github.com/zmap/zlint@v1.1.0/lints/lint_root_ca_key_usage_must_be_critical.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 import ( 18 "github.com/zmap/zcrypto/x509" 19 "github.com/zmap/zlint/util" 20 ) 21 22 type rootCAKeyUsageMustBeCritical struct{} 23 24 func (l *rootCAKeyUsageMustBeCritical) Initialize() error { 25 return nil 26 } 27 28 func (l *rootCAKeyUsageMustBeCritical) CheckApplies(c *x509.Certificate) bool { 29 return util.IsRootCA(c) && util.IsExtInCert(c, util.KeyUsageOID) 30 } 31 32 func (l *rootCAKeyUsageMustBeCritical) Execute(c *x509.Certificate) *LintResult { 33 keyUsageExtension := util.GetExtFromCert(c, util.KeyUsageOID) 34 if keyUsageExtension.Critical { 35 return &LintResult{Status: Pass} 36 } else { 37 return &LintResult{Status: Error} 38 } 39 } 40 41 func init() { 42 RegisterLint(&Lint{ 43 Name: "e_root_ca_key_usage_must_be_critical", 44 Description: "Root CA certificates MUST have Key Usage Extension marked critical", 45 Citation: "BRs: 7.1.2.1", 46 Source: CABFBaselineRequirements, 47 EffectiveDate: util.RFC2459Date, 48 Lint: &rootCAKeyUsageMustBeCritical{}, 49 }) 50 }