import "crypto/x509"
概述
索引
示例
子目录
概述
软件包x509 分析 X.509 编码的密钥和证书。
在 UNIX 系统上,环境变量 SSL_CERT_FILE和SSL_CERT_DIR 可分别用于覆盖 SSL 证书文件和 SSL 证书文件目录的系统默认位置。
索引
Variables
func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error)
func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error)
func DecryptPEMBlock(b *pem.Block, password []byte) ([]byte, error)
func EncryptPEMBlock(rand io.Reader, blockType string, data, password []byte, alg PEMCipher) (*pem.Block, error)
func IsEncryptedPEMBlock(b *pem.Block) bool
func MarshalECPrivateKey(key *ecdsa.PrivateKey) ([]byte, error)
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte
func MarshalPKIXPublicKey(pub interface{}) ([]byte, error)
func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error)
func ParseCertificates(asn1Data []byte) ([]*Certificate, error)
func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error)
func ParseECPrivateKey(der []byte) (*ecdsa.PrivateKey, error)
func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error)
func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)
func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error)
type CertPool
func NewCertPool() *CertPool
func SystemCertPool() (*CertPool, error)
func (s *CertPool) AddCert(cert *Certificate)
func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool)
func (s *CertPool) Subjects() [][]byte
type Certificate
func ParseCertificate(asn1Data []byte) (*Certificate, error)
func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error
func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error
func (c *Certificate) CheckSignatureFrom(parent *Certificate) error
func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error)
func (c *Certificate) Equal(other *Certificate) bool
func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error)
func (c *Certificate) VerifyHostname(h string) error
type CertificateInvalidError
func (e CertificateInvalidError) Error() string
type CertificateRequest
func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)
func (c *CertificateRequest) CheckSignature() error
type ConstraintViolationError
func (ConstraintViolationError) Error() string
type ExtKeyUsage
type HostnameError
func (h HostnameError) Error() string
type InsecureAlgorithmError
func (e InsecureAlgorithmError) Error() string
type InvalidReason
type KeyUsage
type PEMCipher
type PublicKeyAlgorithm
type SignatureAlgorithm
func (algo SignatureAlgorithm) String() string
type SystemRootsError
func (se SystemRootsError) Error() string
type UnhandledCriticalExtension
func (h UnhandledCriticalExtension) Error() string
type UnknownAuthorityError
func (e UnknownAuthorityError) Error() string
type VerifyOptions
示例
Certificate.Verify ParsePKIXPublicKey
文件包
cert_pool.go pem_decrypt.go pkcs1.go pkcs8.go root.go root_linux.go root_unix.go sec1.go verify.go x509.go
变量
ErrUnsupportedAlgorithm 是尝试执行涉及当前未实现的算法的操作的结果。
var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")
当检测到不正确的密码时,返回 IncorrectPasswordError。
var IncorrectPasswordError = errors.New("x509: decryption password incorrect")
func CreateCertificate
func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error)
CreateCertificate 根据模板创建一个新的证书。使用以下模板成员:AuthorityKeyId,BasicConstraintsValid,DNSNames,ExcludedDNSDomains,ExtKeyUsage,IsCA,KeyUsage,MaxPathLen,MaxPathLenZero,NotAfter,NotBefore,PermittedDNSDomains,PermittedDNSDomainsCritical,SerialNumber,SignatureAlgorithm,Subject,SubjectKeyId和UnknownExtKeyUsage。
该证书由 parent 签署。如果 parent 等于模板,则证书是自签名的。参数 pub 是签名者的公钥,priv 是签名者的私钥。
返回的片是 DER 编码中的证书。
支持通过 crypto.Signer 实现的所有密钥类型(包括 *rsa.PublicKey 和 *ecdsa.PublicKey。)
AuthorityKeyId 将取自父级的 SubjectKeyId(如果有),除非生成的证书是自签名的。否则,将使用来自模板的值。
func CreateCertificateRequest
func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error)
CreateCertificateRequest 根据模板创建一个新的证书请求。使用以下模板成员:属性,DNS 名称,EmailAddres