ContainsMustStaple returns true if the provided set of extensions includes an entry whose OID and value both match the expected values for the OCSP Must-Staple (a.k.a.

IssuerNameID returns the IssuerNameID (a truncated hash over the raw bytes of the Issuer Distinguished Name) of the given end-entity certificate.

LoadChain takes a list of filenames containing pem-formatted certificates, and returns a chain representing all of those certificates in order.

LoadIssuer constructs a new Issuer, loading its certificate from disk and its private key material from the indicated location.

NewCertificate wraps an in-memory cert in an issuance.Certificate, marking it as an issuer cert.

NewProfile converts the profile config into a usable profile.

RequestFromPrecert constructs a final certificate IssuanceRequest matching the provided precertificate.

ResponderNameID returns the NameID (a truncated hash over the raw bytes of the Responder Distinguished Name) of the given OCSP Response.

SubjectNameID returns the NameID (a truncated hash over the raw bytes of a Distinguished Name) of this issuer certificate's Subject.

Certificate embeds an *x509.Certificate and represents the added semantics that this certificate is a CA certificate.

IssuanceRequest describes a certificate issuance request It can be marshaled as JSON for logging purposes, though note that sctList and precertDER will be omitted from the marshaled output because they are unexported.

Issuer is capable of issuing new certificates.

IssuerConfig describes the constraints on and URLs used by a single issuer.

IssuerLoc describes the on-disk location and parameters that an issuer should use to retrieve its certificate and private key.

MarshalablePublicKey is a wrapper for crypto.PublicKey with a custom JSON marshaller that encodes the public key as a DER-encoded SubjectPublicKeyInfo.

PolicyConfig describes a policy.

Profile is the validated structure created by reading in ProfileConfigs and IssuerConfigs.

ProfileConfig is a subset of ProfileConfigNew used for hashing.

ProfileConfigNew describes the certificate issuance constraints for all issuers.

NameID is a statistically-unique small ID which can be computed from both CA and end-entity certs to link them together into a validation chain.