cert

func CertificateToJWK ¶ added in v0.14.0

func CertificateToJWK(cert *x509.Certificate) (jwk.Key, error)

CertificateToJWK constructs a new JWK based on the given X.509 certificate.

func GetActiveCertificates ¶

func GetActiveCertificates(jwks []interface{}, instant time.Time) []*x509.Certificate

GetActiveCertificates converts the given JWKs to X509 certificates and returns them sorted, longest valid certificate first. Expired certificates aren't returned.

func GetCertificate ¶

func GetCertificate(jwkAsMap interface{}) *x509.Certificate

GetCertificate converts the given JWK to a X.509 certificate chain, returning the topmost certificate. If the JWK does not contain any certificates, nil is returned.

func GetX509ChainFromHeaders ¶ added in v0.14.0

func GetX509ChainFromHeaders(headers jwkHeaderReader) ([]*x509.Certificate, error)

GetX509ChainFromHeaders tries to retrieve the X.509 certificate chain ("x5c") from the JWK/JWS and parse it. If it doesn't contain the "x5c" header, nil is returned. If the header is present but it couldn't be parsed, an error is returned.

func JwkToMap ¶ added in v0.14.0

func JwkToMap(key jwk.Key) (map[string]interface{}, error)

JwkToMap transforms a Jwk key to a map. Can be used for json serialization

func MapToJwk ¶ added in v0.14.0

func MapToJwk(jwkAsMap map[string]interface{}) (jwk.Key, error)

MapToJwk transforms a Jwk in map structure to a Jwk Key. The map structure is a typical result from json deserialization.

func MapToX509CertChain ¶ added in v0.14.0

func MapToX509CertChain(jwkAsMap map[string]interface{}) ([]*x509.Certificate, error)

func MapsToJwkSet ¶ added in v0.14.0

func MapsToJwkSet(maps []map[string]interface{}) (*jwk.Set, error)

MapsToJwkSet transforms JWKs in map structures to a JWK set, just like MapToJwk.

func MarshalNutsDomain ¶

func MarshalNutsDomain(domain string) ([]byte, error)

func MarshalOtherSubjectAltName ¶

func MarshalOtherSubjectAltName(valueType asn1.ObjectIdentifier, value string) ([]byte, error)

func MarshalX509CertChain ¶ added in v0.14.0

func MarshalX509CertChain(chain []*x509.Certificate) []string

func PemToJwk ¶ added in v0.14.0

func PemToJwk(pub []byte) (jwk.Key, error)

PemToJwk transforms pem to jwk for PublicKey

func PemToPublicKey ¶ added in v0.14.0

func PemToPublicKey(pub []byte) (*rsa.PublicKey, error)

PemToPublicKey converts a PEM encoded public key to an rsa.PublicKeyInPEM

func PublicKeyToPem ¶ added in v0.14.0

func PublicKeyToPem(pub *rsa.PublicKey) (string, error)

PublicKeyToPem converts an rsa.PublicKeyInPEM to PEM encoding

func SerialNumber ¶ added in v0.14.0

func SerialNumber() (*big.Int, error)

SerialNumber generates a random serialNumber Taken from crypto/tls/generate_cert.go

func UnmarshalNutsDomain ¶

func UnmarshalNutsDomain(data []byte) (string, error)

UnmarshalNutsDomain tries to unmarshal the ASN.1 encoded Nuts Domain extension in a X.509 certificate. It returns the value as a string, or an error if one occurs.

func UnmarshalOtherSubjectAltName ¶

func UnmarshalOtherSubjectAltName(valueType asn1.ObjectIdentifier, data []byte) (string, error)

UnmarshalOtherSubjectAltName tries to unmarshal an SubjectAlternativeName otherName entry (marshalled by MarshalOtherSubjectAltName) with the given OID type (valueType). It returns the value as string. If an otherName with the given type wasn't found, an empty string is returned. If an errors occurs during unmarshalling, it is returned.

func ValidateJWK ¶ added in v0.14.0

func ValidateJWK(maps ...interface{}) error

ValidateJWK tests whether the given map (all) can is a parsable representation of a JWK. If not, an error is returned. If nil is returned, all supplied maps are parsable as JWK.