Lines Matching refs:Certificate
8 // can be used to override the system default locations for the SSL certificate
9 // file and SSL certificate files directory, respectively.
127 type certificate struct {
632 // A Certificate represents an X.509 certificate.
633 type Certificate struct {
634 Raw []byte // Complete ASN.1 DER content (certificate, signature algorithm and signature).
635 RawTBSCertificate []byte // Certificate part of raw ASN.1 DER content.
686 // When parsing a certificate, a positive non-zero MaxPathLen
692 // When generating a certificate, an unset pathLenConstraint
744 // a certificate. For example: checking a signature when the public key isn't a
745 // certificate signing key.
749 return "x509: invalid signature: parent certificate cannot sign this kind of certificate"
752 func (c *Certificate) Equal(other *Certificate) bool {
756 func (c *Certificate) hasSANExtension() bool {
760 // Entrust have a broken root certificate (CN=Entrust.net Certification
761 // Authority (2048)) which isn't marked as a CA certificate and is thus invalid
763 // We recognise this certificate by its SubjectPublicKeyInfo and exempt it
811 func (c *Certificate) CheckSignatureFrom(parent *Certificate) error {
814 // certificate, or the extension is present but the cA boolean is not
816 // certificate signatures."
839 func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error {
843 func (c *Certificate) hasNameConstraints() bool {
853 func (c *Certificate) getSANExtension() ([]byte, bool) {
944 func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error {
1156 return errors.New("x509: certificate contained IP address of length " + strconv.Itoa(len(data)))
1191 func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandled bool, err error) {
1351 func parseCertificate(in *certificate) (*Certificate, error) {
1352 out := new(Certificate)
1525 // RFC 5280 4.2.1.4: Certificate Policies
1530 return nil, errors.New("x509: trailing data after X.509 certificate policies")
1574 // ParseCertificate parses a single certificate from the given ASN.1 DER data.
1575 func ParseCertificate(asn1Data []byte) (*Certificate, error) {
1576 var cert certificate
1590 func ParseCertificates(asn1Data []byte) ([]*Certificate, error) {
1591 var v []*certificate
1594 cert := new(certificate)
1603 ret := make([]*Certificate, len(v))
1705 func buildExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId []byte) (ret []pkix.Extension, err error) {
1966 func subjectBytes(cert *Certificate) ([]byte, error) {
2047 // CreateCertificate creates a new X.509v3 certificate based on a template.
2054 // The certificate is signed by parent. If parent is equal to template then the
2055 // certificate is self-signed. The parameter pub is the public key of the
2058 // The returned slice is the certificate in DER encoding.
2064 // unless the resulting certificate is self-signed. Otherwise the value from
2066 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error) {
2069 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2144 return asn1.Marshal(certificate{
2184 // CreateCRL returns a DER encoded CRL, signed by this Certificate, that
2186 func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) {
2189 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2246 // CertificateRequest represents a PKCS #10, certificate signature request.
2249 RawTBSCertificateRequest []byte // Certificate request info part of raw ASN.1 DER content.
2286 // These structures reflect the ASN.1 structure of X.509 certificate
2373 // CreateCertificateRequest creates a new certificate request based on a
2378 // The returned slice is the certificate request in DER encoding.
2385 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2529 // ParseCertificateRequest parses a single certificate request from the
