github.com/zmap/zlint@v1.1.0/lints/lint_ext_san_other_name_present.go

github.com/zmap/zlint@v1.1.0/lints/lint_ext_san_other_name_present.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************************************************************************
    18  7.1.4.2.1. Subject Alternative Name Extension
    19  Certificate Field: extensions:subjectAltName
    20  Required/Optional:  Required
    21  Contents:  This extension MUST contain at least one entry.  Each entry MUST be either a dNSName containing
    22  the Fully‐Qualified Domain Name or an iPAddress containing the IP address of a server.  The CA MUST
    23  confirm that the Applicant controls the Fully‐Qualified Domain Name or IP address or has been granted the
    24  right to use it by the Domain Name Registrant or IP address assignee, as appropriate.
    25  Wildcard FQDNs are permitted.
    26  *************************************************************************************************************/
    27  
    28  import (
    29  	"github.com/zmap/zcrypto/x509"
    30  	"github.com/zmap/zlint/util"
    31  )
    32  
    33  type SANOtherName struct{}
    34  
    35  func (l *SANOtherName) Initialize() error {
    36  	return nil
    37  }
    38  
    39  func (l *SANOtherName) CheckApplies(c *x509.Certificate) bool {
    40  	return util.IsExtInCert(c, util.SubjectAlternateNameOID)
    41  }
    42  
    43  func (l *SANOtherName) Execute(c *x509.Certificate) *LintResult {
    44  	if c.OtherNames != nil {
    45  		return &LintResult{Status: Error}
    46  	}
    47  	return &LintResult{Status: Pass}
    48  }
    49  
    50  func init() {
    51  	RegisterLint(&Lint{
    52  		Name:          "e_ext_san_other_name_present",
    53  		Description:   "The Subject Alternate Name extension MUST contain only 'dnsName' and 'ipaddress' name types.",
    54  		Citation:      "BRs: 7.1.4.2.1",
    55  		Source:        CABFBaselineRequirements,
    56  		EffectiveDate: util.CABEffectiveDate,
    57  		Lint:          &SANOtherName{},
    58  	})
    59  }