Gecko [ 167.86.127.34 ]

Name	Size	Permission
pkix	[ DIR ]	drwxr-xr-x
testdata	[ DIR ]	drwxr-xr-x
cert_pool.go	3.75 KB	-rw-r--r--
example_test.go	5.32 KB	-rw-r--r--
name_constraints_test.go	44.98 KB	-rw-r--r--
pem_decrypt.go	6.5 KB	-rw-r--r--
pem_decrypt_test.go	8.92 KB	-rw-r--r--
pkcs1.go	4.64 KB	-rw-r--r--
pkcs8.go	4.36 KB	-rw-r--r--
pkcs8_test.go	8.05 KB	-rw-r--r--
root.go	483 B	-rw-r--r--
root_aix.go	290 B	-rw-r--r--
root_bsd.go	518 B	-rw-r--r--
root_cgo_darwin.go	11.47 KB	-rw-r--r--
root_darwin.go	8.24 KB	-rw-r--r--
root_darwin_arm_gen.go	4.54 KB	-rw-r--r--
root_darwin_armx.go	256.1 KB	-rw-r--r--
root_darwin_test.go	4.31 KB	-rw-r--r--
root_js.go	275 B	-rw-r--r--
root_linux.go	684 B	-rw-r--r--
root_nocgo_darwin.go	264 B	-rw-r--r--
root_plan9.go	844 B	-rw-r--r--
root_solaris.go	419 B	-rw-r--r--
root_unix.go	2.16 KB	-rw-r--r--
root_unix_test.go	3.02 KB	-rw-r--r--
root_windows.go	9.98 KB	-rw-r--r--
sec1.go	4.25 KB	-rw-r--r--
sec1_test.go	5.36 KB	-rw-r--r--
test-file.crt	1.9 KB	-rw-r--r--
verify.go	33.48 KB	-rw-r--r--
verify_test.go	88.68 KB	-rw-r--r--
x509.go	81.23 KB	-rw-r--r--
x509_test.go	97.43 KB	-rw-r--r--
x509_test_import.go	1.7 KB	-rw-r--r--

Code Editor : cert_pool.go

// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509

import (
	"encoding/pem"
	"errors"
	"runtime"
)

// CertPool is a set of certificates.
type CertPool struct {
	bySubjectKeyId map[string][]int
	byName         map[string][]int
	certs          []*Certificate
}

// NewCertPool returns a new, empty CertPool.
func NewCertPool() *CertPool {
	return &CertPool{
		bySubjectKeyId: make(map[string][]int),
		byName:         make(map[string][]int),
	}
}

func (s *CertPool) copy() *CertPool {
	p := &CertPool{
		bySubjectKeyId: make(map[string][]int, len(s.bySubjectKeyId)),
		byName:         make(map[string][]int, len(s.byName)),
		certs:          make([]*Certificate, len(s.certs)),
	}
	for k, v := range s.bySubjectKeyId {
		indexes := make([]int, len(v))
		copy(indexes, v)
		p.bySubjectKeyId[k] = indexes
	}
	for k, v := range s.byName {
		indexes := make([]int, len(v))
		copy(indexes, v)
		p.byName[k] = indexes
	}
	copy(p.certs, s.certs)
	return p
}

// SystemCertPool returns a copy of the system cert pool.
//
// Any mutations to the returned pool are not written to disk and do
// not affect any other pool returned by SystemCertPool.
//
// New changes in the system cert pool might not be reflected
// in subsequent calls.
func SystemCertPool() (*CertPool, error) {
	if runtime.GOOS == "windows" {
		// Issue 16736, 18609:
		return nil, errors.New("crypto/x509: system root pool is not available on Windows")
	}

if sysRoots := systemRootsPool(); sysRoots != nil {
		return sysRoots.copy(), nil
	}

return loadSystemRoots()
}

// findPotentialParents returns the indexes of certificates in s which might
// have signed cert. The caller must not modify the returned slice.
func (s *CertPool) findPotentialParents(cert *Certificate) []int {
	if s == nil {
		return nil
	}

var candidates []int
	if len(cert.AuthorityKeyId) > 0 {
		candidates = s.bySubjectKeyId[string(cert.AuthorityKeyId)]
	}
	if len(candidates) == 0 {
		candidates = s.byName[string(cert.RawIssuer)]
	}
	return candidates
}

func (s *CertPool) contains(cert *Certificate) bool {
	if s == nil {
		return false
	}

candidates := s.byName[string(cert.RawSubject)]
	for _, c := range candidates {
		if s.certs[c].Equal(cert) {
			return true
		}
	}

return false
}

// AddCert adds a certificate to a pool.
func (s *CertPool) AddCert(cert *Certificate) {
	if cert == nil {
		panic("adding nil Certificate to CertPool")
	}

// Check that the certificate isn't being added twice.
	if s.contains(cert) {
		return
	}

n := len(s.certs)
	s.certs = append(s.certs, cert)

if len(cert.SubjectKeyId) > 0 {
		keyId := string(cert.SubjectKeyId)
		s.bySubjectKeyId[keyId] = append(s.bySubjectKeyId[keyId], n)
	}
	name := string(cert.RawSubject)
	s.byName[name] = append(s.byName[name], n)
}

// AppendCertsFromPEM attempts to parse a series of PEM encoded certificates.
// It appends any certificates found to s and reports whether any certificates
// were successfully parsed.
//
// On many Linux systems, /etc/ssl/cert.pem will contain the system wide set
// of root CAs in a format suitable for this function.
func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) {
	for len(pemCerts) > 0 {
		var block *pem.Block
		block, pemCerts = pem.Decode(pemCerts)
		if block == nil {
			break
		}
		if block.Type != "CERTIFICATE" || len(block.Headers) != 0 {
			continue
		}

cert, err := ParseCertificate(block.Bytes)
		if err != nil {
			continue
		}

s.AddCert(cert)
		ok = true
	}

return
}

// Subjects returns a list of the DER-encoded subjects of
// all of the certificates in the pool.
func (s *CertPool) Subjects() [][]byte {
	res := make([][]byte, len(s.certs))
	for i, c := range s.certs {
		res[i] = c.RawSubject
	}
	return res
}

${this.title}

Code Editor : cert_pool.go