BuildBundle returns Bundle.

CreateOCSPRequest returns DER encoded OCSP request.

CreatePoolFromPEM returns CertPool from PEM encoded certs.

Digest returns computed digest bytes.

EncodePrivateKeyToPEM returns PEM encoded private key.

EncodePublicKeyToPEM returns PEM encoded public key.

EncodeToPEM converts certificates to PEM format, with optional comments.

EncodeToPEMString converts certificates to PEM format, with optional comments.

ExpiryTime returns the time when the certificate chain is expired.

FindExtension returns extension, or nil.

FindExtensionValue returns extension value, or nil.

FindIssuer returns an issuer cert.

GetAuthorityKeyID returns Authority Key Identifier.

GetIssuerID returns ID of the issuer.

GetKeyDERFromPEM parses a PEM-encoded private key and returns DER-format key bytes.

GetSubjectID returns ID of the cert.

GetSubjectKeyID returns Subject Key Identifier.

GetThumbprintStr returns hex-encoded SHA1 of the certificate.

HashAlgoToStr converts hash algorithm to string.

HashToBase64URL returns Base64URL encoded digest.

HashToHex returns hex-encoded digest.

HasOCSPNoCheck returns true if certificate has ocsp-no-check.

IsOCSPSigner returns true for OCSP key usage.

JoinPEM returns concantenated PEM.

LoadAndVerifyBundleFromPEM constructs and verifies the cert chain.

LoadBundler creates a new Bundler from the files passed in; these files should contain a list of valid root certificates and a list of valid intermediate certificates, respectively.

LoadChainFromPEM returns Certificates loaded from the file.

LoadFromPEM returns Certificate loaded from the file.

LoadPEMFiles loads and concantenates PEM files into one slice.

NameToString converts Name to string, compatable with openssl output.

NewBundler returns Bundler.

NewBundlerFromPEM creates a new Bundler from PEM-encoded root certificates and intermediate certificates.

NewHash returns hash instance.

NewKeyInfo returns *SignerInfo.

ParseChainFromPEM returns Certificates parsed from PEM.

ParseFromPEM returns Certificate parsed from PEM.

ParseHexDigestWithPrefix parses encoded digest in {alg}:{hex} format.

ParsePrivateKeyDER parses a PKCS #1, PKCS #8, ECDSA, or Ed25519 DER-encoded private key.

ParsePrivateKeyPEM parses and returns a PEM-encoded private key.

ParsePrivateKeyPEMWithPassword parses and returns a PEM-encoded private key.

ParseRSAPublicKeyFromPEM parses PEM encoded RSA public key.

Random returns a randomly generated bytes of the requested length.

RandomString returns a randomly generated string of the requested length.

SHA1 returns SHA1 digest.

SHA1Base64 returns Base64URL encoded SHA1.

SHA1Hex returns hex-encoded SHA1.

SHA256 returns SHA256 digest.

SHA256Base64 returns Base64URL encoded SHA256.

SHA256Hex returns hex-encoded SHA256.

SortBundlesByExpiration returns bundles sorted by expiration in descending order.

StrToHashAlgo converts string to hash algorithm.

VerifyBundleFromPEM constructs and verifies the cert chain.

WithAIA lets to enable downloading issuers from AIA.

WithBundleFlavor lets to specify bundle build Optimal or Force.

WithHTTPClient lets to specify http.Client for downloading AIA.

WithKeyUsages lets you set which Extended Key Usage values are acceptable.

0x01.

0x02.

Force means the bundler only verifies the input as a valid bundle, not optimization is done.

Optimal means the shortest chain with newest intermediates and the most advanced crypto.

HTTPClient is an instance of http.Client that will be used for all HTTP requests.

IntermediateStash contains the path to the directory where downloaded intermediates should be saved.

RandReader is used so that it can be replaced in tests that require deterministic output.

A Bundle contains a certificate and its trust chain.

A Bundler contains the certificate pools for producing certificate bundles.

BundleStatus is designated for various status reporting.

Chain contains a certificate and its trust chain.

KeyInfo provides information about the key.

BundleFlavor is named optimization strategy on certificate chain selection when bundling.

An Option sets options such as allowed key usages, etc.