github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_explicit_text_ia5_string.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_explicit_text_ia5_string.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /********************************************************************
    18  
    19  An explicitText field includes the textual statement directly in
    20  the certificate.  The explicitText field is a string with a
    21  maximum size of 200 characters.  Conforming CAs SHOULD use the
    22  UTF8String encoding for explicitText.  VisibleString or BMPString
    23  are acceptable but less preferred alternatives.  Conforming CAs
    24  MUST NOT encode explicitText as IA5String.  The explicitText string
    25  SHOULD NOT include any control characters (e.g., U+0000 to U+001F
    26  and U+007F to U+009F).  When the UTF8String or BMPString encoding
    27  is used, all character sequences SHOULD be normalized according
    28  to Unicode normalization form C (NFC) [NFC].
    29  ********************************************************************/
    30  
    31  import (
    32  	"github.com/zmap/zcrypto/x509"
    33  	"github.com/zmap/zlint/util"
    34  )
    35  
    36  type explicitTextIA5String struct{}
    37  
    38  func (l *explicitTextIA5String) Initialize() error {
    39  	return nil
    40  }
    41  
    42  func (l *explicitTextIA5String) CheckApplies(c *x509.Certificate) bool {
    43  	for _, text := range c.ExplicitTexts {
    44  		if text != nil {
    45  			return true
    46  		}
    47  	}
    48  	return false
    49  }
    50  
    51  func (l *explicitTextIA5String) Execute(c *x509.Certificate) *LintResult {
    52  	for _, firstLvl := range c.ExplicitTexts {
    53  		for _, text := range firstLvl {
    54  			if text.Tag == 22 {
    55  				return &LintResult{Status: Error}
    56  			}
    57  		}
    58  	}
    59  	return &LintResult{Status: Pass}
    60  }
    61  
    62  func init() {
    63  	RegisterLint(&Lint{
    64  		Name:          "e_ext_cert_policy_explicit_text_ia5_string",
    65  		Description:   "Compliant certificates must not encode explicitTest as an IA5String",
    66  		Citation:      "RFC 6818: 3",
    67  		Source:        RFC5280,
    68  		EffectiveDate: util.RFC6818Date,
    69  		Lint:          &explicitTextIA5String{},
    70  	})
    71  }