README
¶
Go Authroot.stl
This package provides a interface to parse & validate Microsoft Windows authroot.stl file which contains the list of participants in the Microsoft Trusted Root Program. The trust list file contains so-called "subjects", which describe a certificate, their accepted use within Windows, and their trust status.
Usage & Examples
Examples can be found on the documentation for the library
License
Mozilla Public License Version 2.0.
This package embeds a modified version of github.com/mozilla-services/pkcs7. This package is not affiliated with or endorsed by Microsoft. Windows is a registered trademark of Microsoft Corporation.
Documentation
¶
Overview ¶
Package authrootstl provides a interface to parse & validate Microsoft Windows authroot.stl file which contains the list of participants in the Microsoft Trusted Root Program. The trust list file contains so-called "subjects", which describe a certificate, their accepted use within Windows, and their trust status.
This package is not affiliated with or endorsed by Microsoft. Windows is a registered trademark of Microsoft Corporation.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( MicrosoftEKUClientAuthentication = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2} MicrosoftEKUCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3} MicrosoftEKUDocumentSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 12} MicrosoftEKUEncryptingFileSystem = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 4} MicrosoftEKUEVDisabled = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 94, 1, 1} MicrosoftEKUIPSecEndSystem = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5} MicrosoftEKUIPSecIKEIntermediate = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 8, 2, 2} MicrosoftEKUIPSecTunnelTermination = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6} MicrosoftEKUIPSecUser = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7} MicrosoftEKUOCSPSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9} MicrosoftEKUSecureEmail = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4} MicrosoftEKUServerAuthentication = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1} MicrosoftEKUTimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8} )
Microsoft extended key usage designators. These are provided for your conveience and is not a complete list of all EKUs that might appear on the authroot
Functions ¶
This section is empty.
Types ¶
type Subject ¶ added in v1.0.1
type Subject struct {
// A friendly name for this subject. This may differ from the subject name of the certificate.
FriendlyName string
// The SHA-256 fingerprint of the certificate in uppercase hex.
SHA256Fingerprint string
// The SHA-1 fingerprint of the certificate in uppercase hex.
SHA1Fingerprint string
// A MD5 hash of the certificates subject name in uppercase hex. Note that this is NOT a hash of the certificate.
SubjectNameMD5 string
// The key ID of the certicate in uppercase hex.
KeyID string
// A list of key usage OIDs accepted for this subject. These typically aren't present on the certificate themselves.
MicrosoftExtendedKeyUsage []asn1.ObjectIdentifier
// If this subject has been distrusted by Microsoft then this field will contain the date of when that occurred.
DisabledDate *time.Time
// An optional date used to restrict certificates under this subject after the given date.
NotBefore *time.Time
// If a value is present in NotBefore then this field may contain MSEKUs that further restrict the use of certificates under this subject.
NotBeforeEKU []asn1.ObjectIdentifier
}
Subject describes a participate in the Microsoft trusted root program. Note that a Subject does not contain the root certificate itself, but instead provides information as to how the certificate could be used. A subject may be distrusted or expired.
Source Files