github.com/zmap/zlint@v1.1.0/lints/lint_sub_cert_or_sub_ca_using_sha1.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 /************************************************************************************************** 18 BRs: 7.1.3 19 SHA‐1 MAY be used with RSA keys in accordance with the criteria defined in Section 7.1.3. 20 **************************************************************************************************/ 21 22 import ( 23 "github.com/zmap/zcrypto/x509" 24 "github.com/zmap/zlint/util" 25 ) 26 27 type sigAlgTestsSHA1 struct{} 28 29 func (l *sigAlgTestsSHA1) Initialize() error { 30 return nil 31 } 32 33 func (l *sigAlgTestsSHA1) CheckApplies(c *x509.Certificate) bool { 34 return true 35 } 36 37 func (l *sigAlgTestsSHA1) Execute(c *x509.Certificate) *LintResult { 38 if c.SignatureAlgorithm == x509.SHA1WithRSA || c.SignatureAlgorithm == x509.DSAWithSHA1 || c.SignatureAlgorithm == x509.ECDSAWithSHA1 { 39 return &LintResult{Status: Error} 40 } 41 return &LintResult{Status: Pass} 42 } 43 44 func init() { 45 RegisterLint(&Lint{ 46 Name: "e_sub_cert_or_sub_ca_using_sha1", 47 Description: "CAs MUST NOT issue any new Subscriber certificates or Subordinate CA certificates using SHA-1 after 1 January 2016", 48 Citation: "BRs: 7.1.3", 49 Source: CABFBaselineRequirements, 50 EffectiveDate: util.NO_SHA1, 51 Lint: &sigAlgTestsSHA1{}, 52 }) 53 }