github.com/zmap/zlint@v1.1.0/util/ca.go (about) 1 /* 2 * ZLint Copyright 2018 Regents of the University of Michigan 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 5 * use this file except in compliance with the License. You may obtain a copy 6 * of the License at http://www.apache.org/licenses/LICENSE-2.0 7 * 8 * Unless required by applicable law or agreed to in writing, software 9 * distributed under the License is distributed on an "AS IS" BASIS, 10 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 11 * implied. See the License for the specific language governing 12 * permissions and limitations under the License. 13 */ 14 15 package util 16 17 import ( 18 "github.com/zmap/zcrypto/x509" 19 ) 20 21 // IsCACert returns true if c has IsCA set. 22 func IsCACert(c *x509.Certificate) bool { 23 return c.IsCA 24 } 25 26 // IsRootCA returns true if c has IsCA set and is also self-signed. 27 func IsRootCA(c *x509.Certificate) bool { 28 return IsCACert(c) && IsSelfSigned(c) 29 } 30 31 // IsSubCA returns true if c has IsCA set, but is not self-signed. 32 func IsSubCA(c *x509.Certificate) bool { 33 return IsCACert(c) && !IsSelfSigned(c) 34 } 35 36 // IsSelfSigned returns true if SelfSigned is set. 37 func IsSelfSigned(c *x509.Certificate) bool { 38 return c.SelfSigned 39 } 40 41 // IsSubscriberCert returns true for if a certificate is not a CA and not 42 // self-signed. 43 func IsSubscriberCert(c *x509.Certificate) bool { 44 return !IsCACert(c) && !IsSelfSigned(c) 45 } 46 47 func IsServerAuthCert(cert *x509.Certificate) bool { 48 if len(cert.ExtKeyUsage) == 0 { 49 return true 50 } 51 for _, eku := range cert.ExtKeyUsage { 52 if eku == x509.ExtKeyUsageAny || eku == x509.ExtKeyUsageServerAuth { 53 return true 54 } 55 } 56 return false 57 }