Package pkix

import "crypto/x509/pkix"
Overview
Index
Documentation

Overview

Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.

Index

type AlgorithmIdentifier
type AttributeTypeAndValue
type AttributeTypeAndValueSET
type CertificateList
func (certList *CertificateList) HasExpired(now time.Time) bool
type Extension
type Name
func (n *Name) FillFromRDNSequence(rdns *RDNSequence)
func (n Name) String() string
func (n Name) ToRDNSequence() (ret RDNSequence)
type RDNSequence
func (r RDNSequence) String() string
type RelativeDistinguishedNameSET
type RevokedCertificate
type TBSCertificateList

Documentation

type AlgorithmIdentifier

type AlgorithmIdentifier struct {
    Algorithm  asn1.ObjectIdentifier
    Parameters asn1.RawValue `asn1:"optional"`
}

AlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC 5280, section 4.1.1.2.

type AttributeTypeAndValue

type AttributeTypeAndValue struct {
    Type  asn1.ObjectIdentifier
    Value interface{}
}

AttributeTypeAndValue mirrors the ASN.1 structure of the same name in http://tools.ietf.org/html/rfc5280#section-4.1.2.4

type AttributeTypeAndValueSET

type AttributeTypeAndValueSET struct {
    Type  asn1.ObjectIdentifier
    Value [][]AttributeTypeAndValue `asn1:"set"`
}

AttributeTypeAndValueSET represents a set of ASN.1 sequences of AttributeTypeAndValue sequences from RFC 2986 (PKCS #10).

type CertificateList

type CertificateList struct {
    TBSCertList        TBSCertificateList
    SignatureAlgorithm AlgorithmIdentifier
    SignatureValue     asn1.BitString
}

CertificateList represents the ASN.1 structure of the same name. See RFC 5280, section 5.1. Use x509.Certificate.CheckCRLSignature to verify the signature.

func CertificateList.HasExpired

func (certList *CertificateList) HasExpired(now time.Time) bool

HasExpired reports whether now is past the expiry time of certList.

type Extension

type Extension struct {
    Id       asn1.ObjectIdentifier
    Critical bool `asn1:"optional"`
    Value    []byte
}

Extension represents the ASN.1 structure of the same name. See RFC 5280, section 4.2.

type Name

type Name struct {
    Country, Organization, OrganizationalUnit []string
    Locality, Province                        []string
    StreetAddress, PostalCode                 []string
    SerialNumber, CommonName                  string

    Names      []AttributeTypeAndValue
    ExtraNames []AttributeTypeAndValue
}

Name represents an X.509 distinguished name. This only includes the common elements of a DN. When parsing, all elements are stored in Names and non-standard elements can be extracted from there. When marshaling, elements in ExtraNames are appended and override other values with the same OID.

func Name.FillFromRDNSequence

func (n *Name) FillFromRDNSequence(rdns *RDNSequence)

func Name.String

func (n Name) String() string

String implements the fmt.Stringer interface. It loosely follows the string conversion rules for Distinguished Names from RFC 2253.

func Name.ToRDNSequence

func (n Name) ToRDNSequence() (ret RDNSequence)

type RDNSequence

type RDNSequence []RelativeDistinguishedNameSET

func RDNSequence.String

func (r RDNSequence) String() string

String implements the fmt.Stringer interface. It loosely follows the string conversion rules for Distinguished Names from RFC 2253.

type RelativeDistinguishedNameSET

type RelativeDistinguishedNameSET []AttributeTypeAndValue

type RevokedCertificate

type RevokedCertificate struct {
    SerialNumber   *big.Int
    RevocationTime time.Time
    Extensions     []Extension `asn1:"optional"`
}

RevokedCertificate represents the ASN.1 structure of the same name. See RFC 5280, section 5.1.

type TBSCertificateList

type TBSCertificateList struct {
    Raw                 asn1.RawContent
    Version             int `asn1:"optional,default:0"`
    Signature           AlgorithmIdentifier
    Issuer              RDNSequence
    ThisUpdate          time.Time
    NextUpdate          time.Time            `asn1:"optional"`
    RevokedCertificates []RevokedCertificate `asn1:"optional"`
    Extensions          []Extension          `asn1:"tag:0,optional,explicit"`
}

TBSCertificateList represents the ASN.1 structure of the same name. See RFC 5280, section 5.1.