const formatSHA256 … var supportedFormats … type Set … // NewSet returns a new, empty PubKeyPinSet func NewSet() *Set { … } // Allow adds an allowed public key hash to the Set func (s *Set) Allow(pubKeyHashes ...string) error { … } // CheckAny checks if at least one certificate matches one of the public keys in the set func (s *Set) CheckAny(certificates []*x509.Certificate) error { … } // Empty returns true if the Set contains no pinned public keys. func (s *Set) Empty() bool { … } // Hash calculates the SHA-256 hash of the Subject Public Key Information (SPKI) // object in an x509 certificate (in DER encoding). It returns the full hash as a // hex encoded string (suitable for passing to Set.Allow). func Hash(certificate *x509.Certificate) string { … } // allowSHA256 validates a "sha256" format hash and adds a canonical version of it into the Set func (s *Set) allowSHA256(hash string) error { … } // checkSHA256 returns true if the certificate's "sha256" hash is pinned in the Set func (s *Set) checkSHA256(certificate *x509.Certificate) bool { … }