README
¶
certificate managment protocl
Documentation
¶
Overview ¶
this file impls the ra <-> ca rfc4211 ?
Index ¶
- func BuildExtensions(sanLst []DN, extLst []DN) (ret []pkix.Extension, err error)
- func BuildSubject(dnLst []DN) pkix.RDNSequence
- func NewPKIBodyCRasn1(tmplLst []CertTemplate) (interface{}, error)
- func NewPKIBodyKRRasn1(tmplLst []CertTemplate) (interface{}, error)
- func NewPKIBodyKURasn1(tmplLst []CertTemplate) (interface{}, error)
- func NewPKIBodyRRasn1(tmplLst []CertTemplate, op uint8) (interface{}, error)
- type AdministrationDomainName
- type AnotherName
- type Attribute
- type AuthInfo
- type BuiltInDomainDefinedAttribute
- type BuiltInDomainDefinedAttributes
- type BuiltInStandardAttributes
- type CertOrEncCert
- type CertRepMessage
- type CertReqMessage
- type CertReqMessages
- type CertRequest
- type CertResponse
- type CertTemplate
- func (tmpl *CertTemplate) SetExtension(ext []pkix.Extension)
- func (tmpl *CertTemplate) SetPublicKeyWithCSR(der []byte) error
- func (tmpl *CertTemplate) SetPublicKeyWithRawPubichKeyInfo(der []byte) error
- func (tmpl *CertTemplate) SetSubject(seq pkix.RDNSequence)
- func (tmpl *CertTemplate) SetSubjectUID(uid []byte)
- func (tmpl *CertTemplate) SetVaidity(notBefore, notAfter time.Time)
- func (tmpl *CertTemplate) SetVersion(version int)
- type CertWithEncValue
- type Certificate
- type CertificationRequest
- type CertificationRequestInfo
- type CertifiedKeyPair
- type Controls
- type CountryName
- type DN
- type DirectoryName
- type DirectoryNameSET
- type DirectoryString
- type EDIPartyName
- type EdiPartyName
- type EncryptedValue
- type ErrorMsgContent
- type ExtensionAttribute
- type ExtensionAttributes
- type Extensions
- type GeneralName
- type InterDirectoryName
- type InterRevRepContent
- type InterState
- type KeyIdentifier
- type KeyRecRepContent
- type Name
- type NetworkAddress
- type NumericUserIdentifier
- type ORAddress
- type OptionalValidity
- type OrganizationName
- type OrganizationalUnitNames
- type PKIFailureInfo
- type PKIFreeText
- type PKIHeader
- type PKIMessage
- type PKIMessageCP
- type PKIMessageFoot
- type PKIMessageHead
- type PKIMessageKRP
- type PKIMessageKUP
- type PKIMessageRP
- type PKIProtection
- type PKIPublicationInfo
- type PKIStatus
- type PKIStatusInfo
- type PKMACValue
- type PersonalName
- type PrivateDomainName
- type ProofOfPossession
- type RevCert
- type RevDetails
- type RevRepContent
- type RevReqContent
- type SinglePubInfo
- type SubjectPublicKeyInfo
- type TerminalIdentifier
- type UniqueIdentifier
- type Version
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func BuildExtensions ¶
func BuildSubject ¶
func BuildSubject(dnLst []DN) pkix.RDNSequence
func NewPKIBodyCRasn1 ¶
func NewPKIBodyCRasn1(tmplLst []CertTemplate) (interface{}, error)
func NewPKIBodyKRRasn1 ¶
func NewPKIBodyKRRasn1(tmplLst []CertTemplate) (interface{}, error)
func NewPKIBodyKURasn1 ¶
func NewPKIBodyKURasn1(tmplLst []CertTemplate) (interface{}, error)
func NewPKIBodyRRasn1 ¶
func NewPKIBodyRRasn1(tmplLst []CertTemplate, op uint8) (interface{}, error)
Types ¶
type AdministrationDomainName ¶
type AdministrationDomainName string
AdministrationDomainName ::= [APPLICATION 2] CHOICE {
numeric NumericString (SIZE (0..ub-domain-name-length)),
printable PrintableString (SIZE (0..ub-domain-name-length)) }
type AnotherName ¶
type AnotherName struct {
Value asn1.RawValue `asn1:"tag:0,explicit,optional"`
// contains filtered or unexported fields
}
AnotherName ::= SEQUENCE {
type-id OBJECT IDENTIFIER,
value [0] EXPLICIT ANY DEFINED BY type-id }
type Attribute ¶
type Attribute struct {
Type asn1.ObjectIdentifier
Values asn1.RawValue `asn1:"set"`
}
Attribute { ATTRIBUTE:IOSet } ::= SEQUENCE {
type ATTRIBUTE.&id({IOSet}),
values SET SIZE(1..MAX) OF ATTRIBUTE.&Type({IOSet}{@type})
}
type AuthInfo ¶
type AuthInfo struct {
Sender *GeneralName `asn1:"tag:0,omitempty"`
PublicKeyMac *PKMACValue `asn1:"omitempty"`
}
AuthInfo ignore pop
type BuiltInDomainDefinedAttribute ¶
BuiltInDomainDefinedAttribute ::= SEQUENCE {
type PrintableString (SIZE
(1..ub-domain-defined-attribute-type-length)),
value PrintableString (SIZE
(1..ub-domain-defined-attribute-value-length)) }
type BuiltInDomainDefinedAttributes ¶
type BuiltInDomainDefinedAttributes []BuiltInDomainDefinedAttribute
type BuiltInStandardAttributes ¶
type BuiltInStandardAttributes struct {
CountryName *CountryName `asn1:"optional,omitempty"`
AdminitrationDomainName *AdministrationDomainName `asn1:"optional,omitempty,application,tag:2"`
NetworkAddress *NetworkAddress `asn1:"tag:0,optional,omitempty"`
TerminalIdentifier *TerminalIdentifier `asn1:"tag:1,optional,omitempty,printable"`
PrivateDomainName *PrivateDomainName `asn1:"tag:2,explicit,optional,omitempty"`
OrganizationName *OrganizationName `asn1:"tag:3,optional,omitempty,printable"`
NumericUserIdentifier *NumericUserIdentifier `asn1:"tag:4,optional,omitempty"`
PersonalName *PersonalName `asn1:"tag:5,optional,omitempty,set"`
OrganizationalUnitNames *OrganizationalUnitNames `asn1:"tag:6,optional,omitempty,printable"`
}
BuiltInStandardAttributes ::= SEQUENCE {
country-name CountryName OPTIONAL,
administration-domain-name AdministrationDomainName OPTIONAL,
network-address [0] IMPLICIT NetworkAddress OPTIONAL,
-- see also extended-network-address
terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL,
private-domain-name [2] PrivateDomainName OPTIONAL,
organization-name [3] IMPLICIT OrganizationName OPTIONAL,
-- see also teletex-organization-name
numeric-user-identifier [4] IMPLICIT NumericUserIdentifier
OPTIONAL,
personal-name [5] IMPLICIT PersonalName OPTIONAL,
-- see also teletex-personal-name
organizational-unit-names [6] IMPLICIT OrganizationalUnitNames
OPTIONAL }
-- see also teletex-organizational-unit-names
type CertOrEncCert ¶
type CertOrEncCert struct {
Certificate certificate `asn1:"tag:0,omitempty"`
EncryptedCert EncryptedValue `asn1:"tag:1,omitempty"`
}
CertOrEncCert ::= CHOICE {
certificate [0] CMPCertificate,
encryptedCert [1] EncryptedValue }
type CertRepMessage ¶
type CertRepMessage struct {
Raw asn1.RawContent
CAPubs []Certificate `asn1:"tag:1,optional,omitempty"`
Responses []CertResponse
}
CertRepMessage ::= SEQUENCE {
caPubs [1] SEQUENCE SIZE (1..MAX) OF CMPCertificate
OPTIONAL,
response SEQUENCE OF CertResponse }
type CertReqMessage ¶
type CertReqMessage struct {
CertReq CertRequest
RegInfo []pkix.AttributeTypeAndValue `asn1:"optional,omitempty"`
}
CertReqMessage . https://www.ietf.org/rfc/rfc4211.txt
CertReqMsg ::= SEQUENCE {
certReq CertRequest,
popo ProofOfPossession OPTIONAL,
-- content depends upon key type
regInfo SEQUENCE SIZE(1..MAX) of AttributeTypeAndValue OPTIONAL
}
type CertReqMessages ¶
type CertReqMessages []CertReqMessage
type CertRequest ¶
type CertRequest struct {
CertReqID int
CertTemplate CertTemplate
Controls Controls `asn1:"optional,omitempty"`
}
CertRequest ::= SEQUENCE {
certReqId INTEGER, -- ID for matching request and reply
certTemplate CertTemplate, --Selected fields of cert to be issued
controls Controls OPTIONAL } -- Attributes affecting issuance
type CertResponse ¶
type CertResponse struct {
Raw asn1.RawContent
CertReqID int
Status PKIStatusInfo
CertifiedKeyPair CertifiedKeyPair
RespInfo []byte
}
func (CertResponse) GetCertWithEncValue ¶
func (resp CertResponse) GetCertWithEncValue() (*CertWithEncValue, error)
func (CertResponse) OK ¶
func (resp CertResponse) OK() bool
type CertTemplate ¶
type CertTemplate struct {
Version Version `asn1:"explicit,optional,tag:0"`
SerialNumber *big.Int `asn1:"explicit,optional,tag:1"`
//SigningAlg pkix.AlgorithmIdentifier `asn1:"optional,tag:2"`
Issuer Name `asn1:"optional,tag:3"`
Validity OptionalValidity `asn1:"optional,explicit,tag:4"`
Subject Name `asn1:"optional,tag:5"`
PublicKey SubjectPublicKeyInfo `asn1:"optional,explicit,tag:6"`
IssuerUID UniqueIdentifier `asn1:"optional,tag:7"`
SubjectUID UniqueIdentifier `asn1:"optional,explicit,tag:8"`
Extensions Extensions `asn1:"explicit,optional,tag:9"`
}
func NewCertTemplate ¶
func NewCertTemplate(serialNumber *big.Int) *CertTemplate
func (*CertTemplate) SetExtension ¶
func (tmpl *CertTemplate) SetExtension(ext []pkix.Extension)
func (*CertTemplate) SetPublicKeyWithCSR ¶
func (tmpl *CertTemplate) SetPublicKeyWithCSR(der []byte) error
func (*CertTemplate) SetPublicKeyWithRawPubichKeyInfo ¶
func (tmpl *CertTemplate) SetPublicKeyWithRawPubichKeyInfo(der []byte) error
func (*CertTemplate) SetSubject ¶
func (tmpl *CertTemplate) SetSubject(seq pkix.RDNSequence)
func (*CertTemplate) SetSubjectUID ¶
func (tmpl *CertTemplate) SetSubjectUID(uid []byte)
func (*CertTemplate) SetVaidity ¶
func (tmpl *CertTemplate) SetVaidity(notBefore, notAfter time.Time)
func (*CertTemplate) SetVersion ¶
func (tmpl *CertTemplate) SetVersion(version int)
type CertWithEncValue ¶
type CertWithEncValue struct {
EncPriv *EncryptedValue
Cert *x509.Certificate
}
type Certificate ¶
type Certificate struct {
Raw asn1.RawContent
}
func (Certificate) ToX590Certificate ¶
func (cert Certificate) ToX590Certificate() (*x509.Certificate, error)
type CertificationRequest ¶
type CertificationRequest struct {
CertificationRequestInfo CertificationRequestInfo
SignatureAlgorithm pkix.AlgorithmIdentifier
Signature asn1.BitString
}
CertificationRequest ::= SEQUENCE {
certificationRequestInfo CertificationRequestInfo,
signatureAlgorithm AlgorithmIdentifier{{ SignatureAlgorithms }},
signature BIT STRING
}
type CertificationRequestInfo ¶
type CertificationRequestInfo struct {
Version int `asn1:"default:0"`
Subject Name
SubjectPKInfo SubjectPublicKeyInfo
Attributes []Attribute `asn1:"tag:0,set"`
}
CertificationRequestInfo ::= SEQUENCE {
version INTEGER { v1(0) } (v1,...),
subject Name,
subjectPKInfo SubjectPublicKeyInfo{{ PKInfoAlgorithms }},
attributes [0] Attributes{{ CRIAttributes }}
}
type CertifiedKeyPair ¶
type CertifiedKeyPair struct {
Cert Certificate
//EncCert Certificate
PrivateKey EncryptedValue
PublicationInfo PKIPublicationInfo
}
CertifiedKeyPair ::= SEQUENCE {
certOrEncCert CertOrEncCert,
privateKey [0] EncryptedValue OPTIONAL,
-- see [RFC4211] for comment on encoding
publicationInfo [1] PKIPublicationInfo OPTIONAL }
type Controls ¶
type Controls []pkix.AttributeTypeAndValue
type CountryName ¶
type DirectoryName ¶
type DirectoryName struct {
Id asn1.ObjectIdentifier
Value string
}
type DirectoryNameSET ¶
type DirectoryNameSET struct {
DirectoryNames []DirectoryName `asn1:"set"`
}
type DirectoryString ¶
type DirectoryString string
DirectoryString ::= CHOICE {
teletexString TeletexString (SIZE (1N..MAX)),
printableString PrintableString (SIZE (1..MAX)),
universalString UniversalString (SIZE (1..MAX)),
utf8String UTF8String (SIZE (1..MAX)),
bmpString BMPString (SIZE (1..MAX)) }
type EDIPartyName ¶
type EDIPartyName struct {
Assigner *DirectoryString `asn1:"tag:0,optonal,omitempty"`
PartyName *DirectoryString `asn1:"tag:1"`
}
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
type EdiPartyName ¶
type EdiPartyName struct {
NameAssigner string `asn1:"optional,tag:0"`
PartyName DirectoryString
}
EDIPartyName ::= SEQUENCE {
nameAssigner [0] DirectoryString OPTIONAL,
partyName [1] DirectoryString }
type EncryptedValue ¶
type EncryptedValue struct {
Raw asn1.RawContent
IntendedAlg pkix.AlgorithmIdentifier `asn1:"explicit,tag:0,optional,omitempty"`
SymmAlg pkix.AlgorithmIdentifier `asn1:"explicit,tag:1,optional,omitempty"`
EncSymmKey asn1.BitString `asn1:"explicit,tag:2,optional,omitempty"`
KeyAlg pkix.AlgorithmIdentifier `asn1:"explicit,tag:3,optional,omitempty"`
ValueHint []byte `asn1:"explicit,tag:4,optional,omitempty"`
EncValue asn1.BitString
}
EncryptedValue ::= SEQUENCE {
intendedAlg [0] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL,
-- the intended algorithm for which the value will be used
symmAlg [1] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL,
-- the symmetric algorithm used to encrypt the value
encSymmKey [2] BIT STRING OPTIONAL,
-- the (encrypted) symmetric key used to encrypt the value
keyAlg [3] AlgorithmIdentifier{ALGORITHM, {...}} OPTIONAL,
-- algorithm used to encrypt the symmetric key
valueHint [4] OCTET STRING OPTIONAL,
-- a brief description or identifier of the encValue content
-- (may be meaningful only to the sending entity, and used only
-- if EncryptedValue might be re-examined by the sending entity
-- in the future)
encValue BIT STRING }
-- the encrypted value itself
-- When EncryptedValue is used to carry a private key (as opposed to
-- a certificate), implementations MUST support the encValue field
-- containing an encrypted PrivateKeyInfo as defined in [PKCS11],
-- section 12.11. If encValue contains some other format/encoding
-- for the private key, the first octet of valueHint MAY be used
-- to indicate the format/encoding (but note that the possible values
-- of this octet are not specified at this time). In all cases, the
-- intendedAlg field MUST be used to indicate at least the OID of
-- the intended algorithm of the private key, unless this information
-- is known a priori to both sender and receiver by some other means.
type ErrorMsgContent ¶
type ErrorMsgContent struct {
PKIStatusInfo PKIStatusInfo
ErrorCode int `asn1:"optional"`
ErrporDetail PKIFreeText `asn1:"optional"`
}
ErrorMsgContent .
type ExtensionAttribute ¶
ExtensionAttribute ::= SEQUENCE {
extension-attribute-type [0] IMPLICIT INTEGER
(0..ub-extension-attributes),
extension-attribute-value [1]
ANY DEFINED BY extension-attribute-type }
type ExtensionAttributes ¶
type ExtensionAttributes []ExtensionAttribute
type Extensions ¶
Extension ::= SEQUENCE {
extnID OBJECT IDENTIFIER,
critical BOOLEAN DEFAULT FALSE,
extnValue OCTET STRING }
type Extension struct {
ExtnID asn1.ObjectIdentifier
Critical bool
ExtnValue []byte
}
type GeneralName ¶
type GeneralName struct {
Raw asn1.RawContent
OtherName *AnotherName `asn1:"tag:0,optional,omitempty"`
RFC822Name *string `asn1:"tag:1,ia5,optional,omitempty"`
DNSName *string `asn1:"tag:2,ia5,optional,omitempty"`
X400Address *ORAddress `asn1:"tag:3,optional,omitempty"`
DirectoryName Name `asn1:"tag:4,optional,omitempty"`
EdiPartyName *EdiPartyName `asn1:"tag:5,optional,omitempty"`
UniformResourceIdentifier string `asn1:"tag:6,ia5,optional,omitempty"`
IPAddress []byte `asn1:"tag:7,optional,omitempty"`
RegisteredID asn1.ObjectIdentifier `asn1:"tag:8,optional,omitempty"`
}
GeneralName ::= CHOICE {
otherName [0] AnotherName,
rfc822Name [1] IA5String,
dNSName [2] IA5String,
x400Address [3] ORAddress,
directoryName [4] Name,
ediPartyName [5] EDIPartyName,
uniformResourceIdentifier [6] IA5String,
iPAddress [7] OCTET STRING,
registeredID [8] OBJECT IDENTIFIER }
type InterDirectoryName ¶
type InterDirectoryName struct {
InterDirectoryNameSET DirectoryNameSET
}
type InterRevRepContent ¶
type InterRevRepContent struct {
RevRepContent RevRepContent
}
type InterState ¶
type InterState struct {
PKIStatusInfo PKIStatusInfo
}
type KeyRecRepContent ¶
type KeyRecRepContent struct {
Raw asn1.RawContent
Status PKIStatusInfo
NewSigCert Certificate
CACerts []Certificate
KeyPairHist []CertifiedKeyPair
}
KeyRecRepContent shall come from keyRecRepContent lower, raw
type Name ¶
type Name struct {
RDNSequence pkix.RDNSequence
}
type NetworkAddress ¶
type NetworkAddress string
type NumericUserIdentifier ¶
type NumericUserIdentifier string
type ORAddress ¶
type ORAddress struct {
StandardAttrs *BuiltInStandardAttributes
DomainDefinedAttrs *BuiltInDomainDefinedAttributes `asn1:"optional,omitempty"`
ExtensionAttris *ExtensionAttributes `asn1:"optional,omitempty,set"`
}
ORAddress ::= SEQUENCE {
built-in-standard-attributes BuiltInStandardAttributes,
built-in-domain-defined-attributes
BuiltInDomainDefinedAttributes OPTIONAL,
-- see also teletex-domain-defined-attributes
extension-attributes ExtensionAttributes OPTIONAL }
type OptionalValidity ¶
type OptionalValidity struct {
NotBefore time.Time `asn1:"generalized,explicit,tag:0"`
NotAfter time.Time `asn1:"generalized,explicit,tag:1"`
}
OptionalValidity ::= SEQUENCE {
notBefore [0] Time OPTIONAL,
notAfter [1] Time OPTIONAL }
type OrganizationName ¶
type OrganizationName string
type OrganizationalUnitNames ¶
type OrganizationalUnitNames []string
type PKIFreeText ¶
PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String
-- text encoded as UTF-8 String [RFC3629] (note: each -- UTF8String MAY include an [RFC3066] language tag -- to indicate the language of the contained text -- see [RFC2482] for details)
type PKIHeader ¶
type PKIHeader struct {
Raw asn1.RawContent
PVNO int `asn1:"default:1"`
Sender interface{} //GeneralName
Recipient interface{} //GeneralName
MessageTime time.Time `asn1:"generalized,explicit,optional,tag:0,omitempty"`
ProtectionAlg pkix.AlgorithmIdentifier `asn1:"explicit,optional,tag:1,omitempty"`
//SendKID *KeyIdentifier `asn1:"optional,tag:2,omitempty"`
//RecipKID *KeyIdentifier `asn1:"optional,tag:3,omitempty"`
TransactionID []byte `asn1:"optional,explicit,tag:4,omitempty"`
SenderNonce []byte `asn1:"optional,tag:5,omitempty"`
RecipNonce []byte `asn1:"optional,tag:6,omitempty"`
FreeText []string `asn1:"explicit,tag:7"`
GeneralInfo []pkix.AttributeTypeAndValue `asn1:"optional,tag:8,omitempty"`
}
PKIHeader .
func NewPKIHeader ¶
func NewPKIHeader() *PKIHeader
func (*PKIHeader) SetProtectionAlg ¶
func (h *PKIHeader) SetProtectionAlg(alg pkix.AlgorithmIdentifier)
type PKIMessage ¶
type PKIMessage struct {
Raw asn1.RawContent
Header PKIHeader
Body interface{} // PKIBody
Protection PKIProtection `asn1:"explicit,optional,tag:0,omitempty"`
ExtraCerts []Certificate `asn1:"tag:1,omitempty"`
}
PKIMessage .
func (*PKIMessage) SerializeAsn1 ¶
func (msg *PKIMessage) SerializeAsn1() ([]byte, error)
func (*PKIMessage) SerializeB64 ¶
func (msg *PKIMessage) SerializeB64() (string, error)
func (*PKIMessage) SetBody ¶
func (msg *PKIMessage) SetBody(body interface{})
func (*PKIMessage) SetProtection ¶
func (msg *PKIMessage) SetProtection(b []byte)
type PKIMessageCP ¶
type PKIMessageCP struct {
PKIMessageHead
Body CertRepMessage `asn1:"explicit,tag:3"`
PKIMessageFoot
}
func ParsePKIBodyCP ¶
func ParsePKIBodyCP(raw []byte) (*PKIMessageCP, error)
func (*PKIMessageCP) GetCertWithEncValueLst ¶
func (cp *PKIMessageCP) GetCertWithEncValueLst() ([]*CertWithEncValue, error)
type PKIMessageFoot ¶
type PKIMessageFoot struct {
Protection PKIProtection `asn1:"explicit,optional,tag:0,omitempty"`
ExtraCerts []*x509.Certificate `asn1:"tag:1"`
}
func (*PKIMessageFoot) VerifyByRoot ¶
func (msg *PKIMessageFoot) VerifyByRoot(pool *x509.CertPool) error
type PKIMessageHead ¶
type PKIMessageHead struct {
Raw asn1.RawContent
Header PKIHeader
}
type PKIMessageKRP ¶
type PKIMessageKRP struct {
PKIMessageHead
Body KeyRecRepContent
PKIMessageFoot
}
func ParsePKIBodyKRP ¶
func ParsePKIBodyKRP(raw []byte) (*PKIMessageKRP, error)
func (*PKIMessageKRP) FailInfo ¶
func (krp *PKIMessageKRP) FailInfo() string
func (*PKIMessageKRP) GetCertWithEncValueLst ¶
func (krp *PKIMessageKRP) GetCertWithEncValueLst() ([]*CertWithEncValue, error)
func (*PKIMessageKRP) StatusOK ¶
func (krp *PKIMessageKRP) StatusOK() bool
type PKIMessageKUP ¶
type PKIMessageKUP struct {
PKIMessageHead
Body CertRepMessage `asn1:"explicit,tag:8"`
PKIMessageFoot
}
func ParsePKIBodyKUP ¶
func ParsePKIBodyKUP(raw []byte) (*PKIMessageKUP, error)
func (*PKIMessageKUP) GetCertWithEncValueLst ¶
func (kup *PKIMessageKUP) GetCertWithEncValueLst() ([]*CertWithEncValue, error)
type PKIMessageRP ¶
type PKIMessageRP struct {
PKIMessageHead
Body RevRepContent `asn1:"explicit,optional,tag:12"`
PKIMessageFoot
}
func ParsePKIBodyRP ¶
func ParsePKIBodyRP(raw []byte) (*PKIMessageRP, error)
func (*PKIMessageRP) FailInfo ¶
func (rp *PKIMessageRP) FailInfo() string
func (*PKIMessageRP) StatusOK ¶
func (rp *PKIMessageRP) StatusOK() bool
type PKIProtection ¶
type PKIPublicationInfo ¶
type PKIPublicationInfo struct {
Action int
PubInfos []SinglePubInfo `asn1:"optional,omitempty"`
}
PKIPublicationInfo ::= SEQUENCE {
action INTEGER {
dontPublish (0),
pleasePublish (1) },
pubInfos SEQUENCE SIZE (1..MAX) OF SinglePubInfo OPTIONAL }
-- pubInfos MUST NOT be present if action is "dontPublish"
-- (if action is "pleasePublish" and pubInfos is omitted,
-- "dontCare" is assumed)
type PKIStatus ¶
type PKIStatus int
PKIStatus ::= INTEGER {
accepted (0),
-- you got exactly what you asked for
grantedWithMods (1),
-- you got something like what you asked for; the
-- requester is responsible for ascertaining the differences
rejection (2),
-- you don't get it, more information elsewhere in the message
waiting (3),
-- the request body part has not yet been processed; expect to
-- hear more later (note: proper handling of this status
-- response MAY use the polling req/rep PKIMessages specified
-- in Section 5.3.22; alternatively, polling in the underlying
-- transport layer MAY have some utility in this regard)
revocationWarning (4),
-- this message contains a warning that a revocation is
-- imminent
revocationNotification (5),
-- notification that a revocation has occurred
keyUpdateWarning (6)
-- update already done for the oldCertId specified in
-- CertReqMsg
}
type PKIStatusInfo ¶
type PKIStatusInfo struct {
Raw asn1.RawContent
Status PKIStatus
StatusString PKIFreeText `asn1:"optional,omitempty"`
FailInfo asn1.BitString `asn1:"optional,omitempty"`
}
PKIStatusInfo .
type PKMACValue ¶
type PKMACValue struct {
AlgID pkix.AlgorithmIdentifier
Value []byte
}
PKMACValue ::= SEQUENCE { algId AlgorithmIdentifier, -- algorithm value shall be PasswordBasedMac {1 2 840 113533 7 66 13} -- parameter value is PBMParameter value BIT STRING }
type PersonalName ¶
type PersonalName struct {
SurName string `asn1:"tag:0"`
GivenName string `asn1:"optional,tag:1"`
Initials string `asn1:"optional,tag:2"`
GenerationQualifier string `asn1:"optional,tag:3"`
}
PersonalName ::= SET {
surname [0] IMPLICIT PrintableString
(SIZE (1..ub-surname-length)),
given-name [1] IMPLICIT PrintableString
(SIZE (1..ub-given-name-length)) OPTIONAL,
initials [2] IMPLICIT PrintableString
(SIZE (1..ub-initials-length)) OPTIONAL,
generation-qualifier [3] IMPLICIT PrintableString
(SIZE (1..ub-generation-qualifier-length))
OPTIONAL }
type PrivateDomainName ¶
type PrivateDomainName string
type ProofOfPossession ¶
type ProofOfPossession struct {
}
type RevCert ¶
type RevCert struct {
DirectoryName InterDirectoryName `asn1:"optional,tag:4"`
SerialNumber *big.Int
}
type RevDetails ¶
type RevDetails struct {
CertDetails CertTemplate
CRLEntryDetails *Extensions `asn1:"optional,omitempty"`
RevocationReason asn1.BitString
}
RevDetails ::= SEQUENCE {
certDetails CertTemplate,
-- allows requester to specify as much as they can about
-- the cert. for which revocation is requested
-- (e.g., for cases in which serialNumber is not available)
crlEntryDetails Extensions OPTIONAL
-- requested crlEntryExtensions
}
type RevRepContent ¶
type RevRepContent struct {
Raw asn1.RawContent
RevCerts RevCert `asn1:"explicit,optional,tag:0"`
Status InterState
}
type SinglePubInfo ¶
type SinglePubInfo struct {
PubMethod int
PubLocation GeneralName `asn1:"optional,omitempty"`
}
SinglePubInfo ::= SEQUENCE {
pubMethod INTEGER {
dontCare (0),
x500 (1),
web (2),
ldap (3) },
pubLocation GeneralName OPTIONAL }
type SubjectPublicKeyInfo ¶
type SubjectPublicKeyInfo struct {
Algorithm pkix.AlgorithmIdentifier
SubjectPublicKey asn1.BitString
}
SubjectPublicKeyInfo ::= SEQUENCE {
algorithm AlgorithmIdentifier,
subjectPublicKey BIT STRING }
type TerminalIdentifier ¶
type TerminalIdentifier string
type UniqueIdentifier ¶
Source Files
Click to show internal directories.
Click to hide internal directories.