Documentation ¶
Overview ¶
Package helpers implements utility functionality common to many CFSSL packages.
Index ¶
- Constants
- Variables
- func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, ...) error
- func EncodeCertificatePEM(cert *x509.Certificate) []byte
- func EncodeCertificatesPEM(certs []*x509.Certificate) []byte
- func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time)
- func GetKeyDERFromPEM(in []byte, password []byte) ([]byte, error)
- func HashAlgoString(alg x509.SignatureAlgorithm) string
- func InclusiveDate(year int, month time.Month, day int) time.Time
- func KeyLength(key interface{}) int
- func LoadPEMCertPool(certsFile string) (*x509.CertPool, error)
- func MonthsValid(c *x509.Certificate) int
- func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
- func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error)
- func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)
- func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error)
- func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error)
- func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error)
- func ParsePrivateKeyPEM(keyPEM []byte) (key crypto.Signer, err error)
- func ParsePrivateKeyPEMWithPassword(keyPEM []byte, password []byte) (key crypto.Signer, err error)
- func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error)
- func SignatureString(alg x509.SignatureAlgorithm) string
- func SignerAlgo(priv crypto.Signer, h crypto.Hash) x509.SignatureAlgorithm
- func ValidExpiry(c *x509.Certificate) bool
Constants ¶
const OneDay = 24 * time.Hour
OneDay is a time.Duration representing a day's worth of seconds.
const OneYear = 8760 * time.Hour
OneYear is a time.Duration representing a year's worth of seconds.
Variables ¶
var Apr2015 = InclusiveDate(2015, time.April, 01)
Apr2015 is the April 2015 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 39 months.
var Jul2012 = InclusiveDate(2012, time.July, 01)
Jul2012 is the July 2012 CAB Forum deadline for when CAs must stop issuing certificates valid for more than 5 years.
Functions ¶
func CheckSignature ¶
func CheckSignature(csr *x509.CertificateRequest, algo x509.SignatureAlgorithm, signed, signature []byte) error
CheckSignature verifies a signature made by the key on a CSR, such as on the CSR itself.
func EncodeCertificatePEM ¶
func EncodeCertificatePEM(cert *x509.Certificate) []byte
EncodeCertificatePEM encodes a single x509 certficates to PEM
func EncodeCertificatesPEM ¶
func EncodeCertificatesPEM(certs []*x509.Certificate) []byte
EncodeCertificatesPEM encodes a number of x509 certficates to PEM
func ExpiryTime ¶
func ExpiryTime(chain []*x509.Certificate) (notAfter time.Time)
ExpiryTime returns the time when the certificate chain is expired.
func GetKeyDERFromPEM ¶
GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.
func HashAlgoString ¶
func HashAlgoString(alg x509.SignatureAlgorithm) string
HashAlgoString returns the hash algorithm name contains in the signature method.
func InclusiveDate ¶
InclusiveDate returns the time.Time representation of a date - 1 nanosecond. This allows time.After to be used inclusively.
func KeyLength ¶
func KeyLength(key interface{}) int
KeyLength returns the bit size of ECDSA or RSA PublicKey
func LoadPEMCertPool ¶
LoadPEMCertPool loads a pool of PEM certificates from file.
func MonthsValid ¶
func MonthsValid(c *x509.Certificate) int
MonthsValid returns the number of months for which a certificate is valid.
func ParseCSR ¶
func ParseCSR(in []byte) (csr *x509.CertificateRequest, rest []byte, err error)
ParseCSR parses a PEM- or DER-encoded PKCS #10 certificate signing request.
func ParseCSRPEM ¶
func ParseCSRPEM(csrPEM []byte) (*x509.CertificateRequest, error)
ParseCSRPEM parses a PEM-encoded certificiate signing request. It does not check the signature. This is useful for dumping data from a CSR locally.
func ParseCertificatePEM ¶
func ParseCertificatePEM(certPEM []byte) (*x509.Certificate, error)
ParseCertificatePEM parses and returns a PEM-encoded certificate, can handle PEM encoded PKCS #7 structures.
func ParseCertificatesDER ¶
func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error)
ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key, either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesPEM ¶
func ParseCertificatesPEM(certsPEM []byte) ([]*x509.Certificate, error)
ParseCertificatesPEM parses a sequence of PEM-encoded certificate and returns them, can handle PEM encoded PKCS #7 structures.
func ParseOneCertificateFromPEM ¶
func ParseOneCertificateFromPEM(certsPEM []byte) ([]*x509.Certificate, []byte, error)
ParseOneCertificateFromPEM attempts to parse one PEM encoded certificate object, either a raw x509 certificate or a PKCS #7 structure possibly containing multiple certificates, from the top of certsPEM, which itself may contain multiple PEM encoded certificate objects.
func ParsePrivateKeyPEM ¶
ParsePrivateKeyPEM parses and returns a PEM-encoded private key. The private key may be either an unencrypted PKCS#8, PKCS#1, or elliptic private key.
func ParsePrivateKeyPEMWithPassword ¶
ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private key. The private key may be a potentially encrypted PKCS#8, PKCS#1, or elliptic private key.
func ParseSelfSignedCertificatePEM ¶
func ParseSelfSignedCertificatePEM(certPEM []byte) (*x509.Certificate, error)
ParseSelfSignedCertificatePEM parses a PEM-encoded certificate and check if it is self-signed.
func SignatureString ¶
func SignatureString(alg x509.SignatureAlgorithm) string
SignatureString returns the TLS signature string corresponding to an X509 signature algorithm.
func SignerAlgo ¶
SignerAlgo returns an X.509 signature algorithm corresponding to the crypto.Hash provided from a crypto.Signer.
func ValidExpiry ¶
func ValidExpiry(c *x509.Certificate) bool
ValidExpiry determines if a certificate is valid for an acceptable length of time per the CA/Browser Forum baseline requirements. See https://cabforum.org/wp-content/uploads/CAB-Forum-BR-1.3.0.pdf
Types ¶
This section is empty.
Directories ¶
Path | Synopsis |
---|---|
Package derhelpers implements common functionality on DER encoded data
|
Package derhelpers implements common functionality on DER encoded data |