Documentation ¶
Index ¶
- func BuildP12(certBytes, keyBytes []byte, password string, ca ...[]byte) ([]byte, error)
- func CertificateRequestText(csr *x509.CertificateRequest) (string, error)
- func CertificateText(cert *x509.Certificate) (string, error)
- func Decrypt(r string, priPem []byte) ([]byte, error)
- func Encrypt(raw []byte, pemBytes []byte) (string, error)
- func GenerateCRL(ca, key []byte, revokingCert []byte, existedRevoked ...pkix.RevokedCertificate) ([]byte, error)
- func GenerateCRLWithExistedList(ca, key []byte, existedRevoked ...pkix.RevokedCertificate) ([]byte, error)
- func GenerateGMSelfSignedCertKey(commonName string) ([]byte, []byte, error)
- func GeneratePrivateAndPublicKeyPEM() (pri []byte, pub []byte, _ error)
- func GeneratePrivateAndPublicKeyPEMWithPrivateFormatter(t string) (pri []byte, pub []byte, _ error)
- func GeneratePrivateAndPublicKeyPEMWithPrivateFormatterWithSize(t string, size int) (pri []byte, pub []byte, _ error)
- func GenerateSelfSignedCertKey(host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)
- func GenerateSelfSignedCertKeyWithCommonName(commonName, host string, alternateIPs []net.IP, alternateDNS []string) ([]byte, []byte, error)
- func GenerateSelfSignedCertKeyWithCommonNameEx(commonName, org, host string, alternateIPs []net.IP, alternateDNS []string, ...) ([]byte, []byte, error)
- func GenerateSelfSignedCertKeyWithCommonNameWithPrivateKeyWithOrg(commonName, org, host string, alternateIPs []net.IP, alternateDNS []string, ...) ([]byte, []byte, error)
- func GetX509GMServerTlsConfigWithAuth(ca, server, serverKey []byte, auth bool) (*gmtls.Config, error)
- func GetX509GMServerTlsConfigWithOnly(ca, server, serverKey []byte, auth bool) (*gmtls.Config, error)
- func GetX509MutualAuthClientTlsConfig(clientCrt, clientPriv []byte, caCrts ...[]byte) (*tls.Config, error)
- func GetX509MutualAuthServerTlsConfig(caPemRaw, serverCrt, keyPriv []byte) (*tls.Config, error)
- func GetX509ServerTlsConfig(caPemRaw, serverCrt, keyPriv []byte) (*tls.Config, error)
- func GetX509ServerTlsConfigWithAuth(caPemRaw, serverCrt, keyPriv []byte, auth bool) (*tls.Config, error)
- func LoadP12ToPEM(p12Data []byte, password string) (certBytes, keyBytes []byte, ca [][]byte, err error)
- func MergeBlock(raw []string) ([]byte, error)
- func NewDefaultTLSServer(conn net.Conn) *tls.Conn
- func ParseCertAndPriKeyAndPool(clientCrt, clientPriv []byte, caCrts ...[]byte) (tls.Certificate, *x509.CertPool, error)
- func ParseCertAndPriKeyAndPoolForGM(clientCrt, clientPriv []byte, caCrts ...[]byte) (gmtls.Certificate, *x509gm.CertPool, error)
- func ParsePEMCRL(ca []byte) ([]pkix.RevokedCertificate, error)
- func ParsePEMCRLRaw(ca []byte) (*pkix.CertificateList, error)
- func ParsePEMCert(crt []byte) (*x509.Certificate, error)
- func ParsePEMCertificate(ca []byte) (*x509.Certificate, error)
- func ParsePEMCertificateAndKey(ca, key []byte) (*x509.Certificate, *rsa.PrivateKey, error)
- func ParseRsaPublicKey(block *pem.Block) (*rsa.PublicKey, error)
- func PemPkcs1v15Decrypt(pemPriBytes []byte, data interface{}) ([]byte, error)
- func PemPkcs1v15Encrypt(pemBytes []byte, data interface{}) ([]byte, error)
- func PemPkcsOAEPDecrypt(pemPriBytes []byte, data interface{}) ([]byte, error)
- func PemPkcsOAEPDecryptWithHash(pemPriBytes []byte, data interface{}, hashFunc hash.Hash) ([]byte, error)
- func PemPkcsOAEPEncrypt(pemBytes []byte, data interface{}) ([]byte, error)
- func PemPkcsOAEPEncryptWithHash(pemBytes []byte, data interface{}, hashFunc hash.Hash) ([]byte, error)
- func PemSignSha256WithRSA(pemBytes []byte, data interface{}) ([]byte, error)
- func PemVerifySignSha256WithRSA(pemBytes []byte, originData any, sign []byte) error
- func RSAGenerateKeyPair(bitSize int) ([]byte, []byte, error)
- func SM2GenerateKeyPair() ([]byte, []byte, error)
- func SelfSignCACertificateAndPrivateKey(common string, opts ...SelfSignConfigOpt) ([]byte, []byte, error)
- func SignClientCrtNKey(ca, key []byte) ([]byte, []byte, error)
- func SignClientCrtNKeyEx(ca []byte, key []byte, commonName string, auth bool) (cert []byte, sKey []byte, _ error)
- func SignClientCrtNKeyWithParams(ca, key []byte, cn string, notAfter time.Time, x509Auth bool) (cert []byte, skey []byte, _ error)
- func SignClientCrtNKeyWithoutAuth(ca, key []byte) ([]byte, []byte, error)
- func SignGMServerCrtNKeyWithParams(ca []byte, privateKey []byte, cn string, notAfter time.Time, auth bool) ([]byte, []byte, error)
- func SignServerCrtNKey(ca []byte, key []byte) (cert []byte, sKey []byte, _ error)
- func SignServerCrtNKeyEx(ca []byte, key []byte, commonName string, auth bool) (cert []byte, sKey []byte, _ error)
- func SignServerCrtNKeyWithParams(ca []byte, key []byte, cn string, notAfter time.Time, authClient bool) (cert []byte, sKey []byte, _ error)
- func SignServerCrtNKeyWithoutAuth(ca []byte, key []byte) (cert []byte, sKey []byte, _ error)
- func SplitBlock(raw []byte, blockSize int) ([]string, error)
- type HandshakeClientHello
- type HandshakeClientHelloExt
- type SelfSignConfig
- type SelfSignConfigOpt
- func WithSelfSign_EnableAuth(b bool) SelfSignConfigOpt
- func WithSelfSign_NotAfter(t time.Time) SelfSignConfigOpt
- func WithSelfSign_NotBefore(t time.Time) SelfSignConfigOpt
- func WithSelfSign_Organization(s string) SelfSignConfigOpt
- func WithSelfSign_PrivateKey(p *rsa.PrivateKey) SelfSignConfigOpt
- func WithSelfSign_SignTo(s ...string) SelfSignConfigOpt
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CertificateRequestText ¶
func CertificateRequestText(csr *x509.CertificateRequest) (string, error)
CertificateRequestText returns a human-readable string representation of the certificate request csr. The format is similar (but not identical) to the OpenSSL way of printing certificates.
func CertificateText ¶
func CertificateText(cert *x509.Certificate) (string, error)
CertificateText returns a human-readable string representation of the certificate cert. The format is similar (but not identical) to the OpenSSL way of printing certificates.
func GenerateCRL ¶
func GenerateCRLWithExistedList ¶
func GenerateCRLWithExistedList(ca, key []byte, existedRevoked ...pkix.RevokedCertificate) ([]byte, error)
func GeneratePrivateAndPublicKeyPEMWithPrivateFormatter ¶ added in v1.2.2
func GeneratePrivateAndPublicKeyPEMWithPrivateFormatterWithSize ¶ added in v1.2.3
func GenerateSelfSignedCertKeyWithCommonNameWithPrivateKeyWithOrg ¶ added in v1.2.3
func GetX509GMServerTlsConfigWithOnly ¶ added in v1.3.1
func GetX509ServerTlsConfig ¶
func LoadP12ToPEM ¶ added in v1.2.7
func MergeBlock ¶
func ParsePEMCRL ¶
func ParsePEMCRL(ca []byte) ([]pkix.RevokedCertificate, error)
func ParsePEMCRLRaw ¶
func ParsePEMCRLRaw(ca []byte) (*pkix.CertificateList, error)
func ParsePEMCert ¶
func ParsePEMCert(crt []byte) (*x509.Certificate, error)
func ParsePEMCertificate ¶
func ParsePEMCertificate(ca []byte) (*x509.Certificate, error)
func ParsePEMCertificateAndKey ¶
func ParsePEMCertificateAndKey(ca, key []byte) (*x509.Certificate, *rsa.PrivateKey, error)
func ParseRsaPublicKey ¶ added in v1.3.3
func PemPkcs1v15Decrypt ¶
DecryptWithPkcs1v15 将PEM格式的私钥与密文进行PKCS1v15解密,返回明文与错误 Example: ``` dec, err := tls.DecryptWithPkcs1v15(pemBytes, enc) ```
func PemPkcs1v15Encrypt ¶
EncryptWithPkcs1v15 将PEM格式的公钥与数据进行PKCS1v15加密,返回密文与错误 Example: ``` enc, err := tls.EncryptWithPkcs1v15(pemBytes, "hello") ```
func PemPkcsOAEPDecrypt ¶ added in v1.2.2
func PemPkcsOAEPDecryptWithHash ¶ added in v1.3.2
func PemPkcsOAEPEncrypt ¶ added in v1.2.2
func PemPkcsOAEPEncryptWithHash ¶ added in v1.3.2
func PemSignSha256WithRSA ¶
SignSHA256WithRSA 使用RSA私钥对数据进行SHA256签名,返回签名与错误 Example: ``` pemBytes = string(`-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDZz5Zz3z3z3z3z ... -----END PRIVATE KEY-----`) signBytes, err := tls.SignSHA256WithRSA(pemBytes, "hello") die(err) signString = string(signBytes) ```
func PemVerifySignSha256WithRSA ¶
SignVerifySHA256WithRSA 使用RSA公钥对数据进行SHA256签名验证,返回错误 Example: ``` pemBytes = string(`-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs1pvFYNQpPSPbshg6F7Z ... -----END PUBLIC KEY-----`) err := tls.PemVerifySignSha256WithRSA(pemBytes, "hello", signBytes) die(err) ```
func RSAGenerateKeyPair ¶
GenerateRSAKeyPair 根据给定的bit大小生成RSA公私钥对,返回PEM格式公钥和私钥与错误 Example: ``` pub, pri, err := tls.GenerateRSAKeyPair(2048) ```
func SM2GenerateKeyPair ¶
GenerateSM2KeyPair 生成SM2公私钥对,返回PEM格式公钥和私钥与错误 Example: ``` pub, pri, err := tls.GenerateSM2KeyPair() ```
func SelfSignCACertificateAndPrivateKey ¶
func SelfSignCACertificateAndPrivateKey(common string, opts ...SelfSignConfigOpt) ([]byte, []byte, error)
func SignClientCrtNKey ¶
SignX509ClientCertAndKey 根据给定的CA证书和私钥,生成客户端证书和密钥,返回PEM格式的客户端证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignX509ClientCertAndKey(ca, key) ```
func SignClientCrtNKeyEx ¶
func SignClientCrtNKeyWithoutAuth ¶ added in v1.3.1
SignClientCertAndKey 根据给定的CA证书和私钥,生成不包含认证的客户端证书和密钥,返回PEM格式的客户端证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignClientCertAndKey(ca, key) ```
func SignServerCrtNKey ¶
SignX509ServerCertAndKey 根据给定的CA证书和私钥,生成服务器证书和密钥,返回PEM格式的服务器证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignX509ServerCertAndKey(ca, key) ```
func SignServerCrtNKeyEx ¶
func SignServerCrtNKeyWithoutAuth ¶ added in v1.3.1
SignServerCertAndKey 根据给定的CA证书和私钥,生成不包含认证的服务器证书和密钥,返回PEM格式的服务器证书和密钥与错误 Example: ``` ca, key, err = tls.GenerateRootCA("yaklang.io") cert, sKey, err = tls.SignServerCertAndKey(ca, key) ```
Types ¶
type HandshakeClientHello ¶
type HandshakeClientHello struct { Random []byte Session []byte CipherSuite []byte CompressionMethods []byte ExtensionsRaw []byte Extensions []*HandshakeClientHelloExt // contains filtered or unexported fields }
func ParseClientHello ¶
func ParseClientHello(data []byte) (*HandshakeClientHello, error)
ParseClientHello parses a ClientHello message from the given data. It returns the parsed message and the number of bytes consumed.
func (*HandshakeClientHello) ALPN ¶
func (h *HandshakeClientHello) ALPN() []string
func (*HandshakeClientHello) MaybeHttp ¶
func (h *HandshakeClientHello) MaybeHttp() bool
func (*HandshakeClientHello) SNI ¶
func (h *HandshakeClientHello) SNI() string
type HandshakeClientHelloExt ¶
func (*HandshakeClientHelloExt) IsALPN ¶
func (h *HandshakeClientHelloExt) IsALPN() ([]string, bool)
func (*HandshakeClientHelloExt) IsSNI ¶
func (h *HandshakeClientHelloExt) IsSNI() (string, bool)
type SelfSignConfig ¶
type SelfSignConfigOpt ¶
type SelfSignConfigOpt func(*SelfSignConfig)
func WithSelfSign_EnableAuth ¶
func WithSelfSign_EnableAuth(b bool) SelfSignConfigOpt
func WithSelfSign_NotAfter ¶
func WithSelfSign_NotAfter(t time.Time) SelfSignConfigOpt
func WithSelfSign_NotBefore ¶
func WithSelfSign_NotBefore(t time.Time) SelfSignConfigOpt
func WithSelfSign_Organization ¶ added in v1.2.3
func WithSelfSign_Organization(s string) SelfSignConfigOpt
func WithSelfSign_PrivateKey ¶
func WithSelfSign_PrivateKey(p *rsa.PrivateKey) SelfSignConfigOpt
func WithSelfSign_SignTo ¶
func WithSelfSign_SignTo(s ...string) SelfSignConfigOpt