...
Run Format

Source file src/pkg/crypto/x509/pkix/pkix.go

     1	// Copyright 2011 The Go Authors. All rights reserved.
     2	// Use of this source code is governed by a BSD-style
     3	// license that can be found in the LICENSE file.
     4	
     5	// Package pkix contains shared, low level structures used for ASN.1 parsing
     6	// and serialization of X.509 certificates, CRL and OCSP.
     7	package pkix
     8	
     9	import (
    10		"encoding/asn1"
    11		"math/big"
    12		"time"
    13	)
    14	
    15	// AlgorithmIdentifier represents the ASN.1 structure of the same name. See RFC
    16	// 5280, section 4.1.1.2.
    17	type AlgorithmIdentifier struct {
    18		Algorithm  asn1.ObjectIdentifier
    19		Parameters asn1.RawValue `asn1:"optional"`
    20	}
    21	
    22	type RDNSequence []RelativeDistinguishedNameSET
    23	
    24	type RelativeDistinguishedNameSET []AttributeTypeAndValue
    25	
    26	// AttributeTypeAndValue mirrors the ASN.1 structure of the same name in
    27	// http://tools.ietf.org/html/rfc5280#section-4.1.2.4
    28	type AttributeTypeAndValue struct {
    29		Type  asn1.ObjectIdentifier
    30		Value interface{}
    31	}
    32	
    33	// AttributeTypeAndValueSET represents a set of ASN.1 sequences of
    34	// AttributeTypeAndValue sequences from RFC 2986 (PKCS #10).
    35	type AttributeTypeAndValueSET struct {
    36		Type  asn1.ObjectIdentifier
    37		Value [][]AttributeTypeAndValue `asn1:"set"`
    38	}
    39	
    40	// Extension represents the ASN.1 structure of the same name. See RFC
    41	// 5280, section 4.2.
    42	type Extension struct {
    43		Id       asn1.ObjectIdentifier
    44		Critical bool `asn1:"optional"`
    45		Value    []byte
    46	}
    47	
    48	// Name represents an X.509 distinguished name. This only includes the common
    49	// elements of a DN.  Additional elements in the name are ignored.
    50	type Name struct {
    51		Country, Organization, OrganizationalUnit []string
    52		Locality, Province                        []string
    53		StreetAddress, PostalCode                 []string
    54		SerialNumber, CommonName                  string
    55	
    56		Names []AttributeTypeAndValue
    57	}
    58	
    59	func (n *Name) FillFromRDNSequence(rdns *RDNSequence) {
    60		for _, rdn := range *rdns {
    61			if len(rdn) == 0 {
    62				continue
    63			}
    64			atv := rdn[0]
    65			n.Names = append(n.Names, atv)
    66			value, ok := atv.Value.(string)
    67			if !ok {
    68				continue
    69			}
    70	
    71			t := atv.Type
    72			if len(t) == 4 && t[0] == 2 && t[1] == 5 && t[2] == 4 {
    73				switch t[3] {
    74				case 3:
    75					n.CommonName = value
    76				case 5:
    77					n.SerialNumber = value
    78				case 6:
    79					n.Country = append(n.Country, value)
    80				case 7:
    81					n.Locality = append(n.Locality, value)
    82				case 8:
    83					n.Province = append(n.Province, value)
    84				case 9:
    85					n.StreetAddress = append(n.StreetAddress, value)
    86				case 10:
    87					n.Organization = append(n.Organization, value)
    88				case 11:
    89					n.OrganizationalUnit = append(n.OrganizationalUnit, value)
    90				case 17:
    91					n.PostalCode = append(n.PostalCode, value)
    92				}
    93			}
    94		}
    95	}
    96	
    97	var (
    98		oidCountry            = []int{2, 5, 4, 6}
    99		oidOrganization       = []int{2, 5, 4, 10}
   100		oidOrganizationalUnit = []int{2, 5, 4, 11}
   101		oidCommonName         = []int{2, 5, 4, 3}
   102		oidSerialNumber       = []int{2, 5, 4, 5}
   103		oidLocality           = []int{2, 5, 4, 7}
   104		oidProvince           = []int{2, 5, 4, 8}
   105		oidStreetAddress      = []int{2, 5, 4, 9}
   106		oidPostalCode         = []int{2, 5, 4, 17}
   107	)
   108	
   109	// appendRDNs appends a relativeDistinguishedNameSET to the given RDNSequence
   110	// and returns the new value. The relativeDistinguishedNameSET contains an
   111	// attributeTypeAndValue for each of the given values. See RFC 5280, A.1, and
   112	// search for AttributeTypeAndValue.
   113	func appendRDNs(in RDNSequence, values []string, oid asn1.ObjectIdentifier) RDNSequence {
   114		if len(values) == 0 {
   115			return in
   116		}
   117	
   118		s := make([]AttributeTypeAndValue, len(values))
   119		for i, value := range values {
   120			s[i].Type = oid
   121			s[i].Value = value
   122		}
   123	
   124		return append(in, s)
   125	}
   126	
   127	func (n Name) ToRDNSequence() (ret RDNSequence) {
   128		ret = appendRDNs(ret, n.Country, oidCountry)
   129		ret = appendRDNs(ret, n.Organization, oidOrganization)
   130		ret = appendRDNs(ret, n.OrganizationalUnit, oidOrganizationalUnit)
   131		ret = appendRDNs(ret, n.Locality, oidLocality)
   132		ret = appendRDNs(ret, n.Province, oidProvince)
   133		ret = appendRDNs(ret, n.StreetAddress, oidStreetAddress)
   134		ret = appendRDNs(ret, n.PostalCode, oidPostalCode)
   135		if len(n.CommonName) > 0 {
   136			ret = appendRDNs(ret, []string{n.CommonName}, oidCommonName)
   137		}
   138		if len(n.SerialNumber) > 0 {
   139			ret = appendRDNs(ret, []string{n.SerialNumber}, oidSerialNumber)
   140		}
   141	
   142		return ret
   143	}
   144	
   145	// CertificateList represents the ASN.1 structure of the same name. See RFC
   146	// 5280, section 5.1. Use Certificate.CheckCRLSignature to verify the
   147	// signature.
   148	type CertificateList struct {
   149		TBSCertList        TBSCertificateList
   150		SignatureAlgorithm AlgorithmIdentifier
   151		SignatureValue     asn1.BitString
   152	}
   153	
   154	// HasExpired reports whether now is past the expiry time of certList.
   155	func (certList *CertificateList) HasExpired(now time.Time) bool {
   156		return now.After(certList.TBSCertList.NextUpdate)
   157	}
   158	
   159	// TBSCertificateList represents the ASN.1 structure of the same name. See RFC
   160	// 5280, section 5.1.
   161	type TBSCertificateList struct {
   162		Raw                 asn1.RawContent
   163		Version             int `asn1:"optional,default:2"`
   164		Signature           AlgorithmIdentifier
   165		Issuer              RDNSequence
   166		ThisUpdate          time.Time
   167		NextUpdate          time.Time
   168		RevokedCertificates []RevokedCertificate `asn1:"optional"`
   169		Extensions          []Extension          `asn1:"tag:0,optional,explicit"`
   170	}
   171	
   172	// RevokedCertificate represents the ASN.1 structure of the same name. See RFC
   173	// 5280, section 5.1.
   174	type RevokedCertificate struct {
   175		SerialNumber   *big.Int
   176		RevocationTime time.Time
   177		Extensions     []Extension `asn1:"optional"`
   178	}
   179	

View as plain text