Run Format

Source file src/pkg/crypto/x509/pkix/pkix.go

     1	// Copyright 2011 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// Package pkix contains shared, low level structures used for ASN.1 parsing
     6	// and serialization of X.509 certificates, CRL and OCSP.
     7	package pkix
     8	
     9	import (
    10		"encoding/asn1"
    11		"math/big"
    12		"time"
    13	)
    14	
    15	// AlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC
    16	// 5280, section 4.1.1.2.
    17	type AlgorithmIdentifier struct {
    18		Algorithm  asn1.ObjectIdentifier
    19		Parameters asn1.RawValue `asn1:"optional"`
    20	}
    21	
    22	type RDNSequence []RelativeDistinguishedNameSET
    23	
    24	type RelativeDistinguishedNameSET []AttributeTypeAndValue
    25	
    26	// AttributeTypeAndValue mirrors the ASN.1 structure of the same name in
    27	// http://tools.ietf.org/html/rfc5280#section-4.1.2.4
    28	type AttributeTypeAndValue struct {
    29		Type  asn1.ObjectIdentifier
    30		Value interface{}
    31	}
    32	
    33	// Extension represents the ASN.1 structure of the same name. See RFC
    34	// 5280, section 4.2.
    35	type Extension struct {
    36		Id       asn1.ObjectIdentifier
    37		Critical bool `asn1:"optional"`
    38		Value    []byte
    39	}
    40	
    41	// Name represents an X.509 distinguished name. This only includes the common
    42	// elements of a DN.  Additional elements in the name are ignored.
    43	type Name struct {
    44		Country, Organization, OrganizationalUnit []string
    45		Locality, Province                        []string
    46		StreetAddress, PostalCode                 []string
    47		SerialNumber, CommonName                  string
    48	
    49		Names []AttributeTypeAndValue
    50	}
    51	
    52	func (n *Name) FillFromRDNSequence(rdns *RDNSequence) {
    53		for _, rdn := range *rdns {
    54			if len(rdn) == 0 {
    55				continue
    56			}
    57			atv := rdn[0]
    58			n.Names = append(n.Names, atv)
    59			value, ok := atv.Value.(string)
    60			if !ok {
    61				continue
    62			}
    63	
    64			t := atv.Type
    65			if len(t) == 4 && t[0] == 2 && t[1] == 5 && t[2] == 4 {
    66				switch t[3] {
    67				case 3:
    68					n.CommonName = value
    69				case 5:
    70					n.SerialNumber = value
    71				case 6:
    72					n.Country = append(n.Country, value)
    73				case 7:
    74					n.Locality = append(n.Locality, value)
    75				case 8:
    76					n.Province = append(n.Province, value)
    77				case 9:
    78					n.StreetAddress = append(n.StreetAddress, value)
    79				case 10:
    80					n.Organization = append(n.Organization, value)
    81				case 11:
    82					n.OrganizationalUnit = append(n.OrganizationalUnit, value)
    83				case 17:
    84					n.PostalCode = append(n.PostalCode, value)
    85				}
    86			}
    87		}
    88	}
    89	
    90	var (
    91		oidCountry            = []int{2, 5, 4, 6}
    92		oidOrganization       = []int{2, 5, 4, 10}
    93		oidOrganizationalUnit = []int{2, 5, 4, 11}
    94		oidCommonName         = []int{2, 5, 4, 3}
    95		oidSerialNumber       = []int{2, 5, 4, 5}
    96		oidLocality           = []int{2, 5, 4, 7}
    97		oidProvince           = []int{2, 5, 4, 8}
    98		oidStreetAddress      = []int{2, 5, 4, 9}
    99		oidPostalCode         = []int{2, 5, 4, 17}
   100	)
   101	
   102	// appendRDNs appends a relativeDistinguishedNameSET to the given RDNSequence
   103	// and returns the new value. The relativeDistinguishedNameSET contains an
   104	// attributeTypeAndValue for each of the given values. See RFC 5280, A.1, and
   105	// search for AttributeTypeAndValue.
   106	func appendRDNs(in RDNSequence, values []string, oid asn1.ObjectIdentifier) RDNSequence {
   107		if len(values) == 0 {
   108			return in
   109		}
   110	
   111		s := make([]AttributeTypeAndValue, len(values))
   112		for i, value := range values {
   113			s[i].Type = oid
   114			s[i].Value = value
   115		}
   116	
   117		return append(in, s)
   118	}
   119	
   120	func (n Name) ToRDNSequence() (ret RDNSequence) {
   121		ret = appendRDNs(ret, n.Country, oidCountry)
   122		ret = appendRDNs(ret, n.Organization, oidOrganization)
   123		ret = appendRDNs(ret, n.OrganizationalUnit, oidOrganizationalUnit)
   124		ret = appendRDNs(ret, n.Locality, oidLocality)
   125		ret = appendRDNs(ret, n.Province, oidProvince)
   126		ret = appendRDNs(ret, n.StreetAddress, oidStreetAddress)
   127		ret = appendRDNs(ret, n.PostalCode, oidPostalCode)
   128		if len(n.CommonName) > 0 {
   129			ret = appendRDNs(ret, []string{n.CommonName}, oidCommonName)
   130		}
   131		if len(n.SerialNumber) > 0 {
   132			ret = appendRDNs(ret, []string{n.SerialNumber}, oidSerialNumber)
   133		}
   134	
   135		return ret
   136	}
   137	
   138	// CertificateList represents the ASN.1 structure of the same name. See RFC
   139	// 5280, section 5.1. Use Certificate.CheckCRLSignature to verify the
   140	// signature.
   141	type CertificateList struct {
   142		TBSCertList        TBSCertificateList
   143		SignatureAlgorithm AlgorithmIdentifier
   144		SignatureValue     asn1.BitString
   145	}
   146	
   147	// HasExpired reports whether now is past the expiry time of certList.
   148	func (certList *CertificateList) HasExpired(now time.Time) bool {
   149		return now.After(certList.TBSCertList.NextUpdate)
   150	}
   151	
   152	// TBSCertificateList represents the ASN.1 structure of the same name. See RFC
   153	// 5280, section 5.1.
   154	type TBSCertificateList struct {
   155		Raw                 asn1.RawContent
   156		Version             int `asn1:"optional,default:2"`
   157		Signature           AlgorithmIdentifier
   158		Issuer              RDNSequence
   159		ThisUpdate          time.Time
   160		NextUpdate          time.Time
   161		RevokedCertificates []RevokedCertificate `asn1:"optional"`
   162		Extensions          []Extension          `asn1:"tag:0,optional,explicit"`
   163	}
   164	
   165	// RevokedCertificate represents the ASN.1 structure of the same name. See RFC
   166	// 5280, section 5.1.
   167	type RevokedCertificate struct {
   168		SerialNumber   *big.Int
   169		RevocationTime time.Time
   170		Extensions     []Extension `asn1:"optional"`
   171	}

View as plain text