OXIESEC PANEL
- Current Dir:
/
/
opt
/
golang
/
1.22.0
/
src
/
crypto
/
x509
Server IP: 191.96.63.230
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
boring.go
993 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
boring_test.go
3.75 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
cert_pool.go
8.93 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
cert_pool_test.go
2.25 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
example_test.go
5.32 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
hybrid_pool_test.go
3.72 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
internal
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
name_constraints_test.go
44.92 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
notboring.go
258 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
oid.go
5.75 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
oid_test.go
3.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
parser.go
36.57 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
parser_test.go
2.63 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pem_decrypt.go
7.2 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pem_decrypt_test.go
8.92 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs1.go
4.66 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs8.go
5.8 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
pkcs8_test.go
8.95 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
pkix
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
platform_root_cert.pem
749 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
platform_root_key.pem
227 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
platform_test.go
7.28 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root.go
2.03 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_aix.go
410 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_bsd.go
748 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_darwin.go
3.48 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_darwin_test.go
3.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_linux.go
1.11 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_plan9.go
828 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_solaris.go
538 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_test.go
2.62 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_unix.go
2.67 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_unix_test.go
6.07 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_wasm.go
373 bytes
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_windows.go
8.74 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
root_windows_test.go
3.43 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
sec1.go
4.58 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
sec1_test.go
5.36 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
test-file.crt
1.9 KB
02/02/2024 06:09:55 PM
rw-r--r--
📁
testdata
-
02/02/2024 06:09:55 PM
rwxr-xr-x
📄
verify.go
35.3 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
verify_test.go
108.97 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509.go
82.3 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509_test.go
159.96 KB
02/02/2024 06:09:55 PM
rw-r--r--
📄
x509_test_import.go
1.7 KB
02/02/2024 06:09:55 PM
rw-r--r--
Editing: root_darwin.go
Close
// Copyright 2020 The Go Authors. All rights reserved. // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. package x509 import ( macOS "crypto/x509/internal/macos" "errors" "fmt" ) func (c *Certificate) systemVerify(opts *VerifyOptions) (chains [][]*Certificate, err error) { certs := macOS.CFArrayCreateMutable() defer macOS.ReleaseCFArray(certs) leaf, err := macOS.SecCertificateCreateWithData(c.Raw) if err != nil { return nil, errors.New("invalid leaf certificate") } macOS.CFArrayAppendValue(certs, leaf) if opts.Intermediates != nil { for _, lc := range opts.Intermediates.lazyCerts { c, err := lc.getCert() if err != nil { return nil, err } sc, err := macOS.SecCertificateCreateWithData(c.Raw) if err != nil { return nil, err } macOS.CFArrayAppendValue(certs, sc) } } policies := macOS.CFArrayCreateMutable() defer macOS.ReleaseCFArray(policies) sslPolicy, err := macOS.SecPolicyCreateSSL(opts.DNSName) if err != nil { return nil, err } macOS.CFArrayAppendValue(policies, sslPolicy) trustObj, err := macOS.SecTrustCreateWithCertificates(certs, policies) if err != nil { return nil, err } defer macOS.CFRelease(trustObj) if !opts.CurrentTime.IsZero() { dateRef := macOS.TimeToCFDateRef(opts.CurrentTime) defer macOS.CFRelease(dateRef) if err := macOS.SecTrustSetVerifyDate(trustObj, dateRef); err != nil { return nil, err } } // TODO(roland): we may want to allow passing in SCTs via VerifyOptions and // set them via SecTrustSetSignedCertificateTimestamps, since Apple will // always enforce its SCT requirements, and there are still _some_ people // using TLS or OCSP for that. if ret, err := macOS.SecTrustEvaluateWithError(trustObj); err != nil { switch ret { case macOS.ErrSecCertificateExpired: return nil, CertificateInvalidError{c, Expired, err.Error()} case macOS.ErrSecHostNameMismatch: return nil, HostnameError{c, opts.DNSName} case macOS.ErrSecNotTrusted: return nil, UnknownAuthorityError{Cert: c} default: return nil, fmt.Errorf("x509: %s", err) } } chain := [][]*Certificate{{}} numCerts := macOS.SecTrustGetCertificateCount(trustObj) for i := 0; i < numCerts; i++ { certRef, err := macOS.SecTrustGetCertificateAtIndex(trustObj, i) if err != nil { return nil, err } cert, err := exportCertificate(certRef) if err != nil { return nil, err } chain[0] = append(chain[0], cert) } if len(chain[0]) == 0 { // This should _never_ happen, but to be safe return nil, errors.New("x509: macOS certificate verification internal error") } if opts.DNSName != "" { // If we have a DNS name, apply our own name verification if err := chain[0][0].VerifyHostname(opts.DNSName); err != nil { return nil, err } } keyUsages := opts.KeyUsages if len(keyUsages) == 0 { keyUsages = []ExtKeyUsage{ExtKeyUsageServerAuth} } // If any key usage is acceptable then we're done. for _, usage := range keyUsages { if usage == ExtKeyUsageAny { return chain, nil } } if !checkChainForKeyUsage(chain[0], keyUsages) { return nil, CertificateInvalidError{c, IncompatibleUsage, ""} } return chain, nil } // exportCertificate returns a *Certificate for a SecCertificateRef. func exportCertificate(cert macOS.CFRef) (*Certificate, error) { data, err := macOS.SecCertificateCopyData(cert) if err != nil { return nil, err } return ParseCertificate(data) } func loadSystemRoots() (*CertPool, error) { return &CertPool{systemPool: true}, nil }