util

package
v2.2.1-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2020 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Tags
	DNSNameTag = 2
)
View Source 
const (
	GTLDPeriodDateFormat = "2006-01-02"
)
View Source 
const OnionTLD = ".onion"

Variables

View Source 
var (
	//extension OIDs
	AiaOID                  = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1}        // Authority Information Access
	AuthkeyOID              = asn1.ObjectIdentifier{2, 5, 29, 35}                     // Authority Key Identifier
	BasicConstOID           = asn1.ObjectIdentifier{2, 5, 29, 19}                     // Basic Constraints
	CertPolicyOID           = asn1.ObjectIdentifier{2, 5, 29, 32}                     // Certificate Policies
	CrlDistOID              = asn1.ObjectIdentifier{2, 5, 29, 31}                     // CRL Distribution Points
	CtPoisonOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 3} // CT Poison
	EkuSynOid               = asn1.ObjectIdentifier{2, 5, 29, 37}                     // Extended Key Usage Syntax
	FreshCRLOID             = asn1.ObjectIdentifier{2, 5, 29, 46}                     // Freshest CRL
	InhibitAnyPolicyOID     = asn1.ObjectIdentifier{2, 5, 29, 54}                     // Inhibit Any Policy
	IssuerAlternateNameOID  = asn1.ObjectIdentifier{2, 5, 29, 18}                     // Issuer Alt Name
	KeyUsageOID             = asn1.ObjectIdentifier{2, 5, 29, 15}                     // Key Usage
	LogoTypeOID             = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 12}       // Logo Type Ext
	NameConstOID            = asn1.ObjectIdentifier{2, 5, 29, 30}                     // Name Constraints
	OscpNoCheckOID          = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1, 5}    // OSCP No Check
	PolicyConstOID          = asn1.ObjectIdentifier{2, 5, 29, 36}                     // Policy Constraints
	PolicyMapOID            = asn1.ObjectIdentifier{2, 5, 29, 33}                     // Policy Mappings
	PrivKeyUsageOID         = asn1.ObjectIdentifier{2, 5, 29, 16}                     // Private Key Usage Period
	QcStateOid              = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 3}        // QC Statements
	TimestampOID            = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 11129, 2, 4, 2} // Signed Certificate Timestamp List
	SmimeOID                = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 15}      // Smime Capabilities
	SubjectAlternateNameOID = asn1.ObjectIdentifier{2, 5, 29, 17}                     // Subject Alt Name
	SubjectDirAttrOID       = asn1.ObjectIdentifier{2, 5, 29, 9}                      // Subject Directory Attributes
	SubjectInfoAccessOID    = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 11}       // Subject Info Access Syntax
	SubjectKeyIdentityOID   = asn1.ObjectIdentifier{2, 5, 29, 14}                     // Subject Key Identifier
	// CA/B reserved policies
	BRDomainValidatedOID       = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 1} // CA/B BR Domain-Validated
	BROrganizationValidatedOID = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 2} // CA/B BR Organization-Validated
	BRIndividualValidatedOID   = asn1.ObjectIdentifier{2, 23, 140, 1, 2, 3} // CA/B BR Individual-Validated
	BRTorServiceDescriptor     = asn1.ObjectIdentifier{2, 23, 140, 1, 31}   // CA/B BR Tor Service Descriptor
	//X.500 attribute types
	CommonNameOID             = asn1.ObjectIdentifier{2, 5, 4, 3}
	SurnameOID                = asn1.ObjectIdentifier{2, 5, 4, 4}
	SerialOID                 = asn1.ObjectIdentifier{2, 5, 4, 5}
	CountryNameOID            = asn1.ObjectIdentifier{2, 5, 4, 6}
	LocalityNameOID           = asn1.ObjectIdentifier{2, 5, 4, 7}
	StateOrProvinceNameOID    = asn1.ObjectIdentifier{2, 5, 4, 8}
	StreetAddressOID          = asn1.ObjectIdentifier{2, 5, 4, 9}
	OrganizationNameOID       = asn1.ObjectIdentifier{2, 5, 4, 10}
	OrganizationalUnitNameOID = asn1.ObjectIdentifier{2, 5, 4, 11}
	BusinessOID               = asn1.ObjectIdentifier{2, 5, 4, 15}
	PostalCodeOID             = asn1.ObjectIdentifier{2, 5, 4, 17}
	GivenNameOID              = asn1.ObjectIdentifier{2, 5, 4, 42}
	// Hash algorithms - see https://golang.org/src/crypto/x509/x509.go
	SHA256OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	SHA384OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
	SHA512OID = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
	// other OIDs
	OidRSAEncryption           = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OidRSASSAPSS               = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
	OidMD2WithRSAEncryption    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2}
	OidMD5WithRSAEncryption    = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4}
	OidSHA1WithRSAEncryption   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
	OidSHA224WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14}
	OidSHA256WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
	OidSHA384WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12}
	OidSHA512WithRSAEncryption = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13}
	AnyPolicyOID               = asn1.ObjectIdentifier{2, 5, 29, 32, 0}
	UserNoticeOID              = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 2}
	CpsOID                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 2, 1}
	IdEtsiQcsQcCompliance      = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 1}
	IdEtsiQcsQcLimitValue      = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 2}
	IdEtsiQcsQcRetentionPeriod = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 3}
	IdEtsiQcsQcSSCD            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 4}
	IdEtsiQcsQcEuPDS           = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 5}
	IdEtsiQcsQcType            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6}
	IdEtsiQcsQctEsign          = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 1}
	IdEtsiQcsQctEseal          = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 2}
	IdEtsiQcsQctWeb            = asn1.ObjectIdentifier{0, 4, 0, 1862, 1, 6, 3}
)
View Source 
var (
	ZeroDate                    = time.Date(0000, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC1035Date                 = time.Date(1987, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC2459Date                 = time.Date(1999, time.January, 1, 0, 0, 0, 0, time.UTC)
	RFC3280Date                 = time.Date(2002, time.April, 1, 0, 0, 0, 0, time.UTC)
	RFC3490Date                 = time.Date(2003, time.March, 1, 0, 0, 0, 0, time.UTC)
	RFC8399Date                 = time.Date(2018, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC4325Date                 = time.Date(2005, time.December, 1, 0, 0, 0, 0, time.UTC)
	RFC4630Date                 = time.Date(2006, time.August, 1, 0, 0, 0, 0, time.UTC)
	RFC5280Date                 = time.Date(2008, time.May, 1, 0, 0, 0, 0, time.UTC)
	RFC6818Date                 = time.Date(2013, time.January, 1, 0, 0, 0, 0, time.UTC)
	CABEffectiveDate            = time.Date(2012, time.July, 1, 0, 0, 0, 0, time.UTC)
	CABReservedIPDate           = time.Date(2016, time.October, 1, 0, 0, 0, 0, time.UTC)
	CABGivenNameDate            = time.Date(2016, time.September, 7, 0, 0, 0, 0, time.UTC)
	CABSerialNumberEntropyDate  = time.Date(2016, time.September, 30, 0, 0, 0, 0, time.UTC)
	CABV102Date                 = time.Date(2012, time.June, 8, 0, 0, 0, 0, time.UTC)
	CABV113Date                 = time.Date(2013, time.February, 21, 0, 0, 0, 0, time.UTC)
	CABV114Date                 = time.Date(2013, time.May, 3, 0, 0, 0, 0, time.UTC)
	CABV116Date                 = time.Date(2013, time.July, 29, 0, 0, 0, 0, time.UTC)
	CABV130Date                 = time.Date(2015, time.April, 16, 0, 0, 0, 0, time.UTC)
	CABV131Date                 = time.Date(2015, time.September, 28, 0, 0, 0, 0, time.UTC)
	NO_SHA1                     = time.Date(2016, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024RootDate           = time.Date(2011, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoRSA1024Date               = time.Date(2014, time.January, 1, 0, 0, 0, 0, time.UTC)
	GeneralizedDate             = time.Date(2050, time.January, 1, 0, 0, 0, 0, time.UTC)
	NoReservedIP                = time.Date(2015, time.November, 1, 0, 0, 0, 0, time.UTC)
	SubCert39Month              = time.Date(2016, time.July, 2, 0, 0, 0, 0, time.UTC)
	SubCert825Days              = time.Date(2018, time.March, 2, 0, 0, 0, 0, time.UTC)
	CABV148Date                 = time.Date(2017, time.June, 8, 0, 0, 0, 0, time.UTC)
	EtsiEn319_412_5_V2_2_1_Date = time.Date(2017, time.November, 1, 0, 0, 0, 0, time.UTC)
	OnionOnlyEVDate             = time.Date(2015, time.May, 1, 0, 0, 0, 0, time.UTC)
	CABV201Date                 = time.Date(2017, time.July, 28, 0, 0, 0, 0, time.UTC)
	AppleCTPolicyDate           = time.Date(2018, time.October, 15, 0, 0, 0, 0, time.UTC)
	MozillaPolicy22Date         = time.Date(2013, time.July, 26, 0, 0, 0, 0, time.UTC)
	MozillaPolicy24Date         = time.Date(2017, time.February, 28, 0, 0, 0, 0, time.UTC)
	MozillaPolicy27Date         = time.Date(2020, time.January, 1, 0, 0, 0, 0, time.UTC)
	CABFBRs_1_6_9_Date          = time.Date(2020, time.March, 27, 0, 0, 0, 0, time.UTC)
	AppleReducedLifetimeDate    = time.Date(2020, time.September, 1, 0, 0, 0, 0, time.UTC)
)
View Source 
var (
	// KeyUsageToString maps an x509.KeyUsage bitmask to its name.
	KeyUsageToString = map[x509.KeyUsage]string{
		x509.KeyUsageDigitalSignature:  "KeyUsageDigitalSignature",
		x509.KeyUsageContentCommitment: "KeyUsageContentCommitment",
		x509.KeyUsageKeyEncipherment:   "KeyUsageKeyEncipherment",
		x509.KeyUsageDataEncipherment:  "KeyUsageDataEncipherment",
		x509.KeyUsageKeyAgreement:      "KeyUsageKeyAgreement",
		x509.KeyUsageCertSign:          "KeyUsageCertSign",
		x509.KeyUsageCRLSign:           "KeyUsageCRLSign",
		x509.KeyUsageEncipherOnly:      "KeyUsageEncipherOnly",
		x509.KeyUsageDecipherOnly:      "KeyUsageDecipherOnly",
	}
)
View Source 
var (
	// 1.2.840.10045.4.3.1 is SHA224withECDSA
	OidSignatureSHA224withECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 1}
)

additional OIDs not provided by the x509 package

View Source 
var RSAAlgorithmIDToDER = map[string][]byte{

	"1.2.840.113549.1.1.1": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0},

	"1.2.840.113549.1.1.2": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x2, 0x5, 0x0},

	"1.2.840.113549.1.1.4": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x4, 0x5, 0x0},

	"1.2.840.113549.1.1.5": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0x5, 0x5, 0x0},

	"1.2.840.113549.1.1.14": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xe, 0x5, 0x0},

	"1.2.840.113549.1.1.11": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xb, 0x5, 0x0},

	"1.2.840.113549.1.1.12": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xc, 0x5, 0x0},

	"1.2.840.113549.1.1.13": {0x30, 0x0d, 0x6, 0x9, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0xd, 0x1, 0x1, 0xd, 0x5, 0x0},
}

RSAAlgorithmIDToDER contains DER representations of pkix.AlgorithmIdentifier for different RSA OIDs with Parameters as asn1.NULL

Functions

func AllAlternateNameWithTagAreIA5 

func AllAlternateNameWithTagAreIA5(ext *pkix.Extension, tag int) (bool, error)

AllAlternateNameWithTagAreIA5 returns true if all sequence members with the given tag are encoded as IA5 strings, and false otherwise. If it encounters errors parsing asn1, err will be non-nil.

func AppendToStringSemicolonDelim 

func AppendToStringSemicolonDelim(this *string, s string)

func AuthIsFQDNOrIP 

func AuthIsFQDNOrIP(auth string) bool

func CertificateSubjInTLD 

func CertificateSubjInTLD(c *x509.Certificate, label string) bool

CertificateSubjContainsTLD checks whether the provided Certificate has a Subject Common Name or DNS Subject Alternate Name that ends in the provided TLD label. If IsInTLDMap(label) returns false then CertificateSubjInTLD will return false.

func CheckAlgorithmIDParamNotNULL 

func CheckAlgorithmIDParamNotNULL(algorithmIdentifier []byte, requiredAlgoID asn1.ObjectIdentifier) error

CheckAlgorithmIDParamNotNULL parses an AlgorithmIdentifier with algorithm OID rsaEncryption to check the Param field is asn1.NULL Expects DER-encoded AlgorithmIdentifier including tag and length

func CheckRDNSequenceWhiteSpace 

func CheckRDNSequenceWhiteSpace(raw []byte) (leading, trailing bool, err error)

CheckRDNSequenceWhiteSpace returns true if there is leading or trailing whitespace in any name attribute in the sequence, respectively.

func CommonNameIsIP 

func CommonNameIsIP(cert *x509.Certificate) bool

func DNSNamesExist 

func DNSNamesExist(cert *x509.Certificate) bool

func FindTimeType 

func FindTimeType(firstDate, secondDate asn1.RawValue) (int, int)

func GetAuthority 

func GetAuthority(uri string) string

func GetExtFromCert 

func GetExtFromCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension

GetExtFromCert returns the extension with the matching OID, if present. If the extension if not present, it returns nil.

func GetHost 

func GetHost(auth string) string

func GetMappedPolicies 

func GetMappedPolicies(polMap *pkix.Extension) ([][2]asn1.ObjectIdentifier, error)

helper function to parse policyMapping extensions, returns slices of CertPolicyIds separated by domain

func GetPublicKeyAidEncoded added in v2.1.0 

func GetPublicKeyAidEncoded(c *x509.Certificate) ([]byte, error)

Returns the algorithm field of the SubjectPublicKeyInfo of the certificate in its encoded form (containing Tag and Length) or an error if the algorithm field could not be extracted. 

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  }

func GetPublicKeyOID added in v2.1.0 

func GetPublicKeyOID(c *x509.Certificate) (asn1.ObjectIdentifier, error)

Returns the algorithm field of the SubjectPublicKeyInfo of the certificate or an error if the algorithm field could not be extracted. 

SubjectPublicKeyInfo  ::=  SEQUENCE  {
    algorithm            AlgorithmIdentifier,
    subjectPublicKey     BIT STRING  }

func GetSignatureAlgorithmInTBSEncoded added in v2.1.0 

func GetSignatureAlgorithmInTBSEncoded(c *x509.Certificate) ([]byte, error)

Returns the signature field of the tbsCertificate of this certificate in a DER encoded form or an error if the signature field could not be extracted. The encoded form contains the tag and the length. 

TBSCertificate  ::=  SEQUENCE  {
    version         [0]  EXPLICIT Version DEFAULT v1,
    serialNumber         CertificateSerialNumber,
    signature            AlgorithmIdentifier,
    issuer               Name,
    validity             Validity,
    subject              Name,
    subjectPublicKeyInfo SubjectPublicKeyInfo,
    issuerUniqueID  [1]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    subjectUniqueID [2]  IMPLICIT UniqueIdentifier OPTIONAL,
                         -- If present, version MUST be v2 or v3
    extensions      [3]  EXPLICIT Extensions OPTIONAL
                         -- If present, version MUST be v3
    }

func GetTimes 

func GetTimes(cert *x509.Certificate) (asn1.RawValue, asn1.RawValue)

TODO(@cpu): This function is a little bit rough around the edges (especially after my quick fixes for the ineffassigns) and would be a good candidate for clean-up/refactoring.

func HasEKU 

func HasEKU(cert *x509.Certificate, eku x509.ExtKeyUsage) bool

HasEKU tests whether an EKU is present in a certificate.

func HasValidTLD 

func HasValidTLD(domain string, when time.Time) bool

HasValidTLD checks that a domain ends in a valid TLD that was delegated in the root DNS at the time specified.

func ICANNPublicSuffixParse 

func ICANNPublicSuffixParse(domain string) (*publicsuffix.DomainName, error)

func IntersectsIANAReserved added in v2.1.0 

func IntersectsIANAReserved(net net.IPNet) bool

IntersectsIANAReserved checks if a CIDR intersects any IANA reserved CIDRs

func IsAnyEtsiQcStatementPresent 

func IsAnyEtsiQcStatementPresent(extVal []byte) bool

func IsCACert 

func IsCACert(c *x509.Certificate) bool

IsCACert returns true if c has IsCA set.

func IsEV 

func IsEV(in []asn1.ObjectIdentifier) bool

IsEV returns true if the input is a known Extended Validation OID.

func IsEmptyASN1Sequence 

func IsEmptyASN1Sequence(input []byte) bool

func IsExtInCert 

func IsExtInCert(cert *x509.Certificate, oid asn1.ObjectIdentifier) bool

IsExtInCert is equivalent to GetExtFromCert() != nil.

func IsFQDN 

func IsFQDN(domain string) bool

func IsFQDNOrIP 

func IsFQDNOrIP(host string) bool

func IsIA5String 

func IsIA5String(raw []byte) bool

IsIA5String returns true if raw is an IA5String, and returns false otherwise.

func IsIANAReserved 

func IsIANAReserved(ip net.IP) bool

IsIANAReserved checks IP validity as per IANA reserved IPs 

IPv4
https://www.iana.org/assignments/iana-ipv4-special-registry/iana-ipv4-special-registry.xhtml
https://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml
IPv6
https://www.iana.org/assignments/iana-ipv6-special-registry/iana-ipv6-special-registry.xhtml
https://www.iana.org/assignments/ipv6-address-space/ipv6-address-space.xhtml

func IsISOCountryCode 

func IsISOCountryCode(in string) bool

IsISOCountryCode returns true if the input is a known two-letter country code.

TODO: Document where the list of known countries came from.

func IsInPrefSyn 

func IsInPrefSyn(name string) bool

func IsInTLDMap 

func IsInTLDMap(label string) bool

IsInTLDMap checks that a label is present in the TLD map. It does not consider the TLD's validity period and whether the TLD may have been removed, only whether it was ever a TLD that was delegated.

func IsNameAttribute 

func IsNameAttribute(oid asn1.ObjectIdentifier) bool

IsNameAttribute returns true if the given ObjectIdentifier corresponds with the type of any name attribute for PKIX.

func IsRootCA 

func IsRootCA(c *x509.Certificate) bool

IsRootCA returns true if c has IsCA set and is also self-signed.

func IsSelfSigned 

func IsSelfSigned(c *x509.Certificate) bool

IsSelfSigned returns true if SelfSigned is set.

func IsServerAuthCert 

func IsServerAuthCert(cert *x509.Certificate) bool

func IsSubCA 

func IsSubCA(c *x509.Certificate) bool

IsSubCA returns true if c has IsCA set, but is not self-signed.

func IsSubscriberCert 

func IsSubscriberCert(c *x509.Certificate) bool

IsSubscriberCert returns true for if a certificate is not a CA and not self-signed.

func NotAllNameFieldsAreEmpty 

func NotAllNameFieldsAreEmpty(name *pkix.Name) bool

func ParseBMPString 

func ParseBMPString(bmpString []byte) (string, error)

ParseBMPString returns a uint16 encoded string following the specification for a BMPString type

func PrimeNoSmallerThan752 

func PrimeNoSmallerThan752(dividend *big.Int) bool

func RemovePrependedQuestionMarks 

func RemovePrependedQuestionMarks(domain string) string

func RemovePrependedWildcard 

func RemovePrependedWildcard(domain string) string

func SliceContainsOID 

func SliceContainsOID(list []asn1.ObjectIdentifier, oid asn1.ObjectIdentifier) bool

Helper function that checks if an []asn1.ObjectIdentifier slice contains an asn1.ObjectIdentifier

func TypeInName 

func TypeInName(name *pkix.Name, oid asn1.ObjectIdentifier) bool

Helper function that checks for a name type in a pkix.Name

Types

type AttributeTypeAndRawValue 

type AttributeTypeAndRawValue struct {
	Type  asn1.ObjectIdentifier
	Value asn1.RawValue
}

type AttributeTypeAndRawValueSET 

type AttributeTypeAndRawValueSET []AttributeTypeAndRawValue

type Etsi421QualEuCert 

type Etsi421QualEuCert struct {
	// contains filtered or unexported fields
}

func (Etsi421QualEuCert) GetErrorInfo 

func (this Etsi421QualEuCert) GetErrorInfo() string

func (Etsi421QualEuCert) IsPresent 

func (this Etsi421QualEuCert) IsPresent() bool

type Etsi423QcType 

type Etsi423QcType struct {
	TypeOids []asn1.ObjectIdentifier
	// contains filtered or unexported fields
}

func (Etsi423QcType) GetErrorInfo 

func (this Etsi423QcType) GetErrorInfo() string

func (Etsi423QcType) IsPresent 

func (this Etsi423QcType) IsPresent() bool

type EtsiMonetaryValueAlph 

type EtsiMonetaryValueAlph struct {
	Iso4217CurrencyCodeAlph string `asn1:"printable"`
	Amount                  int
	Exponent                int
}

type EtsiMonetaryValueNum 

type EtsiMonetaryValueNum struct {
	Iso4217CurrencyCodeNum int
	Amount                 int
	Exponent               int
}

type EtsiQcLimitValue 

type EtsiQcLimitValue struct {
	Amount       int
	Exponent     int
	IsNum        bool
	CurrencyAlph string
	CurrencyNum  int
	// contains filtered or unexported fields
}

func (EtsiQcLimitValue) GetErrorInfo 

func (this EtsiQcLimitValue) GetErrorInfo() string

func (EtsiQcLimitValue) IsPresent 

func (this EtsiQcLimitValue) IsPresent() bool

type EtsiQcPds 

type EtsiQcPds struct {
	PdsLocations []PdsLocation
	// contains filtered or unexported fields
}

func (EtsiQcPds) GetErrorInfo 

func (this EtsiQcPds) GetErrorInfo() string

func (EtsiQcPds) IsPresent 

func (this EtsiQcPds) IsPresent() bool

type EtsiQcRetentionPeriod 

type EtsiQcRetentionPeriod struct {
	Period int
	// contains filtered or unexported fields
}

func (EtsiQcRetentionPeriod) GetErrorInfo 

func (this EtsiQcRetentionPeriod) GetErrorInfo() string

func (EtsiQcRetentionPeriod) IsPresent 

func (this EtsiQcRetentionPeriod) IsPresent() bool

type EtsiQcSscd 

type EtsiQcSscd struct {
	// contains filtered or unexported fields
}

func (EtsiQcSscd) GetErrorInfo 

func (this EtsiQcSscd) GetErrorInfo() string

func (EtsiQcSscd) IsPresent 

func (this EtsiQcSscd) IsPresent() bool

type EtsiQcStmtIf 

type EtsiQcStmtIf interface {
	GetErrorInfo() string
	IsPresent() bool
}

func ParseQcStatem 

func ParseQcStatem(extVal []byte, sought asn1.ObjectIdentifier) EtsiQcStmtIf

type GTLDPeriod 

type GTLDPeriod struct {
	// GTLD is the GTLD the period corresponds to. It is used only for friendly
	// error messages from `Valid`
	GTLD string
	// DelegationDate is the date at which ICANN delegated the gTLD into existence
	// from the root DNS, or is empty if the gTLD was never delegated.
	DelegationDate string
	// RemovalDate is the date at which ICANN removed the gTLD delegation from the
	// root DNS, or is empty if the gTLD is still delegated and has not been
	// removed.
	RemovalDate string
}

GTLDPeriod is a struct representing a gTLD's validity period. The field names are chosen to match the data returned by the ICANN gTLD v2 JSON registry[0]. See the `zlint-gtld-update` command for more information. [0] - https://www.icann.org/resources/registries/gtlds/v2/gtlds.json

func (GTLDPeriod) Valid 

func (p GTLDPeriod) Valid(when time.Time) error

Valid determines if the provided `when` time is within the GTLDPeriod for the gTLD. E.g. whether a certificate issued at `when` with a subject identifier using the specified gTLD can be considered a valid use of the gTLD.

type PdsLocation 

type PdsLocation struct {
	Url      string `asn1:"ia5"`
	Language string `asn1:"printable"`
}

type RawRDNSequence 

type RawRDNSequence []AttributeTypeAndRawValueSET

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.