Best K6 code snippet using x509.issuer
ocsp.go
Source:ocsp.go
...346 SigRequredErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x05}347 UnauthorizedErrorResponse = []byte{0x30, 0x03, 0x0A, 0x01, 0x06}348)349// CheckSignatureFrom checks that the signature in resp is a valid signature350// from issuer. This should only be used if resp.Certificate is nil. Otherwise,351// the OCSP response contained an intermediate certificate that created the352// signature. That signature is checked by ParseResponse and only353// resp.Certificate remains to be validated.354func (resp *Response) CheckSignatureFrom(issuer *x509.Certificate) error {355 return issuer.CheckSignature(resp.SignatureAlgorithm, resp.TBSResponseData, resp.Signature)356}357// ParseError results from an invalid OCSP response.358type ParseError string359func (p ParseError) Error() string {360 return string(p)361}362// ParseRequest parses an OCSP request in DER form. It only supports363// requests for a single certificate. Signed requests are not supported.364// If a request includes a signature, it will result in a ParseError.365func ParseRequest(bytes []byte) (*Request, []pkix.Extension, error) {366 var req ocspRequest367 rest, err := asn1.Unmarshal(bytes, &req)368 if err != nil {369 return nil, nil, err370 }371 if len(rest) > 0 {372 return nil, nil, ParseError("trailing data in OCSP request")373 }374 if len(req.TBSRequest.RequestList) == 0 {375 return nil, nil, ParseError("OCSP request contains no request body")376 }377 innerRequest := req.TBSRequest.RequestList[0]378 hashFunc := getHashAlgorithmFromOID(innerRequest.Cert.HashAlgorithm.Algorithm)379 if hashFunc == crypto.Hash(0) {380 return nil, nil, ParseError("OCSP request uses unknown hash function")381 }382 return &Request{383 HashAlgorithm: hashFunc,384 IssuerNameHash: innerRequest.Cert.NameHash,385 IssuerKeyHash: innerRequest.Cert.IssuerKeyHash,386 SerialNumber: innerRequest.Cert.SerialNumber,387 }, req.TBSRequest.ExtensionList, nil388}389// ParseResponse parses an OCSP response in DER form. It only supports390// responses for a single certificate. If the response contains a certificate391// then the signature over the response is checked. If issuer is not nil then392// it will be used to validate the signature or embedded certificate.393//394// Invalid signatures or parse failures will result in a ParseError. Error395// responses will result in a ResponseError.396func ParseResponse(bytes []byte, issuer *x509.Certificate) (*Response, error) {397 return ParseResponseForCert(bytes, nil, issuer)398}399// ParseResponseForCert parses an OCSP response in DER form and searches for a400// Response relating to cert. If such a Response is found and the OCSP response401// contains a certificate then the signature over the response is checked. If402// issuer is not nil then it will be used to validate the signature or embedded403// certificate.404//405// Invalid signatures or parse failures will result in a ParseError. Error406// responses will result in a ResponseError.407func ParseResponseForCert(bytes []byte, cert, issuer *x509.Certificate) (*Response, error) {408 var resp responseASN1409 rest, err := asn1.Unmarshal(bytes, &resp)410 if err != nil {411 return nil, err412 }413 if len(rest) > 0 {414 return nil, ParseError("trailing data in OCSP response")415 }416 if status := ResponseStatus(resp.Status); status != Success {417 return nil, ResponseError{status}418 }419 if !resp.Response.ResponseType.Equal(idPKIXOCSPBasic) {420 return nil, ParseError("bad OCSP response type")421 }422 var basicResp basicResponse423 rest, err = asn1.Unmarshal(resp.Response.Response, &basicResp)424 if err != nil {425 return nil, err426 }427 if len(basicResp.Certificates) > 1 {428 return nil, ParseError("OCSP response contains bad number of certificates")429 }430 if n := len(basicResp.TBSResponseData.Responses); n == 0 || cert == nil && n > 1 {431 return nil, ParseError("OCSP response contains bad number of responses")432 }433 ret := &Response{434 TBSResponseData: basicResp.TBSResponseData.Raw,435 Signature: basicResp.Signature.RightAlign(),436 SignatureAlgorithm: getSignatureAlgorithmFromOID(basicResp.SignatureAlgorithm.Algorithm),437 }438 if len(basicResp.Certificates) > 0 {439 ret.Certificate, err = x509.ParseCertificate(basicResp.Certificates[0].FullBytes)440 if err != nil {441 return nil, err442 }443 if err := ret.CheckSignatureFrom(ret.Certificate); err != nil {444 return nil, ParseError("bad OCSP signature")445 }446 if issuer != nil {447 if err := issuer.CheckSignature(ret.Certificate.SignatureAlgorithm, ret.Certificate.RawTBSCertificate, ret.Certificate.Signature); err != nil {448 return nil, ParseError("bad signature on embedded certificate")449 }450 }451 } else if issuer != nil {452 if err := ret.CheckSignatureFrom(issuer); err != nil {453 return nil, ParseError("bad OCSP signature")454 }455 }456 var r singleResponse457 for _, resp := range basicResp.TBSResponseData.Responses {458 if cert == nil || cert.SerialNumber.Cmp(resp.CertID.SerialNumber) == 0 {459 r = resp460 break461 }462 }463 for _, ext := range r.SingleExtensions {464 if ext.Critical {465 return nil, ParseError("unsupported critical extension")466 }467 }468 ret.Extensions = r.SingleExtensions469 ret.SerialNumber = r.CertID.SerialNumber470 for h, oid := range hashOIDs {471 if r.CertID.HashAlgorithm.Algorithm.Equal(oid) {472 ret.IssuerHash = h473 break474 }475 }476 if ret.IssuerHash == 0 {477 return nil, ParseError("unsupported issuer hash algorithm")478 }479 switch {480 case bool(r.Good):481 ret.Status = Good482 case bool(r.Unknown):483 ret.Status = Unknown484 default:485 ret.Status = Revoked486 ret.RevokedAt = r.Revoked.RevocationTime487 ret.RevocationReason = int(r.Revoked.Reason)488 }489 ret.ProducedAt = basicResp.TBSResponseData.ProducedAt490 ret.ThisUpdate = r.ThisUpdate491 ret.NextUpdate = r.NextUpdate492 return ret, nil493}494// RequestOptions contains options for constructing OCSP requests.495type RequestOptions struct {496 // Hash contains the hash function that should be used when497 // constructing the OCSP request. If zero, SHA-1 will be used.498 Hash crypto.Hash499}500func (opts *RequestOptions) hash() crypto.Hash {501 if opts == nil || opts.Hash == 0 {502 // SHA-1 is nearly universally used in OCSP.503 return crypto.SHA1504 }505 return opts.Hash506}507// CreateRequest returns a DER-encoded, OCSP request for the status of cert. If508// opts is nil then sensible defaults are used.509func CreateRequest(cert, issuer *x509.Certificate, opts *RequestOptions) ([]byte, error) {510 hashFunc := opts.hash()511 // OCSP seems to be the only place where these raw hash identifiers are512 // used. I took the following from513 // http://msdn.microsoft.com/en-us/library/ff635603.aspx514 _, ok := hashOIDs[hashFunc]515 if !ok {516 return nil, x509.ErrUnsupportedAlgorithm517 }518 if !hashFunc.Available() {519 return nil, x509.ErrUnsupportedAlgorithm520 }521 h := opts.hash().New()522 var publicKeyInfo struct {523 Algorithm pkix.AlgorithmIdentifier524 PublicKey asn1.BitString525 }526 if _, err := asn1.Unmarshal(issuer.RawSubjectPublicKeyInfo, &publicKeyInfo); err != nil {527 return nil, err528 }529 h.Write(publicKeyInfo.PublicKey.RightAlign())530 issuerKeyHash := h.Sum(nil)531 h.Reset()532 h.Write(issuer.RawSubject)533 issuerNameHash := h.Sum(nil)534 req := &Request{535 HashAlgorithm: hashFunc,536 IssuerNameHash: issuerNameHash,537 IssuerKeyHash: issuerKeyHash,538 SerialNumber: cert.SerialNumber,539 }540 return req.Marshal()541}542// CreateResponse returns a DER-encoded OCSP response with the specified contents.543// The fields in the response are populated as follows:544//545// The responder cert is used to populate the ResponderName field, and the certificate546// itself is provided alongside the OCSP response signature.547//548// The issuer cert is used to puplate the IssuerNameHash and IssuerKeyHash fields.549//550// The template is used to populate the SerialNumber, RevocationStatus, RevokedAt,551// RevocationReason, ThisUpdate, and NextUpdate fields.552//553// If template.IssuerHash is not set, SHA1 will be used.554//555// The ProducedAt date is automatically set to the current date, to the nearest minute.556func CreateResponse(issuer, responderCert *x509.Certificate, template Response, priv crypto.Signer) ([]byte, error) {557 var publicKeyInfo struct {558 Algorithm pkix.AlgorithmIdentifier559 PublicKey asn1.BitString560 }561 if _, err := asn1.Unmarshal(issuer.RawSubjectPublicKeyInfo, &publicKeyInfo); err != nil {562 return nil, err563 }564 if template.IssuerHash == 0 {565 template.IssuerHash = crypto.SHA1566 }567 hashOID := getOIDFromHashAlgorithm(template.IssuerHash)568 if hashOID == nil {569 return nil, errors.New("unsupported issuer hash algorithm")570 }571 if !template.IssuerHash.Available() {572 return nil, fmt.Errorf("issuer hash algorithm %v not linked into binarya", template.IssuerHash)573 }574 h := template.IssuerHash.New()575 h.Write(publicKeyInfo.PublicKey.RightAlign())576 issuerKeyHash := h.Sum(nil)577 h.Reset()578 h.Write(issuer.RawSubject)579 issuerNameHash := h.Sum(nil)580 innerResponse := singleResponse{581 CertID: certID{582 HashAlgorithm: pkix.AlgorithmIdentifier{583 Algorithm: hashOID,584 Parameters: asn1.RawValue{Tag: 5 /* ASN.1 NULL */},585 },586 NameHash: issuerNameHash,587 IssuerKeyHash: issuerKeyHash,588 SerialNumber: template.SerialNumber,589 },590 ThisUpdate: template.ThisUpdate.UTC(),591 NextUpdate: template.NextUpdate.UTC(),592 SingleExtensions: template.ExtraExtensions,593 }594 switch template.Status {595 case Good:596 innerResponse.Good = true597 case Unknown:598 innerResponse.Unknown = true599 case Revoked:600 innerResponse.Revoked = revokedInfo{601 RevocationTime: template.RevokedAt.UTC(),...
issuer
Using AI Code Generation
1import (2func main() {3 priv, err := rsa.GenerateKey(rand.Reader, 2048)4 if err != nil {5 fmt.Fprintf(os.Stderr, "Failed to generate private key: %s", err)6 os.Exit(1)7 }8 notBefore := time.Now()9 notAfter := notBefore.Add(365 * 24 * time.Hour)10 serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)11 serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)12 if err != nil {13 fmt.Fprintf(os.Stderr, "Failed to generate serial number: %s", err)14 os.Exit(1)15 }16 template := x509.Certificate{17 Subject: pkix.Name{18 Organization: []string{"Acme Co"},19 },20 ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},21 IPAddresses: []net.IP{net.ParseIP("
issuer
Using AI Code Generation
1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 fmt.Println("Error reading the certificate file")6 }7 block, _ := pem.Decode(cert)8 if block == nil {9 fmt.Println("Error parsing the certificate file")10 }11 parsedCert, err := x509.ParseCertificate(block.Bytes)12 if err != nil {13 fmt.Println("Error extracting the certificate")14 }15 fmt.Println(parsedCert.Issuer)16}
issuer
Using AI Code Generation
1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 panic(err)6 }7 certParsed, err := x509.ParseCertificate(cert)8 if err != nil {9 panic(err)10 }11 fmt.Println(certParsed.Issuer)12}13{C=US,O=Let's Encrypt,CN=Let's Encrypt Authority X3}
issuer
Using AI Code Generation
1import (2func main() {3 cert, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 fmt.Println("Error reading file")6 }7 block, _ := pem.Decode(cert)8 certObj, _ := x509.ParseCertificate(block.Bytes)9 fmt.Println(certObj.Issuer)10}11{C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3}
issuer
Using AI Code Generation
1import (2func main() {3 certPEMBlock, err := ioutil.ReadFile("public.crt")4 if err != nil {5 panic(err)6 }7 cert, err := x509.ParseCertificate(certPEMBlock)8 if err != nil {9 panic(err)10 }11 fmt.Println(issuer)12}13{C:US ST:CA L:San Francisco O:Acme, Inc. OU:Engineering CN:Acme Root CA}
issuer
Using AI Code Generation
1import (2func main() {3 certPEMBlock, err := ioutil.ReadFile("cert.pem")4 if err != nil {5 fmt.Println("Error reading certificate file")6 }7 certDERBlock, _ := pem.Decode(certPEMBlock)8 cert, err := x509.ParseCertificate(certDERBlock.Bytes)9 if err != nil {10 fmt.Println("Error parsing certificate")11 }12 fmt.Println(issuer)13}14{O=My Company Name LTD., L=Some-State, C=US}
issuer
Using AI Code Generation
1import (2func main() {3 pk, err := ioutil.ReadFile("public.pem")4 if err != nil {5 panic(err)6 }7 block, _ := pem.Decode(pk)8 cert, err := x509.ParseCertificate(block.Bytes)9 if err != nil {10 panic(err)11 }12 fmt.Println(cert.Issuer)13}14import (15func main() {16 pk, err := ioutil.ReadFile("public.pem")17 if err != nil {18 panic(err)19 }20 block, _ := pem.Decode(pk)21 cert, err := x509.ParseCertificate(block.Bytes)22 if err != nil {23 panic(err)24 }25 fmt.Println(cert.Subject)26}27import (28func main() {29 pk, err := ioutil.ReadFile("public.pem")30 if err != nil {31 panic(err)32 }33 block, _ := pem.Decode(pk)
Learn to execute automation testing from scratch with LambdaTest Learning Hub. Right from setting up the prerequisites to run your first automation test, to following best practices and diving deeper into advanced test scenarios. LambdaTest Learning Hubs compile a list of step-by-step guides to help you be proficient with different test automation frameworks i.e. Selenium, Cypress, TestNG etc.
You could also refer to video tutorials over LambdaTest YouTube channel to get step by step demonstration from industry experts.
Get 100 minutes of automation test minutes FREE!!