Documentation ¶
Index ¶
- Constants
- Variables
- type LintResult
- type LintStatus
- func CheckSignature(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
- func LintNextUpdateDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
- func LintProducedAtDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
- func LintThisUpdateDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
- type LintStruct
- type Linter
- type LinterInterface
Constants ¶
const ( ProducedAtLimitSubscriber = "96h" // 4 days ThisUpdateLimitSubscriber = "96h" // 4 days ProducedAtLimitCA = "8760h" // 365 days ThisUpdateLimitCA = "8760h" // 365 days NextUpdateLimitSubscriber = "240h" // 10 days )
Variables ¶
var DurationToString = map[string]string{ ProducedAtLimitSubscriber: "4 days", ProducedAtLimitCA: "365 days", NextUpdateLimitSubscriber: "10 days", }
DurationToString is a map mapping durations to more readable strings
var Lints = []*LintStruct{ { "Check response signature", "Apple Lints 10 & 12", CheckSignature, }, { "Check response producedAt date", "Apple Lints 03 & 05", LintProducedAtDate, }, { "Check response thisUpdate date", "Apple Lints 03 & 05", LintThisUpdateDate, }, { "Check response nextUpdate date", "Apple Lint 04", LintNextUpdateDate, }, }
Lints is the global array of lints that are to be tested (TODO: change to a map)
var StatusIntMap = map[int]string{ ocsp.Good: "good", ocsp.Revoked: "revoked", ocsp.Unknown: "unknown", }
StatusIntMap maps ocsp statuses to strings
Functions ¶
This section is empty.
Types ¶
type LintResult ¶
type LintResult struct { Lint *LintStruct Status LintStatus Info string }
LintResult defines the struct of the result of a Lint
type LintStatus ¶
type LintStatus string
LintStatus defines the possible statuses for a lint
const ( Passed LintStatus = "PASSED" // lint passed Failed LintStatus = "FAILED" // lint failed Error LintStatus = "ERROR" // encountered error while running lint )
func CheckSignature ¶
func CheckSignature(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
CheckSignature checks in the ocsp response is signed with an algorithm that uses SHA1 Source: Apple Lints 10 & 12
func LintNextUpdateDate ¶
func LintNextUpdateDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
LintNextUpdateDate checks that an OCSP Response NextUpdate date is no more than NextUpdateLimitSubscriber in the past Source: Apple Lint 04
func LintProducedAtDate ¶
func LintProducedAtDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
LintProducedAtDate checks that an OCSP Response ProducedAt date is no more than ProducedAtLimit in the past Source: Apple Lints 03 & 05
func LintThisUpdateDate ¶
func LintThisUpdateDate(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string)
LintThisUpdateDate checks that an OCSP Response ThisUpdate date is no more than ThisUpdateLimit in the past Source: Apple Lints 03 & 05
type LintStruct ¶
type LintStruct struct { Info string // description of the lint Source string // source of the lint Exec func(resp *ocsp.Response, leafCert *x509.Certificate) (LintStatus, string) // the linting function itself }
LintStruct defines the struct of a lint
type Linter ¶
type Linter struct{}
Linter is a struct of type LinterInterface
func (Linter) LintOCSPResp ¶
LintOCSPResp takes in a parsed OCSP response and prints its status, and then lints it
type LinterInterface ¶
type LinterInterface interface {
LintOCSPResp(*ocsp.Response, *x509.Certificate, bool)
}
LinterInterface is an interface containing the functions that are exported from this file