github.com/zmap/zlint@v1.1.0/lints/lint_ext_policy_map_not_in_cert_policy.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_policy_map_not_in_cert_policy.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /*********************************************************************
    18  RFC 5280: 4.2.1.5
    19  Each issuerDomainPolicy named in the policy mapping extension SHOULD
    20     also be asserted in a certificate policies extension in the same
    21     certificate.  Policies SHOULD NOT be mapped either to or from the
    22     special value anyPolicy (section 4.2.1.5).
    23  *********************************************************************/
    24  
    25  import (
    26  	"github.com/zmap/zcrypto/x509"
    27  	"github.com/zmap/zlint/util"
    28  )
    29  
    30  type policyMapMatchesCertPolicy struct{}
    31  
    32  func (l *policyMapMatchesCertPolicy) Initialize() error {
    33  	return nil
    34  }
    35  
    36  func (l *policyMapMatchesCertPolicy) CheckApplies(c *x509.Certificate) bool {
    37  	return util.IsExtInCert(c, util.PolicyMapOID)
    38  }
    39  
    40  func (l *policyMapMatchesCertPolicy) Execute(c *x509.Certificate) *LintResult {
    41  	extPolMap := util.GetExtFromCert(c, util.PolicyMapOID)
    42  	polMap, err := util.GetMappedPolicies(extPolMap)
    43  	if err != nil {
    44  		return &LintResult{Status: Fatal}
    45  	}
    46  	for _, pair := range polMap {
    47  		if !util.SliceContainsOID(c.PolicyIdentifiers, pair[0]) {
    48  			return &LintResult{Status: Warn}
    49  		}
    50  	}
    51  	return &LintResult{Status: Pass}
    52  }
    53  
    54  func init() {
    55  	RegisterLint(&Lint{
    56  		Name:          "w_ext_policy_map_not_in_cert_policy",
    57  		Description:   "Each issuerDomainPolicy named in the policy mappings extension should also be asserted in a certificate policies extension",
    58  		Citation:      "RFC 5280: 4.2.1.5",
    59  		Source:        RFC5280,
    60  		EffectiveDate: util.RFC3280Date,
    61  		Lint:          &policyMapMatchesCertPolicy{},
    62  	})
    63  }