x509util

package
v1.11.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 12, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrTooManyWildcards         = errors.New("too many wildcards")
	ErrWildcardMustBeFirstLabel = errors.New("wildcard must be first label")
	ErrEmptyDomain              = errors.New("empty or only whitespace")
	ErrIDNAError                = errors.New("idna error")
	ErrDomainEndsWithDot        = errors.New("domain ends with dot")
	ErrWildcardOverlap          = errors.New("wildcard overlap")
	ErrNameMustBeASCII          = errors.New("name must be ascii")
	ErrLabelMismatchAfterIDNA   = errors.New("label mismatch after idna")
)

Functions

func CertificateMatchesPrivateKey

func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)

func CertificateMatchesPublicKey

func CertificateMatchesPublicKey(certificate *x509.Certificate, publicKey crypto.PublicKey) (bool, error)

func CheckForWildcardOverlap added in v1.9.0

func CheckForWildcardOverlap(names []string) error

func CreateCertificate

func CreateCertificate(template, parent *x509.Certificate, publicKey, privateKey any) (*x509.Certificate, error)

func DERFromCertificates

func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)

func DedupeCertificates added in v0.11.1

func DedupeCertificates(bundles ...[]*x509.Certificate) []*x509.Certificate

func GetSubjectKeyID

func GetSubjectKeyID(pubKey any) ([]byte, error)

GetSubjectKeyID calculates a subject key identifier by doing a SHA-1 hash over the ASN.1 encoding of the public key.

func IsSignedByRoot added in v1.11.0

func IsSignedByRoot(chain []*x509.Certificate, rootCAs []*x509.Certificate) (bool, error)

IsSignedByRoot checks if the provided certificate chain is signed by one of the specified root CAs.

func IsUnknownAuthorityError added in v1.11.0

func IsUnknownAuthorityError(err error) bool

IsUnknownAuthorityError returns tru if the Server returned an unknown authority error when verifying presented SVID

func NewSerialNumber

func NewSerialNumber() (*big.Int, error)

NewSerialNumber creates a random certificate serial number according to CA/Browser forum spec Section 7.1: "Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG"

func RawCertsFromCertificates added in v0.10.1

func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte

RawCertsFromCertificates parses ASN.1 DER data from given slice of X.509 Certificates

func RawCertsToCertificates added in v0.10.0

func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)

RawCertsToCertificates parses certificates from the given slice of ASN.1 DER data

func SubjectKeyIDToString added in v1.7.2

func SubjectKeyIDToString(ski []byte) string

SubjectKeyIDToString parse Subject Key ID into string

func ValidateLabel added in v1.9.0

func ValidateLabel(domain string) error

Types

type Keypair

type Keypair interface {
	// GetCertificate returns the keypair certificate. It is called for each
	// signing request.
	GetCertificate(ctx context.Context) (*x509.Certificate, error)

	// CreateCertificate signs a certificate with the keypair.
	CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey any) (certDER []byte, err error)
}

type MemoryKeypair

type MemoryKeypair struct {
	// contains filtered or unexported fields
}

func NewMemoryKeypair

func NewMemoryKeypair(cert *x509.Certificate, key crypto.PrivateKey) *MemoryKeypair

func (*MemoryKeypair) CreateCertificate

func (m *MemoryKeypair) CreateCertificate(_ context.Context, template *x509.Certificate, publicKey any) ([]byte, error)

func (*MemoryKeypair) GetCertificate

func (m *MemoryKeypair) GetCertificate(_ context.Context) (*x509.Certificate, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL