github.com/zmap/zlint@v1.1.0/lints/lint_ext_aia_access_location_missing.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_aia_access_location_missing.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18  RFC 5280: 4.2.2.1
    19  An authorityInfoAccess extension may include multiple instances of
    20     the id-ad-caIssuers accessMethod.  The different instances may
    21     specify different methods for accessing the same information or may
    22     point to different information.  When the id-ad-caIssuers
    23     accessMethod is used, at least one instance SHOULD specify an
    24     accessLocation that is an HTTP [RFC2616] or LDAP [RFC4516] URI.
    25  
    26  ************************************************/
    27  
    28  import (
    29  	"strings"
    30  
    31  	"github.com/zmap/zcrypto/x509"
    32  	"github.com/zmap/zlint/util"
    33  )
    34  
    35  type aiaNoHTTPorLDAP struct{}
    36  
    37  func (l *aiaNoHTTPorLDAP) Initialize() error {
    38  	return nil
    39  }
    40  
    41  func (l *aiaNoHTTPorLDAP) CheckApplies(c *x509.Certificate) bool {
    42  	return util.IsExtInCert(c, util.AiaOID) && c.IssuingCertificateURL != nil
    43  }
    44  
    45  func (l *aiaNoHTTPorLDAP) Execute(c *x509.Certificate) *LintResult {
    46  	for _, caIssuer := range c.IssuingCertificateURL {
    47  		if caIssuer = strings.ToLower(caIssuer); strings.HasPrefix(caIssuer, "http://") || strings.HasPrefix(caIssuer, "ldap://") {
    48  			return &LintResult{Status: Pass}
    49  		}
    50  	}
    51  	return &LintResult{Status: Warn}
    52  }
    53  
    54  func init() {
    55  	RegisterLint(&Lint{
    56  		Name:          "w_ext_aia_access_location_missing",
    57  		Description:   "When the id-ad-caIssuers accessMethod is used, at least one instance SHOULD specify an accessLocation that is an HTTP or LDAP URI",
    58  		Citation:      "RFC 5280: 4.2.2.1",
    59  		Source:        RFC5280,
    60  		EffectiveDate: util.RFC5280Date,
    61  		Lint:          &aiaNoHTTPorLDAP{},
    62  	})
    63  }