github.com/zmap/zlint@v1.1.0/lints/lint_name_constraint_maximum_not_absent.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 /************************************************************************ 18 RFC 5280: 4.2.1.10 19 Within this profile, the minimum and maximum fields are not used with 20 any name forms, thus, the minimum MUST be zero, and maximum MUST be 21 absent. However, if an application encounters a critical name 22 constraints extension that specifies other values for minimum or 23 maximum for a name form that appears in a subsequent certificate, the 24 application MUST either process these fields or reject the 25 certificate. 26 ************************************************************************/ 27 28 import ( 29 "github.com/zmap/zcrypto/x509" 30 "github.com/zmap/zlint/util" 31 ) 32 33 type nameConstraintMax struct{} 34 35 func (l *nameConstraintMax) Initialize() error { 36 return nil 37 } 38 39 func (l *nameConstraintMax) CheckApplies(c *x509.Certificate) bool { 40 return util.IsExtInCert(c, util.NameConstOID) 41 } 42 43 func (l *nameConstraintMax) Execute(c *x509.Certificate) *LintResult { 44 for _, i := range c.PermittedDNSNames { 45 if i.Max != 0 { 46 return &LintResult{Status: Error} 47 } 48 } 49 for _, i := range c.ExcludedDNSNames { 50 if i.Max != 0 { 51 return &LintResult{Status: Error} 52 } 53 } 54 for _, i := range c.PermittedDNSNames { 55 if i.Max != 0 { 56 return &LintResult{Status: Error} 57 } 58 } 59 for _, i := range c.ExcludedEmailAddresses { 60 if i.Max != 0 { 61 return &LintResult{Status: Error} 62 } 63 } 64 for _, i := range c.PermittedIPAddresses { 65 if i.Max != 0 { 66 return &LintResult{Status: Error} 67 } 68 } 69 for _, i := range c.ExcludedIPAddresses { 70 if i.Max != 0 { 71 return &LintResult{Status: Error} 72 } 73 } 74 for _, i := range c.PermittedDirectoryNames { 75 if i.Max != 0 { 76 return &LintResult{Status: Error} 77 } 78 } 79 for _, i := range c.ExcludedDirectoryNames { 80 if i.Max != 0 { 81 return &LintResult{Status: Error} 82 } 83 } 84 for _, i := range c.PermittedEdiPartyNames { 85 if i.Max != 0 { 86 return &LintResult{Status: Error} 87 } 88 } 89 for _, i := range c.ExcludedEdiPartyNames { 90 if i.Max != 0 { 91 return &LintResult{Status: Error} 92 } 93 } 94 for _, i := range c.PermittedRegisteredIDs { 95 if i.Max != 0 { 96 return &LintResult{Status: Error} 97 } 98 } 99 for _, i := range c.ExcludedRegisteredIDs { 100 if i.Max != 0 { 101 return &LintResult{Status: Error} 102 } 103 } 104 for _, i := range c.PermittedX400Addresses { 105 if i.Max != 0 { 106 return &LintResult{Status: Error} 107 } 108 } 109 for _, i := range c.ExcludedX400Addresses { 110 if i.Max != 0 { 111 return &LintResult{Status: Error} 112 } 113 } 114 return &LintResult{Status: Pass} 115 } 116 117 func init() { 118 RegisterLint(&Lint{ 119 Name: "e_name_constraint_maximum_not_absent", 120 Description: "Within the name constraints name form, the maximum field is not used and therefore MUST be absent", 121 Citation: "RFC 5280: 4.2.1.10", 122 Source: RFC5280, 123 EffectiveDate: util.RFC2459Date, 124 Lint: &nameConstraintMax{}, 125 }) 126 }