Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(2619)
Issues Repositories Search
Open Issues | Closed Issues | All Issues | Sign in with your Google Account to create issues and add comments

Side by Side Diff: src/pkg/crypto/x509/x509.go

Issue 10245048: code review 10245048: crypto/x509: Added RFC 5280, section 4.2.2.1 Authority ... (Closed)
Patch Set: diff -r 4f5aa82dafa2 https://code.google.com/p/go Created 11 years, 9 months ago
Left:
Right:
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | src/pkg/crypto/x509/x509_test.go » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2009 The Go Authors. All rights reserved. 1 // Copyright 2009 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style 2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file. 3 // license that can be found in the LICENSE file.
4 4
5 // Package x509 parses X.509-encoded keys and certificates. 5 // Package x509 parses X.509-encoded keys and certificates.
6 package x509 6 package x509
7 7
8 import ( 8 import (
9 "bytes" 9 "bytes"
10 "crypto" 10 "crypto"
(...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after
456 ExtKeyUsage []ExtKeyUsage // Sequence of extended key u sages. 456 ExtKeyUsage []ExtKeyUsage // Sequence of extended key u sages.
457 UnknownExtKeyUsage []asn1.ObjectIdentifier // Encountered extended key u sages unknown to this package. 457 UnknownExtKeyUsage []asn1.ObjectIdentifier // Encountered extended key u sages unknown to this package.
458 458
459 BasicConstraintsValid bool // if true then the next two fields are valid . 459 BasicConstraintsValid bool // if true then the next two fields are valid .
460 IsCA bool 460 IsCA bool
461 MaxPathLen int 461 MaxPathLen int
462 462
463 SubjectKeyId []byte 463 SubjectKeyId []byte
464 AuthorityKeyId []byte 464 AuthorityKeyId []byte
465 465
466 // RFC 5280, 4.2.2.1 (Authority Information Access)
467 OCSPServer []string
468 IssuingCertificateURL []string
469
466 // Subject Alternate Name values 470 // Subject Alternate Name values
467 DNSNames []string 471 DNSNames []string
468 EmailAddresses []string 472 EmailAddresses []string
469 IPAddresses []net.IP 473 IPAddresses []net.IP
470 474
471 // Name constraints 475 // Name constraints
472 PermittedDNSDomainsCritical bool // if true then the name constraints ar e marked critical. 476 PermittedDNSDomainsCritical bool // if true then the name constraints ar e marked critical.
473 PermittedDNSDomains []string 477 PermittedDNSDomains []string
474 478
475 // CRL Distribution Points 479 // CRL Distribution Points
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
655 // RFC 5280, 4.2.1.10 659 // RFC 5280, 4.2.1.10
656 type nameConstraints struct { 660 type nameConstraints struct {
657 Permitted []generalSubtree `asn1:"optional,tag:0"` 661 Permitted []generalSubtree `asn1:"optional,tag:0"`
658 Excluded []generalSubtree `asn1:"optional,tag:1"` 662 Excluded []generalSubtree `asn1:"optional,tag:1"`
659 } 663 }
660 664
661 type generalSubtree struct { 665 type generalSubtree struct {
662 Name string `asn1:"tag:2,optional,ia5"` 666 Name string `asn1:"tag:2,optional,ia5"`
663 } 667 }
664 668
669 // RFC 5280, 4.2.2.1
670 type authorityInfoAccess struct {
671 Method asn1.ObjectIdentifier
672 Location asn1.RawValue
673 }
674
665 // RFC 5280, 4.2.1.14 675 // RFC 5280, 4.2.1.14
666 type distributionPoint struct { 676 type distributionPoint struct {
667 DistributionPoint distributionPointName `asn1:"optional,tag:0"` 677 DistributionPoint distributionPointName `asn1:"optional,tag:0"`
668 Reason asn1.BitString `asn1:"optional,tag:1"` 678 Reason asn1.BitString `asn1:"optional,tag:1"`
669 CRLIssuer asn1.RawValue `asn1:"optional,tag:2"` 679 CRLIssuer asn1.RawValue `asn1:"optional,tag:2"`
670 } 680 }
671 681
672 type distributionPointName struct { 682 type distributionPointName struct {
673 FullName asn1.RawValue `asn1:"optional,tag:0"` 683 FullName asn1.RawValue `asn1:"optional,tag:0"`
674 RelativeName pkix.RDNSequence `asn1:"optional,tag:1"` 684 RelativeName pkix.RDNSequence `asn1:"optional,tag:1"`
(...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after
993 // RFC 5280 4.2.1.4: Certificate Policies 1003 // RFC 5280 4.2.1.4: Certificate Policies
994 var policies []policyInformation 1004 var policies []policyInformation
995 if _, err = asn1.Unmarshal(e.Value, &policies); err != nil { 1005 if _, err = asn1.Unmarshal(e.Value, &policies); err != nil {
996 return nil, err 1006 return nil, err
997 } 1007 }
998 out.PolicyIdentifiers = make([]asn1.ObjectIdenti fier, len(policies)) 1008 out.PolicyIdentifiers = make([]asn1.ObjectIdenti fier, len(policies))
999 for i, policy := range policies { 1009 for i, policy := range policies {
1000 out.PolicyIdentifiers[i] = policy.Policy 1010 out.PolicyIdentifiers[i] = policy.Policy
1001 } 1011 }
1002 } 1012 }
1013 } else if e.Id.Equal(oidExtensionAuthorityInfoAccess) {
1014 // RFC 5280 4.2.2.1: Authority Information Access
1015 var aia []authorityInfoAccess
1016 if _, err = asn1.Unmarshal(e.Value, &aia); err != nil {
1017 return nil, err
1018 }
1019
1020 for _, v := range aia {
1021 // GeneralName: uniformResourceIdentifier [6] IA 5String
1022 if v.Location.Tag != 6 {
1023 continue
1024 }
1025 if v.Method.Equal(oidAuthorityInfoAccessOcsp) {
1026 out.OCSPServer = append(out.OCSPServer, string(v.Location.Bytes))
1027 } else if v.Method.Equal(oidAuthorityInfoAccessI ssuers) {
1028 out.IssuingCertificateURL = append(out.I ssuingCertificateURL, string(v.Location.Bytes))
1029 }
1030 }
1003 } 1031 }
1004 1032
1005 if e.Critical { 1033 if e.Critical {
1006 return out, UnhandledCriticalExtension{} 1034 return out, UnhandledCriticalExtension{}
1007 } 1035 }
1008 } 1036 }
1009 1037
1010 return out, nil 1038 return out, nil
1011 } 1039 }
1012 1040
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after
1061 var ( 1089 var (
1062 oidExtensionSubjectKeyId = []int{2, 5, 29, 14} 1090 oidExtensionSubjectKeyId = []int{2, 5, 29, 14}
1063 oidExtensionKeyUsage = []int{2, 5, 29, 15} 1091 oidExtensionKeyUsage = []int{2, 5, 29, 15}
1064 oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37} 1092 oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
1065 oidExtensionAuthorityKeyId = []int{2, 5, 29, 35} 1093 oidExtensionAuthorityKeyId = []int{2, 5, 29, 35}
1066 oidExtensionBasicConstraints = []int{2, 5, 29, 19} 1094 oidExtensionBasicConstraints = []int{2, 5, 29, 19}
1067 oidExtensionSubjectAltName = []int{2, 5, 29, 17} 1095 oidExtensionSubjectAltName = []int{2, 5, 29, 17}
1068 oidExtensionCertificatePolicies = []int{2, 5, 29, 32} 1096 oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
1069 oidExtensionNameConstraints = []int{2, 5, 29, 30} 1097 oidExtensionNameConstraints = []int{2, 5, 29, 30}
1070 oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31} 1098 oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31}
1099 oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
1100 )
1101
1102 var (
1103 oidAuthorityInfoAccessOcsp = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1}
1104 oidAuthorityInfoAccessIssuers = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}
1071 ) 1105 )
1072 1106
1073 func buildExtensions(template *Certificate) (ret []pkix.Extension, err error) { 1107 func buildExtensions(template *Certificate) (ret []pkix.Extension, err error) {
1074 » ret = make([]pkix.Extension, 9 /* maximum number of elements. */) 1108 » ret = make([]pkix.Extension, 10 /* maximum number of elements. */)
1075 n := 0 1109 n := 0
1076 1110
1077 if template.KeyUsage != 0 { 1111 if template.KeyUsage != 0 {
1078 ret[n].Id = oidExtensionKeyUsage 1112 ret[n].Id = oidExtensionKeyUsage
1079 ret[n].Critical = true 1113 ret[n].Critical = true
1080 1114
1081 var a [2]byte 1115 var a [2]byte
1082 a[0] = reverseBitsInAByte(byte(template.KeyUsage)) 1116 a[0] = reverseBitsInAByte(byte(template.KeyUsage))
1083 a[1] = reverseBitsInAByte(byte(template.KeyUsage >> 8)) 1117 a[1] = reverseBitsInAByte(byte(template.KeyUsage >> 8))
1084 1118
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
1136 1170
1137 if len(template.AuthorityKeyId) > 0 { 1171 if len(template.AuthorityKeyId) > 0 {
1138 ret[n].Id = oidExtensionAuthorityKeyId 1172 ret[n].Id = oidExtensionAuthorityKeyId
1139 ret[n].Value, err = asn1.Marshal(authKeyId{template.AuthorityKey Id}) 1173 ret[n].Value, err = asn1.Marshal(authKeyId{template.AuthorityKey Id})
1140 if err != nil { 1174 if err != nil {
1141 return 1175 return
1142 } 1176 }
1143 n++ 1177 n++
1144 } 1178 }
1145 1179
1180 if len(template.OCSPServer) > 0 || len(template.IssuingCertificateURL) > 0 {
1181 ret[n].Id = oidExtensionAuthorityInfoAccess
1182 var aiaValues []authorityInfoAccess
1183 for _, name := range template.OCSPServer {
1184 aiaValues = append(aiaValues, authorityInfoAccess{
1185 Method: oidAuthorityInfoAccessOcsp,
1186 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1187 })
1188 }
1189 for _, name := range template.IssuingCertificateURL {
1190 aiaValues = append(aiaValues, authorityInfoAccess{
1191 Method: oidAuthorityInfoAccessIssuers,
1192 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1193 })
1194 }
1195 ret[n].Value, err = asn1.Marshal(aiaValues)
1196 if err != nil {
1197 return
1198 }
1199 n++
1200 }
1201
1146 if len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len (template.IPAddresses) > 0 { 1202 if len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len (template.IPAddresses) > 0 {
1147 ret[n].Id = oidExtensionSubjectAltName 1203 ret[n].Id = oidExtensionSubjectAltName
1148 var rawValues []asn1.RawValue 1204 var rawValues []asn1.RawValue
1149 for _, name := range template.DNSNames { 1205 for _, name := range template.DNSNames {
1150 rawValues = append(rawValues, asn1.RawValue{Tag: 2, Clas s: 2, Bytes: []byte(name)}) 1206 rawValues = append(rawValues, asn1.RawValue{Tag: 2, Clas s: 2, Bytes: []byte(name)})
1151 } 1207 }
1152 for _, email := range template.EmailAddresses { 1208 for _, email := range template.EmailAddresses {
1153 rawValues = append(rawValues, asn1.RawValue{Tag: 1, Clas s: 2, Bytes: []byte(email)}) 1209 rawValues = append(rawValues, asn1.RawValue{Tag: 1, Clas s: 2, Bytes: []byte(email)})
1154 } 1210 }
1155 for _, rawIP := range template.IPAddresses { 1211 for _, rawIP := range template.IPAddresses {
(...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after
1438 } 1494 }
1439 1495
1440 return asn1.Marshal(pkix.CertificateList{ 1496 return asn1.Marshal(pkix.CertificateList{
1441 TBSCertList: tbsCertList, 1497 TBSCertList: tbsCertList,
1442 SignatureAlgorithm: pkix.AlgorithmIdentifier{ 1498 SignatureAlgorithm: pkix.AlgorithmIdentifier{
1443 Algorithm: oidSignatureSHA1WithRSA, 1499 Algorithm: oidSignatureSHA1WithRSA,
1444 }, 1500 },
1445 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len( signature) * 8}, 1501 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len( signature) * 8},
1446 }) 1502 })
1447 } 1503 }
OLDNEW
« no previous file with comments | « no previous file | src/pkg/crypto/x509/x509_test.go » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b