github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/cpcps/lint_validity_period_has_extra_second.go

github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/cpcps/lint_validity_period_has_extra_second.go (about)

     1  package cpcps
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/zmap/zcrypto/x509"
     7  	"github.com/zmap/zlint/v3/lint"
     8  
     9  	"github.com/letsencrypt/boulder/linter/lints"
    10  )
    11  
    12  type certValidityNotRound struct{}
    13  
    14  func init() {
    15  	lint.RegisterCertificateLint(&lint.CertificateLint{
    16  		LintMetadata: lint.LintMetadata{
    17  			Name:          "w_validity_period_has_extra_second",
    18  			Description:   "Let's Encrypt Certificates have Validity Periods that are a round number of seconds",
    19  			Citation:      "CPS: 7.1",
    20  			Source:        lints.LetsEncryptCPS,
    21  			EffectiveDate: lints.CPSV33Date,
    22  		},
    23  		Lint: NewCertValidityNotRound,
    24  	})
    25  }
    26  
    27  func NewCertValidityNotRound() lint.CertificateLintInterface {
    28  	return &certValidityNotRound{}
    29  }
    30  
    31  func (l *certValidityNotRound) CheckApplies(c *x509.Certificate) bool {
    32  	return true
    33  }
    34  
    35  func (l *certValidityNotRound) Execute(c *x509.Certificate) *lint.LintResult {
    36  	// RFC 5280 4.1.2.5: "The validity period for a certificate is the period
    37  	// of time from notBefore through notAfter, inclusive."
    38  	certValidity := c.NotAfter.Add(time.Second).Sub(c.NotBefore)
    39  
    40  	if certValidity%60 == 0 {
    41  		return &lint.LintResult{Status: lint.Pass}
    42  	}
    43  
    44  	return &lint.LintResult{Status: lint.Error}
    45  }