certutil

package

v0.0.0-...-2285290 Latest Latest Go to latest Published: Apr 3, 2026 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/brandonweeks/nanoca

Links

Open Source Insights

Documentation ¶

Overview ¶

Package certutil provides ASN.1/X.509 certificate extension utilities for building SubjectAltName extensions with PermanentIdentifier (RFC 4043) and HardwareModuleName (RFC 4108) otherName entries.

Index ¶

Variables
func AddHardwareModuleOtherName(b *cryptobyte.Builder, hm *nanoca.HardwareModule)
func AddPermanentIdentifierOtherName(b *cryptobyte.Builder, pi *nanoca.PermanentIdentifier)
func BuildSANExtension(deviceInfos []*nanoca.DeviceInfo, csr *x509.CertificateRequest) (*pkix.Extension, error)
func FindExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension
func ParseHardwareModule(der []byte) (*nanoca.HardwareModule, error)
func ParsePermanentIdentifier(der []byte) (*nanoca.PermanentIdentifier, error)
type OtherName
- func ParseOtherNames(sanDER []byte) ([]OtherName, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// OIDPermanentIdentifier is id-on-permanentIdentifier from RFC 4043.
	OIDPermanentIdentifier = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 8, 3}
	// OIDHardwareModuleName is id-on-hardwareModuleName from RFC 4108.
	OIDHardwareModuleName = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 8, 4}
	// OIDSubjectAltName is the SubjectAltName extension OID.
	OIDSubjectAltName = asn1.ObjectIdentifier{2, 5, 29, 17}
)

Functions ¶

func AddHardwareModuleOtherName ¶

func AddHardwareModuleOtherName(b *cryptobyte.Builder, hm *nanoca.HardwareModule)

AddHardwareModuleOtherName appends a HardwareModuleName (RFC 4108) otherName entry to the parent builder:

HardwareModuleName ::= SEQUENCE {
    hwType       OBJECT IDENTIFIER,
    hwSerialNum  OCTET STRING
}

func AddPermanentIdentifierOtherName ¶

func AddPermanentIdentifierOtherName(b *cryptobyte.Builder, pi *nanoca.PermanentIdentifier)

AddPermanentIdentifierOtherName appends a PermanentIdentifier (RFC 4043) otherName entry to the parent builder:

PermanentIdentifier ::= SEQUENCE {
    identifierValue  UTF8String        OPTIONAL,
    assigner         OBJECT IDENTIFIER OPTIONAL
}

func BuildSANExtension ¶

func BuildSANExtension(deviceInfos []*nanoca.DeviceInfo, csr *x509.CertificateRequest) (*pkix.Extension, error)

BuildSANExtension constructs a SubjectAltName extension containing otherName entries for PermanentIdentifier (RFC 4043) and HardwareModuleName (RFC 4108), plus any URI SANs from the CSR. Returns nil if there are no SANs to encode.

func FindExtension ¶

func FindExtension(cert *x509.Certificate, oid asn1.ObjectIdentifier) *pkix.Extension

FindExtension returns the first extension matching oid, or nil.

func ParseHardwareModule ¶

func ParseHardwareModule(der []byte) (*nanoca.HardwareModule, error)

ParseHardwareModule parses a DER-encoded HardwareModuleName value (the content inside the otherName [0] EXPLICIT wrapper).

func ParsePermanentIdentifier ¶

func ParsePermanentIdentifier(der []byte) (*nanoca.PermanentIdentifier, error)

ParsePermanentIdentifier parses a DER-encoded PermanentIdentifier value (the content inside the otherName [0] EXPLICIT wrapper).

Types ¶

type OtherName ¶

type OtherName struct {
	TypeID asn1.ObjectIdentifier
	Value  []byte // DER-encoded value inside the [0] EXPLICIT wrapper
}

OtherName represents a parsed otherName entry from a SubjectAltName extension.

func ParseOtherNames ¶

func ParseOtherNames(sanDER []byte) ([]OtherName, error)

ParseOtherNames parses a DER-encoded SubjectAltName value and returns all otherName entries (GeneralName tag [0]).

Source Files ¶

View all Source files