
type Keypair ¶
type Keypair interface { // GetCertificate returns the keypair certificate. It is called for each // signing request. GetCertificate(ctx context.Context) (*x509.Certificate, error) // CreateCertificate signs a certificate with the keypair. CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey any) (certDER []byte, err error) }
type MemoryKeypair ¶
type MemoryKeypair struct {
// contains filtered or unexported fields
}
func NewMemoryKeypair ¶
func NewMemoryKeypair(cert *x509.Certificate, key crypto.PrivateKey) *MemoryKeypair
func (*MemoryKeypair) CreateCertificate ¶
func (m *MemoryKeypair) CreateCertificate(_ context.Context, template *x509.Certificate, publicKey any) ([]byte, error)
func (*MemoryKeypair) GetCertificate ¶
func (m *MemoryKeypair) GetCertificate(_ context.Context) (*x509.Certificate, error)