github.com/zmap/zlint@v1.1.0/lints/lint_utc_time_not_in_zulu.go

github.com/zmap/zlint@v1.1.0/lints/lint_utc_time_not_in_zulu.go (about)

     1  package lints
     2  
     3  /*
     4   * ZLint Copyright 2018 Regents of the University of Michigan
     5   *
     6   * Licensed under the Apache License, Version 2.0 (the "License"); you may not
     7   * use this file except in compliance with the License. You may obtain a copy
     8   * of the License at http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
    13   * implied. See the License for the specific language governing
    14   * permissions and limitations under the License.
    15   */
    16  
    17  /***********************************************************************
    18  4.1.2.5.1.  UTCTime
    19     The universal time type, UTCTime, is a standard ASN.1 type intended
    20     for representation of dates and time.  UTCTime specifies the year
    21     through the two low-order digits and time is specified to the
    22     precision of one minute or one second.  UTCTime includes either Z
    23     (for Zulu, or Greenwich Mean Time) or a time differential.
    24  
    25     For the purposes of this profile, UTCTime values MUST be expressed in
    26     Greenwich Mean Time (Zulu) and MUST include seconds (i.e., times are
    27     YYMMDDHHMMSSZ), even where the number of seconds is zero.  Conforming
    28     systems MUST interpret the year field (YY) as follows:
    29  
    30        Where YY is greater than or equal to 50, the year SHALL be
    31        interpreted as 19YY; and
    32  
    33        Where YY is less than 50, the year SHALL be interpreted as 20YY.
    34  ***********************************************************************/
    35  
    36  import (
    37  	"time"
    38  
    39  	"github.com/zmap/zcrypto/x509"
    40  	"github.com/zmap/zlint/util"
    41  )
    42  
    43  type utcTimeGMT struct {
    44  }
    45  
    46  func (l *utcTimeGMT) Initialize() error {
    47  	return nil
    48  }
    49  
    50  func (l *utcTimeGMT) CheckApplies(c *x509.Certificate) bool {
    51  	firstDate, secondDate := util.GetTimes(c)
    52  	beforeTag, afterTag := util.FindTimeType(firstDate, secondDate)
    53  	date1Utc := beforeTag == 23
    54  	date2Utc := afterTag == 23
    55  	return date1Utc || date2Utc
    56  }
    57  
    58  func (l *utcTimeGMT) Execute(c *x509.Certificate) *LintResult {
    59  	var r LintStatus
    60  	firstDate, secondDate := util.GetTimes(c)
    61  	beforeTag, afterTag := util.FindTimeType(firstDate, secondDate)
    62  	date1Utc := beforeTag == 23
    63  	date2Utc := afterTag == 23
    64  	if date1Utc {
    65  		// UTC Tests on notBefore
    66  		utcNotGmt(c.NotBefore, &r)
    67  	}
    68  	if date2Utc {
    69  		// UTC Tests on NotAfter
    70  		utcNotGmt(c.NotAfter, &r)
    71  	}
    72  	return &LintResult{Status: r}
    73  }
    74  
    75  func utcNotGmt(t time.Time, r *LintStatus) {
    76  	// If we already ran this test and it resulted in error, don't want to discard that
    77  	// And now we use the afterBool to make sure we test the right time
    78  	if *r == Error {
    79  		return
    80  	}
    81  	if t.Location() != time.UTC {
    82  		*r = Error
    83  	} else {
    84  		*r = Pass
    85  	}
    86  }
    87  
    88  func init() {
    89  	RegisterLint(&Lint{
    90  		Name:          "e_utc_time_not_in_zulu",
    91  		Description:   "UTCTime values MUST be expressed in Greenwich Mean Time (Zulu)",
    92  		Citation:      "RFC 5280: 4.1.2.5.1",
    93  		Source:        RFC5280,
    94  		EffectiveDate: util.RFC2459Date,
    95  		Lint:          &utcTimeGMT{},
    96  	})
    97  }