tlsutils

package
v1.3.7-beta5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2024 License: AGPL-3.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func BuildP12 added in v1.2.7

func BuildP12(certBytes, keyBytes []byte, password string, ca ...[]byte) ([]byte, error)

func CertificateRequestText

func CertificateRequestText(csr *x509.CertificateRequest) (string, error)

CertificateRequestText returns a human-readable string representation of the certificate request csr. The format is similar (but not identical) to the OpenSSL way of printing certificates.

func CertificateText

func CertificateText(cert *x509.Certificate) (string, error)

CertificateText returns a human-readable string representation of the certificate cert. The format is similar (but not identical) to the OpenSSL way of printing certificates.

func Decrypt

func Decrypt(r string, priPem []byte) ([]byte, error)

func Encrypt

func Encrypt(raw []byte, pemBytes []byte) (string, error)

func GenerateCRL

func GenerateCRL(ca, key []byte, revokingCert []byte, existedRevoked ...pkix.RevokedCertificate) ([]byte, error)

func GenerateCRLWithExistedList

func GenerateCRLWithExistedList(ca, key []byte, existedRevoked ...pkix.RevokedCertificate) ([]byte, error)

func GenerateGMSelfSignedCertKey

func GenerateGMSelfSignedCertKey(commonName string) ([]byte, []byte, error)

func GeneratePrivateAndPublicKeyPEM

func GeneratePrivateAndPublicKeyPEM() (pri []byte, pub []byte, _ error)

func GeneratePrivateAndPublicKeyPEMWithPrivateFormatter added in v1.2.2

func GeneratePrivateAndPublicKeyPEMWithPrivateFormatter(t string) (pri []byte, pub []byte, _ error)

func GeneratePrivateAndPublicKeyPEMWithPrivateFormatterWithSize added in v1.2.3

func GeneratePrivateAndPublicKeyPEMWithPrivateFormatterWithSize(t string, size int) (pri []byte, pub []byte, _ error)

func GenerateSelfSignedCertKey

func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)

func GenerateSelfSignedCertKeyWithCommonName

func GenerateSelfSignedCertKeyWithCommonName(commonName, host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)

func GenerateSelfSignedCertKeyWithCommonNameEx

func GenerateSelfSignedCertKeyWithCommonNameEx(commonName, org, host string, alternateIPs []net.IP, alternateDNS []string, priv *rsa.PrivateKey, auth bool) ([]byte, []byte, error)

func GenerateSelfSignedCertKeyWithCommonNameWithPrivateKeyWithOrg added in v1.2.3

func GenerateSelfSignedCertKeyWithCommonNameWithPrivateKeyWithOrg(commonName, org, host string, alternateIPs []net.IP, alternateDNS []string, priv *rsa.PrivateKey) ([]byte, []byte, error)

func GetX509GMServerTlsConfigWithAuth

func GetX509GMServerTlsConfigWithAuth(ca, server, serverKey []byte, auth bool) (*gmtls.Config, error)

func GetX509GMServerTlsConfigWithOnly added in v1.3.1

func GetX509GMServerTlsConfigWithOnly(ca, server, serverKey []byte, auth bool) (*gmtls.Config, error)

func GetX509MutualAuthClientTlsConfig

func GetX509MutualAuthClientTlsConfig(clientCrt, clientPriv []byte, caCrts ...[]byte) (*tls.Config, error)

func GetX509MutualAuthServerTlsConfig

func GetX509MutualAuthServerTlsConfig(caPemRaw, serverCrt, keyPriv []byte) (*tls.Config, error)

func GetX509ServerTlsConfig

func GetX509ServerTlsConfig(caPemRaw, serverCrt, keyPriv []byte) (*tls.Config, error)

func GetX509ServerTlsConfigWithAuth

func GetX509ServerTlsConfigWithAuth(caPemRaw, serverCrt, keyPriv []byte, auth bool) (*tls.Config, error)

func LoadP12ToPEM added in v1.2.7

func LoadP12ToPEM(p12Data []byte, password string) (certBytes, keyBytes []byte, ca [][]byte, err error)

func MergeBlock

func MergeBlock(raw []string) ([]byte, error)

func NewDefaultTLSServer

func NewDefaultTLSServer(conn net.Conn) *tls.Conn

func ParseCertAndPriKeyAndPool

func ParseCertAndPriKeyAndPool(clientCrt, clientPriv []byte, caCrts ...[]byte) (tls.Certificate, *x509.CertPool, error)

func ParseCertAndPriKeyAndPoolForGM

func ParseCertAndPriKeyAndPoolForGM(clientCrt, clientPriv []byte, caCrts ...[]byte) (gmtls.Certificate, *x509gm.CertPool, error)

func ParsePEMCRL

func ParsePEMCRL(ca []byte) ([]pkix.RevokedCertificate, error)

func ParsePEMCRLRaw

func ParsePEMCRLRaw(ca []byte) (*pkix.CertificateList, error)

func ParsePEMCert

func ParsePEMCert(crt []byte) (*x509.Certificate, error)

func ParsePEMCertificate

func ParsePEMCertificate(ca []byte) (*x509.Certificate, error)

func ParsePEMCertificateAndKey

func ParsePEMCertificateAndKey(ca, key []byte) (*x509.Certificate, *rsa.PrivateKey, error)

func ParseRsaPublicKey added in v1.3.3

func ParseRsaPublicKey(block *pem.Block) (*rsa.PublicKey, error)

func PemPkcs1v15Decrypt

func PemPkcs1v15Decrypt(pemPriBytes []byte, data interface{}) ([]byte, error)

DecryptWithPkcs1v15 将PEM格式的私钥与密文进行PKCS1v15解密,返回明文与错误 Example: ``` dec, err := tls.DecryptWithPkcs1v15(pemBytes, enc) ```

func PemPkcs1v15Encrypt

func PemPkcs1v15Encrypt(pemBytes []byte, data interface{}) ([]byte, error)

EncryptWithPkcs1v15 将PEM格式的公钥与数据进行PKCS1v15加密,返回密文与错误 Example: ``` enc, err := tls.EncryptWithPkcs1v15(pemBytes, "hello") ```

func PemPkcsOAEPDecrypt added in v1.2.2

func PemPkcsOAEPDecrypt(pemPriBytes []byte, data interface{}) ([]byte, error)

func PemPkcsOAEPDecryptWithHash added in v1.3.2

func PemPkcsOAEPDecryptWithHash(pemPriBytes []byte, data interface{}, hashFunc hash.Hash) ([]byte, error)

func PemPkcsOAEPEncrypt added in v1.2.2

func PemPkcsOAEPEncrypt(pemBytes []byte, data interface{}) ([]byte, error)

func PemPkcsOAEPEncryptWithHash added in v1.3.2

func PemPkcsOAEPEncryptWithHash(pemBytes []byte, data interface{}, hashFunc hash.Hash) ([]byte, error)

func PemSignSha256WithRSA

func PemSignSha256WithRSA(pemBytes []byte, data interface{}) ([]byte, error)

SignSHA256WithRSA 使用RSA私钥对数据进行SHA256签名,返回签名与错误 Example: ``` pemBytes = string(`-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZz5Zz3z3z3z3z ... -----END PRIVATE KEY-----`) signBytes, err := tls.SignSHA256WithRSA(pemBytes, "hello") die(err) signString = string(signBytes) ```

func PemVerifySignSha256WithRSA

func PemVerifySignSha256WithRSA(pemBytes []byte, originData any, sign []byte) error

SignVerifySHA256WithRSA 使用RSA公钥对数据进行SHA256签名验证,返回错误 Example: ``` pemBytes = string(`-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1pvFYNQpPSPbshg6F7Z ... -----END PUBLIC KEY-----`) err := tls.PemVerifySignSha256WithRSA(pemBytes, "hello", signBytes) die(err) ```

func RSAGenerateKeyPair

func RSAGenerateKeyPair(bitSize int) ([]byte, []byte, error)

GenerateRSAKeyPair 根据给定的bit大小生成RSA公私钥对,返回PEM格式公钥和私钥与错误 Example: ``` pub, pri, err := tls.GenerateRSAKeyPair(2048) ```

func SM2GenerateKeyPair

func SM2GenerateKeyPair() ([]byte, []byte, error)

GenerateSM2KeyPair 生成SM2公私钥对,返回PEM格式公钥和私钥与错误 Example: ``` pub, pri, err := tls.GenerateSM2KeyPair() ```

func SelfSignCACertificateAndPrivateKey

func SelfSignCACertificateAndPrivateKey(common string, opts ...SelfSignConfigOpt) ([]byte, []byte, error)

func SignClientCrtNKey

func SignClientCrtNKey(ca, key []byte) ([]byte, []byte, error)

SignX509ClientCertAndKey 根据给定的CA证书和私钥,生成客户端证书和密钥,返回PEM格式的客户端证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignX509ClientCertAndKey(ca, key) ```

func SignClientCrtNKeyEx

func SignClientCrtNKeyEx(ca []byte, key []byte, commonName string, auth bool) (cert []byte, sKey []byte, _ error)

func SignClientCrtNKeyWithParams

func SignClientCrtNKeyWithParams(ca, key []byte, cn string, notAfter time.Time, x509Auth bool) (cert []byte, skey []byte, _ error)

func SignClientCrtNKeyWithoutAuth added in v1.3.1

func SignClientCrtNKeyWithoutAuth(ca, key []byte) ([]byte, []byte, error)

SignClientCertAndKey 根据给定的CA证书和私钥,生成不包含认证的客户端证书和密钥,返回PEM格式的客户端证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignClientCertAndKey(ca, key) ```

func SignGMServerCrtNKeyWithParams

func SignGMServerCrtNKeyWithParams(ca []byte, privateKey []byte, cn string, notAfter time.Time, auth bool) ([]byte, []byte, error)

func SignServerCrtNKey

func SignServerCrtNKey(ca []byte, key []byte) (cert []byte, sKey []byte, _ error)

SignX509ServerCertAndKey 根据给定的CA证书和私钥,生成服务器证书和密钥,返回PEM格式的服务器证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignX509ServerCertAndKey(ca, key) ```

func SignServerCrtNKeyEx

func SignServerCrtNKeyEx(ca []byte, key []byte, commonName string, auth bool) (cert []byte, sKey []byte, _ error)

func SignServerCrtNKeyWithParams

func SignServerCrtNKeyWithParams(ca []byte, key []byte, cn string, notAfter time.Time, authClient bool) (cert []byte, sKey []byte, _ error)

func SignServerCrtNKeyWithoutAuth added in v1.3.1

func SignServerCrtNKeyWithoutAuth(ca []byte, key []byte) (cert []byte, sKey []byte, _ error)

SignServerCertAndKey 根据给定的CA证书和私钥,生成不包含认证的服务器证书和密钥,返回PEM格式的服务器证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignServerCertAndKey(ca, key) ```

func SplitBlock

func SplitBlock(raw []byte, blockSize int) ([]string, error)

Types

type HandshakeClientHello

type HandshakeClientHello struct {
	Random             []byte
	Session            []byte
	CipherSuite        []byte
	CompressionMethods []byte
	ExtensionsRaw      []byte
	Extensions         []*HandshakeClientHelloExt
	// contains filtered or unexported fields
}

func ParseClientHello

func ParseClientHello(data []byte) (*HandshakeClientHello, error)

ParseClientHello parses a ClientHello message from the given data. It returns the parsed message and the number of bytes consumed.

func (*HandshakeClientHello) ALPN

func (h *HandshakeClientHello) ALPN() []string

func (*HandshakeClientHello) MaybeHttp

func (h *HandshakeClientHello) MaybeHttp() bool

func (*HandshakeClientHello) SNI

func (h *HandshakeClientHello) SNI() string

type HandshakeClientHelloExt

type HandshakeClientHelloExt struct {
	TypeRaw []byte
	TypeInt uint16
	Length  uint16
	RawData []byte
}

func (*HandshakeClientHelloExt) IsALPN

func (h *HandshakeClientHelloExt) IsALPN() ([]string, bool)

func (*HandshakeClientHelloExt) IsSNI

func (h *HandshakeClientHelloExt) IsSNI() (string, bool)

type SelfSignConfig

type SelfSignConfig struct {
	NotAfter       time.Time
	NotBefore      time.Time
	SignTo         []string
	PrivateKey     *rsa.PrivateKey
	EnableAuth     bool
	AlternativeDNS []string
	AlternativeIP  []string
	Org            string
}

type SelfSignConfigOpt

type SelfSignConfigOpt func(*SelfSignConfig)

func WithSelfSign_EnableAuth

func WithSelfSign_EnableAuth(b bool) SelfSignConfigOpt

func WithSelfSign_NotAfter

func WithSelfSign_NotAfter(t time.Time) SelfSignConfigOpt

func WithSelfSign_NotBefore

func WithSelfSign_NotBefore(t time.Time) SelfSignConfigOpt

func WithSelfSign_Organization added in v1.2.3

func WithSelfSign_Organization(s string) SelfSignConfigOpt

func WithSelfSign_PrivateKey

func WithSelfSign_PrivateKey(p *rsa.PrivateKey) SelfSignConfigOpt

func WithSelfSign_SignTo

func WithSelfSign_SignTo(s ...string) SelfSignConfigOpt

Directories

Path Synopsis
Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX).
Package pkcs12 implements some of PKCS#12 (also known as P12 or PFX).
rc2
Package rc2 implements the RC2 cipher
Package rc2 implements the RC2 cipher

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL