1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
5 // Package x509 parses X.509-encoded keys and certificates.
7 // On UNIX systems the environment variables SSL_CERT_FILE and SSL_CERT_DIR
8 // can be used to override the system default locations for the SSL certificate
9 // file and SSL certificate files directory, respectively.
36 "golang_org/x/crypto/cryptobyte"
37 cryptobyte_asn1
"golang_org/x/crypto/cryptobyte/asn1"
40 // pkixPublicKey reflects a PKIX public key structure. See SubjectPublicKeyInfo
42 type pkixPublicKey
struct {
43 Algo pkix
.AlgorithmIdentifier
44 BitString asn1
.BitString
47 // ParsePKIXPublicKey parses a DER encoded public key. These values are
48 // typically found in PEM blocks with "BEGIN PUBLIC KEY".
50 // Supported key types include RSA, DSA, and ECDSA. Unknown key
51 // types result in an error.
53 // On success, pub will be of type *rsa.PublicKey, *dsa.PublicKey,
54 // or *ecdsa.PublicKey.
55 func ParsePKIXPublicKey(derBytes
[]byte) (pub
interface{}, err error
) {
57 if rest
, err
:= asn1
.Unmarshal(derBytes
, &pki
); err
!= nil {
59 } else if len(rest
) != 0 {
60 return nil, errors
.New("x509: trailing data after ASN.1 of public-key")
62 algo
:= getPublicKeyAlgorithmFromOID(pki
.Algorithm
.Algorithm
)
63 if algo
== UnknownPublicKeyAlgorithm
{
64 return nil, errors
.New("x509: unknown public key algorithm")
66 return parsePublicKey(algo
, &pki
)
69 func marshalPublicKey(pub
interface{}) (publicKeyBytes
[]byte, publicKeyAlgorithm pkix
.AlgorithmIdentifier
, err error
) {
70 switch pub
:= pub
.(type) {
72 publicKeyBytes
, err
= asn1
.Marshal(pkcs1PublicKey
{
77 return nil, pkix
.AlgorithmIdentifier
{}, err
79 publicKeyAlgorithm
.Algorithm
= oidPublicKeyRSA
80 // This is a NULL parameters value which is required by
81 // https://tools.ietf.org/html/rfc3279#section-2.3.1.
82 publicKeyAlgorithm
.Parameters
= asn1
.NullRawValue
83 case *ecdsa
.PublicKey
:
84 publicKeyBytes
= elliptic
.Marshal(pub
.Curve
, pub
.X
, pub
.Y
)
85 oid
, ok
:= oidFromNamedCurve(pub
.Curve
)
87 return nil, pkix
.AlgorithmIdentifier
{}, errors
.New("x509: unsupported elliptic curve")
89 publicKeyAlgorithm
.Algorithm
= oidPublicKeyECDSA
91 paramBytes
, err
= asn1
.Marshal(oid
)
95 publicKeyAlgorithm
.Parameters
.FullBytes
= paramBytes
97 return nil, pkix
.AlgorithmIdentifier
{}, errors
.New("x509: only RSA and ECDSA public keys supported")
100 return publicKeyBytes
, publicKeyAlgorithm
, nil
103 // MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format.
104 func MarshalPKIXPublicKey(pub
interface{}) ([]byte, error
) {
105 var publicKeyBytes
[]byte
106 var publicKeyAlgorithm pkix
.AlgorithmIdentifier
109 if publicKeyBytes
, publicKeyAlgorithm
, err
= marshalPublicKey(pub
); err
!= nil {
113 pkix
:= pkixPublicKey
{
114 Algo
: publicKeyAlgorithm
,
115 BitString
: asn1
.BitString
{
116 Bytes
: publicKeyBytes
,
117 BitLength
: 8 * len(publicKeyBytes
),
121 ret
, _
:= asn1
.Marshal(pkix
)
125 // These structures reflect the ASN.1 structure of X.509 certificates.:
127 type certificate
struct {
129 TBSCertificate tbsCertificate
130 SignatureAlgorithm pkix
.AlgorithmIdentifier
131 SignatureValue asn1
.BitString
134 type tbsCertificate
struct {
136 Version
int `asn1:"optional,explicit,default:0,tag:0"`
137 SerialNumber
*big
.Int
138 SignatureAlgorithm pkix
.AlgorithmIdentifier
141 Subject asn1
.RawValue
142 PublicKey publicKeyInfo
143 UniqueId asn1
.BitString
`asn1:"optional,tag:1"`
144 SubjectUniqueId asn1
.BitString
`asn1:"optional,tag:2"`
145 Extensions
[]pkix
.Extension
`asn1:"optional,explicit,tag:3"`
148 type dsaAlgorithmParameters
struct {
152 type dsaSignature
struct {
156 type ecdsaSignature dsaSignature
158 type validity
struct {
159 NotBefore
, NotAfter time
.Time
162 type publicKeyInfo
struct {
164 Algorithm pkix
.AlgorithmIdentifier
165 PublicKey asn1
.BitString
169 type authKeyId
struct {
170 Id
[]byte `asn1:"optional,tag:0"`
173 type SignatureAlgorithm
int
176 UnknownSignatureAlgorithm SignatureAlgorithm
= iota
194 func (algo SignatureAlgorithm
) isRSAPSS() bool {
196 case SHA256WithRSAPSS
, SHA384WithRSAPSS
, SHA512WithRSAPSS
:
203 func (algo SignatureAlgorithm
) String() string {
204 for _
, details
:= range signatureAlgorithmDetails
{
205 if details
.algo
== algo
{
209 return strconv
.Itoa(int(algo
))
212 type PublicKeyAlgorithm
int
215 UnknownPublicKeyAlgorithm PublicKeyAlgorithm
= iota
221 var publicKeyAlgoName
= [...]string{
227 func (algo PublicKeyAlgorithm
) String() string {
228 if 0 < algo
&& int(algo
) < len(publicKeyAlgoName
) {
229 return publicKeyAlgoName
[algo
]
231 return strconv
.Itoa(int(algo
))
234 // OIDs for signature algorithms
236 // pkcs-1 OBJECT IDENTIFIER ::= {
237 // iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 }
240 // RFC 3279 2.2.1 RSA Signature Algorithms
242 // md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 }
244 // md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 }
246 // sha-1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 }
248 // dsaWithSha1 OBJECT IDENTIFIER ::= {
249 // iso(1) member-body(2) us(840) x9-57(10040) x9cm(4) 3 }
251 // RFC 3279 2.2.3 ECDSA Signature Algorithm
253 // ecdsa-with-SHA1 OBJECT IDENTIFIER ::= {
254 // iso(1) member-body(2) us(840) ansi-x962(10045)
255 // signatures(4) ecdsa-with-SHA1(1)}
258 // RFC 4055 5 PKCS #1 Version 1.5
260 // sha256WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 11 }
262 // sha384WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 12 }
264 // sha512WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 13 }
267 // RFC 5758 3.1 DSA Signature Algorithms
269 // dsaWithSha256 OBJECT IDENTIFIER ::= {
270 // joint-iso-ccitt(2) country(16) us(840) organization(1) gov(101)
271 // csor(3) algorithms(4) id-dsa-with-sha2(3) 2}
273 // RFC 5758 3.2 ECDSA Signature Algorithm
275 // ecdsa-with-SHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
276 // us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 2 }
278 // ecdsa-with-SHA384 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
279 // us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 3 }
281 // ecdsa-with-SHA512 OBJECT IDENTIFIER ::= { iso(1) member-body(2)
282 // us(840) ansi-X9-62(10045) signatures(4) ecdsa-with-SHA2(3) 4 }
285 oidSignatureMD2WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 2}
286 oidSignatureMD5WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 4}
287 oidSignatureSHA1WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 5}
288 oidSignatureSHA256WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 11}
289 oidSignatureSHA384WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 12}
290 oidSignatureSHA512WithRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 13}
291 oidSignatureRSAPSS
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 10}
292 oidSignatureDSAWithSHA1
= asn1
.ObjectIdentifier
{1, 2, 840, 10040, 4, 3}
293 oidSignatureDSAWithSHA256
= asn1
.ObjectIdentifier
{2, 16, 840, 1, 101, 3, 4, 3, 2}
294 oidSignatureECDSAWithSHA1
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 4, 1}
295 oidSignatureECDSAWithSHA256
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 4, 3, 2}
296 oidSignatureECDSAWithSHA384
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 4, 3, 3}
297 oidSignatureECDSAWithSHA512
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 4, 3, 4}
299 oidSHA256
= asn1
.ObjectIdentifier
{2, 16, 840, 1, 101, 3, 4, 2, 1}
300 oidSHA384
= asn1
.ObjectIdentifier
{2, 16, 840, 1, 101, 3, 4, 2, 2}
301 oidSHA512
= asn1
.ObjectIdentifier
{2, 16, 840, 1, 101, 3, 4, 2, 3}
303 oidMGF1
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 8}
305 // oidISOSignatureSHA1WithRSA means the same as oidSignatureSHA1WithRSA
306 // but it's specified by ISO. Microsoft's makecert.exe has been known
307 // to produce certificates with this OID.
308 oidISOSignatureSHA1WithRSA
= asn1
.ObjectIdentifier
{1, 3, 14, 3, 2, 29}
311 var signatureAlgorithmDetails
= []struct {
312 algo SignatureAlgorithm
314 oid asn1
.ObjectIdentifier
315 pubKeyAlgo PublicKeyAlgorithm
318 {MD2WithRSA
, "MD2-RSA", oidSignatureMD2WithRSA
, RSA
, crypto
.Hash(0) /* no value for MD2 */},
319 {MD5WithRSA
, "MD5-RSA", oidSignatureMD5WithRSA
, RSA
, crypto
.MD5
},
320 {SHA1WithRSA
, "SHA1-RSA", oidSignatureSHA1WithRSA
, RSA
, crypto
.SHA1
},
321 {SHA1WithRSA
, "SHA1-RSA", oidISOSignatureSHA1WithRSA
, RSA
, crypto
.SHA1
},
322 {SHA256WithRSA
, "SHA256-RSA", oidSignatureSHA256WithRSA
, RSA
, crypto
.SHA256
},
323 {SHA384WithRSA
, "SHA384-RSA", oidSignatureSHA384WithRSA
, RSA
, crypto
.SHA384
},
324 {SHA512WithRSA
, "SHA512-RSA", oidSignatureSHA512WithRSA
, RSA
, crypto
.SHA512
},
325 {SHA256WithRSAPSS
, "SHA256-RSAPSS", oidSignatureRSAPSS
, RSA
, crypto
.SHA256
},
326 {SHA384WithRSAPSS
, "SHA384-RSAPSS", oidSignatureRSAPSS
, RSA
, crypto
.SHA384
},
327 {SHA512WithRSAPSS
, "SHA512-RSAPSS", oidSignatureRSAPSS
, RSA
, crypto
.SHA512
},
328 {DSAWithSHA1
, "DSA-SHA1", oidSignatureDSAWithSHA1
, DSA
, crypto
.SHA1
},
329 {DSAWithSHA256
, "DSA-SHA256", oidSignatureDSAWithSHA256
, DSA
, crypto
.SHA256
},
330 {ECDSAWithSHA1
, "ECDSA-SHA1", oidSignatureECDSAWithSHA1
, ECDSA
, crypto
.SHA1
},
331 {ECDSAWithSHA256
, "ECDSA-SHA256", oidSignatureECDSAWithSHA256
, ECDSA
, crypto
.SHA256
},
332 {ECDSAWithSHA384
, "ECDSA-SHA384", oidSignatureECDSAWithSHA384
, ECDSA
, crypto
.SHA384
},
333 {ECDSAWithSHA512
, "ECDSA-SHA512", oidSignatureECDSAWithSHA512
, ECDSA
, crypto
.SHA512
},
336 // pssParameters reflects the parameters in an AlgorithmIdentifier that
337 // specifies RSA PSS. See https://tools.ietf.org/html/rfc3447#appendix-A.2.3
338 type pssParameters
struct {
339 // The following three fields are not marked as
340 // optional because the default values specify SHA-1,
341 // which is no longer suitable for use in signatures.
342 Hash pkix
.AlgorithmIdentifier
`asn1:"explicit,tag:0"`
343 MGF pkix
.AlgorithmIdentifier
`asn1:"explicit,tag:1"`
344 SaltLength
int `asn1:"explicit,tag:2"`
345 TrailerField
int `asn1:"optional,explicit,tag:3,default:1"`
348 // rsaPSSParameters returns an asn1.RawValue suitable for use as the Parameters
349 // in an AlgorithmIdentifier that specifies RSA PSS.
350 func rsaPSSParameters(hashFunc crypto
.Hash
) asn1
.RawValue
{
351 var hashOID asn1
.ObjectIdentifier
362 params
:= pssParameters
{
363 Hash
: pkix
.AlgorithmIdentifier
{
365 Parameters
: asn1
.NullRawValue
,
367 MGF
: pkix
.AlgorithmIdentifier
{
370 SaltLength
: hashFunc
.Size(),
374 mgf1Params
:= pkix
.AlgorithmIdentifier
{
376 Parameters
: asn1
.NullRawValue
,
380 params
.MGF
.Parameters
.FullBytes
, err
= asn1
.Marshal(mgf1Params
)
385 serialized
, err
:= asn1
.Marshal(params
)
390 return asn1
.RawValue
{FullBytes
: serialized
}
393 func getSignatureAlgorithmFromAI(ai pkix
.AlgorithmIdentifier
) SignatureAlgorithm
{
394 if !ai
.Algorithm
.Equal(oidSignatureRSAPSS
) {
395 for _
, details
:= range signatureAlgorithmDetails
{
396 if ai
.Algorithm
.Equal(details
.oid
) {
400 return UnknownSignatureAlgorithm
403 // RSA PSS is special because it encodes important parameters
404 // in the Parameters.
406 var params pssParameters
407 if _
, err
:= asn1
.Unmarshal(ai
.Parameters
.FullBytes
, ¶ms
); err
!= nil {
408 return UnknownSignatureAlgorithm
411 var mgf1HashFunc pkix
.AlgorithmIdentifier
412 if _
, err
:= asn1
.Unmarshal(params
.MGF
.Parameters
.FullBytes
, &mgf1HashFunc
); err
!= nil {
413 return UnknownSignatureAlgorithm
416 // PSS is greatly overburdened with options. This code forces
417 // them into three buckets by requiring that the MGF1 hash
418 // function always match the message hash function (as
420 // https://tools.ietf.org/html/rfc3447#section-8.1), that the
421 // salt length matches the hash length, and that the trailer
422 // field has the default value.
423 if !bytes
.Equal(params
.Hash
.Parameters
.FullBytes
, asn1
.NullBytes
) ||
424 !params
.MGF
.Algorithm
.Equal(oidMGF1
) ||
425 !mgf1HashFunc
.Algorithm
.Equal(params
.Hash
.Algorithm
) ||
426 !bytes
.Equal(mgf1HashFunc
.Parameters
.FullBytes
, asn1
.NullBytes
) ||
427 params
.TrailerField
!= 1 {
428 return UnknownSignatureAlgorithm
432 case params
.Hash
.Algorithm
.Equal(oidSHA256
) && params
.SaltLength
== 32:
433 return SHA256WithRSAPSS
434 case params
.Hash
.Algorithm
.Equal(oidSHA384
) && params
.SaltLength
== 48:
435 return SHA384WithRSAPSS
436 case params
.Hash
.Algorithm
.Equal(oidSHA512
) && params
.SaltLength
== 64:
437 return SHA512WithRSAPSS
440 return UnknownSignatureAlgorithm
443 // RFC 3279, 2.3 Public Key Algorithms
445 // pkcs-1 OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840)
446 // rsadsi(113549) pkcs(1) 1 }
448 // rsaEncryption OBJECT IDENTIFIER ::== { pkcs1-1 1 }
450 // id-dsa OBJECT IDENTIFIER ::== { iso(1) member-body(2) us(840)
451 // x9-57(10040) x9cm(4) 1 }
453 // RFC 5480, 2.1.1 Unrestricted Algorithm Identifier and Parameters
455 // id-ecPublicKey OBJECT IDENTIFIER ::= {
456 // iso(1) member-body(2) us(840) ansi-X9-62(10045) keyType(2) 1 }
458 oidPublicKeyRSA
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 1, 1}
459 oidPublicKeyDSA
= asn1
.ObjectIdentifier
{1, 2, 840, 10040, 4, 1}
460 oidPublicKeyECDSA
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 2, 1}
463 func getPublicKeyAlgorithmFromOID(oid asn1
.ObjectIdentifier
) PublicKeyAlgorithm
{
465 case oid
.Equal(oidPublicKeyRSA
):
467 case oid
.Equal(oidPublicKeyDSA
):
469 case oid
.Equal(oidPublicKeyECDSA
):
472 return UnknownPublicKeyAlgorithm
475 // RFC 5480, 2.1.1.1. Named Curve
477 // secp224r1 OBJECT IDENTIFIER ::= {
478 // iso(1) identified-organization(3) certicom(132) curve(0) 33 }
480 // secp256r1 OBJECT IDENTIFIER ::= {
481 // iso(1) member-body(2) us(840) ansi-X9-62(10045) curves(3)
484 // secp384r1 OBJECT IDENTIFIER ::= {
485 // iso(1) identified-organization(3) certicom(132) curve(0) 34 }
487 // secp521r1 OBJECT IDENTIFIER ::= {
488 // iso(1) identified-organization(3) certicom(132) curve(0) 35 }
490 // NB: secp256r1 is equivalent to prime256v1
492 oidNamedCurveP224
= asn1
.ObjectIdentifier
{1, 3, 132, 0, 33}
493 oidNamedCurveP256
= asn1
.ObjectIdentifier
{1, 2, 840, 10045, 3, 1, 7}
494 oidNamedCurveP384
= asn1
.ObjectIdentifier
{1, 3, 132, 0, 34}
495 oidNamedCurveP521
= asn1
.ObjectIdentifier
{1, 3, 132, 0, 35}
498 func namedCurveFromOID(oid asn1
.ObjectIdentifier
) elliptic
.Curve
{
500 case oid
.Equal(oidNamedCurveP224
):
501 return elliptic
.P224()
502 case oid
.Equal(oidNamedCurveP256
):
503 return elliptic
.P256()
504 case oid
.Equal(oidNamedCurveP384
):
505 return elliptic
.P384()
506 case oid
.Equal(oidNamedCurveP521
):
507 return elliptic
.P521()
512 func oidFromNamedCurve(curve elliptic
.Curve
) (asn1
.ObjectIdentifier
, bool) {
514 case elliptic
.P224():
515 return oidNamedCurveP224
, true
516 case elliptic
.P256():
517 return oidNamedCurveP256
, true
518 case elliptic
.P384():
519 return oidNamedCurveP384
, true
520 case elliptic
.P521():
521 return oidNamedCurveP521
, true
527 // KeyUsage represents the set of actions that are valid for a given key. It's
528 // a bitmap of the KeyUsage* constants.
532 KeyUsageDigitalSignature KeyUsage
= 1 << iota
533 KeyUsageContentCommitment
534 KeyUsageKeyEncipherment
535 KeyUsageDataEncipherment
543 // RFC 5280, 4.2.1.12 Extended Key Usage
545 // anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 }
547 // id-kp OBJECT IDENTIFIER ::= { id-pkix 3 }
549 // id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 }
550 // id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 }
551 // id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 }
552 // id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 }
553 // id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 }
554 // id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
556 oidExtKeyUsageAny
= asn1
.ObjectIdentifier
{2, 5, 29, 37, 0}
557 oidExtKeyUsageServerAuth
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 1}
558 oidExtKeyUsageClientAuth
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 2}
559 oidExtKeyUsageCodeSigning
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 3}
560 oidExtKeyUsageEmailProtection
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 4}
561 oidExtKeyUsageIPSECEndSystem
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 5}
562 oidExtKeyUsageIPSECTunnel
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 6}
563 oidExtKeyUsageIPSECUser
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 7}
564 oidExtKeyUsageTimeStamping
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 8}
565 oidExtKeyUsageOCSPSigning
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 3, 9}
566 oidExtKeyUsageMicrosoftServerGatedCrypto
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}
567 oidExtKeyUsageNetscapeServerGatedCrypto
= asn1
.ObjectIdentifier
{2, 16, 840, 1, 113730, 4, 1}
568 oidExtKeyUsageMicrosoftCommercialCodeSigning
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}
569 oidExtKeyUsageMicrosoftKernelCodeSigning
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}
572 // ExtKeyUsage represents an extended set of actions that are valid for a given key.
573 // Each of the ExtKeyUsage* constants define a unique action.
577 ExtKeyUsageAny ExtKeyUsage
= iota
578 ExtKeyUsageServerAuth
579 ExtKeyUsageClientAuth
580 ExtKeyUsageCodeSigning
581 ExtKeyUsageEmailProtection
582 ExtKeyUsageIPSECEndSystem
583 ExtKeyUsageIPSECTunnel
585 ExtKeyUsageTimeStamping
586 ExtKeyUsageOCSPSigning
587 ExtKeyUsageMicrosoftServerGatedCrypto
588 ExtKeyUsageNetscapeServerGatedCrypto
589 ExtKeyUsageMicrosoftCommercialCodeSigning
590 ExtKeyUsageMicrosoftKernelCodeSigning
593 // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID.
594 var extKeyUsageOIDs
= []struct {
595 extKeyUsage ExtKeyUsage
596 oid asn1
.ObjectIdentifier
598 {ExtKeyUsageAny
, oidExtKeyUsageAny
},
599 {ExtKeyUsageServerAuth
, oidExtKeyUsageServerAuth
},
600 {ExtKeyUsageClientAuth
, oidExtKeyUsageClientAuth
},
601 {ExtKeyUsageCodeSigning
, oidExtKeyUsageCodeSigning
},
602 {ExtKeyUsageEmailProtection
, oidExtKeyUsageEmailProtection
},
603 {ExtKeyUsageIPSECEndSystem
, oidExtKeyUsageIPSECEndSystem
},
604 {ExtKeyUsageIPSECTunnel
, oidExtKeyUsageIPSECTunnel
},
605 {ExtKeyUsageIPSECUser
, oidExtKeyUsageIPSECUser
},
606 {ExtKeyUsageTimeStamping
, oidExtKeyUsageTimeStamping
},
607 {ExtKeyUsageOCSPSigning
, oidExtKeyUsageOCSPSigning
},
608 {ExtKeyUsageMicrosoftServerGatedCrypto
, oidExtKeyUsageMicrosoftServerGatedCrypto
},
609 {ExtKeyUsageNetscapeServerGatedCrypto
, oidExtKeyUsageNetscapeServerGatedCrypto
},
610 {ExtKeyUsageMicrosoftCommercialCodeSigning
, oidExtKeyUsageMicrosoftCommercialCodeSigning
},
611 {ExtKeyUsageMicrosoftKernelCodeSigning
, oidExtKeyUsageMicrosoftKernelCodeSigning
},
614 func extKeyUsageFromOID(oid asn1
.ObjectIdentifier
) (eku ExtKeyUsage
, ok
bool) {
615 for _
, pair
:= range extKeyUsageOIDs
{
616 if oid
.Equal(pair
.oid
) {
617 return pair
.extKeyUsage
, true
623 func oidFromExtKeyUsage(eku ExtKeyUsage
) (oid asn1
.ObjectIdentifier
, ok
bool) {
624 for _
, pair
:= range extKeyUsageOIDs
{
625 if eku
== pair
.extKeyUsage
{
626 return pair
.oid
, true
632 // A Certificate represents an X.509 certificate.
633 type Certificate
struct {
634 Raw
[]byte // Complete ASN.1 DER content (certificate, signature algorithm and signature).
635 RawTBSCertificate
[]byte // Certificate part of raw ASN.1 DER content.
636 RawSubjectPublicKeyInfo
[]byte // DER encoded SubjectPublicKeyInfo.
637 RawSubject
[]byte // DER encoded Subject
638 RawIssuer
[]byte // DER encoded Issuer
641 SignatureAlgorithm SignatureAlgorithm
643 PublicKeyAlgorithm PublicKeyAlgorithm
644 PublicKey
interface{}
647 SerialNumber
*big
.Int
650 NotBefore
, NotAfter time
.Time
// Validity bounds.
653 // Extensions contains raw X.509 extensions. When parsing certificates,
654 // this can be used to extract non-critical extensions that are not
655 // parsed by this package. When marshaling certificates, the Extensions
656 // field is ignored, see ExtraExtensions.
657 Extensions
[]pkix
.Extension
659 // ExtraExtensions contains extensions to be copied, raw, into any
660 // marshaled certificates. Values override any extensions that would
661 // otherwise be produced based on the other fields. The ExtraExtensions
662 // field is not populated when parsing certificates, see Extensions.
663 ExtraExtensions
[]pkix
.Extension
665 // UnhandledCriticalExtensions contains a list of extension IDs that
666 // were not (fully) processed when parsing. Verify will fail if this
667 // slice is non-empty, unless verification is delegated to an OS
668 // library which understands all the critical extensions.
670 // Users can access these extensions using Extensions and can remove
671 // elements from this slice if they believe that they have been
673 UnhandledCriticalExtensions
[]asn1
.ObjectIdentifier
675 ExtKeyUsage
[]ExtKeyUsage
// Sequence of extended key usages.
676 UnknownExtKeyUsage
[]asn1
.ObjectIdentifier
// Encountered extended key usages unknown to this package.
678 // BasicConstraintsValid indicates whether IsCA, MaxPathLen,
679 // and MaxPathLenZero are valid.
680 BasicConstraintsValid
bool
683 // MaxPathLen and MaxPathLenZero indicate the presence and
684 // value of the BasicConstraints' "pathLenConstraint".
686 // When parsing a certificate, a positive non-zero MaxPathLen
687 // means that the field was specified, -1 means it was unset,
688 // and MaxPathLenZero being true mean that the field was
689 // explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false
690 // should be treated equivalent to -1 (unset).
692 // When generating a certificate, an unset pathLenConstraint
693 // can be requested with either MaxPathLen == -1 or using the
694 // zero value for both MaxPathLen and MaxPathLenZero.
696 // MaxPathLenZero indicates that BasicConstraintsValid==true
697 // and MaxPathLen==0 should be interpreted as an actual
698 // maximum path length of zero. Otherwise, that combination is
699 // interpreted as MaxPathLen not being set.
703 AuthorityKeyId
[]byte
705 // RFC 5280, 4.2.2.1 (Authority Information Access)
707 IssuingCertificateURL
[]string
709 // Subject Alternate Name values. (Note that these values may not be valid
710 // if invalid values were contained within a parsed certificate. For
711 // example, an element of DNSNames may not be a valid DNS domain name.)
713 EmailAddresses
[]string
718 PermittedDNSDomainsCritical
bool // if true then the name constraints are marked critical.
719 PermittedDNSDomains
[]string
720 ExcludedDNSDomains
[]string
721 PermittedIPRanges
[]*net
.IPNet
722 ExcludedIPRanges
[]*net
.IPNet
723 PermittedEmailAddresses
[]string
724 ExcludedEmailAddresses
[]string
725 PermittedURIDomains
[]string
726 ExcludedURIDomains
[]string
728 // CRL Distribution Points
729 CRLDistributionPoints
[]string
731 PolicyIdentifiers
[]asn1
.ObjectIdentifier
734 // ErrUnsupportedAlgorithm results from attempting to perform an operation that
735 // involves algorithms that are not currently implemented.
736 var ErrUnsupportedAlgorithm
= errors
.New("x509: cannot verify signature: algorithm unimplemented")
738 // An InsecureAlgorithmError
739 type InsecureAlgorithmError SignatureAlgorithm
741 func (e InsecureAlgorithmError
) Error() string {
742 return fmt
.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e
))
745 // ConstraintViolationError results when a requested usage is not permitted by
746 // a certificate. For example: checking a signature when the public key isn't a
747 // certificate signing key.
748 type ConstraintViolationError
struct{}
750 func (ConstraintViolationError
) Error() string {
751 return "x509: invalid signature: parent certificate cannot sign this kind of certificate"
754 func (c
*Certificate
) Equal(other
*Certificate
) bool {
755 return bytes
.Equal(c
.Raw
, other
.Raw
)
758 func (c
*Certificate
) hasSANExtension() bool {
759 return oidInExtensions(oidExtensionSubjectAltName
, c
.Extensions
)
762 // Entrust have a broken root certificate (CN=Entrust.net Certification
763 // Authority (2048)) which isn't marked as a CA certificate and is thus invalid
764 // according to PKIX.
765 // We recognise this certificate by its SubjectPublicKeyInfo and exempt it
766 // from the Basic Constraints requirement.
767 // See http://www.entrust.net/knowledge-base/technote.cfm?tn=7869
769 // TODO(agl): remove this hack once their reissued root is sufficiently
771 var entrustBrokenSPKI
= []byte{
772 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
773 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
774 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
775 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
776 0x00, 0x97, 0xa3, 0x2d, 0x3c, 0x9e, 0xde, 0x05,
777 0xda, 0x13, 0xc2, 0x11, 0x8d, 0x9d, 0x8e, 0xe3,
778 0x7f, 0xc7, 0x4b, 0x7e, 0x5a, 0x9f, 0xb3, 0xff,
779 0x62, 0xab, 0x73, 0xc8, 0x28, 0x6b, 0xba, 0x10,
780 0x64, 0x82, 0x87, 0x13, 0xcd, 0x57, 0x18, 0xff,
781 0x28, 0xce, 0xc0, 0xe6, 0x0e, 0x06, 0x91, 0x50,
782 0x29, 0x83, 0xd1, 0xf2, 0xc3, 0x2a, 0xdb, 0xd8,
783 0xdb, 0x4e, 0x04, 0xcc, 0x00, 0xeb, 0x8b, 0xb6,
784 0x96, 0xdc, 0xbc, 0xaa, 0xfa, 0x52, 0x77, 0x04,
785 0xc1, 0xdb, 0x19, 0xe4, 0xae, 0x9c, 0xfd, 0x3c,
786 0x8b, 0x03, 0xef, 0x4d, 0xbc, 0x1a, 0x03, 0x65,
787 0xf9, 0xc1, 0xb1, 0x3f, 0x72, 0x86, 0xf2, 0x38,
788 0xaa, 0x19, 0xae, 0x10, 0x88, 0x78, 0x28, 0xda,
789 0x75, 0xc3, 0x3d, 0x02, 0x82, 0x02, 0x9c, 0xb9,
790 0xc1, 0x65, 0x77, 0x76, 0x24, 0x4c, 0x98, 0xf7,
791 0x6d, 0x31, 0x38, 0xfb, 0xdb, 0xfe, 0xdb, 0x37,
792 0x02, 0x76, 0xa1, 0x18, 0x97, 0xa6, 0xcc, 0xde,
793 0x20, 0x09, 0x49, 0x36, 0x24, 0x69, 0x42, 0xf6,
794 0xe4, 0x37, 0x62, 0xf1, 0x59, 0x6d, 0xa9, 0x3c,
795 0xed, 0x34, 0x9c, 0xa3, 0x8e, 0xdb, 0xdc, 0x3a,
796 0xd7, 0xf7, 0x0a, 0x6f, 0xef, 0x2e, 0xd8, 0xd5,
797 0x93, 0x5a, 0x7a, 0xed, 0x08, 0x49, 0x68, 0xe2,
798 0x41, 0xe3, 0x5a, 0x90, 0xc1, 0x86, 0x55, 0xfc,
799 0x51, 0x43, 0x9d, 0xe0, 0xb2, 0xc4, 0x67, 0xb4,
800 0xcb, 0x32, 0x31, 0x25, 0xf0, 0x54, 0x9f, 0x4b,
801 0xd1, 0x6f, 0xdb, 0xd4, 0xdd, 0xfc, 0xaf, 0x5e,
802 0x6c, 0x78, 0x90, 0x95, 0xde, 0xca, 0x3a, 0x48,
803 0xb9, 0x79, 0x3c, 0x9b, 0x19, 0xd6, 0x75, 0x05,
804 0xa0, 0xf9, 0x88, 0xd7, 0xc1, 0xe8, 0xa5, 0x09,
805 0xe4, 0x1a, 0x15, 0xdc, 0x87, 0x23, 0xaa, 0xb2,
806 0x75, 0x8c, 0x63, 0x25, 0x87, 0xd8, 0xf8, 0x3d,
807 0xa6, 0xc2, 0xcc, 0x66, 0xff, 0xa5, 0x66, 0x68,
808 0x55, 0x02, 0x03, 0x01, 0x00, 0x01,
811 // CheckSignatureFrom verifies that the signature on c is a valid signature
813 func (c
*Certificate
) CheckSignatureFrom(parent
*Certificate
) error
{
814 // RFC 5280, 4.2.1.9:
815 // "If the basic constraints extension is not present in a version 3
816 // certificate, or the extension is present but the cA boolean is not
817 // asserted, then the certified public key MUST NOT be used to verify
818 // certificate signatures."
819 // (except for Entrust, see comment above entrustBrokenSPKI)
820 if (parent
.Version
== 3 && !parent
.BasicConstraintsValid ||
821 parent
.BasicConstraintsValid
&& !parent
.IsCA
) &&
822 !bytes
.Equal(c
.RawSubjectPublicKeyInfo
, entrustBrokenSPKI
) {
823 return ConstraintViolationError
{}
826 if parent
.KeyUsage
!= 0 && parent
.KeyUsage
&KeyUsageCertSign
== 0 {
827 return ConstraintViolationError
{}
830 if parent
.PublicKeyAlgorithm
== UnknownPublicKeyAlgorithm
{
831 return ErrUnsupportedAlgorithm
834 // TODO(agl): don't ignore the path length constraint.
836 return parent
.CheckSignature(c
.SignatureAlgorithm
, c
.RawTBSCertificate
, c
.Signature
)
839 // CheckSignature verifies that signature is a valid signature over signed from
841 func (c
*Certificate
) CheckSignature(algo SignatureAlgorithm
, signed
, signature
[]byte) error
{
842 return checkSignature(algo
, signed
, signature
, c
.PublicKey
)
845 func (c
*Certificate
) hasNameConstraints() bool {
846 for _
, e
:= range c
.Extensions
{
847 if len(e
.Id
) == 4 && e
.Id
[0] == 2 && e
.Id
[1] == 5 && e
.Id
[2] == 29 && e
.Id
[3] == 30 {
855 func (c
*Certificate
) getSANExtension() ([]byte, bool) {
856 for _
, e
:= range c
.Extensions
{
857 if len(e
.Id
) == 4 && e
.Id
[0] == 2 && e
.Id
[1] == 5 && e
.Id
[2] == 29 && e
.Id
[3] == 17 {
865 func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm
, pubKey
interface{}) error
{
866 return fmt
.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo
.String(), pubKey
)
869 // CheckSignature verifies that signature is a valid signature over signed from
870 // a crypto.PublicKey.
871 func checkSignature(algo SignatureAlgorithm
, signed
, signature
[]byte, publicKey crypto
.PublicKey
) (err error
) {
872 var hashType crypto
.Hash
873 var pubKeyAlgo PublicKeyAlgorithm
875 for _
, details
:= range signatureAlgorithmDetails
{
876 if details
.algo
== algo
{
877 hashType
= details
.hash
878 pubKeyAlgo
= details
.pubKeyAlgo
884 return ErrUnsupportedAlgorithm
886 return InsecureAlgorithmError(algo
)
889 if !hashType
.Available() {
890 return ErrUnsupportedAlgorithm
897 switch pub
:= publicKey
.(type) {
899 if pubKeyAlgo
!= RSA
{
900 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo
, pub
)
903 return rsa
.VerifyPSS(pub
, hashType
, digest
, signature
, &rsa
.PSSOptions
{SaltLength
: rsa
.PSSSaltLengthEqualsHash
})
905 return rsa
.VerifyPKCS1v15(pub
, hashType
, digest
, signature
)
908 if pubKeyAlgo
!= DSA
{
909 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo
, pub
)
911 dsaSig
:= new(dsaSignature
)
912 if rest
, err
:= asn1
.Unmarshal(signature
, dsaSig
); err
!= nil {
914 } else if len(rest
) != 0 {
915 return errors
.New("x509: trailing data after DSA signature")
917 if dsaSig
.R
.Sign() <= 0 || dsaSig
.S
.Sign() <= 0 {
918 return errors
.New("x509: DSA signature contained zero or negative values")
920 if !dsa
.Verify(pub
, digest
, dsaSig
.R
, dsaSig
.S
) {
921 return errors
.New("x509: DSA verification failure")
924 case *ecdsa
.PublicKey
:
925 if pubKeyAlgo
!= ECDSA
{
926 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo
, pub
)
928 ecdsaSig
:= new(ecdsaSignature
)
929 if rest
, err
:= asn1
.Unmarshal(signature
, ecdsaSig
); err
!= nil {
931 } else if len(rest
) != 0 {
932 return errors
.New("x509: trailing data after ECDSA signature")
934 if ecdsaSig
.R
.Sign() <= 0 || ecdsaSig
.S
.Sign() <= 0 {
935 return errors
.New("x509: ECDSA signature contained zero or negative values")
937 if !ecdsa
.Verify(pub
, digest
, ecdsaSig
.R
, ecdsaSig
.S
) {
938 return errors
.New("x509: ECDSA verification failure")
942 return ErrUnsupportedAlgorithm
945 // CheckCRLSignature checks that the signature in crl is from c.
946 func (c
*Certificate
) CheckCRLSignature(crl
*pkix
.CertificateList
) error
{
947 algo
:= getSignatureAlgorithmFromAI(crl
.SignatureAlgorithm
)
948 return c
.CheckSignature(algo
, crl
.TBSCertList
.Raw
, crl
.SignatureValue
.RightAlign())
951 type UnhandledCriticalExtension
struct{}
953 func (h UnhandledCriticalExtension
) Error() string {
954 return "x509: unhandled critical extension"
957 type basicConstraints
struct {
958 IsCA
bool `asn1:"optional"`
959 MaxPathLen
int `asn1:"optional,default:-1"`
963 type policyInformation
struct {
964 Policy asn1
.ObjectIdentifier
965 // policyQualifiers omitted
976 type authorityInfoAccess
struct {
977 Method asn1
.ObjectIdentifier
978 Location asn1
.RawValue
981 // RFC 5280, 4.2.1.14
982 type distributionPoint
struct {
983 DistributionPoint distributionPointName
`asn1:"optional,tag:0"`
984 Reason asn1
.BitString
`asn1:"optional,tag:1"`
985 CRLIssuer asn1
.RawValue
`asn1:"optional,tag:2"`
988 type distributionPointName
struct {
989 FullName
[]asn1
.RawValue
`asn1:"optional,tag:0"`
990 RelativeName pkix
.RDNSequence
`asn1:"optional,tag:1"`
993 func parsePublicKey(algo PublicKeyAlgorithm
, keyData
*publicKeyInfo
) (interface{}, error
) {
994 asn1Data
:= keyData
.PublicKey
.RightAlign()
997 // RSA public keys must have a NULL in the parameters
998 // (https://tools.ietf.org/html/rfc3279#section-2.3.1).
999 if !bytes
.Equal(keyData
.Algorithm
.Parameters
.FullBytes
, asn1
.NullBytes
) {
1000 return nil, errors
.New("x509: RSA key missing NULL parameters")
1003 p
:= new(pkcs1PublicKey
)
1004 rest
, err
:= asn1
.Unmarshal(asn1Data
, p
)
1009 return nil, errors
.New("x509: trailing data after RSA public key")
1012 if p
.N
.Sign() <= 0 {
1013 return nil, errors
.New("x509: RSA modulus is not a positive number")
1016 return nil, errors
.New("x509: RSA public exponent is not a positive number")
1019 pub
:= &rsa
.PublicKey
{
1026 rest
, err
:= asn1
.Unmarshal(asn1Data
, &p
)
1031 return nil, errors
.New("x509: trailing data after DSA public key")
1033 paramsData
:= keyData
.Algorithm
.Parameters
.FullBytes
1034 params
:= new(dsaAlgorithmParameters
)
1035 rest
, err
= asn1
.Unmarshal(paramsData
, params
)
1040 return nil, errors
.New("x509: trailing data after DSA parameters")
1042 if p
.Sign() <= 0 || params
.P
.Sign() <= 0 || params
.Q
.Sign() <= 0 || params
.G
.Sign() <= 0 {
1043 return nil, errors
.New("x509: zero or negative DSA parameter")
1045 pub
:= &dsa
.PublicKey
{
1046 Parameters
: dsa
.Parameters
{
1055 paramsData
:= keyData
.Algorithm
.Parameters
.FullBytes
1056 namedCurveOID
:= new(asn1
.ObjectIdentifier
)
1057 rest
, err
:= asn1
.Unmarshal(paramsData
, namedCurveOID
)
1062 return nil, errors
.New("x509: trailing data after ECDSA parameters")
1064 namedCurve
:= namedCurveFromOID(*namedCurveOID
)
1065 if namedCurve
== nil {
1066 return nil, errors
.New("x509: unsupported elliptic curve")
1068 x
, y
:= elliptic
.Unmarshal(namedCurve
, asn1Data
)
1070 return nil, errors
.New("x509: failed to unmarshal elliptic curve point")
1072 pub
:= &ecdsa
.PublicKey
{
1083 func forEachSAN(extension
[]byte, callback
func(tag
int, data
[]byte) error
) error
{
1084 // RFC 5280, 4.2.1.6
1086 // SubjectAltName ::= GeneralNames
1088 // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
1090 // GeneralName ::= CHOICE {
1091 // otherName [0] OtherName,
1092 // rfc822Name [1] IA5String,
1093 // dNSName [2] IA5String,
1094 // x400Address [3] ORAddress,
1095 // directoryName [4] Name,
1096 // ediPartyName [5] EDIPartyName,
1097 // uniformResourceIdentifier [6] IA5String,
1098 // iPAddress [7] OCTET STRING,
1099 // registeredID [8] OBJECT IDENTIFIER }
1100 var seq asn1
.RawValue
1101 rest
, err
:= asn1
.Unmarshal(extension
, &seq
)
1104 } else if len(rest
) != 0 {
1105 return errors
.New("x509: trailing data after X.509 extension")
1107 if !seq
.IsCompound || seq
.Tag
!= 16 || seq
.Class
!= 0 {
1108 return asn1
.StructuralError
{Msg
: "bad SAN sequence"}
1114 rest
, err
= asn1
.Unmarshal(rest
, &v
)
1119 if err
:= callback(v
.Tag
, v
.Bytes
); err
!= nil {
1127 func parseSANExtension(value
[]byte) (dnsNames
, emailAddresses
[]string, ipAddresses
[]net
.IP
, uris
[]*url
.URL
, err error
) {
1128 err
= forEachSAN(value
, func(tag
int, data
[]byte) error
{
1131 emailAddresses
= append(emailAddresses
, string(data
))
1133 dnsNames
= append(dnsNames
, string(data
))
1135 uri
, err
:= url
.Parse(string(data
))
1137 return fmt
.Errorf("x509: cannot parse URI %q: %s", string(data
), err
)
1139 if len(uri
.Host
) > 0 {
1140 if _
, ok
:= domainToReverseLabels(uri
.Host
); !ok
{
1141 return fmt
.Errorf("x509: cannot parse URI %q: invalid domain", string(data
))
1144 uris
= append(uris
, uri
)
1147 case net
.IPv4len
, net
.IPv6len
:
1148 ipAddresses
= append(ipAddresses
, data
)
1150 return errors
.New("x509: cannot parse IP address of length " + strconv
.Itoa(len(data
)))
1160 // isValidIPMask returns true iff mask consists of zero or more 1 bits, followed by zero bits.
1161 func isValidIPMask(mask
[]byte) bool {
1164 for _
, b
:= range mask
{
1174 case 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe:
1185 func parseNameConstraintsExtension(out
*Certificate
, e pkix
.Extension
) (unhandled
bool, err error
) {
1186 // RFC 5280, 4.2.1.10
1188 // NameConstraints ::= SEQUENCE {
1189 // permittedSubtrees [0] GeneralSubtrees OPTIONAL,
1190 // excludedSubtrees [1] GeneralSubtrees OPTIONAL }
1192 // GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree
1194 // GeneralSubtree ::= SEQUENCE {
1195 // base GeneralName,
1196 // minimum [0] BaseDistance DEFAULT 0,
1197 // maximum [1] BaseDistance OPTIONAL }
1199 // BaseDistance ::= INTEGER (0..MAX)
1201 outer
:= cryptobyte
.String(e
.Value
)
1202 var toplevel
, permitted
, excluded cryptobyte
.String
1203 var havePermitted
, haveExcluded
bool
1204 if !outer
.ReadASN1(&toplevel
, cryptobyte_asn1
.SEQUENCE
) ||
1206 !toplevel
.ReadOptionalASN1(&permitted
, &havePermitted
, cryptobyte_asn1
.Tag(0).ContextSpecific().Constructed()) ||
1207 !toplevel
.ReadOptionalASN1(&excluded
, &haveExcluded
, cryptobyte_asn1
.Tag(1).ContextSpecific().Constructed()) ||
1209 return false, errors
.New("x509: invalid NameConstraints extension")
1212 if !havePermitted
&& !haveExcluded ||
len(permitted
) == 0 && len(excluded
) == 0 {
1213 // https://tools.ietf.org/html/rfc5280#section-4.2.1.10:
1214 // “either the permittedSubtrees field
1215 // or the excludedSubtrees MUST be
1217 return false, errors
.New("x509: empty name constraints extension")
1220 getValues
:= func(subtrees cryptobyte
.String
) (dnsNames
[]string, ips
[]*net
.IPNet
, emails
, uriDomains
[]string, err error
) {
1221 for !subtrees
.Empty() {
1222 var seq
, value cryptobyte
.String
1223 var tag cryptobyte_asn1
.Tag
1224 if !subtrees
.ReadASN1(&seq
, cryptobyte_asn1
.SEQUENCE
) ||
1225 !seq
.ReadAnyASN1(&value
, &tag
) {
1226 return nil, nil, nil, nil, fmt
.Errorf("x509: invalid NameConstraints extension")
1230 dnsTag
= cryptobyte_asn1
.Tag(2).ContextSpecific()
1231 emailTag
= cryptobyte_asn1
.Tag(1).ContextSpecific()
1232 ipTag
= cryptobyte_asn1
.Tag(7).ContextSpecific()
1233 uriTag
= cryptobyte_asn1
.Tag(6).ContextSpecific()
1238 domain
:= string(value
)
1239 if err
:= isIA5String(domain
); err
!= nil {
1240 return nil, nil, nil, nil, errors
.New("x509: invalid constraint value: " + err
.Error())
1243 trimmedDomain
:= domain
1244 if len(trimmedDomain
) > 0 && trimmedDomain
[0] == '.' {
1245 // constraints can have a leading
1246 // period to exclude the domain
1247 // itself, but that's not valid in a
1248 // normal domain name.
1249 trimmedDomain
= trimmedDomain
[1:]
1251 if _
, ok
:= domainToReverseLabels(trimmedDomain
); !ok
{
1252 return nil, nil, nil, nil, fmt
.Errorf("x509: failed to parse dnsName constraint %q", domain
)
1254 dnsNames
= append(dnsNames
, domain
)
1270 return nil, nil, nil, nil, fmt
.Errorf("x509: IP constraint contained value of length %d", l
)
1273 if !isValidIPMask(mask
) {
1274 return nil, nil, nil, nil, fmt
.Errorf("x509: IP constraint contained invalid mask %x", mask
)
1277 ips
= append(ips
, &net
.IPNet
{IP
: net
.IP(ip
), Mask
: net
.IPMask(mask
)})
1280 constraint
:= string(value
)
1281 if err
:= isIA5String(constraint
); err
!= nil {
1282 return nil, nil, nil, nil, errors
.New("x509: invalid constraint value: " + err
.Error())
1285 // If the constraint contains an @ then
1286 // it specifies an exact mailbox name.
1287 if strings
.Contains(constraint
, "@") {
1288 if _
, ok
:= parseRFC2821Mailbox(constraint
); !ok
{
1289 return nil, nil, nil, nil, fmt
.Errorf("x509: failed to parse rfc822Name constraint %q", constraint
)
1292 // Otherwise it's a domain name.
1293 domain
:= constraint
1294 if len(domain
) > 0 && domain
[0] == '.' {
1297 if _
, ok
:= domainToReverseLabels(domain
); !ok
{
1298 return nil, nil, nil, nil, fmt
.Errorf("x509: failed to parse rfc822Name constraint %q", constraint
)
1301 emails
= append(emails
, constraint
)
1304 domain
:= string(value
)
1305 if err
:= isIA5String(domain
); err
!= nil {
1306 return nil, nil, nil, nil, errors
.New("x509: invalid constraint value: " + err
.Error())
1309 if net
.ParseIP(domain
) != nil {
1310 return nil, nil, nil, nil, fmt
.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain
)
1313 trimmedDomain
:= domain
1314 if len(trimmedDomain
) > 0 && trimmedDomain
[0] == '.' {
1315 // constraints can have a leading
1316 // period to exclude the domain itself,
1317 // but that's not valid in a normal
1319 trimmedDomain
= trimmedDomain
[1:]
1321 if _
, ok
:= domainToReverseLabels(trimmedDomain
); !ok
{
1322 return nil, nil, nil, nil, fmt
.Errorf("x509: failed to parse URI constraint %q", domain
)
1324 uriDomains
= append(uriDomains
, domain
)
1331 return dnsNames
, ips
, emails
, uriDomains
, nil
1334 if out
.PermittedDNSDomains
, out
.PermittedIPRanges
, out
.PermittedEmailAddresses
, out
.PermittedURIDomains
, err
= getValues(permitted
); err
!= nil {
1337 if out
.ExcludedDNSDomains
, out
.ExcludedIPRanges
, out
.ExcludedEmailAddresses
, out
.ExcludedURIDomains
, err
= getValues(excluded
); err
!= nil {
1340 out
.PermittedDNSDomainsCritical
= e
.Critical
1342 return unhandled
, nil
1345 func parseCertificate(in
*certificate
) (*Certificate
, error
) {
1346 out
:= new(Certificate
)
1348 out
.RawTBSCertificate
= in
.TBSCertificate
.Raw
1349 out
.RawSubjectPublicKeyInfo
= in
.TBSCertificate
.PublicKey
.Raw
1350 out
.RawSubject
= in
.TBSCertificate
.Subject
.FullBytes
1351 out
.RawIssuer
= in
.TBSCertificate
.Issuer
.FullBytes
1353 out
.Signature
= in
.SignatureValue
.RightAlign()
1354 out
.SignatureAlgorithm
=
1355 getSignatureAlgorithmFromAI(in
.TBSCertificate
.SignatureAlgorithm
)
1357 out
.PublicKeyAlgorithm
=
1358 getPublicKeyAlgorithmFromOID(in
.TBSCertificate
.PublicKey
.Algorithm
.Algorithm
)
1360 out
.PublicKey
, err
= parsePublicKey(out
.PublicKeyAlgorithm
, &in
.TBSCertificate
.PublicKey
)
1365 out
.Version
= in
.TBSCertificate
.Version
+ 1
1366 out
.SerialNumber
= in
.TBSCertificate
.SerialNumber
1368 var issuer
, subject pkix
.RDNSequence
1369 if rest
, err
:= asn1
.Unmarshal(in
.TBSCertificate
.Subject
.FullBytes
, &subject
); err
!= nil {
1371 } else if len(rest
) != 0 {
1372 return nil, errors
.New("x509: trailing data after X.509 subject")
1374 if rest
, err
:= asn1
.Unmarshal(in
.TBSCertificate
.Issuer
.FullBytes
, &issuer
); err
!= nil {
1376 } else if len(rest
) != 0 {
1377 return nil, errors
.New("x509: trailing data after X.509 subject")
1380 out
.Issuer
.FillFromRDNSequence(&issuer
)
1381 out
.Subject
.FillFromRDNSequence(&subject
)
1383 out
.NotBefore
= in
.TBSCertificate
.Validity
.NotBefore
1384 out
.NotAfter
= in
.TBSCertificate
.Validity
.NotAfter
1386 for _
, e
:= range in
.TBSCertificate
.Extensions
{
1387 out
.Extensions
= append(out
.Extensions
, e
)
1390 if len(e
.Id
) == 4 && e
.Id
[0] == 2 && e
.Id
[1] == 5 && e
.Id
[2] == 29 {
1393 // RFC 5280, 4.2.1.3
1394 var usageBits asn1
.BitString
1395 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &usageBits
); err
!= nil {
1397 } else if len(rest
) != 0 {
1398 return nil, errors
.New("x509: trailing data after X.509 KeyUsage")
1402 for i
:= 0; i
< 9; i
++ {
1403 if usageBits
.At(i
) != 0 {
1404 usage |
= 1 << uint(i
)
1407 out
.KeyUsage
= KeyUsage(usage
)
1410 // RFC 5280, 4.2.1.9
1411 var constraints basicConstraints
1412 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &constraints
); err
!= nil {
1414 } else if len(rest
) != 0 {
1415 return nil, errors
.New("x509: trailing data after X.509 BasicConstraints")
1418 out
.BasicConstraintsValid
= true
1419 out
.IsCA
= constraints
.IsCA
1420 out
.MaxPathLen
= constraints
.MaxPathLen
1421 out
.MaxPathLenZero
= out
.MaxPathLen
== 0
1422 // TODO: map out.MaxPathLen to 0 if it has the -1 default value? (Issue 19285)
1424 out
.DNSNames
, out
.EmailAddresses
, out
.IPAddresses
, out
.URIs
, err
= parseSANExtension(e
.Value
)
1429 if len(out
.DNSNames
) == 0 && len(out
.EmailAddresses
) == 0 && len(out
.IPAddresses
) == 0 && len(out
.URIs
) == 0 {
1430 // If we didn't parse anything then we do the critical check, below.
1435 unhandled
, err
= parseNameConstraintsExtension(out
, e
)
1441 // RFC 5280, 4.2.1.13
1443 // CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint
1445 // DistributionPoint ::= SEQUENCE {
1446 // distributionPoint [0] DistributionPointName OPTIONAL,
1447 // reasons [1] ReasonFlags OPTIONAL,
1448 // cRLIssuer [2] GeneralNames OPTIONAL }
1450 // DistributionPointName ::= CHOICE {
1451 // fullName [0] GeneralNames,
1452 // nameRelativeToCRLIssuer [1] RelativeDistinguishedName }
1454 var cdp
[]distributionPoint
1455 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &cdp
); err
!= nil {
1457 } else if len(rest
) != 0 {
1458 return nil, errors
.New("x509: trailing data after X.509 CRL distribution point")
1461 for _
, dp
:= range cdp
{
1462 // Per RFC 5280, 4.2.1.13, one of distributionPoint or cRLIssuer may be empty.
1463 if len(dp
.DistributionPoint
.FullName
) == 0 {
1467 for _
, fullName
:= range dp
.DistributionPoint
.FullName
{
1468 if fullName
.Tag
== 6 {
1469 out
.CRLDistributionPoints
= append(out
.CRLDistributionPoints
, string(fullName
.Bytes
))
1475 // RFC 5280, 4.2.1.1
1477 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &a
); err
!= nil {
1479 } else if len(rest
) != 0 {
1480 return nil, errors
.New("x509: trailing data after X.509 authority key-id")
1482 out
.AuthorityKeyId
= a
.Id
1485 // RFC 5280, 4.2.1.12. Extended Key Usage
1487 // id-ce-extKeyUsage OBJECT IDENTIFIER ::= { id-ce 37 }
1489 // ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId
1491 // KeyPurposeId ::= OBJECT IDENTIFIER
1493 var keyUsage
[]asn1
.ObjectIdentifier
1494 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &keyUsage
); err
!= nil {
1496 } else if len(rest
) != 0 {
1497 return nil, errors
.New("x509: trailing data after X.509 ExtendedKeyUsage")
1500 for _
, u
:= range keyUsage
{
1501 if extKeyUsage
, ok
:= extKeyUsageFromOID(u
); ok
{
1502 out
.ExtKeyUsage
= append(out
.ExtKeyUsage
, extKeyUsage
)
1504 out
.UnknownExtKeyUsage
= append(out
.UnknownExtKeyUsage
, u
)
1509 // RFC 5280, 4.2.1.2
1511 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &keyid
); err
!= nil {
1513 } else if len(rest
) != 0 {
1514 return nil, errors
.New("x509: trailing data after X.509 key-id")
1516 out
.SubjectKeyId
= keyid
1519 // RFC 5280 4.2.1.4: Certificate Policies
1520 var policies
[]policyInformation
1521 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &policies
); err
!= nil {
1523 } else if len(rest
) != 0 {
1524 return nil, errors
.New("x509: trailing data after X.509 certificate policies")
1526 out
.PolicyIdentifiers
= make([]asn1
.ObjectIdentifier
, len(policies
))
1527 for i
, policy
:= range policies
{
1528 out
.PolicyIdentifiers
[i
] = policy
.Policy
1532 // Unknown extensions are recorded if critical.
1535 } else if e
.Id
.Equal(oidExtensionAuthorityInfoAccess
) {
1536 // RFC 5280 4.2.2.1: Authority Information Access
1537 var aia
[]authorityInfoAccess
1538 if rest
, err
:= asn1
.Unmarshal(e
.Value
, &aia
); err
!= nil {
1540 } else if len(rest
) != 0 {
1541 return nil, errors
.New("x509: trailing data after X.509 authority information")
1544 for _
, v
:= range aia
{
1545 // GeneralName: uniformResourceIdentifier [6] IA5String
1546 if v
.Location
.Tag
!= 6 {
1549 if v
.Method
.Equal(oidAuthorityInfoAccessOcsp
) {
1550 out
.OCSPServer
= append(out
.OCSPServer
, string(v
.Location
.Bytes
))
1551 } else if v
.Method
.Equal(oidAuthorityInfoAccessIssuers
) {
1552 out
.IssuingCertificateURL
= append(out
.IssuingCertificateURL
, string(v
.Location
.Bytes
))
1556 // Unknown extensions are recorded if critical.
1560 if e
.Critical
&& unhandled
{
1561 out
.UnhandledCriticalExtensions
= append(out
.UnhandledCriticalExtensions
, e
.Id
)
1568 // ParseCertificate parses a single certificate from the given ASN.1 DER data.
1569 func ParseCertificate(asn1Data
[]byte) (*Certificate
, error
) {
1570 var cert certificate
1571 rest
, err
:= asn1
.Unmarshal(asn1Data
, &cert
)
1576 return nil, asn1
.SyntaxError
{Msg
: "trailing data"}
1579 return parseCertificate(&cert
)
1582 // ParseCertificates parses one or more certificates from the given ASN.1 DER
1583 // data. The certificates must be concatenated with no intermediate padding.
1584 func ParseCertificates(asn1Data
[]byte) ([]*Certificate
, error
) {
1585 var v
[]*certificate
1587 for len(asn1Data
) > 0 {
1588 cert
:= new(certificate
)
1590 asn1Data
, err
= asn1
.Unmarshal(asn1Data
, cert
)
1597 ret
:= make([]*Certificate
, len(v
))
1598 for i
, ci
:= range v
{
1599 cert
, err
:= parseCertificate(ci
)
1609 func reverseBitsInAByte(in
byte) byte {
1611 b2
:= b1
>>2&0x33 | b1
<<2&0xcc
1612 b3
:= b2
>>1&0x55 | b2
<<1&0xaa
1616 // asn1BitLength returns the bit-length of bitString by considering the
1617 // most-significant bit in a byte to be the "first" bit. This convention
1618 // matches ASN.1, but differs from almost everything else.
1619 func asn1BitLength(bitString
[]byte) int {
1620 bitLen
:= len(bitString
) * 8
1622 for i
:= range bitString
{
1623 b
:= bitString
[len(bitString
)-i
-1]
1625 for bit
:= uint(0); bit
< 8; bit
++ {
1626 if (b
>>bit
)&1 == 1 {
1637 oidExtensionSubjectKeyId
= []int{2, 5, 29, 14}
1638 oidExtensionKeyUsage
= []int{2, 5, 29, 15}
1639 oidExtensionExtendedKeyUsage
= []int{2, 5, 29, 37}
1640 oidExtensionAuthorityKeyId
= []int{2, 5, 29, 35}
1641 oidExtensionBasicConstraints
= []int{2, 5, 29, 19}
1642 oidExtensionSubjectAltName
= []int{2, 5, 29, 17}
1643 oidExtensionCertificatePolicies
= []int{2, 5, 29, 32}
1644 oidExtensionNameConstraints
= []int{2, 5, 29, 30}
1645 oidExtensionCRLDistributionPoints
= []int{2, 5, 29, 31}
1646 oidExtensionAuthorityInfoAccess
= []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
1650 oidAuthorityInfoAccessOcsp
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 48, 1}
1651 oidAuthorityInfoAccessIssuers
= asn1
.ObjectIdentifier
{1, 3, 6, 1, 5, 5, 7, 48, 2}
1654 // oidNotInExtensions returns whether an extension with the given oid exists in
1656 func oidInExtensions(oid asn1
.ObjectIdentifier
, extensions
[]pkix
.Extension
) bool {
1657 for _
, e
:= range extensions
{
1658 if e
.Id
.Equal(oid
) {
1665 // marshalSANs marshals a list of addresses into a the contents of an X.509
1666 // SubjectAlternativeName extension.
1667 func marshalSANs(dnsNames
, emailAddresses
[]string, ipAddresses
[]net
.IP
, uris
[]*url
.URL
) (derBytes
[]byte, err error
) {
1668 var rawValues
[]asn1
.RawValue
1669 for _
, name
:= range dnsNames
{
1670 rawValues
= append(rawValues
, asn1
.RawValue
{Tag
: nameTypeDNS
, Class
: 2, Bytes
: []byte(name
)})
1672 for _
, email
:= range emailAddresses
{
1673 rawValues
= append(rawValues
, asn1
.RawValue
{Tag
: nameTypeEmail
, Class
: 2, Bytes
: []byte(email
)})
1675 for _
, rawIP
:= range ipAddresses
{
1676 // If possible, we always want to encode IPv4 addresses in 4 bytes.
1681 rawValues
= append(rawValues
, asn1
.RawValue
{Tag
: nameTypeIP
, Class
: 2, Bytes
: ip
})
1683 for _
, uri
:= range uris
{
1684 rawValues
= append(rawValues
, asn1
.RawValue
{Tag
: nameTypeURI
, Class
: 2, Bytes
: []byte(uri
.String())})
1686 return asn1
.Marshal(rawValues
)
1689 func isIA5String(s
string) error
{
1690 for _
, r
:= range s
{
1691 if r
>= utf8
.RuneSelf
{
1692 return fmt
.Errorf("x509: %q cannot be encoded as an IA5String", s
)
1699 func buildExtensions(template
*Certificate
, subjectIsEmpty
bool, authorityKeyId
[]byte) (ret
[]pkix
.Extension
, err error
) {
1700 ret
= make([]pkix
.Extension
, 10 /* maximum number of elements. */)
1703 if template
.KeyUsage
!= 0 &&
1704 !oidInExtensions(oidExtensionKeyUsage
, template
.ExtraExtensions
) {
1705 ret
[n
].Id
= oidExtensionKeyUsage
1706 ret
[n
].Critical
= true
1709 a
[0] = reverseBitsInAByte(byte(template
.KeyUsage
))
1710 a
[1] = reverseBitsInAByte(byte(template
.KeyUsage
>> 8))
1718 ret
[n
].Value
, err
= asn1
.Marshal(asn1
.BitString
{Bytes
: bitString
, BitLength
: asn1BitLength(bitString
)})
1725 if (len(template
.ExtKeyUsage
) > 0 ||
len(template
.UnknownExtKeyUsage
) > 0) &&
1726 !oidInExtensions(oidExtensionExtendedKeyUsage
, template
.ExtraExtensions
) {
1727 ret
[n
].Id
= oidExtensionExtendedKeyUsage
1729 var oids
[]asn1
.ObjectIdentifier
1730 for _
, u
:= range template
.ExtKeyUsage
{
1731 if oid
, ok
:= oidFromExtKeyUsage(u
); ok
{
1732 oids
= append(oids
, oid
)
1734 panic("internal error")
1738 oids
= append(oids
, template
.UnknownExtKeyUsage
...)
1740 ret
[n
].Value
, err
= asn1
.Marshal(oids
)
1747 if template
.BasicConstraintsValid
&& !oidInExtensions(oidExtensionBasicConstraints
, template
.ExtraExtensions
) {
1748 // Leaving MaxPathLen as zero indicates that no maximum path
1749 // length is desired, unless MaxPathLenZero is set. A value of
1750 // -1 causes encoding/asn1 to omit the value as desired.
1751 maxPathLen
:= template
.MaxPathLen
1752 if maxPathLen
== 0 && !template
.MaxPathLenZero
{
1755 ret
[n
].Id
= oidExtensionBasicConstraints
1756 ret
[n
].Value
, err
= asn1
.Marshal(basicConstraints
{template
.IsCA
, maxPathLen
})
1757 ret
[n
].Critical
= true
1764 if len(template
.SubjectKeyId
) > 0 && !oidInExtensions(oidExtensionSubjectKeyId
, template
.ExtraExtensions
) {
1765 ret
[n
].Id
= oidExtensionSubjectKeyId
1766 ret
[n
].Value
, err
= asn1
.Marshal(template
.SubjectKeyId
)
1773 if len(authorityKeyId
) > 0 && !oidInExtensions(oidExtensionAuthorityKeyId
, template
.ExtraExtensions
) {
1774 ret
[n
].Id
= oidExtensionAuthorityKeyId
1775 ret
[n
].Value
, err
= asn1
.Marshal(authKeyId
{authorityKeyId
})
1782 if (len(template
.OCSPServer
) > 0 ||
len(template
.IssuingCertificateURL
) > 0) &&
1783 !oidInExtensions(oidExtensionAuthorityInfoAccess
, template
.ExtraExtensions
) {
1784 ret
[n
].Id
= oidExtensionAuthorityInfoAccess
1785 var aiaValues
[]authorityInfoAccess
1786 for _
, name
:= range template
.OCSPServer
{
1787 aiaValues
= append(aiaValues
, authorityInfoAccess
{
1788 Method
: oidAuthorityInfoAccessOcsp
,
1789 Location
: asn1
.RawValue
{Tag
: 6, Class
: 2, Bytes
: []byte(name
)},
1792 for _
, name
:= range template
.IssuingCertificateURL
{
1793 aiaValues
= append(aiaValues
, authorityInfoAccess
{
1794 Method
: oidAuthorityInfoAccessIssuers
,
1795 Location
: asn1
.RawValue
{Tag
: 6, Class
: 2, Bytes
: []byte(name
)},
1798 ret
[n
].Value
, err
= asn1
.Marshal(aiaValues
)
1805 if (len(template
.DNSNames
) > 0 ||
len(template
.EmailAddresses
) > 0 ||
len(template
.IPAddresses
) > 0 ||
len(template
.URIs
) > 0) &&
1806 !oidInExtensions(oidExtensionSubjectAltName
, template
.ExtraExtensions
) {
1807 ret
[n
].Id
= oidExtensionSubjectAltName
1808 // https://tools.ietf.org/html/rfc5280#section-4.2.1.6
1809 // “If the subject field contains an empty sequence ... then
1810 // subjectAltName extension ... is marked as critical”
1811 ret
[n
].Critical
= subjectIsEmpty
1812 ret
[n
].Value
, err
= marshalSANs(template
.DNSNames
, template
.EmailAddresses
, template
.IPAddresses
, template
.URIs
)
1819 if len(template
.PolicyIdentifiers
) > 0 &&
1820 !oidInExtensions(oidExtensionCertificatePolicies
, template
.ExtraExtensions
) {
1821 ret
[n
].Id
= oidExtensionCertificatePolicies
1822 policies
:= make([]policyInformation
, len(template
.PolicyIdentifiers
))
1823 for i
, policy
:= range template
.PolicyIdentifiers
{
1824 policies
[i
].Policy
= policy
1826 ret
[n
].Value
, err
= asn1
.Marshal(policies
)
1833 if (len(template
.PermittedDNSDomains
) > 0 ||
len(template
.ExcludedDNSDomains
) > 0 ||
1834 len(template
.PermittedIPRanges
) > 0 ||
len(template
.ExcludedIPRanges
) > 0 ||
1835 len(template
.PermittedEmailAddresses
) > 0 ||
len(template
.ExcludedEmailAddresses
) > 0 ||
1836 len(template
.PermittedURIDomains
) > 0 ||
len(template
.ExcludedURIDomains
) > 0) &&
1837 !oidInExtensions(oidExtensionNameConstraints
, template
.ExtraExtensions
) {
1838 ret
[n
].Id
= oidExtensionNameConstraints
1839 ret
[n
].Critical
= template
.PermittedDNSDomainsCritical
1841 ipAndMask
:= func(ipNet
*net
.IPNet
) []byte {
1842 maskedIP
:= ipNet
.IP
.Mask(ipNet
.Mask
)
1843 ipAndMask
:= make([]byte, 0, len(maskedIP
)+len(ipNet
.Mask
))
1844 ipAndMask
= append(ipAndMask
, maskedIP
...)
1845 ipAndMask
= append(ipAndMask
, ipNet
.Mask
...)
1849 serialiseConstraints
:= func(dns
[]string, ips
[]*net
.IPNet
, emails
[]string, uriDomains
[]string) (der
[]byte, err error
) {
1850 var b cryptobyte
.Builder
1852 for _
, name
:= range dns
{
1853 if err
= isIA5String(name
); err
!= nil {
1857 b
.AddASN1(cryptobyte_asn1
.SEQUENCE
, func(b
*cryptobyte
.Builder
) {
1858 b
.AddASN1(cryptobyte_asn1
.Tag(2).ContextSpecific(), func(b
*cryptobyte
.Builder
) {
1859 b
.AddBytes([]byte(name
))
1864 for _
, ipNet
:= range ips
{
1865 b
.AddASN1(cryptobyte_asn1
.SEQUENCE
, func(b
*cryptobyte
.Builder
) {
1866 b
.AddASN1(cryptobyte_asn1
.Tag(7).ContextSpecific(), func(b
*cryptobyte
.Builder
) {
1867 b
.AddBytes(ipAndMask(ipNet
))
1872 for _
, email
:= range emails
{
1873 if err
= isIA5String(email
); err
!= nil {
1877 b
.AddASN1(cryptobyte_asn1
.SEQUENCE
, func(b
*cryptobyte
.Builder
) {
1878 b
.AddASN1(cryptobyte_asn1
.Tag(1).ContextSpecific(), func(b
*cryptobyte
.Builder
) {
1879 b
.AddBytes([]byte(email
))
1884 for _
, uriDomain
:= range uriDomains
{
1885 if err
= isIA5String(uriDomain
); err
!= nil {
1889 b
.AddASN1(cryptobyte_asn1
.SEQUENCE
, func(b
*cryptobyte
.Builder
) {
1890 b
.AddASN1(cryptobyte_asn1
.Tag(6).ContextSpecific(), func(b
*cryptobyte
.Builder
) {
1891 b
.AddBytes([]byte(uriDomain
))
1899 permitted
, err
:= serialiseConstraints(template
.PermittedDNSDomains
, template
.PermittedIPRanges
, template
.PermittedEmailAddresses
, template
.PermittedURIDomains
)
1904 excluded
, err
:= serialiseConstraints(template
.ExcludedDNSDomains
, template
.ExcludedIPRanges
, template
.ExcludedEmailAddresses
, template
.ExcludedURIDomains
)
1909 var b cryptobyte
.Builder
1910 b
.AddASN1(cryptobyte_asn1
.SEQUENCE
, func(b
*cryptobyte
.Builder
) {
1911 if len(permitted
) > 0 {
1912 b
.AddASN1(cryptobyte_asn1
.Tag(0).ContextSpecific().Constructed(), func(b
*cryptobyte
.Builder
) {
1913 b
.AddBytes(permitted
)
1917 if len(excluded
) > 0 {
1918 b
.AddASN1(cryptobyte_asn1
.Tag(1).ContextSpecific().Constructed(), func(b
*cryptobyte
.Builder
) {
1919 b
.AddBytes(excluded
)
1924 ret
[n
].Value
, err
= b
.Bytes()
1931 if len(template
.CRLDistributionPoints
) > 0 &&
1932 !oidInExtensions(oidExtensionCRLDistributionPoints
, template
.ExtraExtensions
) {
1933 ret
[n
].Id
= oidExtensionCRLDistributionPoints
1935 var crlDp
[]distributionPoint
1936 for _
, name
:= range template
.CRLDistributionPoints
{
1937 dp
:= distributionPoint
{
1938 DistributionPoint
: distributionPointName
{
1939 FullName
: []asn1
.RawValue
{
1940 asn1
.RawValue
{Tag
: 6, Class
: 2, Bytes
: []byte(name
)},
1944 crlDp
= append(crlDp
, dp
)
1947 ret
[n
].Value
, err
= asn1
.Marshal(crlDp
)
1954 // Adding another extension here? Remember to update the maximum number
1955 // of elements in the make() at the top of the function.
1957 return append(ret
[:n
], template
.ExtraExtensions
...), nil
1960 func subjectBytes(cert
*Certificate
) ([]byte, error
) {
1961 if len(cert
.RawSubject
) > 0 {
1962 return cert
.RawSubject
, nil
1965 return asn1
.Marshal(cert
.Subject
.ToRDNSequence())
1968 // signingParamsForPublicKey returns the parameters to use for signing with
1969 // priv. If requestedSigAlgo is not zero then it overrides the default
1970 // signature algorithm.
1971 func signingParamsForPublicKey(pub
interface{}, requestedSigAlgo SignatureAlgorithm
) (hashFunc crypto
.Hash
, sigAlgo pkix
.AlgorithmIdentifier
, err error
) {
1972 var pubType PublicKeyAlgorithm
1974 switch pub
:= pub
.(type) {
1975 case *rsa
.PublicKey
:
1977 hashFunc
= crypto
.SHA256
1978 sigAlgo
.Algorithm
= oidSignatureSHA256WithRSA
1979 sigAlgo
.Parameters
= asn1
.NullRawValue
1981 case *ecdsa
.PublicKey
:
1985 case elliptic
.P224(), elliptic
.P256():
1986 hashFunc
= crypto
.SHA256
1987 sigAlgo
.Algorithm
= oidSignatureECDSAWithSHA256
1988 case elliptic
.P384():
1989 hashFunc
= crypto
.SHA384
1990 sigAlgo
.Algorithm
= oidSignatureECDSAWithSHA384
1991 case elliptic
.P521():
1992 hashFunc
= crypto
.SHA512
1993 sigAlgo
.Algorithm
= oidSignatureECDSAWithSHA512
1995 err
= errors
.New("x509: unknown elliptic curve")
1999 err
= errors
.New("x509: only RSA and ECDSA keys supported")
2006 if requestedSigAlgo
== 0 {
2011 for _
, details
:= range signatureAlgorithmDetails
{
2012 if details
.algo
== requestedSigAlgo
{
2013 if details
.pubKeyAlgo
!= pubType
{
2014 err
= errors
.New("x509: requested SignatureAlgorithm does not match private key type")
2017 sigAlgo
.Algorithm
, hashFunc
= details
.oid
, details
.hash
2019 err
= errors
.New("x509: cannot sign with hash function requested")
2022 if requestedSigAlgo
.isRSAPSS() {
2023 sigAlgo
.Parameters
= rsaPSSParameters(hashFunc
)
2031 err
= errors
.New("x509: unknown SignatureAlgorithm")
2037 // emptyASN1Subject is the ASN.1 DER encoding of an empty Subject, which is
2038 // just an empty SEQUENCE.
2039 var emptyASN1Subject
= []byte{0x30, 0}
2041 // CreateCertificate creates a new X.509v3 certificate based on a template.
2042 // The following members of template are used: AuthorityKeyId,
2043 // BasicConstraintsValid, DNSNames, ExcludedDNSDomains, ExtKeyUsage,
2044 // IsCA, KeyUsage, MaxPathLen, MaxPathLenZero, NotAfter, NotBefore,
2045 // PermittedDNSDomains, PermittedDNSDomainsCritical, SerialNumber,
2046 // SignatureAlgorithm, Subject, SubjectKeyId, and UnknownExtKeyUsage.
2048 // The certificate is signed by parent. If parent is equal to template then the
2049 // certificate is self-signed. The parameter pub is the public key of the
2050 // signee and priv is the private key of the signer.
2052 // The returned slice is the certificate in DER encoding.
2054 // All keys types that are implemented via crypto.Signer are supported (This
2055 // includes *rsa.PublicKey and *ecdsa.PublicKey.)
2057 // The AuthorityKeyId will be taken from the SubjectKeyId of parent, if any,
2058 // unless the resulting certificate is self-signed. Otherwise the value from
2059 // template will be used.
2060 func CreateCertificate(rand io
.Reader
, template
, parent
*Certificate
, pub
, priv
interface{}) (cert
[]byte, err error
) {
2061 key
, ok
:= priv
.(crypto
.Signer
)
2063 return nil, errors
.New("x509: certificate private key does not implement crypto.Signer")
2066 if template
.SerialNumber
== nil {
2067 return nil, errors
.New("x509: no SerialNumber given")
2070 hashFunc
, signatureAlgorithm
, err
:= signingParamsForPublicKey(key
.Public(), template
.SignatureAlgorithm
)
2075 publicKeyBytes
, publicKeyAlgorithm
, err
:= marshalPublicKey(pub
)
2080 asn1Issuer
, err
:= subjectBytes(parent
)
2085 asn1Subject
, err
:= subjectBytes(template
)
2090 authorityKeyId
:= template
.AuthorityKeyId
2091 if !bytes
.Equal(asn1Issuer
, asn1Subject
) && len(parent
.SubjectKeyId
) > 0 {
2092 authorityKeyId
= parent
.SubjectKeyId
2095 extensions
, err
:= buildExtensions(template
, bytes
.Equal(asn1Subject
, emptyASN1Subject
), authorityKeyId
)
2100 encodedPublicKey
:= asn1
.BitString
{BitLength
: len(publicKeyBytes
) * 8, Bytes
: publicKeyBytes
}
2101 c
:= tbsCertificate
{
2103 SerialNumber
: template
.SerialNumber
,
2104 SignatureAlgorithm
: signatureAlgorithm
,
2105 Issuer
: asn1
.RawValue
{FullBytes
: asn1Issuer
},
2106 Validity
: validity
{template
.NotBefore
.UTC(), template
.NotAfter
.UTC()},
2107 Subject
: asn1
.RawValue
{FullBytes
: asn1Subject
},
2108 PublicKey
: publicKeyInfo
{nil, publicKeyAlgorithm
, encodedPublicKey
},
2109 Extensions
: extensions
,
2112 tbsCertContents
, err
:= asn1
.Marshal(c
)
2117 c
.Raw
= tbsCertContents
2120 h
.Write(tbsCertContents
)
2121 digest
:= h
.Sum(nil)
2123 var signerOpts crypto
.SignerOpts
2124 signerOpts
= hashFunc
2125 if template
.SignatureAlgorithm
!= 0 && template
.SignatureAlgorithm
.isRSAPSS() {
2126 signerOpts
= &rsa
.PSSOptions
{
2127 SaltLength
: rsa
.PSSSaltLengthEqualsHash
,
2132 var signature
[]byte
2133 signature
, err
= key
.Sign(rand
, digest
, signerOpts
)
2138 return asn1
.Marshal(certificate
{
2142 asn1
.BitString
{Bytes
: signature
, BitLength
: len(signature
) * 8},
2146 // pemCRLPrefix is the magic string that indicates that we have a PEM encoded
2148 var pemCRLPrefix
= []byte("-----BEGIN X509 CRL")
2150 // pemType is the type of a PEM encoded CRL.
2151 var pemType
= "X509 CRL"
2153 // ParseCRL parses a CRL from the given bytes. It's often the case that PEM
2154 // encoded CRLs will appear where they should be DER encoded, so this function
2155 // will transparently handle PEM encoding as long as there isn't any leading
2157 func ParseCRL(crlBytes
[]byte) (*pkix
.CertificateList
, error
) {
2158 if bytes
.HasPrefix(crlBytes
, pemCRLPrefix
) {
2159 block
, _
:= pem
.Decode(crlBytes
)
2160 if block
!= nil && block
.Type
== pemType
{
2161 crlBytes
= block
.Bytes
2164 return ParseDERCRL(crlBytes
)
2167 // ParseDERCRL parses a DER encoded CRL from the given bytes.
2168 func ParseDERCRL(derBytes
[]byte) (*pkix
.CertificateList
, error
) {
2169 certList
:= new(pkix
.CertificateList
)
2170 if rest
, err
:= asn1
.Unmarshal(derBytes
, certList
); err
!= nil {
2172 } else if len(rest
) != 0 {
2173 return nil, errors
.New("x509: trailing data after CRL")
2175 return certList
, nil
2178 // CreateCRL returns a DER encoded CRL, signed by this Certificate, that
2179 // contains the given list of revoked certificates.
2180 func (c
*Certificate
) CreateCRL(rand io
.Reader
, priv
interface{}, revokedCerts
[]pkix
.RevokedCertificate
, now
, expiry time
.Time
) (crlBytes
[]byte, err error
) {
2181 key
, ok
:= priv
.(crypto
.Signer
)
2183 return nil, errors
.New("x509: certificate private key does not implement crypto.Signer")
2186 hashFunc
, signatureAlgorithm
, err
:= signingParamsForPublicKey(key
.Public(), 0)
2191 // Force revocation times to UTC per RFC 5280.
2192 revokedCertsUTC
:= make([]pkix
.RevokedCertificate
, len(revokedCerts
))
2193 for i
, rc
:= range revokedCerts
{
2194 rc
.RevocationTime
= rc
.RevocationTime
.UTC()
2195 revokedCertsUTC
[i
] = rc
2198 tbsCertList
:= pkix
.TBSCertificateList
{
2200 Signature
: signatureAlgorithm
,
2201 Issuer
: c
.Subject
.ToRDNSequence(),
2202 ThisUpdate
: now
.UTC(),
2203 NextUpdate
: expiry
.UTC(),
2204 RevokedCertificates
: revokedCertsUTC
,
2208 if len(c
.SubjectKeyId
) > 0 {
2209 var aki pkix
.Extension
2210 aki
.Id
= oidExtensionAuthorityKeyId
2211 aki
.Value
, err
= asn1
.Marshal(authKeyId
{Id
: c
.SubjectKeyId
})
2215 tbsCertList
.Extensions
= append(tbsCertList
.Extensions
, aki
)
2218 tbsCertListContents
, err
:= asn1
.Marshal(tbsCertList
)
2224 h
.Write(tbsCertListContents
)
2225 digest
:= h
.Sum(nil)
2227 var signature
[]byte
2228 signature
, err
= key
.Sign(rand
, digest
, hashFunc
)
2233 return asn1
.Marshal(pkix
.CertificateList
{
2234 TBSCertList
: tbsCertList
,
2235 SignatureAlgorithm
: signatureAlgorithm
,
2236 SignatureValue
: asn1
.BitString
{Bytes
: signature
, BitLength
: len(signature
) * 8},
2240 // CertificateRequest represents a PKCS #10, certificate signature request.
2241 type CertificateRequest
struct {
2242 Raw
[]byte // Complete ASN.1 DER content (CSR, signature algorithm and signature).
2243 RawTBSCertificateRequest
[]byte // Certificate request info part of raw ASN.1 DER content.
2244 RawSubjectPublicKeyInfo
[]byte // DER encoded SubjectPublicKeyInfo.
2245 RawSubject
[]byte // DER encoded Subject.
2249 SignatureAlgorithm SignatureAlgorithm
2251 PublicKeyAlgorithm PublicKeyAlgorithm
2252 PublicKey
interface{}
2256 // Attributes is the dried husk of a bug and shouldn't be used.
2257 Attributes
[]pkix
.AttributeTypeAndValueSET
2259 // Extensions contains raw X.509 extensions. When parsing CSRs, this
2260 // can be used to extract extensions that are not parsed by this
2262 Extensions
[]pkix
.Extension
2264 // ExtraExtensions contains extensions to be copied, raw, into any
2265 // marshaled CSR. Values override any extensions that would otherwise
2266 // be produced based on the other fields but are overridden by any
2267 // extensions specified in Attributes.
2269 // The ExtraExtensions field is not populated when parsing CSRs, see
2271 ExtraExtensions
[]pkix
.Extension
2273 // Subject Alternate Name values.
2275 EmailAddresses
[]string
2276 IPAddresses
[]net
.IP
2280 // These structures reflect the ASN.1 structure of X.509 certificate
2281 // signature requests (see RFC 2986):
2283 type tbsCertificateRequest
struct {
2286 Subject asn1
.RawValue
2287 PublicKey publicKeyInfo
2288 RawAttributes
[]asn1
.RawValue
`asn1:"tag:0"`
2291 type certificateRequest
struct {
2293 TBSCSR tbsCertificateRequest
2294 SignatureAlgorithm pkix
.AlgorithmIdentifier
2295 SignatureValue asn1
.BitString
2298 // oidExtensionRequest is a PKCS#9 OBJECT IDENTIFIER that indicates requested
2299 // extensions in a CSR.
2300 var oidExtensionRequest
= asn1
.ObjectIdentifier
{1, 2, 840, 113549, 1, 9, 14}
2302 // newRawAttributes converts AttributeTypeAndValueSETs from a template
2303 // CertificateRequest's Attributes into tbsCertificateRequest RawAttributes.
2304 func newRawAttributes(attributes
[]pkix
.AttributeTypeAndValueSET
) ([]asn1
.RawValue
, error
) {
2305 var rawAttributes
[]asn1
.RawValue
2306 b
, err
:= asn1
.Marshal(attributes
)
2310 rest
, err
:= asn1
.Unmarshal(b
, &rawAttributes
)
2315 return nil, errors
.New("x509: failed to unmarshal raw CSR Attributes")
2317 return rawAttributes
, nil
2320 // parseRawAttributes Unmarshals RawAttributes intos AttributeTypeAndValueSETs.
2321 func parseRawAttributes(rawAttributes
[]asn1
.RawValue
) []pkix
.AttributeTypeAndValueSET
{
2322 var attributes
[]pkix
.AttributeTypeAndValueSET
2323 for _
, rawAttr
:= range rawAttributes
{
2324 var attr pkix
.AttributeTypeAndValueSET
2325 rest
, err
:= asn1
.Unmarshal(rawAttr
.FullBytes
, &attr
)
2326 // Ignore attributes that don't parse into pkix.AttributeTypeAndValueSET
2327 // (i.e.: challengePassword or unstructuredName).
2328 if err
== nil && len(rest
) == 0 {
2329 attributes
= append(attributes
, attr
)
2335 // parseCSRExtensions parses the attributes from a CSR and extracts any
2336 // requested extensions.
2337 func parseCSRExtensions(rawAttributes
[]asn1
.RawValue
) ([]pkix
.Extension
, error
) {
2338 // pkcs10Attribute reflects the Attribute structure from section 4.1 of
2339 // https://tools.ietf.org/html/rfc2986.
2340 type pkcs10Attribute
struct {
2341 Id asn1
.ObjectIdentifier
2342 Values
[]asn1
.RawValue
`asn1:"set"`
2345 var ret
[]pkix
.Extension
2346 for _
, rawAttr
:= range rawAttributes
{
2347 var attr pkcs10Attribute
2348 if rest
, err
:= asn1
.Unmarshal(rawAttr
.FullBytes
, &attr
); err
!= nil ||
len(rest
) != 0 ||
len(attr
.Values
) == 0 {
2349 // Ignore attributes that don't parse.
2353 if !attr
.Id
.Equal(oidExtensionRequest
) {
2357 var extensions
[]pkix
.Extension
2358 if _
, err
:= asn1
.Unmarshal(attr
.Values
[0].FullBytes
, &extensions
); err
!= nil {
2361 ret
= append(ret
, extensions
...)
2367 // CreateCertificateRequest creates a new certificate request based on a
2368 // template. The following members of template are used: Attributes, DNSNames,
2369 // EmailAddresses, ExtraExtensions, IPAddresses, URIs, SignatureAlgorithm, and
2370 // Subject. The private key is the private key of the signer.
2372 // The returned slice is the certificate request in DER encoding.
2374 // All keys types that are implemented via crypto.Signer are supported (This
2375 // includes *rsa.PublicKey and *ecdsa.PublicKey.)
2376 func CreateCertificateRequest(rand io
.Reader
, template
*CertificateRequest
, priv
interface{}) (csr
[]byte, err error
) {
2377 key
, ok
:= priv
.(crypto
.Signer
)
2379 return nil, errors
.New("x509: certificate private key does not implement crypto.Signer")
2382 var hashFunc crypto
.Hash
2383 var sigAlgo pkix
.AlgorithmIdentifier
2384 hashFunc
, sigAlgo
, err
= signingParamsForPublicKey(key
.Public(), template
.SignatureAlgorithm
)
2389 var publicKeyBytes
[]byte
2390 var publicKeyAlgorithm pkix
.AlgorithmIdentifier
2391 publicKeyBytes
, publicKeyAlgorithm
, err
= marshalPublicKey(key
.Public())
2396 var extensions
[]pkix
.Extension
2398 if (len(template
.DNSNames
) > 0 ||
len(template
.EmailAddresses
) > 0 ||
len(template
.IPAddresses
) > 0 ||
len(template
.URIs
) > 0) &&
2399 !oidInExtensions(oidExtensionSubjectAltName
, template
.ExtraExtensions
) {
2400 sanBytes
, err
:= marshalSANs(template
.DNSNames
, template
.EmailAddresses
, template
.IPAddresses
, template
.URIs
)
2405 extensions
= append(extensions
, pkix
.Extension
{
2406 Id
: oidExtensionSubjectAltName
,
2411 extensions
= append(extensions
, template
.ExtraExtensions
...)
2413 var attributes
[]pkix
.AttributeTypeAndValueSET
2414 attributes
= append(attributes
, template
.Attributes
...)
2416 if len(extensions
) > 0 {
2417 // specifiedExtensions contains all the extensions that we
2418 // found specified via template.Attributes.
2419 specifiedExtensions
:= make(map[string]bool)
2421 for _
, atvSet
:= range template
.Attributes
{
2422 if !atvSet
.Type
.Equal(oidExtensionRequest
) {
2426 for _
, atvs
:= range atvSet
.Value
{
2427 for _
, atv
:= range atvs
{
2428 specifiedExtensions
[atv
.Type
.String()] = true
2433 atvs
:= make([]pkix
.AttributeTypeAndValue
, 0, len(extensions
))
2434 for _
, e
:= range extensions
{
2435 if specifiedExtensions
[e
.Id
.String()] {
2436 // Attributes already contained a value for
2437 // this extension and it takes priority.
2441 atvs
= append(atvs
, pkix
.AttributeTypeAndValue
{
2442 // There is no place for the critical flag in a CSR.
2448 // Append the extensions to an existing attribute if possible.
2450 for _
, atvSet
:= range attributes
{
2451 if !atvSet
.Type
.Equal(oidExtensionRequest
) ||
len(atvSet
.Value
) == 0 {
2455 atvSet
.Value
[0] = append(atvSet
.Value
[0], atvs
...)
2460 // Otherwise, add a new attribute for the extensions.
2462 attributes
= append(attributes
, pkix
.AttributeTypeAndValueSET
{
2463 Type
: oidExtensionRequest
,
2464 Value
: [][]pkix
.AttributeTypeAndValue
{
2471 asn1Subject
:= template
.RawSubject
2472 if len(asn1Subject
) == 0 {
2473 asn1Subject
, err
= asn1
.Marshal(template
.Subject
.ToRDNSequence())
2479 rawAttributes
, err
:= newRawAttributes(attributes
)
2484 tbsCSR
:= tbsCertificateRequest
{
2485 Version
: 0, // PKCS #10, RFC 2986
2486 Subject
: asn1
.RawValue
{FullBytes
: asn1Subject
},
2487 PublicKey
: publicKeyInfo
{
2488 Algorithm
: publicKeyAlgorithm
,
2489 PublicKey
: asn1
.BitString
{
2490 Bytes
: publicKeyBytes
,
2491 BitLength
: len(publicKeyBytes
) * 8,
2494 RawAttributes
: rawAttributes
,
2497 tbsCSRContents
, err
:= asn1
.Marshal(tbsCSR
)
2501 tbsCSR
.Raw
= tbsCSRContents
2504 h
.Write(tbsCSRContents
)
2505 digest
:= h
.Sum(nil)
2507 var signature
[]byte
2508 signature
, err
= key
.Sign(rand
, digest
, hashFunc
)
2513 return asn1
.Marshal(certificateRequest
{
2515 SignatureAlgorithm
: sigAlgo
,
2516 SignatureValue
: asn1
.BitString
{
2518 BitLength
: len(signature
) * 8,
2523 // ParseCertificateRequest parses a single certificate request from the
2524 // given ASN.1 DER data.
2525 func ParseCertificateRequest(asn1Data
[]byte) (*CertificateRequest
, error
) {
2526 var csr certificateRequest
2528 rest
, err
:= asn1
.Unmarshal(asn1Data
, &csr
)
2531 } else if len(rest
) != 0 {
2532 return nil, asn1
.SyntaxError
{Msg
: "trailing data"}
2535 return parseCertificateRequest(&csr
)
2538 func parseCertificateRequest(in
*certificateRequest
) (*CertificateRequest
, error
) {
2539 out
:= &CertificateRequest
{
2541 RawTBSCertificateRequest
: in
.TBSCSR
.Raw
,
2542 RawSubjectPublicKeyInfo
: in
.TBSCSR
.PublicKey
.Raw
,
2543 RawSubject
: in
.TBSCSR
.Subject
.FullBytes
,
2545 Signature
: in
.SignatureValue
.RightAlign(),
2546 SignatureAlgorithm
: getSignatureAlgorithmFromAI(in
.SignatureAlgorithm
),
2548 PublicKeyAlgorithm
: getPublicKeyAlgorithmFromOID(in
.TBSCSR
.PublicKey
.Algorithm
.Algorithm
),
2550 Version
: in
.TBSCSR
.Version
,
2551 Attributes
: parseRawAttributes(in
.TBSCSR
.RawAttributes
),
2555 out
.PublicKey
, err
= parsePublicKey(out
.PublicKeyAlgorithm
, &in
.TBSCSR
.PublicKey
)
2560 var subject pkix
.RDNSequence
2561 if rest
, err
:= asn1
.Unmarshal(in
.TBSCSR
.Subject
.FullBytes
, &subject
); err
!= nil {
2563 } else if len(rest
) != 0 {
2564 return nil, errors
.New("x509: trailing data after X.509 Subject")
2567 out
.Subject
.FillFromRDNSequence(&subject
)
2569 if out
.Extensions
, err
= parseCSRExtensions(in
.TBSCSR
.RawAttributes
); err
!= nil {
2573 for _
, extension
:= range out
.Extensions
{
2574 if extension
.Id
.Equal(oidExtensionSubjectAltName
) {
2575 out
.DNSNames
, out
.EmailAddresses
, out
.IPAddresses
, out
.URIs
, err
= parseSANExtension(extension
.Value
)
2585 // CheckSignature reports whether the signature on c is valid.
2586 func (c
*CertificateRequest
) CheckSignature() error
{
2587 return checkSignature(c
.SignatureAlgorithm
, c
.RawTBSCertificateRequest
, c
.Signature
, c
.PublicKey
)