github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/rfc/lint_crl_via_pkimetal.go

github.com/letsencrypt/boulder@v0.20251208.0/linter/lints/rfc/lint_crl_via_pkimetal.go (about)

     1  package rfc
     2  
     3  import (
     4  	"github.com/zmap/zcrypto/x509"
     5  	"github.com/zmap/zlint/v3/lint"
     6  	"github.com/zmap/zlint/v3/util"
     7  )
     8  
     9  type crlViaPKIMetal struct {
    10  	PKIMetalConfig
    11  }
    12  
    13  func init() {
    14  	lint.RegisterRevocationListLint(&lint.RevocationListLint{
    15  		LintMetadata: lint.LintMetadata{
    16  			Name:          "e_pkimetal_lint_cabf_serverauth_crl",
    17  			Description:   "Runs pkimetal's suite of cabf serverauth CRL lints",
    18  			Citation:      "https://github.com/pkimetal/pkimetal",
    19  			Source:        lint.Community,
    20  			EffectiveDate: util.CABEffectiveDate,
    21  		},
    22  		Lint: NewCrlViaPKIMetal,
    23  	})
    24  }
    25  
    26  func NewCrlViaPKIMetal() lint.RevocationListLintInterface {
    27  	return &crlViaPKIMetal{}
    28  }
    29  
    30  func (l *crlViaPKIMetal) Configure() any {
    31  	return l
    32  }
    33  
    34  func (l *crlViaPKIMetal) CheckApplies(c *x509.RevocationList) bool {
    35  	// This lint applies to all CRLs issued by Boulder, as long as it has
    36  	// been configured with an address to reach out to. If not, skip it.
    37  	return l.Addr != ""
    38  }
    39  
    40  func (l *crlViaPKIMetal) Execute(c *x509.RevocationList) *lint.LintResult {
    41  	res, err := l.execute("lintcrl", c.Raw)
    42  	if err != nil {
    43  		return &lint.LintResult{
    44  			Status:  lint.Error,
    45  			Details: err.Error(),
    46  		}
    47  	}
    48  
    49  	return res
    50  }