github.com/zmap/zlint@v1.1.0/lints/lint_serial_number_longer_than_20_octets.go

github.com/zmap/zlint@v1.1.0/lints/lint_serial_number_longer_than_20_octets.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /************************************************
    18  RFC 5280: 4.1.2.2.  Serial Number
    19     The serial number MUST be a positive integer assigned by the CA to each
    20     certificate. It MUST be unique for each certificate issued by a given CA
    21     (i.e., the issuer name and serial number identify a unique certificate).
    22     CAs MUST force the serialNumber to be a non-negative integer.
    23  
    24     Given the uniqueness requirements above, serial numbers can be expected to
    25     contain long integers.  Certificate users MUST be able to handle serialNumber
    26     values up to 20 octets.  Conforming CAs MUST NOT use serialNumber values longer
    27     than 20 octets.
    28  
    29     Note: Non-conforming CAs may issue certificates with serial numbers that are
    30     negative or zero.  Certificate users SHOULD be prepared togracefully handle
    31     such certificates.
    32  ************************************************/
    33  
    34  import (
    35  	"github.com/zmap/zcrypto/x509"
    36  	"github.com/zmap/zlint/util"
    37  )
    38  
    39  type serialNumberTooLong struct{}
    40  
    41  func (l *serialNumberTooLong) Initialize() error {
    42  	return nil
    43  }
    44  
    45  func (l *serialNumberTooLong) CheckApplies(c *x509.Certificate) bool {
    46  	return true
    47  }
    48  
    49  func (l *serialNumberTooLong) Execute(c *x509.Certificate) *LintResult {
    50  	if c.SerialNumber.BitLen() > 160 { // 20 octets
    51  		return &LintResult{Status: Error}
    52  	} else {
    53  		return &LintResult{Status: Pass}
    54  	}
    55  }
    56  
    57  func init() {
    58  	RegisterLint(&Lint{
    59  		Name:          "e_serial_number_longer_than_20_octets",
    60  		Description:   "Certificates must not have a serial number longer than 20 octets",
    61  		Citation:      "RFC 5280: 4.1.2.2",
    62  		Source:        RFC5280,
    63  		EffectiveDate: util.RFC3280Date,
    64  		Lint:          &serialNumberTooLong{},
    65  	})
    66  }