x509util

package
v1.9.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 4, 2024 License: Apache-2.0 Imports: 14 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrTooManyWildcards         = errors.New("too many wildcards")
	ErrWildcardMustBeFirstLabel = errors.New("wildcard must be first label")
	ErrEmptyDomain              = errors.New("empty or only whitespace")
	ErrIDNAError                = errors.New("idna error")
	ErrDomainEndsWithDot        = errors.New("domain ends with dot")
	ErrWildcardOverlap          = errors.New("wildcard overlap")
	ErrNameMustBeASCII          = errors.New("name must be ascii")
	ErrLabelMismatchAfterIDNA   = errors.New("label mismatch after idna")
)

Functions

func CertificateMatchesPrivateKey

func CertificateMatchesPrivateKey(certificate *x509.Certificate, privateKey crypto.PrivateKey) (bool, error)

func CertificateMatchesPublicKey

func CertificateMatchesPublicKey(certificate *x509.Certificate, publicKey crypto.PublicKey) (bool, error)

func CheckForWildcardOverlap added in v1.9.0

func CheckForWildcardOverlap(names []string) error

func CreateCertificate

func CreateCertificate(template, parent *x509.Certificate, pub, priv any) (*x509.Certificate, error)

func DERFromCertificates

func DERFromCertificates(certs []*x509.Certificate) (derBytes []byte)

func DedupeCertificates added in v0.11.1

func DedupeCertificates(bundles ...[]*x509.Certificate) []*x509.Certificate

func GetSubjectKeyID

func GetSubjectKeyID(pubKey any) ([]byte, error)

GetSubjectKeyID calculates a subject key identifier by doing a SHA-1 hash over the ASN.1 encoding of the public key.

func NewSerialNumber

func NewSerialNumber() (*big.Int, error)

NewSerialNumber creates a random certificate serial number according to CA/Browser forum spec Section 7.1: "Effective September 30, 2016, CAs SHALL generate non-sequential Certificate serial numbers greater than zero (0) containing at least 64 bits of output from a CSPRNG"

func RawCertsFromCertificates added in v0.10.1

func RawCertsFromCertificates(certs []*x509.Certificate) [][]byte

RawCertsFromCertificates parses ASN.1 DER data from given slice of X.509 Certificates

func RawCertsToCertificates added in v0.10.0

func RawCertsToCertificates(rawCerts [][]byte) ([]*x509.Certificate, error)

RawCertsToCertificates parses certificates from the given slice of ASN.1 DER data

func SubjectKeyIDToString added in v1.7.2

func SubjectKeyIDToString(ski []byte) string

SubjectKeyIDToString parse Subject Key ID into string

func ValidateLabel added in v1.9.0

func ValidateLabel(domain string) error

Types

type Keypair

type Keypair interface {
	// GetCertificate returns the keypair certificate. It is called for each
	// signing request.
	GetCertificate(ctx context.Context) (*x509.Certificate, error)

	// CreateCertificate signs a certificate with the keypair.
	CreateCertificate(ctx context.Context, template *x509.Certificate, publicKey any) (certDER []byte, err error)
}

type MemoryKeypair

type MemoryKeypair struct {
	// contains filtered or unexported fields
}

func NewMemoryKeypair

func NewMemoryKeypair(cert *x509.Certificate, key crypto.PrivateKey) *MemoryKeypair

func (*MemoryKeypair) CreateCertificate

func (m *MemoryKeypair) CreateCertificate(_ context.Context, template *x509.Certificate, publicKey any) ([]byte, error)

func (*MemoryKeypair) GetCertificate

func (m *MemoryKeypair) GetCertificate(_ context.Context) (*x509.Certificate, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL