linter

package
v0.0.0-...-d219948 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2024 License: MPL-2.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrLinting = fmt.Errorf("failed lint(s)")

Functions

func Check 

func Check(tbs *x509.Certificate, subjectPubKey crypto.PublicKey, realIssuer *x509.Certificate, realSigner crypto.Signer, skipLints []string) ([]byte, error)

Check accomplishes the entire process of linting: it generates a throwaway signing key, uses that to create a linting cert, and runs a default set of lints (everything except for the ETSI and EV lints) against it. If the subjectPubKey and realSigner indicate that this is a self-signed cert, the cert will have its pubkey replaced to also be self-signed. This is the primary public interface of this package, but it can be inefficient; creating a new signer and a new lint registry are expensive operations which performance-sensitive clients may want to cache via linter.New().

func CheckCRL 

func CheckCRL(tbs *x509.RevocationList, realIssuer *x509.Certificate, realSigner crypto.Signer, skipLints []string) error

CheckCRL is like Check, but for CRLs.

func NewRegistry 

func NewRegistry(skipLints []string) (lint.Registry, error)

NewRegistry returns a zlint Registry with irrelevant (ETSI, EV) lints excluded. This registry also includes all custom lints defined in Boulder.

func ProcessResultSet 

func ProcessResultSet(lintRes *zlint.ResultSet) error

Types

type Linter 

type Linter struct {
	// contains filtered or unexported fields
}

Linter is capable of linting a to-be-signed (TBS) certificate. It does so by signing that certificate with a throwaway private key and a fake issuer whose public key matches the throwaway private key, and then running the resulting certificate through a registry of zlint lints.

func New 

func New(realIssuer *x509.Certificate, realSigner crypto.Signer) (*Linter, error)

New constructs a Linter. It uses the provided real certificate and signer (private key) to generate a matching fake keypair and issuer cert that will be used to sign the lint certificate. It uses the provided list of lint names to skip to filter the zlint global registry to only those lints which should be run.

func (Linter) Check 

func (l Linter) Check(tbs *x509.Certificate, subjectPubKey crypto.PublicKey, reg lint.Registry) ([]byte, error)

Check signs the given TBS certificate using the Linter's fake issuer cert and private key, then runs the resulting certificate through all lints in reg. If the subjectPubKey is identical to the public key of the real signer used to create this linter, then the throwaway cert will have its pubkey replaced with the linter's pubkey so that it appears self-signed. It returns an error if any lint fails. On success it also returns the DER bytes of the linting certificate.

func (Linter) CheckCRL 

func (l Linter) CheckCRL(tbs *x509.RevocationList, reg lint.Registry) error

CheckCRL signs the given RevocationList template using the Linter's fake issuer cert and private key, then runs the resulting CRL through all CRL lints in the registry. It returns an error if any check fails.

Source Files

View all Source files

Directories

Path Synopsis
cabf_br
chrome
cpcps
rfc
test

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.