x509ext

package

v0.5.0 Latest Latest Go to latest Published: Aug 13, 2025 License: MIT Imports: 5 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/RedTeamPentesting/adauth

Links

Open Source Insights

Documentation ¶

Overview ¶

Package othername is a minimal and incomplete implementation of the otherName SAN extension.

Index ¶

Variables
func NewNTDSCaSecurityExt(sid string) (ext pkix.Extension, err error)
func NewOtherNameExtension(names ...*OtherName) (pkix.Extension, error)
func NewOtherNameExtensionFromUPNs(upns ...string) (ext pkix.Extension, err error)
func SID(cert *x509.Certificate) (string, error)
func SIDFromExtension(ext pkix.Extension) (string, error)
func UPNsFromOtherNames(cert *x509.Certificate) (upns []string, err error)
func UserAndDomainFromOtherNames(cert *x509.Certificate) (user string, domain string, err error)
type OtherName
- func OtherNames(cert *x509.Certificate) ([]*OtherName, error)
- func OtherNamesFromExtension(ext pkix.Extension) ([]*OtherName, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	UPNOID                    = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 20, 2, 3}
	SubjectAlternativeNameOID = asn1.ObjectIdentifier{2, 5, 29, 17}
)

View Source

var (
	NTDSCASecurityExtOID = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 25, 2}
	NTDSObjectSIDOID     = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 25, 2, 1}
)

Functions ¶

func NewNTDSCaSecurityExt ¶

func NewNTDSCaSecurityExt(sid string) (ext pkix.Extension, err error)

NewNTDSCaSecurityExt creates a szOID_NTDS_CA_SECURITY_EXT extension that contains a SID. See https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wcce/e563cff8-1af6-4e6f-a655-7571ca482e71.

func NewOtherNameExtension ¶

func NewOtherNameExtension(names ...*OtherName) (pkix.Extension, error)

NewOtherNameExtension generates an otherName extension.

func NewOtherNameExtensionFromUPNs ¶

func NewOtherNameExtensionFromUPNs(upns ...string) (ext pkix.Extension, err error)

NewOtherNameExtensionFromUPNs build an otherName extension based on the provided UPNs.

func SID ¶

func SID(cert *x509.Certificate) (string, error)

SID retrieves the SID from the szOID_NTDS_CA_SECURITY_EXT extension and an empty string with no error when the extension is not present.

func SIDFromExtension ¶

func SIDFromExtension(ext pkix.Extension) (string, error)

SID retrieves the SID from the szOID_NTDS_CA_SECURITY_EXT extension.

func UPNsFromOtherNames ¶

func UPNsFromOtherNames(cert *x509.Certificate) (upns []string, err error)

UPNsFromOtherNames returns all UPNsFromOtherNames that are stored in certificates otherName extension.

func UserAndDomainFromOtherNames ¶

func UserAndDomainFromOtherNames(cert *x509.Certificate) (user string, domain string, err error)

UserAndDomainFromOtherNames returns the user and domain from the first valid UPN in the certificate's otherName extension.

Types ¶

type OtherName ¶

type OtherName struct {
	ID    asn1.ObjectIdentifier
	Value asn1.RawValue
}

OtherName holds an other name such as an UPN from or for a Subject Alternative Name extension.

func OtherNames ¶

func OtherNames(cert *x509.Certificate) ([]*OtherName, error)

OtherNames returns the names from the otherName extension of the provided certificate. If it does not contain such an extension, it will return an empty slice and no error.

func OtherNamesFromExtension ¶

func OtherNamesFromExtension(ext pkix.Extension) ([]*OtherName, error)

OtherNames returns the names from the otherName SAN extension.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL