github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_explicit_text_too_long.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_cert_policy_explicit_text_too_long.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /*******************************************************************
    18  An explicitText field includes the textual statement directly in
    19  the certificate.  The explicitText field is a string with a
    20  maximum size of 200 characters.  Conforming CAs SHOULD use the
    21  UTF8String encoding for explicitText.  VisibleString or BMPString
    22  are acceptable but less preferred alternatives.  Conforming CAs
    23  MUST NOT encode explicitText as IA5String.  The explicitText string
    24  SHOULD NOT include any control characters (e.g., U+0000 to U+001F
    25  and U+007F to U+009F).  When the UTF8String or BMPString encoding
    26  is used, all character sequences SHOULD be normalized according
    27  to Unicode normalization form C (NFC) [NFC].
    28  *******************************************************************/
    29  
    30  import (
    31  	"github.com/zmap/zcrypto/x509"
    32  	"github.com/zmap/zlint/util"
    33  )
    34  
    35  type explicitTextTooLong struct{}
    36  
    37  const tagBMPString int = 30
    38  
    39  func (l *explicitTextTooLong) Initialize() error {
    40  	return nil
    41  }
    42  
    43  func (l *explicitTextTooLong) CheckApplies(c *x509.Certificate) bool {
    44  	for _, text := range c.ExplicitTexts {
    45  		if text != nil {
    46  			return true
    47  		}
    48  	}
    49  	return false
    50  }
    51  
    52  func (l *explicitTextTooLong) Execute(c *x509.Certificate) *LintResult {
    53  	for _, firstLvl := range c.ExplicitTexts {
    54  		for _, text := range firstLvl {
    55  			var runes string
    56  			// If the field is a BMPString, we need to parse the bytes out into
    57  			// UTF-16-BE runes in order to check their length accurately
    58  			// The `Bytes` attribute here is the raw representation of the userNotice
    59  			if text.Tag == tagBMPString {
    60  				runes, _ = util.ParseBMPString(text.Bytes)
    61  			} else {
    62  				runes = string(text.Bytes)
    63  			}
    64  			if len(runes) > 200 {
    65  				return &LintResult{Status: Error}
    66  			}
    67  		}
    68  	}
    69  	return &LintResult{Status: Pass}
    70  }
    71  
    72  func init() {
    73  	RegisterLint(&Lint{
    74  		Name:          "e_ext_cert_policy_explicit_text_too_long",
    75  		Description:   "Explicit text has a maximum size of 200 characters",
    76  		Citation:      "RFC 6818: 3",
    77  		Source:        RFC5280,
    78  		EffectiveDate: util.RFC6818Date,
    79  		Lint:          &explicitTextTooLong{},
    80  	})
    81  }