github.com/zmap/zlint@v1.1.0/lints/lint_cert_contains_unique_identifier.go

github.com/zmap/zlint@v1.1.0/lints/lint_cert_contains_unique_identifier.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18   These fields MUST only appear if the version is 2 or 3 (Section 4.1.2.1).
    19   These fields MUST NOT appear if the version is 1. The subject and issuer
    20   unique identifiers are present in the certificate to handle the possibility
    21   of reuse of subject and/or issuer names over time. This profile RECOMMENDS
    22   that names not be reused for different entities and that Internet certificates
    23   not make use of unique identifiers. CAs conforming to this profile MUST NOT
    24   generate certificates with unique identifiers. Applications conforming to
    25   this profile SHOULD be capable of parsing certificates that include unique
    26   identifiers, but there are no processing requirements associated with the
    27   unique identifiers.
    28  ************************************************/
    29  
    30  import (
    31  	"github.com/zmap/zcrypto/x509"
    32  	"github.com/zmap/zlint/util"
    33  )
    34  
    35  type CertContainsUniqueIdentifier struct{}
    36  
    37  func (l *CertContainsUniqueIdentifier) Initialize() error {
    38  	return nil
    39  }
    40  
    41  func (l *CertContainsUniqueIdentifier) CheckApplies(cert *x509.Certificate) bool {
    42  	return true
    43  }
    44  
    45  func (l *CertContainsUniqueIdentifier) Execute(cert *x509.Certificate) *LintResult {
    46  	if cert.IssuerUniqueId.Bytes == nil && cert.SubjectUniqueId.Bytes == nil {
    47  		return &LintResult{Status: Pass}
    48  	} //else
    49  	return &LintResult{Status: Error}
    50  }
    51  
    52  func init() {
    53  	RegisterLint(&Lint{
    54  		Name:          "e_cert_contains_unique_identifier",
    55  		Description:   "CAs MUST NOT generate certificate with unique identifiers",
    56  		Source:        RFC5280,
    57  		Citation:      "RFC 5280: 4.1.2.8",
    58  		EffectiveDate: util.RFC5280Date,
    59  		Lint:          &CertContainsUniqueIdentifier{},
    60  	})
    61  }