github.com/zmap/zlint@v1.1.0/lints/lint_inhibit_any_policy_not_critical.go

github.com/zmap/zlint@v1.1.0/lints/lint_inhibit_any_policy_not_critical.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18  4.2.1.14.  Inhibit anyPolicy
    19     The inhibit anyPolicy extension can be used in certificates issued to CAs.
    20     The inhibit anyPolicy extension indicates that the special anyPolicy OID,
    21     with the value { 2 5 29 32 0 }, is not considered an explicit match for other
    22     certificate policies except when it appears in an intermediate self-issued
    23     CA certificate. The value indicates the number of additional non-self-issued
    24     certificates that may appear in the path before anyPolicy is no longer permitted.
    25     For example, a value of one indicates that anyPolicy may be processed in
    26     certificates issued by the subject of this certificate, but not in additional
    27     certificates in the path.
    28  
    29     Conforming CAs MUST mark this extension as critical.
    30  ************************************************/
    31  
    32  import (
    33  	"github.com/zmap/zcrypto/x509"
    34  	"github.com/zmap/zlint/util"
    35  )
    36  
    37  type InhibitAnyPolicyNotCritical struct{}
    38  
    39  func (l *InhibitAnyPolicyNotCritical) Initialize() error {
    40  	return nil
    41  }
    42  
    43  func (l *InhibitAnyPolicyNotCritical) CheckApplies(cert *x509.Certificate) bool {
    44  	return util.IsExtInCert(cert, util.InhibitAnyPolicyOID)
    45  }
    46  
    47  func (l *InhibitAnyPolicyNotCritical) Execute(cert *x509.Certificate) *LintResult {
    48  	if anyPol := util.GetExtFromCert(cert, util.InhibitAnyPolicyOID); !anyPol.Critical {
    49  		return &LintResult{Status: Error}
    50  	} //else
    51  	return &LintResult{Status: Pass}
    52  }
    53  
    54  func init() {
    55  	RegisterLint(&Lint{
    56  		Name:          "e_inhibit_any_policy_not_critical",
    57  		Description:   "CAs MUST mark the inhibitAnyPolicy extension as critical",
    58  		Citation:      "RFC 5280: 4.2.1.14",
    59  		Source:        RFC5280,
    60  		EffectiveDate: util.RFC3280Date,
    61  		Lint:          &InhibitAnyPolicyNotCritical{},
    62  	})
    63  }