Documentation ¶
Overview ¶
Package authrootstl provides a interface to parse & validate Microsoft Windows authroot.stl file which contains the list of participants in the Microsoft Trusted Root Program. The trust list file contains so-called "subjects", which describe a certificate, their accepted use within Windows, and their trust status.
This package is not affiliated with or endorsed by Microsoft. Windows is a registered trademark of Microsoft Corporation.
Index ¶
Constants ¶
const ( KeyUsageClientAuthentication uint16 = 1 << iota // 1.3.6.1.5.5.7.3.2 KeyUsageCodeSigning // 1.3.6.1.5.5.7.3.3 KeyUsageDocumentSigning // 1.3.6.1.4.1.311.10.3.12 KeyUsageEncryptingFileSystem // 1.3.6.1.4.1.311.10.3.4 KeyUsageIPSecEndSystem // 1.3.6.1.5.5.7.3.5 KeyUsageIPSecIKEIntermediate // 1.3.6.1.5.5.8.2.2 KeyUsageIPSecTunnelTermination // 1.3.6.1.5.5.7.3.6 KeyUsageIPSecUser // 1.3.6.1.5.5.7.3.7 KeyUsageOCSPSigning // 1.3.6.1.5.5.7.3.9 KeyUsageSecureEmail // 1.3.6.1.5.5.7.3.4 KeyUsageServerAuthentication // 1.3.6.1.5.5.7.3.1 KeyUsageTimeStamping // 1.3.6.1.5.5.7.3.8 )
Microsoft extended key usage designators
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Subject ¶ added in v1.0.1
type Subject struct { // A friendly name for this subject. This may differ from the subject name of the certificate. FriendlyName string // The SHA-256 fingerprint of the certificate in uppercase hex. SHA256Fingerprint string // The SHA-1 fingerprint of the certificate in uppercase hex. SHA1Fingerprint string // A MD5 hash of the certificates subject name in uppercase hex. Note that this is NOT a hash of the certificate. SubjectNameMD5 string // The key ID of the certicate in uppercase hex. KeyID string // A bitmask of key usage scenarios accepted for this subject. These typically aren't present on the certificate themselves. MicrosoftExtendedKeyUsage uint16 // If this subject has been distrusted by Microsoft then this field will contain the date of when that occured. DisabledDate *time.Time // An optional date used to restrict certificates under this subject after the given date. NotBefore *time.Time // If a value is present in NotBefore then this field may contain MSEKUs that further restrict the use of certificates under this subject. NotBeforeEKU uint16 }
Subject describes a participate in the Microsoft trusted root program. Note that a Subject does not contain the root certificate itself, but instead provides information as to how the certificate could be used. A subject may be distrusted or expired.