本文整理匯總了Golang中crypto/x509.ParseCertificates函數的典型用法代碼示例。如果您正苦於以下問題:Golang ParseCertificates函數的具體用法?Golang ParseCertificates怎麽用?Golang ParseCertificates使用的例子?那麽, 這裏精選的函數代碼示例或許可以為您提供幫助。
在下文中一共展示了ParseCertificates函數的15個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Golang代碼示例。
示例1: LoadCertKeyFromEncPkg
func LoadCertKeyFromEncPkg(encpkg []byte, passwd string) (*CertKey, error) {
blk, _ := pem.Decode(encpkg)
if blk == nil {
return nil, errors.New("Invalid PEM data")
}
if blk.Type != pkgTypeStr {
return nil, errors.New("PEM type is not " + pkgTypeStr)
}
decrypted_pem, err := x509.DecryptPEMBlock(blk, []byte(passwd))
if err != nil {
return nil, err
}
key_pem, rest := pem.Decode(decrypted_pem)
if blk == nil {
return nil, errors.New("decrypted content is not PEM")
}
cert_pem, _ := pem.Decode(rest)
if blk == nil {
return nil, errors.New("Can't find the cert PEM")
}
if _, ok := supportedKeyTypes[key_pem.Type]; !ok {
return nil, errors.New("Unsupported Key types")
}
if cert_pem.Type != "CERTIFICATE" {
return nil, errors.New("Can't find certificate in decrypted PEM data")
}
var ck CertKey
switch key_pem.Type {
case "RSA PRIVATE KEY":
rsack := new(RSACertKey)
priv_key, err := x509.ParsePKCS1PrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
rsack.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
rsack.cert = *cert[0]
ck = rsack
return &ck, nil
case "EC PRIVATE KEY":
ecck := new(ECCertKey)
priv_key, err := x509.ParseECPrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
ecck.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
ecck.cert = *cert[0]
ck = ecck
return &ck, nil
}
return nil, errors.New("Unussal error, you shouldn't see this")
}示例2: LoadManpassCA
func LoadManpassCA(uname string, passwd []byte) (*CertKey, error) {
//generate a new EE cert/key with specified uname's CA
//return encrypted CA cert, EE cert and encrypted EE key in a string
confdir := common.GetConfDir(uname)
fi, err := os.Stat(confdir)
if err != nil {
return nil, err
}
if !fi.IsDir() {
return nil, fmt.Errorf("%s is not a directory", confdir)
}
encacs, err := ioutil.ReadFile(filepath.Join(confdir, "ca.cert"))
if err != nil {
return nil, err
}
cacert_der, err := passcrypto.DecryptMeBase32(string(encacs), passwd)
if err != nil {
return nil, err
}
encaks, err := ioutil.ReadFile(filepath.Join(confdir, "ca.key"))
if err != nil {
return nil, err
}
blk, _ := pem.Decode(encaks)
cakey_der, err := x509.DecryptPEMBlock(blk, passwd)
var ck CertKey
switch blk.Type {
case "RSA PRIVATE KEY":
ca := new(RSACertKey)
cakey, err := x509.ParsePKCS1PrivateKey(cakey_der)
if err != nil {
return nil, err
}
ca.key = cakey
cert, err := x509.ParseCertificates(cacert_der)
if err != nil {
return nil, err
}
ca.cert = *cert[0]
ck = ca
return &ck, nil
case "EC PRIVATE KEY":
ecck := new(ECCertKey)
priv_key, err := x509.ParseECPrivateKey(cakey_der)
if err != nil {
return nil, err
}
ecck.key = priv_key
cert, err := x509.ParseCertificates(cacert_der)
if err != nil {
return nil, err
}
ecck.cert = *cert[0]
ck = ecck
return &ck, nil
}
return nil, errors.New("Unussal error, you shouldn't see this")
}示例3: parseCertificate
func parseCertificate(certificateBytes []byte, privateKeyBytes []byte) *x509.Certificate {
certificate, err := tls.X509KeyPair(certificateBytes, privateKeyBytes)
Expect(err).NotTo(HaveOccurred())
certificates, err := x509.ParseCertificates(certificate.Certificate[0])
Expect(err).NotTo(HaveOccurred())
return certificates[0]
}示例4: TestDialTLS
func TestDialTLS(t *testing.T) {
s := newTLSServer(t)
defer s.Close()
certs := x509.NewCertPool()
for _, c := range s.TLS.Certificates {
roots, err := x509.ParseCertificates(c.Certificate[len(c.Certificate)-1])
if err != nil {
t.Fatalf("error parsing server's root cert: %v", err)
}
for _, root := range roots {
certs.AddCert(root)
}
}
u, _ := url.Parse(s.URL)
d := cstDialer
d.NetDial = func(network, addr string) (net.Conn, error) { return net.Dial(network, u.Host) }
d.TLSClientConfig = &tls.Config{RootCAs: certs}
ws, _, err := d.Dial("wss://example.com/", nil)
if err != nil {
t.Fatalf("Dial: %v", err)
}
defer ws.Close()
sendRecv(t, ws)
}示例5: certSignature
func certSignature(cert tls.Certificate) (string, error) {
x509Certs, err := x509.ParseCertificates(cert.Certificate[0])
if err != nil {
return "", err
}
return x509CertSignature(x509Certs[0]), nil
}示例6: ParsePKCS7
// ParsePKCS7 attempts to parse the DER encoded bytes of a
// PKCS7 structure
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
var pkcs7 initPKCS7
_, err = asn1.Unmarshal(raw, &pkcs7)
if err != nil {
return nil, err
}
msg = new(PKCS7)
msg.Raw = pkcs7.Raw
msg.Version = pkcs7.Content.SignedData.Version
if len(pkcs7.Content.SignedData.Certificates.Bytes) == 0 {
msg.Certificates = nil
} else {
msg.Certificates, err = x509.ParseCertificates(pkcs7.Content.SignedData.Certificates.Bytes)
if err != nil {
return nil, err
}
}
if len(pkcs7.Content.SignedData.Crls.Bytes) == 0 {
msg.Crl = nil
} else {
msg.Crl, err = x509.ParseDERCRL(pkcs7.Content.SignedData.Crls.Bytes)
if err != nil {
return nil, err
}
}
return msg, nil
}示例7: DecodeCertificates
func DecodeCertificates(data []byte) ([]*x509.Certificate, error) {
if IsPEM(data) {
var certs []*x509.Certificate
for len(data) > 0 {
var block *pem.Block
block, data = pem.Decode(data)
if block == nil {
return nil, errors.New("Invalid certificate.")
}
if block.Type != certBlockType {
return nil, errors.New("Invalid certificate.")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, errors.New("Invalid certificate.")
}
certs = append(certs, cert)
}
return certs, nil
} else {
certs, err := x509.ParseCertificates(data)
if err != nil {
return nil, errors.New("Invalid certificate.")
}
return certs, nil
}
}示例8: LoadTLSConfig
func LoadTLSConfig(rootCertPaths []string) (*tls.Config, error) {
pool := x509.NewCertPool()
for _, certPath := range rootCertPaths {
// rootCrt, err := assets.Asset(certPath)
rootCrt, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(rootCrt)
if pemBlock == nil {
return nil, fmt.Errorf("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
return nil, err
}
pool.AddCert(certs[0])
}
return &tls.Config{RootCAs: pool}, nil
}示例9: init
func init() {
pool := x509.NewCertPool()
ngrokRootCrt, err := assets.ReadAsset("assets/client/tls/ngrokroot.crt")
if err != nil {
panic(err)
}
snakeoilCaCrt, err := assets.ReadAsset("assets/client/tls/snakeoilca.crt")
if err != nil {
panic(err)
}
for _, b := range [][]byte{ngrokRootCrt, snakeoilCaCrt} {
pemBlock, _ := pem.Decode(b)
if pemBlock == nil {
panic("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
panic(err)
}
pool.AddCert(certs[0])
}
tlsConfig = &tls.Config{
RootCAs: pool,
ServerName: "tls.ngrok.com",
}
}示例10: ParseCertificatesDER
// ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key,
// either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesDER(certsDER []byte, password string) ([]*x509.Certificate, crypto.Signer, error) {
var certs []*x509.Certificate
var key crypto.Signer
certsDER = bytes.TrimSpace(certsDER)
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
if err != nil {
pkcs12data, err := pkcs12.ParsePKCS12(certsDER, []byte(password))
if err != nil {
certs, err = x509.ParseCertificates(certsDER)
if err != nil {
return nil, nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
} else {
key = pkcs12data.PrivateKey
certs = pkcs12data.Certificates
}
} else {
if pkcs7data.ContentInfo != "SignedData" {
return nil, nil, cferr.Wrap(cferr.CertificateError, cferr.DecodeFailed, errors.New("can only extract certificates from signed data content info"))
}
certs = pkcs7data.Content.SignedData.Certificates
}
if certs == nil {
return nil, key, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
return certs, key, nil
}示例11: parseSignedData
func parseSignedData(data []byte) (*PKCS7, error) {
var sd signedData
asn1.Unmarshal(data, &sd)
certs, err := x509.ParseCertificates(sd.Certificates.Bytes)
if err != nil {
return nil, err
}
// fmt.Printf("--> Signed Data Version %d\n", sd.Version)
var compound asn1.RawValue
var content unsignedData
if _, err := asn1.Unmarshal(sd.ContentInfo.Content.Bytes, &compound); err != nil {
return nil, err
}
// Compound octet string
if compound.IsCompound {
if _, err = asn1.Unmarshal(compound.Bytes, &content); err != nil {
return nil, err
}
} else {
// assuming this is tag 04
content = compound.Bytes
}
return &PKCS7{
Content: content,
Certificates: certs,
CRLs: sd.CRLs,
Signers: sd.SignerInfos,
raw: sd}, nil
}示例12: generateCert
func generateCert(serverName string, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
priv, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
return nil, nil, err
}
serial := randBigInt()
keyId := randBytes()
template := x509.Certificate{
Subject: pkix.Name{
CommonName: serverName,
},
SerialNumber: serial,
SubjectKeyId: keyId,
AuthorityKeyId: caCert.AuthorityKeyId,
NotBefore: time.Now().Add(-5 * time.Minute).UTC(),
NotAfter: time.Now().AddDate(2, 0, 0).UTC(),
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, caCert, &priv.PublicKey, caKey)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(derBytes)
if err != nil {
return nil, nil, err
}
if len(certs) != 1 {
return nil, nil, errors.New("Failed to generate a parsable certificate")
}
return certs[0], priv, nil
}示例13: ParseCertificatesDER
// ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key,
// either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error) {
certsDER = bytes.TrimSpace(certsDER)
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
if err != nil {
var pkcs12data interface{}
certs = make([]*x509.Certificate, 1)
pkcs12data, certs[0], err = pkcs12.Decode(certsDER, password)
if err != nil {
certs, err = x509.ParseCertificates(certsDER)
if err != nil {
return nil, nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
} else {
key = pkcs12data.(crypto.Signer)
}
} else {
if pkcs7data.ContentInfo != "SignedData" {
return nil, nil, cferr.Wrap(cferr.CertificateError, cferr.DecodeFailed, errors.New("can only extract certificates from signed data content info"))
}
certs = pkcs7data.Content.SignedData.Certificates
}
if certs == nil {
return nil, key, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
return certs, key, nil
}示例14: LoadTLSConfig
func LoadTLSConfig(rootCertPaths []string) (*tls.Config, error) {
pool := x509.NewCertPool()
for _, certPath := range rootCertPaths {
rootCrt, err := assets.Asset(certPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(rootCrt)
if pemBlock == nil {
return nil, fmt.Errorf("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
return nil, err
}
pool.AddCert(certs[0])
}
//https://github.com/golang/go/issues/9364
//log.Info("MinVersion:", tls.VersionSSL30)
return &tls.Config{RootCAs: pool, MinVersion: tls.VersionSSL30, InsecureSkipVerify: true}, nil
}示例15: ParsePKCS7
// ParsePKCS7 attempts to parse the DER encoded bytes of a
// PKCS7 structure
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
var pkcs7 initPKCS7
_, err = asn1.Unmarshal(raw, &pkcs7)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
msg = new(PKCS7)
msg.Raw = pkcs7.Raw
msg.ContentInfo = pkcs7.ContentType.String()
switch {
case msg.ContentInfo == ObjIDData:
msg.ContentInfo = "Data"
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &msg.Content.Data)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
case msg.ContentInfo == ObjIDSignedData:
msg.ContentInfo = "SignedData"
var signedData signedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &signedData)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
if len(signedData.Certificates.Bytes) != 0 {
msg.Content.SignedData.Certificates, err = x509.ParseCertificates(signedData.Certificates.Bytes)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
}
if len(signedData.Crls.Bytes) != 0 {
msg.Content.SignedData.Crl, err = x509.ParseDERCRL(signedData.Crls.Bytes)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
}
msg.Content.SignedData.Version = signedData.Version
msg.Content.SignedData.Raw = pkcs7.Content.Bytes
case msg.ContentInfo == ObjIDEncryptedData:
msg.ContentInfo = "EncryptedData"
var encryptedData EncryptedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &encryptedData)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
if encryptedData.Version != 0 {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("Only support for PKCS #7 encryptedData version 0"))
}
msg.Content.EncryptedData = encryptedData
default:
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("Attempt to parse PKCS# 7 Content not of type data, signed data or encrypted data"))
}
return msg, nil
}