本文整理汇总了Golang中crypto/x509.ParseCertificates函数的典型用法代码示例。如果您正苦于以下问题:Golang ParseCertificates函数的具体用法?Golang ParseCertificates怎么用?Golang ParseCertificates使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了ParseCertificates函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Golang代码示例。
示例1: LoadCertKeyFromEncPkg
func LoadCertKeyFromEncPkg(encpkg []byte, passwd string) (*CertKey, error) {
blk, _ := pem.Decode(encpkg)
if blk == nil {
return nil, errors.New("Invalid PEM data")
}
if blk.Type != pkgTypeStr {
return nil, errors.New("PEM type is not " + pkgTypeStr)
}
decrypted_pem, err := x509.DecryptPEMBlock(blk, []byte(passwd))
if err != nil {
return nil, err
}
key_pem, rest := pem.Decode(decrypted_pem)
if blk == nil {
return nil, errors.New("decrypted content is not PEM")
}
cert_pem, _ := pem.Decode(rest)
if blk == nil {
return nil, errors.New("Can't find the cert PEM")
}
if _, ok := supportedKeyTypes[key_pem.Type]; !ok {
return nil, errors.New("Unsupported Key types")
}
if cert_pem.Type != "CERTIFICATE" {
return nil, errors.New("Can't find certificate in decrypted PEM data")
}
var ck CertKey
switch key_pem.Type {
case "RSA PRIVATE KEY":
rsack := new(RSACertKey)
priv_key, err := x509.ParsePKCS1PrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
rsack.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
rsack.cert = *cert[0]
ck = rsack
return &ck, nil
case "EC PRIVATE KEY":
ecck := new(ECCertKey)
priv_key, err := x509.ParseECPrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
ecck.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
ecck.cert = *cert[0]
ck = ecck
return &ck, nil
}
return nil, errors.New("Unussal error, you shouldn't see this")
}
开发者ID:hujun-open,项目名称:manpass,代码行数:60,代码来源:pki.go
示例2: LoadManpassCA
func LoadManpassCA(uname string, passwd []byte) (*CertKey, error) {
//generate a new EE cert/key with specified uname's CA
//return encrypted CA cert, EE cert and encrypted EE key in a string
confdir := common.GetConfDir(uname)
fi, err := os.Stat(confdir)
if err != nil {
return nil, err
}
if !fi.IsDir() {
return nil, fmt.Errorf("%s is not a directory", confdir)
}
encacs, err := ioutil.ReadFile(filepath.Join(confdir, "ca.cert"))
if err != nil {
return nil, err
}
cacert_der, err := passcrypto.DecryptMeBase32(string(encacs), passwd)
if err != nil {
return nil, err
}
encaks, err := ioutil.ReadFile(filepath.Join(confdir, "ca.key"))
if err != nil {
return nil, err
}
blk, _ := pem.Decode(encaks)
cakey_der, err := x509.DecryptPEMBlock(blk, passwd)
var ck CertKey
switch blk.Type {
case "RSA PRIVATE KEY":
ca := new(RSACertKey)
cakey, err := x509.ParsePKCS1PrivateKey(cakey_der)
if err != nil {
return nil, err
}
ca.key = cakey
cert, err := x509.ParseCertificates(cacert_der)
if err != nil {
return nil, err
}
ca.cert = *cert[0]
ck = ca
return &ck, nil
case "EC PRIVATE KEY":
ecck := new(ECCertKey)
priv_key, err := x509.ParseECPrivateKey(cakey_der)
if err != nil {
return nil, err
}
ecck.key = priv_key
cert, err := x509.ParseCertificates(cacert_der)
if err != nil {
return nil, err
}
ecck.cert = *cert[0]
ck = ecck
return &ck, nil
}
return nil, errors.New("Unussal error, you shouldn't see this")
}
开发者ID:hujun-open,项目名称:manpass,代码行数:58,代码来源:pki.go
示例3: parseCertificate
func parseCertificate(certificateBytes []byte, privateKeyBytes []byte) *x509.Certificate {
certificate, err := tls.X509KeyPair(certificateBytes, privateKeyBytes)
Expect(err).NotTo(HaveOccurred())
certificates, err := x509.ParseCertificates(certificate.Certificate[0])
Expect(err).NotTo(HaveOccurred())
return certificates[0]
}
开发者ID:pivotal-cf,项目名称:pcfdev,代码行数:7,代码来源:cert_test.go
示例4: TestDialTLS
func TestDialTLS(t *testing.T) {
s := newTLSServer(t)
defer s.Close()
certs := x509.NewCertPool()
for _, c := range s.TLS.Certificates {
roots, err := x509.ParseCertificates(c.Certificate[len(c.Certificate)-1])
if err != nil {
t.Fatalf("error parsing server's root cert: %v", err)
}
for _, root := range roots {
certs.AddCert(root)
}
}
u, _ := url.Parse(s.URL)
d := cstDialer
d.NetDial = func(network, addr string) (net.Conn, error) { return net.Dial(network, u.Host) }
d.TLSClientConfig = &tls.Config{RootCAs: certs}
ws, _, err := d.Dial("wss://example.com/", nil)
if err != nil {
t.Fatalf("Dial: %v", err)
}
defer ws.Close()
sendRecv(t, ws)
}
开发者ID:jaswinder-singh,项目名称:torrentsaga,代码行数:26,代码来源:client_server_test.go
示例5: certSignature
func certSignature(cert tls.Certificate) (string, error) {
x509Certs, err := x509.ParseCertificates(cert.Certificate[0])
if err != nil {
return "", err
}
return x509CertSignature(x509Certs[0]), nil
}
开发者ID:kubernetes,项目名称:kubernetes,代码行数:7,代码来源:serve_test.go
示例6: ParsePKCS7
// ParsePKCS7 attempts to parse the DER encoded bytes of a
// PKCS7 structure
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
var pkcs7 initPKCS7
_, err = asn1.Unmarshal(raw, &pkcs7)
if err != nil {
return nil, err
}
msg = new(PKCS7)
msg.Raw = pkcs7.Raw
msg.Version = pkcs7.Content.SignedData.Version
if len(pkcs7.Content.SignedData.Certificates.Bytes) == 0 {
msg.Certificates = nil
} else {
msg.Certificates, err = x509.ParseCertificates(pkcs7.Content.SignedData.Certificates.Bytes)
if err != nil {
return nil, err
}
}
if len(pkcs7.Content.SignedData.Crls.Bytes) == 0 {
msg.Crl = nil
} else {
msg.Crl, err = x509.ParseDERCRL(pkcs7.Content.SignedData.Crls.Bytes)
if err != nil {
return nil, err
}
}
return msg, nil
}
开发者ID:hildjj,项目名称:boulder,代码行数:35,代码来源:pkcs7.go
示例7: DecodeCertificates
func DecodeCertificates(data []byte) ([]*x509.Certificate, error) {
if IsPEM(data) {
var certs []*x509.Certificate
for len(data) > 0 {
var block *pem.Block
block, data = pem.Decode(data)
if block == nil {
return nil, errors.New("Invalid certificate.")
}
if block.Type != certBlockType {
return nil, errors.New("Invalid certificate.")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, errors.New("Invalid certificate.")
}
certs = append(certs, cert)
}
return certs, nil
} else {
certs, err := x509.ParseCertificates(data)
if err != nil {
return nil, errors.New("Invalid certificate.")
}
return certs, nil
}
}
开发者ID:catalyzeio,项目名称:cli,代码行数:33,代码来源:io.go
示例8: LoadTLSConfig
func LoadTLSConfig(rootCertPaths []string) (*tls.Config, error) {
pool := x509.NewCertPool()
for _, certPath := range rootCertPaths {
// rootCrt, err := assets.Asset(certPath)
rootCrt, err := ioutil.ReadFile(certPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(rootCrt)
if pemBlock == nil {
return nil, fmt.Errorf("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
return nil, err
}
pool.AddCert(certs[0])
}
return &tls.Config{RootCAs: pool}, nil
}
开发者ID:shenshouer,项目名称:ngrok,代码行数:25,代码来源:tls.go
示例9: init
func init() {
pool := x509.NewCertPool()
ngrokRootCrt, err := assets.ReadAsset("assets/client/tls/ngrokroot.crt")
if err != nil {
panic(err)
}
snakeoilCaCrt, err := assets.ReadAsset("assets/client/tls/snakeoilca.crt")
if err != nil {
panic(err)
}
for _, b := range [][]byte{ngrokRootCrt, snakeoilCaCrt} {
pemBlock, _ := pem.Decode(b)
if pemBlock == nil {
panic("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
panic(err)
}
pool.AddCert(certs[0])
}
tlsConfig = &tls.Config{
RootCAs: pool,
ServerName: "tls.ngrok.com",
}
}
开发者ID:johnvilsack,项目名称:golang-stuff,代码行数:32,代码来源:tls.go
示例10: ParseCertificatesDER
// ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key,
// either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesDER(certsDER []byte, password string) ([]*x509.Certificate, crypto.Signer, error) {
var certs []*x509.Certificate
var key crypto.Signer
certsDER = bytes.TrimSpace(certsDER)
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
if err != nil {
pkcs12data, err := pkcs12.ParsePKCS12(certsDER, []byte(password))
if err != nil {
certs, err = x509.ParseCertificates(certsDER)
if err != nil {
return nil, nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
} else {
key = pkcs12data.PrivateKey
certs = pkcs12data.Certificates
}
} else {
if pkcs7data.ContentInfo != "SignedData" {
return nil, nil, cferr.Wrap(cferr.CertificateError, cferr.DecodeFailed, errors.New("can only extract certificates from signed data content info"))
}
certs = pkcs7data.Content.SignedData.Certificates
}
if certs == nil {
return nil, key, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
return certs, key, nil
}
开发者ID:geligaoli,项目名称:cfssl,代码行数:29,代码来源:helpers.go
示例11: parseSignedData
func parseSignedData(data []byte) (*PKCS7, error) {
var sd signedData
asn1.Unmarshal(data, &sd)
certs, err := x509.ParseCertificates(sd.Certificates.Bytes)
if err != nil {
return nil, err
}
// fmt.Printf("--> Signed Data Version %d\n", sd.Version)
var compound asn1.RawValue
var content unsignedData
if _, err := asn1.Unmarshal(sd.ContentInfo.Content.Bytes, &compound); err != nil {
return nil, err
}
// Compound octet string
if compound.IsCompound {
if _, err = asn1.Unmarshal(compound.Bytes, &content); err != nil {
return nil, err
}
} else {
// assuming this is tag 04
content = compound.Bytes
}
return &PKCS7{
Content: content,
Certificates: certs,
CRLs: sd.CRLs,
Signers: sd.SignerInfos,
raw: sd}, nil
}
开发者ID:jig,项目名称:pkcs7,代码行数:30,代码来源:pkcs7.go
示例12: generateCert
func generateCert(serverName string, caCert *x509.Certificate, caKey *rsa.PrivateKey) (*x509.Certificate, *rsa.PrivateKey, error) {
priv, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
return nil, nil, err
}
serial := randBigInt()
keyId := randBytes()
template := x509.Certificate{
Subject: pkix.Name{
CommonName: serverName,
},
SerialNumber: serial,
SubjectKeyId: keyId,
AuthorityKeyId: caCert.AuthorityKeyId,
NotBefore: time.Now().Add(-5 * time.Minute).UTC(),
NotAfter: time.Now().AddDate(2, 0, 0).UTC(),
}
derBytes, err := x509.CreateCertificate(rand.Reader, &template, caCert, &priv.PublicKey, caKey)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(derBytes)
if err != nil {
return nil, nil, err
}
if len(certs) != 1 {
return nil, nil, errors.New("Failed to generate a parsable certificate")
}
return certs[0], priv, nil
}
开发者ID:gwitmond,项目名称:ecca-datingsite,代码行数:35,代码来源:make-ca-certs.go
示例13: ParseCertificatesDER
// ParseCertificatesDER parses a DER encoding of a certificate object and possibly private key,
// either PKCS #7, PKCS #12, or raw x509.
func ParseCertificatesDER(certsDER []byte, password string) (certs []*x509.Certificate, key crypto.Signer, err error) {
certsDER = bytes.TrimSpace(certsDER)
pkcs7data, err := pkcs7.ParsePKCS7(certsDER)
if err != nil {
var pkcs12data interface{}
certs = make([]*x509.Certificate, 1)
pkcs12data, certs[0], err = pkcs12.Decode(certsDER, password)
if err != nil {
certs, err = x509.ParseCertificates(certsDER)
if err != nil {
return nil, nil, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
} else {
key = pkcs12data.(crypto.Signer)
}
} else {
if pkcs7data.ContentInfo != "SignedData" {
return nil, nil, cferr.Wrap(cferr.CertificateError, cferr.DecodeFailed, errors.New("can only extract certificates from signed data content info"))
}
certs = pkcs7data.Content.SignedData.Certificates
}
if certs == nil {
return nil, key, cferr.New(cferr.CertificateError, cferr.DecodeFailed)
}
return certs, key, nil
}
开发者ID:jamesbjackson,项目名称:cfssl,代码行数:28,代码来源:helpers.go
示例14: LoadTLSConfig
func LoadTLSConfig(rootCertPaths []string) (*tls.Config, error) {
pool := x509.NewCertPool()
for _, certPath := range rootCertPaths {
rootCrt, err := assets.Asset(certPath)
if err != nil {
return nil, err
}
pemBlock, _ := pem.Decode(rootCrt)
if pemBlock == nil {
return nil, fmt.Errorf("Bad PEM data")
}
certs, err := x509.ParseCertificates(pemBlock.Bytes)
if err != nil {
return nil, err
}
pool.AddCert(certs[0])
}
//https://github.com/golang/go/issues/9364
//log.Info("MinVersion:", tls.VersionSSL30)
return &tls.Config{RootCAs: pool, MinVersion: tls.VersionSSL30, InsecureSkipVerify: true}, nil
}
开发者ID:koolshare,项目名称:ngrok-1.7,代码行数:26,代码来源:tls.go
示例15: ParsePKCS7
// ParsePKCS7 attempts to parse the DER encoded bytes of a
// PKCS7 structure
func ParsePKCS7(raw []byte) (msg *PKCS7, err error) {
var pkcs7 initPKCS7
_, err = asn1.Unmarshal(raw, &pkcs7)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
msg = new(PKCS7)
msg.Raw = pkcs7.Raw
msg.ContentInfo = pkcs7.ContentType.String()
switch {
case msg.ContentInfo == ObjIDData:
msg.ContentInfo = "Data"
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &msg.Content.Data)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
case msg.ContentInfo == ObjIDSignedData:
msg.ContentInfo = "SignedData"
var signedData signedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &signedData)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
if len(signedData.Certificates.Bytes) != 0 {
msg.Content.SignedData.Certificates, err = x509.ParseCertificates(signedData.Certificates.Bytes)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
}
if len(signedData.Crls.Bytes) != 0 {
msg.Content.SignedData.Crl, err = x509.ParseDERCRL(signedData.Crls.Bytes)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
}
msg.Content.SignedData.Version = signedData.Version
msg.Content.SignedData.Raw = pkcs7.Content.Bytes
case msg.ContentInfo == ObjIDEncryptedData:
msg.ContentInfo = "EncryptedData"
var encryptedData EncryptedData
_, err = asn1.Unmarshal(pkcs7.Content.Bytes, &encryptedData)
if err != nil {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, err)
}
if encryptedData.Version != 0 {
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("Only support for PKCS #7 encryptedData version 0"))
}
msg.Content.EncryptedData = encryptedData
default:
return nil, cferr.Wrap(cferr.CertificateError, cferr.ParseFailed, errors.New("Attempt to parse PKCS# 7 Content not of type data, signed data or encrypted data"))
}
return msg, nil
}
开发者ID:bretthoerner,项目名称:boulder,代码行数:60,代码来源:pkcs7.go
示例16: Decode
// Decode extracts a certificate and private key from pfxData. This function
// assumes that there is only one certificate and only one private key in the
// pfxData.
func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) {
encodedPassword, err := bmpString(password)
if err != nil {
return nil, nil, err
}
bags, encodedPassword, err := getSafeContents(pfxData, encodedPassword)
if err != nil {
return nil, nil, err
}
if len(bags) != 2 {
err = errors.New("pkcs12: expected exactly two safe bags in the PFX PDU")
return
}
for _, bag := range bags {
switch {
case bag.Id.Equal(oidCertBag):
if certificate != nil {
err = errors.New("pkcs12: expected exactly one certificate bag")
}
certsData, err := decodeCertBag(bag.Value.Bytes)
if err != nil {
return nil, nil, err
}
certs, err := x509.ParseCertificates(certsData)
if err != nil {
return nil, nil, err
}
if len(certs) != 1 {
err = errors.New("pkcs12: expected exactly one certificate in the certBag")
return nil, nil, err
}
certificate = certs[0]
case bag.Id.Equal(oidPKCS8ShroundedKeyBag):
if privateKey != nil {
err = errors.New("pkcs12: expected exactly one key bag")
}
if privateKey, err = decodePkcs8ShroudedKeyBag(bag.Value.Bytes, encodedPassword); err != nil {
return nil, nil, err
}
}
}
if certificate == nil {
return nil, nil, errors.New("pkcs12: certificate missing")
}
if privateKey == nil {
return nil, nil, errors.New("pkcs12: private key missing")
}
return
}
开发者ID:dylanpoe,项目名称:golang.org,代码行数:60,代码来源:pkcs12.go
示例17: Hash
// Hash returns the hash of cert, or error if cert is not a valid pem-encoded x509 cert
func Hash(cert []byte) ([]byte, error) {
block, _ := pem.Decode(cert)
_, err := x509.ParseCertificates(block.Bytes)
if err != nil {
return nil, err
}
x := sha512.Sum512(block.Bytes)
return x[:], nil
}
开发者ID:JonathanLogan,项目名称:mute,代码行数:10,代码来源:hash.go
示例18: PEMDecode
func PEMDecode(pemBytes []byte) x509.Certificate {
block, _ := pem.Decode(pemBytes)
certs, err := x509.ParseCertificates(block.Bytes)
check(err)
if len(certs) != 1 {
check(errors.New(fmt.Sprintf("Cannot parse CA certificate from database. Received: %#v which parsed to %#v\n", pemBytes, certs)))
}
return *certs[0]
}
开发者ID:gwitmond,项目名称:eccentric-authentication,代码行数:9,代码来源:eccentric.go
示例19: main
func main() {
flag.Parse()
var contents []byte
var err error
if *file == "" {
contents, err = ioutil.ReadAll(os.Stdin)
} else {
contents, err = ioutil.ReadFile(*file)
}
if err != nil {
log.Fatal(err)
}
block, _ := pem.Decode(contents)
if block == nil {
log.Fatal("Not a PEM block.")
}
var keybytes []byte
switch block.Type {
case "PUBLIC KEY", "RSA PUBLIC KEY":
keybytes = block.Bytes
case "CERTIFICATE":
certs, err := x509.ParseCertificates(block.Bytes)
if err != nil {
log.Fatal(err)
}
if len(certs) < 1 {
log.Fatal("No certificates.")
}
keybytes = certs[0].RawSubjectPublicKeyInfo
default:
log.Fatalf("Unknown block type: %q.", block.Type)
}
hasher := sha256.New()
hasher.Write(keybytes)
fmt.Printf("sha256/%v\n", base64.StdEncoding.EncodeToString(hasher.Sum(nil)))
if *verbose {
var spki PublicKeyInfo
if _, err := asn1.Unmarshal(keybytes, &spki); err != nil {
log.Fatal(err)
}
fmt.Printf("AlgID: %v\n", spki.Algorithm.Algorithm)
var pubkey RSAPublicKey
if _, err := asn1.Unmarshal(spki.PublicKey.Bytes, &pubkey); err != nil {
log.Fatal(err)
}
fmt.Printf("N: %v\n", pubkey.N)
fmt.Printf("E: %v\n", pubkey.E)
}
}
开发者ID:ArielBadichi,项目名称:pinhash,代码行数:54,代码来源:main.go
示例20: Parse
func (raw rawCertificates) Parse() ([]*x509.Certificate, error) {
if len(raw.Raw) == 0 {
return nil, nil
}
var val asn1.RawValue
if _, err := asn1.Unmarshal(raw.Raw, &val); err != nil {
return nil, err
}
return x509.ParseCertificates(val.Bytes)
}
开发者ID:GauntletWizard,项目名称:vault,代码行数:12,代码来源:pkcs7.go
注:本文中的crypto/x509.ParseCertificates函数示例整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论