x509utils

package
v0.6.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 5, 2025 License: MIT Imports: 23 Imported by: 1

Documentation

Overview

Package x509utils provides utilities to aid working with x509 certificates

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrEmpty indicates the file, string or bytes slice is empty.
	ErrEmpty = errors.New("empty")

	// ErrIgnored is used when we ask the user to try a different function instead.
	ErrIgnored = errors.New("type of value out of scope")

	// ErrNotSupported indicates the type of [PrivateKey] or [PublicKey] isn't
	// supported.
	ErrNotSupported = errors.New("key type not supported")
)

Functions

func BlockToCertificate 

func BlockToCertificate(block *pem.Block) (*x509.Certificate, error)

BlockToCertificate attempts to parse a pem.Block to extract a x509.Certificate

func BlockToRSAPrivateKey 

func BlockToRSAPrivateKey(block *pem.Block) (*rsa.PrivateKey, error)

BlockToRSAPrivateKey attempts to parse a pem.Block to extract an rsa.PrivateKey

func EncodeBytes 

func EncodeBytes(label string, body []byte, headers map[string]string) []byte

EncodeBytes produces a PEM encoded block

func EncodeCertificate 

func EncodeCertificate(der []byte) []byte

EncodeCertificate produces a PEM encoded x509 Certificate without optional headers

func EncodePKCS1PrivateKey 

func EncodePKCS1PrivateKey(key *rsa.PrivateKey) []byte

EncodePKCS1PrivateKey produces a PEM encoded RSA Private Key

func EncodePKCS8PrivateKey 

func EncodePKCS8PrivateKey(key PrivateKey) ([]byte, error)

EncodePKCS8PrivateKey produces a PEM encoded Private Key

func Hostname added in v0.2.2 

func Hostname(u *url.URL) (string, bool)

Hostname returns a sanitised hostname for a parsed URL

func IsSelfSigned added in v0.2.7 

func IsSelfSigned(c *x509.Certificate) bool

IsSelfSigned tests if a certificate corresponds to a self-signed CA.

func NameAsIP added in v0.2.2 

func NameAsIP(name string) (string, bool)

NameAsIP prepares a sanitised IP address name for matching certificates

func NameAsSuffix added in v0.2.2 

func NameAsSuffix(name string) (string, bool)

NameAsSuffix prepares a sanitised hostname for matching certificate patterns

func Names added in v0.2.2 

func Names(cert *x509.Certificate) (names, patterns []string)

Names returns a list of exact names and patterns the certificate supports

func PrivateKeyEqual added in v0.2.7 

func PrivateKeyEqual(a, b crypto.PrivateKey) bool

PrivateKeyEqual tells if two private keys are the same. nil keys aren't considered comparable.

func PublicKeyEqual added in v0.2.7 

func PublicKeyEqual(a, b crypto.PublicKey) bool

PublicKeyEqual tells if two public keys are the same. nil keys aren't considered comparable.

func ReadDirPEM 

func ReadDirPEM(fSys fs.FS, dir string, cb DecodePEMBlockFunc) error

ReadDirPEM reads a directory recursively looking for PEM files

func ReadFilePEM 

func ReadFilePEM(fSys fs.FS, filename string, cb DecodePEMBlockFunc) error

ReadFilePEM reads a PEM file calling cb for each block

func ReadPEM 

func ReadPEM(b []byte, cb DecodePEMBlockFunc) error

ReadPEM invokes a callback for each PEM block found in the input data. It returns ErrEmpty if the input is empty, core.ErrInvalid if it fails to decode.

func ReadStringPEM 

func ReadStringPEM(s string, cb DecodePEMBlockFunc, options ...ReadOption) error

ReadStringPEM works over raw PEM data, a filename or directory reading PEM blocks and invoking a callback for each.

func SanitizeName added in v0.2.2 

func SanitizeName(name string) (string, bool)

SanitizeName takes a Hostname and returns the name (or address) we will use for matching certificates

func SubjectPublicKeyBytes added in v0.2.2 

func SubjectPublicKeyBytes(pub crypto.PublicKey) ([]byte, error)

SubjectPublicKeyBytes extracts the SubjectPublicKey bytes from a crypto.PublicKey

func SubjectPublicKeySHA1 added in v0.2.2 

func SubjectPublicKeySHA1(pub crypto.PublicKey) (hash [sha1.Size]byte, err error)

SubjectPublicKeySHA1 returns the SHA1 hash of the SubjectPublicKey of a crypto.PublicKey

func SubjectPublicKeySHA224 added in v0.2.2 

func SubjectPublicKeySHA224(pub crypto.PublicKey) (hash [sha256.Size224]byte, err error)

SubjectPublicKeySHA224 returns the SHA224 hash of the SubjectPublicKey of a crypto.PublicKey

func SubjectPublicKeySHA256 added in v0.2.2 

func SubjectPublicKeySHA256(pub crypto.PublicKey) (hash [sha256.Size]byte, err error)

SubjectPublicKeySHA256 returns the SHA256 hash of the SubjectPublicKey of a crypto.PublicKey

func ValidCertKeyPair added in v0.2.6 

func ValidCertKeyPair(cert *x509.Certificate, key crypto.PrivateKey) bool

ValidCertKeyPair confirms the given key can use the given certificate. nil keys aren't considered comparable.

func ValidKeyPair added in v0.2.7 

func ValidKeyPair(pub crypto.PublicKey, key crypto.PrivateKey) bool

ValidKeyPair confirms the public key matches the private one. nil keys aren't considered comparable.

func WriteCert 

func WriteCert(w io.Writer, cert *x509.Certificate) (int64, error)

WriteCert writes a PEM encoded certificate

func WriteKey 

func WriteKey(w io.Writer, key PrivateKey) (int64, error)

WriteKey writes a PEM encoded private key

Types

type CertPool added in v0.2.3 

type CertPool interface {
	Get(ctx context.Context, name string) (*x509.Certificate, error)
	ForEach(ctx context.Context, fn func(context.Context, *x509.Certificate) bool)

	Clone() CertPool
	Export() *x509.CertPool
}

A CertPool contains x509 certificates and allows individual access to them which the standard x509.CertPool doesn't.

type CertPoolWriter added in v0.2.3 

type CertPoolWriter interface {
	CertPool

	Put(ctx context.Context, name string, cert *x509.Certificate) error
	Delete(ctx context.Context, name string) error
	DeleteCert(ctx context.Context, cert *x509.Certificate) error

	Import(ctx context.Context, src CertPool) (int, error)
	ImportPEM(ctx context.Context, b []byte) (int, error)
}

A CertPoolWriter extends the CertPool interface with write capabilities.

type DecodePEMBlockFunc 

type DecodePEMBlockFunc func(fSys fs.FS, filename string, block *pem.Block) bool

DecodePEMBlockFunc is called for each PEM block coded. it returns false to terminate the loop

type ErrInvalidCert added in v0.2.6 

type ErrInvalidCert struct {
	Cert   *x509.Certificate
	Err    error
	Reason string
}

ErrInvalidCert indicates the certificate wasn't acceptable.

func (ErrInvalidCert) Error added in v0.2.6 

func (err ErrInvalidCert) Error() string

func (ErrInvalidCert) Unwrap added in v0.2.6 

func (err ErrInvalidCert) Unwrap() error

type PrivateKey 

type PrivateKey interface {
	crypto.Signer

	Equal(crypto.PrivateKey) bool
}

PrivateKey implements what crypto.PrivateKey should have

func BlockToPrivateKey 

func BlockToPrivateKey(block *pem.Block) (PrivateKey, error)

BlockToPrivateKey parses a pem Block looking for rsa, ecdsa or ed25519 Private Keys

type PublicKey 

type PublicKey interface {
	Equal(crypto.PublicKey) bool
}

PublicKey implements what crypto.PublicKey should have

func PublicKeyFromCertificate added in v0.4.1 

func PublicKeyFromCertificate(cert *x509.Certificate) PublicKey

PublicKeyFromCertificate attempts to extract the PublicKey from the given x509.Certificate. Returns nil if the certificate or public key are nil or they don't implement the required interfaces.

func PublicKeyFromPrivateKey added in v0.4.1 

func PublicKeyFromPrivateKey(key crypto.PrivateKey) PublicKey

PublicKeyFromPrivateKey attempts to extract the PublicKey from the given crypto.PrivateKey. Returns nil if the private key or the public key are nil or they don't implement the required interfaces.

type ReadOption added in v0.4.5 

type ReadOption func(*readOptions) error

ReadOption tunes how ReadStringPEM operates.

func ReadWithDirs added in v0.4.5 

func ReadWithDirs() ReadOption

ReadWithDirs allows ReadStringPEM to scan directories. This is the default.

func ReadWithFS added in v0.4.5 

func ReadWithFS(fSys fs.FS) ReadOption

ReadWithFS specifies a fs.FS to use when resolving paths.

func ReadWithoutDirs added in v0.4.5 

func ReadWithoutDirs() ReadOption

ReadWithoutDirs prevents ReadStringPEM from scanning directories.

Source Files

View all Source files

Directories

Path Synopsis
Package certpool provides an X.509 certificates store
 Package certpool provides an X.509 certificates store

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.