Package x509
import "crypto/x509"
This package parses X.509-encoded keys and certificates.
Package files
x509.gofunc CreateCertificate
func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.PublicKey, priv *rsa.PrivateKey) (cert []byte, err os.Error)
CreateSelfSignedCertificate creates a new certificate based on a template. The following members of template are used: SerialNumber, Subject, NotBefore, NotAfter, KeyUsage, BasicConstraintsValid, IsCA, MaxPathLen, SubjectKeyId, DNSNames.
The certificate is signed by parent. If parent is equal to template then the certificate is self-signed. The parameter pub is the public key of the signee and priv is the private key of the signer.
The returned slice is the certificate in DER encoding.
func MarshalPKCS1PrivateKey
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte
MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.
func ParseCertificates
func ParseCertificates(asn1Data []byte) ([]*Certificate, os.Error)
ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.
func ParsePKCS1PrivateKey
func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err os.Error)
ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.
type Certificate
A Certificate represents an X.509 certificate.
type Certificate struct {
Raw []byte // Raw ASN.1 DER contents.
Signature []byte
SignatureAlgorithm SignatureAlgorithm
PublicKeyAlgorithm PublicKeyAlgorithm
PublicKey interface{}
Version int
SerialNumber []byte
Issuer Name
Subject Name
NotBefore, NotAfter *time.Time // Validity bounds.
KeyUsage KeyUsage
BasicConstraintsValid bool // if true then the next two fields are valid.
IsCA bool
MaxPathLen int
SubjectKeyId []byte
AuthorityKeyId []byte
// Subject Alternate Name values
DNSNames []string
EmailAddresses []string
}
func ParseCertificate
func ParseCertificate(asn1Data []byte) (*Certificate, os.Error)
ParseCertificate parses a single certificate from the given ASN.1 DER data.
func (*Certificate) CheckSignatureFrom
func (c *Certificate) CheckSignatureFrom(parent *Certificate) (err os.Error)
CheckSignatureFrom verifies that the signature on c is a valid signature from parent.
func (*Certificate) IsValidForHost
func (c *Certificate) IsValidForHost(h string) bool
IsValidForHost returns true iff c is a valid certificate for the given host.
type ConstraintViolationError
ConstraintViolationError results when a requested usage is not permitted by a certificate. For example: checking a signature when the public key isn't a certificate signing key.
type ConstraintViolationError struct{}
func (ConstraintViolationError) String
func (ConstraintViolationError) String() string
type KeyUsage
KeyUsage represents the set of actions that are valid for a given key. It's a bitmap of the KeyUsage* constants.
type KeyUsage int
const (
KeyUsageDigitalSignature KeyUsage = 1 << iota
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment
KeyUsageKeyAgreement
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageEncipherOnly
KeyUsageDecipherOnly
)
type Name
Name represents an X.509 distinguished name. This only includes the common elements of a DN. Additional elements in the name are ignored.
type Name struct {
Country, Organization, OrganizationalUnit string
CommonName, SerialNumber, Locality string
Province, StreetAddress, PostalCode string
}
type PublicKeyAlgorithm
type PublicKeyAlgorithm int
const (
UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota
RSA
)
type SignatureAlgorithm
type SignatureAlgorithm int
const (
UnknownSignatureAlgorithm SignatureAlgorithm = iota
MD2WithRSA
MD5WithRSA
SHA1WithRSA
SHA256WithRSA
SHA384WithRSA
SHA512WithRSA
)
type UnhandledCriticalExtension
type UnhandledCriticalExtension struct{}
func (UnhandledCriticalExtension) String
func (h UnhandledCriticalExtension) String() string
type UnsupportedAlgorithmError
UnsupportedAlgorithmError results from attempting to perform an operation that involves algorithms that are not currently implemented.
type UnsupportedAlgorithmError struct{}
func (UnsupportedAlgorithmError) String
func (UnsupportedAlgorithmError) String() string
