pubkeypin

package
v1.20.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 18, 2021 License: Apache-2.0 Imports: 5 Imported by: 62

Documentation

Overview

Package pubkeypin provides primitives for x509 public key pinning in the style of RFC7469.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Hash

func Hash(certificate *x509.Certificate) string

Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) object in an x509 certificate (in DER encoding). It returns the full hash as a hex encoded string (suitable for passing to Set.Allow).

Types

type Set

type Set struct {
	// contains filtered or unexported fields
}

Set is a set of pinned x509 public keys.

func NewSet

func NewSet() *Set

NewSet returns a new, empty PubKeyPinSet

func (*Set) Allow

func (s *Set) Allow(pubKeyHashes ...string) error

Allow adds an allowed public key hash to the Set

func (*Set) CheckAny added in v1.15.0

func (s *Set) CheckAny(certificates []*x509.Certificate) error

CheckAny checks if at least one certificate matches one of the public keys in the set

func (*Set) Empty

func (s *Set) Empty() bool

Empty returns true if the Set contains no pinned public keys.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL