github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_contains_noticeref.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_contains_noticeref.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /********************************************************************
    18  The user notice has two optional fields: the noticeRef field and the
    19  explicitText field. Conforming CAs SHOULD NOT use the noticeRef
    20  option.
    21  ********************************************************************/
    22  
    23  import (
    24  	"github.com/zmap/zcrypto/x509"
    25  	"github.com/zmap/zlint/util"
    26  )
    27  
    28  type noticeRefPres struct{}
    29  
    30  func (l *noticeRefPres) Initialize() error {
    31  	return nil
    32  }
    33  
    34  func (l *noticeRefPres) CheckApplies(c *x509.Certificate) bool {
    35  	return util.IsExtInCert(c, util.CertPolicyOID)
    36  }
    37  
    38  func (l *noticeRefPres) Execute(c *x509.Certificate) *LintResult {
    39  	for _, firstLvl := range c.NoticeRefNumbers {
    40  		for _, number := range firstLvl {
    41  			if number != nil {
    42  				return &LintResult{Status: Warn}
    43  			}
    44  		}
    45  	}
    46  	for _, firstLvl := range c.NoticeRefOrgnization {
    47  		for _, org := range firstLvl {
    48  			if len(org.Bytes) != 0 {
    49  				return &LintResult{Status: Warn}
    50  			}
    51  		}
    52  	}
    53  
    54  	return &LintResult{Status: Pass}
    55  }
    56  
    57  func init() {
    58  	RegisterLint(&Lint{
    59  		Name:          "w_ext_cert_policy_contains_noticeref",
    60  		Description:   "Compliant certificates SHOULD NOT use the noticeRef option",
    61  		Citation:      "RFC 5280: 4.2.1.4",
    62  		Source:        RFC5280,
    63  		EffectiveDate: util.RFC5280Date,
    64  		Lint:          &noticeRefPres{},
    65  	})
    66  }