github.com/zmap/zlint@v1.1.0/lints/lint_old_root_ca_rsa_mod_less_than_2048_bits.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 /************************************************ 18 Change this to match source TEXT 19 ************************************************/ 20 21 import ( 22 "crypto/rsa" 23 24 "github.com/zmap/zcrypto/x509" 25 "github.com/zmap/zlint/util" 26 ) 27 28 type rootCaModSize struct{} 29 30 func (l *rootCaModSize) Initialize() error { 31 return nil 32 } 33 34 func (l *rootCaModSize) CheckApplies(c *x509.Certificate) bool { 35 issueDate := c.NotBefore 36 _, ok := c.PublicKey.(*rsa.PublicKey) 37 return ok && c.PublicKeyAlgorithm == x509.RSA && util.IsRootCA(c) && issueDate.Before(util.NoRSA1024RootDate) 38 } 39 40 func (l *rootCaModSize) Execute(c *x509.Certificate) *LintResult { 41 key := c.PublicKey.(*rsa.PublicKey) 42 if key.N.BitLen() < 2048 { 43 return &LintResult{Status: Error} 44 } else { 45 return &LintResult{Status: Pass} 46 } 47 } 48 49 func init() { 50 RegisterLint(&Lint{ 51 Name: "e_old_root_ca_rsa_mod_less_than_2048_bits", 52 Description: "In a validity period beginning on or before 31 Dec 2010, root CA certificates using RSA public key algorithm MUST use a 2048 bit modulus", 53 Citation: "BRs: 6.1.5", 54 Source: CABFBaselineRequirements, 55 EffectiveDate: util.ZeroDate, 56 Lint: &rootCaModSize{}, 57 }) 58 }