Documentation ¶
Index ¶
- Constants
- Variables
- func CreateCertificateRevocationList(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
- func CreateCertificateSigningRequest(privKey interface{}, country, organization, organizationalUnit []string, ...) ([]byte, error)
- func CreatePrivateKey(opt PrivateKeyOption) (any, error)
- func GetAuthorityKeyIDFromCertificateRevocationList(crl *x509.RevocationList) string
- func GetFingerPrintFromCertificate(cert *x509.Certificate) string
- func GetPublicKey(privKey any) any
- func GetPublicKeyID(pubKey any) string
- func GetSignerFromPrivateKey(key any) crypto.Signer
- func GetSubjectKeyIDFromCertificate(cert *x509.Certificate) string
- func IsPublicKeyOf(privKey any, pubKey any) bool
- func IsPublicKeySupported(pubKey any) error
- func MarshalCertificates(certs ...*x509.Certificate) (string, error)
- func MarshalPrivateKey(privateKey any) (string, error)
- func ParseCertificate(certRaw []byte) ([]*x509.Certificate, error)
- func ParseCertificateRequest(certRequest []byte) (*x509.CertificateRequest, error)
- func ParseCertificateRevocationList(crl []byte) (*x509.RevocationList, error)
- func ParsePrivateKey(key []byte) (interface{}, error)
- func Verify(certs []*x509.Certificate, rootCerts []*x509.Certificate, ts int64, ...) error
- type CertRevocationChecker
- type ECDSACurveType
- type EmptyCertRevocationChecker
- type PrivateKeyOption
- type PrivateKeyType
Constants ¶
View Source
const ( PrivateKeyTypeRSA PrivateKeyType = "RSA" PrivateKeyTypeECDSA PrivateKeyType = "ECDSA" ECDSACurveTypeP256 ECDSACurveType = "P-256" ECDSACurveTypeP384 ECDSACurveType = "P-384" ECDSACurveTypeP521 ECDSACurveType = "P-521" )
Variables ¶
View Source
var ErrInvalidParameter = errors.New("")
Functions ¶
func CreateCertificateRevocationList ¶
func CreateCertificateRevocationList(template *x509.RevocationList, issuer *x509.Certificate, priv crypto.Signer) ([]byte, error)
func CreatePrivateKey ¶
func CreatePrivateKey(opt PrivateKeyOption) (any, error)
func GetAuthorityKeyIDFromCertificateRevocationList ¶
func GetAuthorityKeyIDFromCertificateRevocationList(crl *x509.RevocationList) string
func GetFingerPrintFromCertificate ¶
func GetFingerPrintFromCertificate(cert *x509.Certificate) string
func GetPublicKey ¶
func GetPublicKeyID ¶
func GetSignerFromPrivateKey ¶
func GetSubjectKeyIDFromCertificate ¶
func GetSubjectKeyIDFromCertificate(cert *x509.Certificate) string
func IsPublicKeyOf ¶
func IsPublicKeySupported ¶
func MarshalCertificates ¶
func MarshalCertificates(certs ...*x509.Certificate) (string, error)
func MarshalPrivateKey ¶
func ParseCertificate ¶
func ParseCertificate(certRaw []byte) ([]*x509.Certificate, error)
func ParseCertificateRequest ¶
func ParseCertificateRequest(certRequest []byte) (*x509.CertificateRequest, error)
func ParseCertificateRevocationList ¶
func ParseCertificateRevocationList(crl []byte) (*x509.RevocationList, error)
func ParsePrivateKey ¶
func Verify ¶
func Verify(certs []*x509.Certificate, rootCerts []*x509.Certificate, ts int64, revocationChecker CertRevocationChecker) error
Verify verifies the certificate chain of trust.
The first certificate in the chain is the end-entity certificate. The rest of the certificates are intermediate certificates.
The rootCerts parameter is optional. If provided, the rootCerts and the system preinstalled trusted certs are used to verify the certificate chain.
ts is the timestamp to verify the certificate chain. If ts is 0, the current time is used.
!!! Current implementation doesn't check KeyUsage extension for better new user migration.
Types ¶
type CertRevocationChecker ¶
type CertRevocationChecker interface {
IsCertsRevoked(ts int64, certs []*x509.Certificate) []*x509.Certificate
}
type ECDSACurveType ¶
type ECDSACurveType string
type EmptyCertRevocationChecker ¶
type EmptyCertRevocationChecker struct{}
func (EmptyCertRevocationChecker) IsCertsRevoked ¶
func (EmptyCertRevocationChecker) IsCertsRevoked(ts int64, certs []*x509.Certificate) []*x509.Certificate
type PrivateKeyOption ¶
type PrivateKeyOption struct { KeyType PrivateKeyType `json:"key_type"` // Type of the private key. BitLength int `json:"bit_length"` // Bit length of the private key. Only used when KeyType is RSA. CurveType ECDSACurveType `json:"curve_type"` // Curve type of the private key. Only used when KeyType is ECDSA. }
type PrivateKeyType ¶
type PrivateKeyType string // PrivateKeyType is the type of the private key.
Click to show internal directories.
Click to hide internal directories.