github.com/zmap/zlint@v1.1.0/lints/lint_old_sub_cert_rsa_mod_less_than_1024_bits.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 import ( 18 "crypto/rsa" 19 20 "github.com/zmap/zcrypto/x509" 21 "github.com/zmap/zlint/util" 22 ) 23 24 type subModSize struct{} 25 26 func (l *subModSize) Initialize() error { 27 return nil 28 } 29 30 func (l *subModSize) CheckApplies(c *x509.Certificate) bool { 31 endDate := c.NotAfter 32 _, ok := c.PublicKey.(*rsa.PublicKey) 33 return ok && c.PublicKeyAlgorithm == x509.RSA && !util.IsCACert(c) && endDate.Before(util.NoRSA1024Date) 34 } 35 36 func (l *subModSize) Execute(c *x509.Certificate) *LintResult { 37 key := c.PublicKey.(*rsa.PublicKey) 38 if key.N.BitLen() < 1024 { 39 return &LintResult{Status: Error} 40 } else { 41 return &LintResult{Status: Pass} 42 } 43 } 44 45 func init() { 46 RegisterLint(&Lint{ 47 Name: "e_old_sub_cert_rsa_mod_less_than_1024_bits", 48 Description: "In a validity period ending on or before 31 Dec 2013, subscriber certificates using RSA public key algorithm MUST use a 1024 bit modulus", 49 Citation: "BRs: 6.1.5", 50 Source: CABFBaselineRequirements, 51 // since effective date should be checked against end date in this specific case, putting time check into checkApplies instead, ZeroDate here to automatically pass NE test 52 EffectiveDate: util.ZeroDate, 53 Lint: &subModSize{}, 54 }) 55 }