github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_duplicate.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_duplicate.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18    The certificate policies extension contains a sequence of one or more
    19    policy information terms, each of which consists of an object identifier
    20    (OID) and optional qualifiers. Optional qualifiers, which MAY be present,
    21    are not expected to change the definition of the policy. A certificate
    22    policy OID MUST NOT appear more than once in a certificate policies extension.
    23  ************************************************/
    24  
    25  import (
    26  	"github.com/zmap/zcrypto/x509"
    27  	"github.com/zmap/zlint/util"
    28  )
    29  
    30  type ExtCertPolicyDuplicate struct{}
    31  
    32  func (l *ExtCertPolicyDuplicate) Initialize() error {
    33  	return nil
    34  }
    35  
    36  func (l *ExtCertPolicyDuplicate) CheckApplies(cert *x509.Certificate) bool {
    37  	return util.IsExtInCert(cert, util.CertPolicyOID)
    38  }
    39  
    40  func (l *ExtCertPolicyDuplicate) Execute(cert *x509.Certificate) *LintResult {
    41  	// O(n^2) is not terrible here because n is small
    42  	for i := 0; i < len(cert.PolicyIdentifiers); i++ {
    43  		for j := i + 1; j < len(cert.PolicyIdentifiers); j++ {
    44  			if i != j && cert.PolicyIdentifiers[i].Equal(cert.PolicyIdentifiers[j]) {
    45  				// Any one duplicate fails the test, so return here
    46  				return &LintResult{Status: Error}
    47  			}
    48  		}
    49  	}
    50  	return &LintResult{Status: Pass}
    51  }
    52  
    53  func init() {
    54  	RegisterLint(&Lint{
    55  		Name:          "e_ext_cert_policy_duplicate",
    56  		Description:   "A certificate policy OID must not appear more than once in the extension",
    57  		Citation:      "RFC 5280: 4.2.1.4",
    58  		Source:        RFC5280,
    59  		EffectiveDate: util.RFC5280Date,
    60  		Lint:          &ExtCertPolicyDuplicate{},
    61  	})
    62  }