Documentation
¶
Index ¶
- Variables
- func ReadCertificate(inPath string) *x509.Certificate
- func RegisterLint(l *Lint)
- type CertContainsUniqueIdentifier
- type CertExtensionsVersonNot3
- type CertPolicyIVRequiresCountry
- type CertPolicyIVRequiresProvinceOrLocal
- type CertPolicyOVRequiresCountry
- type CertPolicyOVRequiresProvinceOrLocal
- type CertPolicyRequiresOrg
- type CertPolicyRequiresPersonalName
- type DNSNameRedacted
- type ExtAiaMarkedCritical
- type ExtCertPolicyDuplicate
- type ExtCertPolicyExplicitTextNotNFC
- type ExtCrlDistributionMarkedCritical
- type ExtDuplicateExtension
- type ExtFreshestCrlMarkedCritical
- type ExtIANCritical
- type IANDNSNotIA5String
- type IANDNSNull
- type IANDNSPeriod
- type IANEmail
- type IANEmptyName
- type IANNoEntry
- type IANPubSuffix
- type IANSpace
- type IANURIFQDNOrIP
- type IANURIFormat
- type IANURIIA5String
- type IDNMalformedUnicode
- type IDNNotNFC
- type InhibitAnyPolicyNotCritical
- type InvalidCertificateVersion
- type IssuerDNCountryNotPrintableString
- type IssuerDNLeadingSpace
- type IssuerDNTrailingSpace
- type IssuerRDNHasMultipleAttribute
- type Lint
- type LintInterface
- type LintResult
- type LintSource
- type LintStatus
- type SANDNSNull
- type SANDNSPeriod
- type SANWildCardFirst
- type SerialNumberNotPositive
- type SubCANameConstraintsNotCritical
- type SubjectDNCountryNotPrintableString
- type SubjectDNLeadingSpace
- type SubjectDNSerialNumberMaxLength
- type SubjectDNSerialNumberNotPrintableString
- type SubjectDNTrailingSpace
- type SubjectRDNHasMultipleAttribute
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // Lints is a map of all known lints by name. Add a Lint to the map by calling // RegisterLint. Lints = make(map[string]*Lint) )
Functions ¶
func ReadCertificate ¶
func ReadCertificate(inPath string) *x509.Certificate
func RegisterLint ¶
func RegisterLint(l *Lint)
RegisterLint must be called once for each lint to be excuted. Duplicate lint names are squashed. Normally, RegisterLint is called during init().
Types ¶
type CertContainsUniqueIdentifier ¶
type CertContainsUniqueIdentifier struct{}
func (*CertContainsUniqueIdentifier) CheckApplies ¶
func (l *CertContainsUniqueIdentifier) CheckApplies(cert *x509.Certificate) bool
func (*CertContainsUniqueIdentifier) Execute ¶
func (l *CertContainsUniqueIdentifier) Execute(cert *x509.Certificate) *LintResult
func (*CertContainsUniqueIdentifier) Initialize ¶
func (l *CertContainsUniqueIdentifier) Initialize() error
type CertExtensionsVersonNot3 ¶
type CertExtensionsVersonNot3 struct{}
func (*CertExtensionsVersonNot3) CheckApplies ¶
func (l *CertExtensionsVersonNot3) CheckApplies(cert *x509.Certificate) bool
func (*CertExtensionsVersonNot3) Execute ¶
func (l *CertExtensionsVersonNot3) Execute(cert *x509.Certificate) *LintResult
func (*CertExtensionsVersonNot3) Initialize ¶
func (l *CertExtensionsVersonNot3) Initialize() error
type CertPolicyIVRequiresCountry ¶
type CertPolicyIVRequiresCountry struct{}
func (*CertPolicyIVRequiresCountry) CheckApplies ¶
func (l *CertPolicyIVRequiresCountry) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyIVRequiresCountry) Execute ¶
func (l *CertPolicyIVRequiresCountry) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyIVRequiresCountry) Initialize ¶
func (l *CertPolicyIVRequiresCountry) Initialize() error
type CertPolicyIVRequiresProvinceOrLocal ¶
type CertPolicyIVRequiresProvinceOrLocal struct{}
func (*CertPolicyIVRequiresProvinceOrLocal) CheckApplies ¶
func (l *CertPolicyIVRequiresProvinceOrLocal) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyIVRequiresProvinceOrLocal) Execute ¶
func (l *CertPolicyIVRequiresProvinceOrLocal) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyIVRequiresProvinceOrLocal) Initialize ¶
func (l *CertPolicyIVRequiresProvinceOrLocal) Initialize() error
type CertPolicyOVRequiresCountry ¶
type CertPolicyOVRequiresCountry struct{}
func (*CertPolicyOVRequiresCountry) CheckApplies ¶
func (l *CertPolicyOVRequiresCountry) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyOVRequiresCountry) Execute ¶
func (l *CertPolicyOVRequiresCountry) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyOVRequiresCountry) Initialize ¶
func (l *CertPolicyOVRequiresCountry) Initialize() error
type CertPolicyOVRequiresProvinceOrLocal ¶
type CertPolicyOVRequiresProvinceOrLocal struct{}
func (*CertPolicyOVRequiresProvinceOrLocal) CheckApplies ¶
func (l *CertPolicyOVRequiresProvinceOrLocal) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyOVRequiresProvinceOrLocal) Execute ¶
func (l *CertPolicyOVRequiresProvinceOrLocal) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyOVRequiresProvinceOrLocal) Initialize ¶
func (l *CertPolicyOVRequiresProvinceOrLocal) Initialize() error
type CertPolicyRequiresOrg ¶
type CertPolicyRequiresOrg struct{}
func (*CertPolicyRequiresOrg) CheckApplies ¶
func (l *CertPolicyRequiresOrg) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyRequiresOrg) Execute ¶
func (l *CertPolicyRequiresOrg) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyRequiresOrg) Initialize ¶
func (l *CertPolicyRequiresOrg) Initialize() error
type CertPolicyRequiresPersonalName ¶
type CertPolicyRequiresPersonalName struct{}
func (*CertPolicyRequiresPersonalName) CheckApplies ¶
func (l *CertPolicyRequiresPersonalName) CheckApplies(cert *x509.Certificate) bool
func (*CertPolicyRequiresPersonalName) Execute ¶
func (l *CertPolicyRequiresPersonalName) Execute(cert *x509.Certificate) *LintResult
func (*CertPolicyRequiresPersonalName) Initialize ¶
func (l *CertPolicyRequiresPersonalName) Initialize() error
type DNSNameRedacted ¶
type DNSNameRedacted struct{}
func (*DNSNameRedacted) CheckApplies ¶
func (l *DNSNameRedacted) CheckApplies(c *x509.Certificate) bool
func (*DNSNameRedacted) Execute ¶
func (l *DNSNameRedacted) Execute(c *x509.Certificate) *LintResult
func (*DNSNameRedacted) Initialize ¶
func (l *DNSNameRedacted) Initialize() error
type ExtAiaMarkedCritical ¶
type ExtAiaMarkedCritical struct{}
func (*ExtAiaMarkedCritical) CheckApplies ¶
func (l *ExtAiaMarkedCritical) CheckApplies(cert *x509.Certificate) bool
func (*ExtAiaMarkedCritical) Execute ¶
func (l *ExtAiaMarkedCritical) Execute(cert *x509.Certificate) *LintResult
func (*ExtAiaMarkedCritical) Initialize ¶
func (l *ExtAiaMarkedCritical) Initialize() error
type ExtCertPolicyDuplicate ¶
type ExtCertPolicyDuplicate struct{}
func (*ExtCertPolicyDuplicate) CheckApplies ¶
func (l *ExtCertPolicyDuplicate) CheckApplies(cert *x509.Certificate) bool
func (*ExtCertPolicyDuplicate) Execute ¶
func (l *ExtCertPolicyDuplicate) Execute(cert *x509.Certificate) *LintResult
func (*ExtCertPolicyDuplicate) Initialize ¶
func (l *ExtCertPolicyDuplicate) Initialize() error
type ExtCertPolicyExplicitTextNotNFC ¶
type ExtCertPolicyExplicitTextNotNFC struct{}
func (*ExtCertPolicyExplicitTextNotNFC) CheckApplies ¶
func (l *ExtCertPolicyExplicitTextNotNFC) CheckApplies(c *x509.Certificate) bool
func (*ExtCertPolicyExplicitTextNotNFC) Execute ¶
func (l *ExtCertPolicyExplicitTextNotNFC) Execute(c *x509.Certificate) *LintResult
func (*ExtCertPolicyExplicitTextNotNFC) Initialize ¶
func (l *ExtCertPolicyExplicitTextNotNFC) Initialize() error
type ExtCrlDistributionMarkedCritical ¶
type ExtCrlDistributionMarkedCritical struct{}
func (*ExtCrlDistributionMarkedCritical) CheckApplies ¶
func (l *ExtCrlDistributionMarkedCritical) CheckApplies(cert *x509.Certificate) bool
func (*ExtCrlDistributionMarkedCritical) Execute ¶
func (l *ExtCrlDistributionMarkedCritical) Execute(cert *x509.Certificate) *LintResult
func (*ExtCrlDistributionMarkedCritical) Initialize ¶
func (l *ExtCrlDistributionMarkedCritical) Initialize() error
type ExtDuplicateExtension ¶
type ExtDuplicateExtension struct{}
func (*ExtDuplicateExtension) CheckApplies ¶
func (l *ExtDuplicateExtension) CheckApplies(cert *x509.Certificate) bool
func (*ExtDuplicateExtension) Execute ¶
func (l *ExtDuplicateExtension) Execute(cert *x509.Certificate) *LintResult
func (*ExtDuplicateExtension) Initialize ¶
func (l *ExtDuplicateExtension) Initialize() error
type ExtFreshestCrlMarkedCritical ¶
type ExtFreshestCrlMarkedCritical struct{}
func (*ExtFreshestCrlMarkedCritical) CheckApplies ¶
func (l *ExtFreshestCrlMarkedCritical) CheckApplies(cert *x509.Certificate) bool
func (*ExtFreshestCrlMarkedCritical) Execute ¶
func (l *ExtFreshestCrlMarkedCritical) Execute(cert *x509.Certificate) *LintResult
func (*ExtFreshestCrlMarkedCritical) Initialize ¶
func (l *ExtFreshestCrlMarkedCritical) Initialize() error
type ExtIANCritical ¶
type ExtIANCritical struct{}
func (*ExtIANCritical) CheckApplies ¶
func (l *ExtIANCritical) CheckApplies(cert *x509.Certificate) bool
func (*ExtIANCritical) Execute ¶
func (l *ExtIANCritical) Execute(cert *x509.Certificate) *LintResult
func (*ExtIANCritical) Initialize ¶
func (l *ExtIANCritical) Initialize() error
type IANDNSNotIA5String ¶
type IANDNSNotIA5String struct{}
func (*IANDNSNotIA5String) CheckApplies ¶
func (l *IANDNSNotIA5String) CheckApplies(c *x509.Certificate) bool
func (*IANDNSNotIA5String) Execute ¶
func (l *IANDNSNotIA5String) Execute(c *x509.Certificate) *LintResult
func (*IANDNSNotIA5String) Initialize ¶
func (l *IANDNSNotIA5String) Initialize() error
type IANDNSNull ¶
type IANDNSNull struct{}
func (*IANDNSNull) CheckApplies ¶
func (l *IANDNSNull) CheckApplies(c *x509.Certificate) bool
func (*IANDNSNull) Execute ¶
func (l *IANDNSNull) Execute(c *x509.Certificate) *LintResult
func (*IANDNSNull) Initialize ¶
func (l *IANDNSNull) Initialize() error
type IANDNSPeriod ¶
type IANDNSPeriod struct{}
func (*IANDNSPeriod) CheckApplies ¶
func (l *IANDNSPeriod) CheckApplies(c *x509.Certificate) bool
func (*IANDNSPeriod) Execute ¶
func (l *IANDNSPeriod) Execute(c *x509.Certificate) *LintResult
func (*IANDNSPeriod) Initialize ¶
func (l *IANDNSPeriod) Initialize() error
type IANEmail ¶
type IANEmail struct{}
func (*IANEmail) CheckApplies ¶
func (l *IANEmail) CheckApplies(c *x509.Certificate) bool
func (*IANEmail) Execute ¶
func (l *IANEmail) Execute(c *x509.Certificate) *LintResult
func (*IANEmail) Initialize ¶
type IANEmptyName ¶
type IANEmptyName struct{}
func (*IANEmptyName) CheckApplies ¶
func (l *IANEmptyName) CheckApplies(c *x509.Certificate) bool
func (*IANEmptyName) Execute ¶
func (l *IANEmptyName) Execute(c *x509.Certificate) *LintResult
func (*IANEmptyName) Initialize ¶
func (l *IANEmptyName) Initialize() error
type IANNoEntry ¶
type IANNoEntry struct{}
func (*IANNoEntry) CheckApplies ¶
func (l *IANNoEntry) CheckApplies(c *x509.Certificate) bool
func (*IANNoEntry) Execute ¶
func (l *IANNoEntry) Execute(c *x509.Certificate) *LintResult
func (*IANNoEntry) Initialize ¶
func (l *IANNoEntry) Initialize() error
type IANPubSuffix ¶
type IANPubSuffix struct{}
func (*IANPubSuffix) CheckApplies ¶
func (l *IANPubSuffix) CheckApplies(c *x509.Certificate) bool
func (*IANPubSuffix) Execute ¶
func (l *IANPubSuffix) Execute(c *x509.Certificate) *LintResult
func (*IANPubSuffix) Initialize ¶
func (l *IANPubSuffix) Initialize() error
type IANSpace ¶
type IANSpace struct{}
func (*IANSpace) CheckApplies ¶
func (l *IANSpace) CheckApplies(c *x509.Certificate) bool
func (*IANSpace) Execute ¶
func (l *IANSpace) Execute(c *x509.Certificate) *LintResult
func (*IANSpace) Initialize ¶
type IANURIFQDNOrIP ¶
type IANURIFQDNOrIP struct{}
func (*IANURIFQDNOrIP) CheckApplies ¶
func (l *IANURIFQDNOrIP) CheckApplies(c *x509.Certificate) bool
func (*IANURIFQDNOrIP) Execute ¶
func (l *IANURIFQDNOrIP) Execute(c *x509.Certificate) *LintResult
func (*IANURIFQDNOrIP) Initialize ¶
func (l *IANURIFQDNOrIP) Initialize() error
type IANURIFormat ¶
type IANURIFormat struct{}
func (*IANURIFormat) CheckApplies ¶
func (l *IANURIFormat) CheckApplies(c *x509.Certificate) bool
func (*IANURIFormat) Execute ¶
func (l *IANURIFormat) Execute(c *x509.Certificate) *LintResult
func (*IANURIFormat) Initialize ¶
func (l *IANURIFormat) Initialize() error
type IANURIIA5String ¶
type IANURIIA5String struct{}
func (*IANURIIA5String) CheckApplies ¶
func (l *IANURIIA5String) CheckApplies(c *x509.Certificate) bool
func (*IANURIIA5String) Execute ¶
func (l *IANURIIA5String) Execute(c *x509.Certificate) *LintResult
func (*IANURIIA5String) Initialize ¶
func (l *IANURIIA5String) Initialize() error
type IDNMalformedUnicode ¶
type IDNMalformedUnicode struct{}
func (*IDNMalformedUnicode) CheckApplies ¶
func (l *IDNMalformedUnicode) CheckApplies(c *x509.Certificate) bool
func (*IDNMalformedUnicode) Execute ¶
func (l *IDNMalformedUnicode) Execute(c *x509.Certificate) *LintResult
func (*IDNMalformedUnicode) Initialize ¶
func (l *IDNMalformedUnicode) Initialize() error
type IDNNotNFC ¶
type IDNNotNFC struct{}
func (*IDNNotNFC) CheckApplies ¶
func (l *IDNNotNFC) CheckApplies(c *x509.Certificate) bool
func (*IDNNotNFC) Execute ¶
func (l *IDNNotNFC) Execute(c *x509.Certificate) *LintResult
func (*IDNNotNFC) Initialize ¶
type InhibitAnyPolicyNotCritical ¶
type InhibitAnyPolicyNotCritical struct{}
func (*InhibitAnyPolicyNotCritical) CheckApplies ¶
func (l *InhibitAnyPolicyNotCritical) CheckApplies(cert *x509.Certificate) bool
func (*InhibitAnyPolicyNotCritical) Execute ¶
func (l *InhibitAnyPolicyNotCritical) Execute(cert *x509.Certificate) *LintResult
func (*InhibitAnyPolicyNotCritical) Initialize ¶
func (l *InhibitAnyPolicyNotCritical) Initialize() error
type InvalidCertificateVersion ¶
type InvalidCertificateVersion struct{}
func (*InvalidCertificateVersion) CheckApplies ¶
func (l *InvalidCertificateVersion) CheckApplies(cert *x509.Certificate) bool
func (*InvalidCertificateVersion) Execute ¶
func (l *InvalidCertificateVersion) Execute(cert *x509.Certificate) *LintResult
func (*InvalidCertificateVersion) Initialize ¶
func (l *InvalidCertificateVersion) Initialize() error
type IssuerDNCountryNotPrintableString ¶
type IssuerDNCountryNotPrintableString struct{}
func (*IssuerDNCountryNotPrintableString) CheckApplies ¶
func (l *IssuerDNCountryNotPrintableString) CheckApplies(c *x509.Certificate) bool
func (*IssuerDNCountryNotPrintableString) Execute ¶
func (l *IssuerDNCountryNotPrintableString) Execute(c *x509.Certificate) *LintResult
func (*IssuerDNCountryNotPrintableString) Initialize ¶
func (l *IssuerDNCountryNotPrintableString) Initialize() error
type IssuerDNLeadingSpace ¶
type IssuerDNLeadingSpace struct{}
func (*IssuerDNLeadingSpace) CheckApplies ¶
func (l *IssuerDNLeadingSpace) CheckApplies(c *x509.Certificate) bool
func (*IssuerDNLeadingSpace) Execute ¶
func (l *IssuerDNLeadingSpace) Execute(c *x509.Certificate) *LintResult
func (*IssuerDNLeadingSpace) Initialize ¶
func (l *IssuerDNLeadingSpace) Initialize() error
type IssuerDNTrailingSpace ¶
type IssuerDNTrailingSpace struct{}
func (*IssuerDNTrailingSpace) CheckApplies ¶
func (l *IssuerDNTrailingSpace) CheckApplies(c *x509.Certificate) bool
func (*IssuerDNTrailingSpace) Execute ¶
func (l *IssuerDNTrailingSpace) Execute(c *x509.Certificate) *LintResult
func (*IssuerDNTrailingSpace) Initialize ¶
func (l *IssuerDNTrailingSpace) Initialize() error
type IssuerRDNHasMultipleAttribute ¶
type IssuerRDNHasMultipleAttribute struct{}
func (*IssuerRDNHasMultipleAttribute) CheckApplies ¶
func (l *IssuerRDNHasMultipleAttribute) CheckApplies(c *x509.Certificate) bool
func (*IssuerRDNHasMultipleAttribute) Execute ¶
func (l *IssuerRDNHasMultipleAttribute) Execute(c *x509.Certificate) *LintResult
func (*IssuerRDNHasMultipleAttribute) Initialize ¶
func (l *IssuerRDNHasMultipleAttribute) Initialize() error
type Lint ¶
type Lint struct {
// Name is a lowercase underscore-separated string describing what a given
// Lint checks. If Name beings with "w", the lint MUST NOT return Error, only
// Warn. If Name beings with "e", the Lint MUST NOT return Warn, only Error.
Name string `json:"name,omitempty"`
// A human-readable description of what the Lint checks. Usually copied
// directly from the CA/B Baseline Requirements or RFC 5280.
Description string `json:"description,omitempty"`
// The source of the check, e.g. "BRs: 6.1.6" or "RFC 5280: 4.1.2.6".
Citation string `json:"citation,omitempty"`
// Programmatic source of the check, BRs, RFC5280, or ZLint
Source LintSource `json:"-"`
// Lints automatically returns NE for all certificates where CheckApplies() is
// true but with NotBefore < EffectiveDate. This check is bypassed if
// EffectiveDate is zero.
EffectiveDate time.Time `json:"-"`
// The implementation of the lint logic.
Lint LintInterface `json:"-"`
}
A Lint struct represents a single lint, e.g. "e_basic_constraints_not_critical". It contains an implementation of LintInterface.
func (*Lint) CheckEffective ¶
func (l *Lint) CheckEffective(c *x509.Certificate) bool
CheckEffective returns true if c was issued on or after the EffectiveDate. If EffectiveDate is zero, CheckEffective always returns true.
func (*Lint) Execute ¶
func (l *Lint) Execute(cert *x509.Certificate) *LintResult
Execute runs the lint against a certificate. For lints that are sourced from the CA/B Forum Baseline Requirements, we first determine if they are within the purview of the BRs. See LintInterface for details about the other methods called. The ordering is as follows:
CheckApplies() CheckEffective() Execute()
type LintInterface ¶
type LintInterface interface {
// Initialize runs once per-lint. It is called during RegisterLint().
Initialize() error
// CheckApplies runs once per certificate. It returns true if the Lint should
// run on the given certificate. If CheckApplies returns false, the Lint
// result is automatically set to NA without calling CheckEffective() or
// Run().
CheckApplies(c *x509.Certificate) bool
// Execute() is the body of the lint. It is called for every certificate for
// which CheckApplies() returns true.
Execute(c *x509.Certificate) *LintResult
}
LintInterface is implemented by each Lint.
type LintResult ¶
type LintResult struct {
Status LintStatus `json:"result"`
Details string `json:"details,omitempty"`
}
LintResult contains a LintStatus, and an optional human-readable description. The output of a lint is a LintResult.
type LintSource ¶
type LintSource int
An Enum to programmatically represent the source of a lint
const ( UnknownLintSource LintSource = iota CABFBaselineRequirements MinimumRequirementsForCodeSigningCertificates RFC5280 RFC5891 ZLint AWSLabs )
type LintStatus ¶
type LintStatus int
LintStatus is an enum returned by lints inside of a LintResult.
const ( // Unused / unset LintStatus Reserved LintStatus = 0 // Not Applicable NA LintStatus = 1 // Not Effective NE LintStatus = 2 Pass LintStatus = 3 Notice LintStatus = 4 Warn LintStatus = 5 Error LintStatus = 6 Fatal LintStatus = 7 )
Known LintStatus values
func (LintStatus) MarshalJSON ¶
func (e LintStatus) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (LintStatus) String ¶
func (e LintStatus) String() string
String returns the canonical representation of a LintStatus as a string.
type SANDNSNull ¶
type SANDNSNull struct{}
func (*SANDNSNull) CheckApplies ¶
func (l *SANDNSNull) CheckApplies(c *x509.Certificate) bool
func (*SANDNSNull) Execute ¶
func (l *SANDNSNull) Execute(c *x509.Certificate) *LintResult
func (*SANDNSNull) Initialize ¶
func (l *SANDNSNull) Initialize() error
type SANDNSPeriod ¶
type SANDNSPeriod struct{}
func (*SANDNSPeriod) CheckApplies ¶
func (l *SANDNSPeriod) CheckApplies(c *x509.Certificate) bool
func (*SANDNSPeriod) Execute ¶
func (l *SANDNSPeriod) Execute(c *x509.Certificate) *LintResult
func (*SANDNSPeriod) Initialize ¶
func (l *SANDNSPeriod) Initialize() error
type SANWildCardFirst ¶
type SANWildCardFirst struct{}
func (*SANWildCardFirst) CheckApplies ¶
func (l *SANWildCardFirst) CheckApplies(c *x509.Certificate) bool
func (*SANWildCardFirst) Execute ¶
func (l *SANWildCardFirst) Execute(c *x509.Certificate) *LintResult
func (*SANWildCardFirst) Initialize ¶
func (l *SANWildCardFirst) Initialize() error
type SerialNumberNotPositive ¶
type SerialNumberNotPositive struct{}
func (*SerialNumberNotPositive) CheckApplies ¶
func (l *SerialNumberNotPositive) CheckApplies(cert *x509.Certificate) bool
func (*SerialNumberNotPositive) Execute ¶
func (l *SerialNumberNotPositive) Execute(cert *x509.Certificate) *LintResult
func (*SerialNumberNotPositive) Initialize ¶
func (l *SerialNumberNotPositive) Initialize() error
type SubCANameConstraintsNotCritical ¶
type SubCANameConstraintsNotCritical struct{}
func (*SubCANameConstraintsNotCritical) CheckApplies ¶
func (l *SubCANameConstraintsNotCritical) CheckApplies(cert *x509.Certificate) bool
func (*SubCANameConstraintsNotCritical) Execute ¶
func (l *SubCANameConstraintsNotCritical) Execute(cert *x509.Certificate) *LintResult
func (*SubCANameConstraintsNotCritical) Initialize ¶
func (l *SubCANameConstraintsNotCritical) Initialize() error
type SubjectDNCountryNotPrintableString ¶
type SubjectDNCountryNotPrintableString struct{}
func (*SubjectDNCountryNotPrintableString) CheckApplies ¶
func (l *SubjectDNCountryNotPrintableString) CheckApplies(c *x509.Certificate) bool
func (*SubjectDNCountryNotPrintableString) Execute ¶
func (l *SubjectDNCountryNotPrintableString) Execute(c *x509.Certificate) *LintResult
func (*SubjectDNCountryNotPrintableString) Initialize ¶
func (l *SubjectDNCountryNotPrintableString) Initialize() error
type SubjectDNLeadingSpace ¶
type SubjectDNLeadingSpace struct{}
func (*SubjectDNLeadingSpace) CheckApplies ¶
func (l *SubjectDNLeadingSpace) CheckApplies(c *x509.Certificate) bool
func (*SubjectDNLeadingSpace) Execute ¶
func (l *SubjectDNLeadingSpace) Execute(c *x509.Certificate) *LintResult
func (*SubjectDNLeadingSpace) Initialize ¶
func (l *SubjectDNLeadingSpace) Initialize() error
type SubjectDNSerialNumberMaxLength ¶
type SubjectDNSerialNumberMaxLength struct{}
func (*SubjectDNSerialNumberMaxLength) CheckApplies ¶
func (l *SubjectDNSerialNumberMaxLength) CheckApplies(c *x509.Certificate) bool
func (*SubjectDNSerialNumberMaxLength) Execute ¶
func (l *SubjectDNSerialNumberMaxLength) Execute(c *x509.Certificate) *LintResult
func (*SubjectDNSerialNumberMaxLength) Initialize ¶
func (l *SubjectDNSerialNumberMaxLength) Initialize() error
type SubjectDNSerialNumberNotPrintableString ¶
type SubjectDNSerialNumberNotPrintableString struct{}
func (*SubjectDNSerialNumberNotPrintableString) CheckApplies ¶
func (l *SubjectDNSerialNumberNotPrintableString) CheckApplies(c *x509.Certificate) bool
func (*SubjectDNSerialNumberNotPrintableString) Execute ¶
func (l *SubjectDNSerialNumberNotPrintableString) Execute(c *x509.Certificate) *LintResult
func (*SubjectDNSerialNumberNotPrintableString) Initialize ¶
func (l *SubjectDNSerialNumberNotPrintableString) Initialize() error
type SubjectDNTrailingSpace ¶
type SubjectDNTrailingSpace struct{}
func (*SubjectDNTrailingSpace) CheckApplies ¶
func (l *SubjectDNTrailingSpace) CheckApplies(c *x509.Certificate) bool
func (*SubjectDNTrailingSpace) Execute ¶
func (l *SubjectDNTrailingSpace) Execute(c *x509.Certificate) *LintResult
func (*SubjectDNTrailingSpace) Initialize ¶
func (l *SubjectDNTrailingSpace) Initialize() error
type SubjectRDNHasMultipleAttribute ¶
type SubjectRDNHasMultipleAttribute struct{}
func (*SubjectRDNHasMultipleAttribute) CheckApplies ¶
func (l *SubjectRDNHasMultipleAttribute) CheckApplies(c *x509.Certificate) bool
func (*SubjectRDNHasMultipleAttribute) Execute ¶
func (l *SubjectRDNHasMultipleAttribute) Execute(c *x509.Certificate) *LintResult
func (*SubjectRDNHasMultipleAttribute) Initialize ¶
func (l *SubjectRDNHasMultipleAttribute) Initialize() error
Source Files
¶
- base.go
- lint_basic_constraints_not_critical.go
- lint_ca_common_name_missing.go
- lint_ca_country_name_invalid.go
- lint_ca_country_name_missing.go
- lint_ca_crl_sign_not_set.go
- lint_ca_digital_signature_not_set.go
- lint_ca_is_ca.go
- lint_ca_key_cert_sign_not_set.go
- lint_ca_key_usage_missing.go
- lint_ca_key_usage_not_critical.go
- lint_ca_organization_name_missing.go
- lint_ca_subject_field_empty.go
- lint_cab_dv_conflicts_with_locality.go
- lint_cab_dv_conflicts_with_org.go
- lint_cab_dv_conflicts_with_postal.go
- lint_cab_dv_conflicts_with_province.go
- lint_cab_dv_conflicts_with_street.go
- lint_cab_iv_requires_personal_name.go
- lint_cab_ov_requires_org.go
- lint_cert_contains_unique_identifier.go
- lint_cert_extensions_version_not_3.go
- lint_cert_policy_iv_requires_country.go
- lint_cert_policy_iv_requires_province_or_locality.go
- lint_cert_policy_ov_requires_country.go
- lint_cert_policy_ov_requires_province_or_locality.go
- lint_cert_unique_identifier_version_not_2_or_3.go
- lint_contains_redacted_dnsname.go
- lint_csc_cert_policy_missing.go
- lint_csc_certificate_policy_identifier_missing.go
- lint_csc_certificate_policy_marked_critical.go
- lint_distribution_point_incomplete.go
- lint_distribution_point_missing_ldap_or_uri.go
- lint_dsa_correct_order_in_subgroup.go
- lint_dsa_improper_modulus_or_divisor_size.go
- lint_dsa_params_missing.go
- lint_dsa_shorter_than_2048_bits.go
- lint_dsa_unique_correct_representation.go
- lint_ec_improper_curves.go
- lint_eku_critical_improperly.go
- lint_ev_business_category_missing.go
- lint_ev_country_name_missing.go
- lint_ev_organization_name_missing.go
- lint_ev_serial_number_missing.go
- lint_ev_valid_time_too_long.go
- lint_ext_aia_access_location_missing.go
- lint_ext_aia_marked_critical.go
- lint_ext_authority_key_identifier_critical.go
- lint_ext_authority_key_identifier_missing.go
- lint_ext_authority_key_identifier_no_key_identifier.go
- lint_ext_cert_policy_contains_noticeref.go
- lint_ext_cert_policy_disallowed_any_policy_qualifier.go
- lint_ext_cert_policy_duplicate.go
- lint_ext_cert_policy_explicit_text_ia5_string.go
- lint_ext_cert_policy_explicit_text_includes_control.go
- lint_ext_cert_policy_explicit_text_not_nfc.go
- lint_ext_cert_policy_explicit_text_not_utf8.go
- lint_ext_cert_policy_explicit_text_too_long.go
- lint_ext_crl_distribution_marked_critical.go
- lint_ext_duplicate_extension.go
- lint_ext_freshest_crl_marked_critical.go
- lint_ext_ian_critical.go
- lint_ext_ian_dns_not_ia5_string.go
- lint_ext_ian_empty_name.go
- lint_ext_ian_no_entries.go
- lint_ext_ian_rfc822_format_invalid.go
- lint_ext_ian_space_dns_name.go
- lint_ext_ian_uri_format_invalid.go
- lint_ext_ian_uri_host_not_fqdn_or_ip.go
- lint_ext_ian_uri_not_ia5.go
- lint_ext_ian_uri_relative.go
- lint_ext_key_usage_cert_sign_without_ca.go
- lint_ext_key_usage_missing.go
- lint_ext_key_usage_not_critical.go
- lint_ext_key_usage_without_bits.go
- lint_ext_name_constraints_not_critical.go
- lint_ext_name_constraints_not_in_ca.go
- lint_ext_policy_constraints_empty.go
- lint_ext_policy_constraints_not_critical.go
- lint_ext_policy_map_any_policy.go
- lint_ext_policy_map_not_critical.go
- lint_ext_policy_map_not_in_cert_policy.go
- lint_ext_subject_directory_attr_critical.go
- lint_ext_subject_key_identifier_critical.go
- lint_ext_subject_key_identifier_missing_ca.go
- lint_ext_subject_key_identifier_missing_sub_cert.go
- lint_generalized_time_does_not_include_seconds.go
- lint_generalized_time_includes_fraction_seconds.go
- lint_generalized_time_not_in_zulu.go
- lint_ian_bare_wildcard.go
- lint_ian_dns_name_includes_null_char.go
- lint_ian_dns_name_starts_with_period.go
- lint_ian_iana_pub_suffix_empty.go
- lint_ian_wildcard_not_first.go
- lint_inhibit_any_policy_not_critical.go
- lint_international_dns_name_not_nfc.go
- lint_international_dns_name_not_unicode.go
- lint_invalid_certificate_version.go
- lint_issuer_dn_country_not_printable_string.go
- lint_issuer_dn_leading_whitespace.go
- lint_issuer_dn_trailing_whitespace.go
- lint_issuer_field_empty.go
- lint_issuer_multiple_rdn.go
- lint_name_constraint_empty.go
- lint_name_constraint_maximum_not_absent.go
- lint_name_constraint_minimum_non_zero.go
- lint_name_constraint_on_edi_party_name.go
- lint_name_constraint_on_registered_id.go
- lint_name_constraint_on_x400.go
- lint_old_root_ca_rsa_mod_less_than_2048_bits.go
- lint_old_sub_ca_rsa_mod_less_than_1024_bits.go
- lint_old_sub_cert_rsa_mod_less_than_1024_bits.go
- lint_path_len_constraint_improperly_included.go
- lint_path_len_constraint_zero_or_less.go
- lint_postal_code_included_in_other_fields.go
- lint_public_key_type_not_allowed.go
- lint_root_ca_basic_constraints_path_len_constraint_field_present.go
- lint_root_ca_contains_cert_policy.go
- lint_root_ca_extended_key_usage_present.go
- lint_root_ca_key_usage_must_be_critical.go
- lint_root_ca_key_usage_present.go
- lint_rsa_exp_negative.go
- lint_rsa_mod_factors_smaller_than_752_bits.go
- lint_rsa_mod_less_than_2048_bits.go
- lint_rsa_mod_not_odd.go
- lint_rsa_no_public_key.go
- lint_rsa_public_exponent_not_in_range.go
- lint_rsa_public_exponent_not_odd.go
- lint_rsa_public_exponent_too_small.go
- lint_san_bare_wildcard.go
- lint_san_dns_name_includes_null_char.go
- lint_san_dns_name_starts_with_period.go
- lint_san_iana_pub_suffix_empty.go
- lint_san_wildcard_not_first.go
- lint_serial_number_longer_than_20_octets.go
- lint_serial_number_low_entropy.go
- lint_serial_number_not_positive.go
- lint_signature_algorithm_not_supported.go
- lint_sub_ca_aia_does_not_contain_issuing_ca_url.go
- lint_sub_ca_aia_does_not_contain_ocsp_url.go
- lint_sub_ca_aia_marked_critical.go
- lint_sub_ca_aia_missing.go
- lint_sub_ca_certificate_policies_marked_critical.go
- lint_sub_ca_certificate_policies_missing.go
- lint_sub_ca_crl_distribution_points_does_not_contain_url.go
- lint_sub_ca_crl_distribution_points_marked_critical.go
- lint_sub_ca_eku_critical.go
- lint_sub_ca_eku_missing.go
- lint_sub_ca_eku_not_technically_constrained.go
- lint_sub_ca_name_constraints_not_critical.go
- lint_sub_cert_aia_does_not_contain_issuing_ca_url.go
- lint_sub_cert_aia_does_not_contain_ocsp_url.go
- lint_sub_cert_aia_marked_critical.go
- lint_sub_cert_aia_missing.go
- lint_sub_cert_cert_policy_empty.go
- lint_sub_cert_certificate_policies_marked_critical.go
- lint_sub_cert_certificate_policies_missing.go
- lint_sub_cert_country_name_must_appear.go
- lint_sub_cert_crl_distribution_points_does_not_contain_url.go
- lint_sub_cert_crl_distribution_points_marked_critical.go
- lint_sub_cert_eku_cs_missing.go
- lint_sub_cert_eku_extra_values.go
- lint_sub_cert_eku_missing.go
- lint_sub_cert_eku_prohibited_usage.go
- lint_sub_cert_given_name_surname_contains_correct_policy.go
- lint_sub_cert_key_usage_cert_sign_bit_set.go
- lint_sub_cert_key_usage_crl_sign_bit_set.go
- lint_sub_cert_key_usage_digital_signature_bit_not_set.go
- lint_sub_cert_locality_name_must_appear.go
- lint_sub_cert_not_is_ca.go
- lint_sub_cert_or_sub_ca_using_sha1.go
- lint_sub_cert_province_must_appear.go
- lint_sub_cert_sha1_expiration_too_long.go
- lint_sub_cert_valid_time_longer_than_39_months.go
- lint_sub_cert_valid_time_longer_than_825_days.go
- lint_subject_common_name_max_length.go
- lint_subject_common_name_missing.go
- lint_subject_contains_noninformational_value.go
- lint_subject_contains_reserved_ip.go
- lint_subject_country_not_iso.go
- lint_subject_dn_country_not_printable_string.go
- lint_subject_dn_leading_whitespace.go
- lint_subject_dn_serial_number_max_length.go
- lint_subject_dn_serial_number_not_printable_string.go
- lint_subject_dn_trailing_whitespace.go
- lint_subject_domain_component_included.go
- lint_subject_email_max_length.go
- lint_subject_empty_without_san.go
- lint_subject_given_name_max_length.go
- lint_subject_info_access_marked_critical.go
- lint_subject_locality_name_max_length.go
- lint_subject_multiple_rdn.go
- lint_subject_not_dn.go
- lint_subject_organization_name_max_length.go
- lint_subject_organization_name_missing.go
- lint_subject_organizational_unit_name_max_length.go
- lint_subject_postal_code_max_length.go
- lint_subject_state_name_max_length.go
- lint_subject_street_address_max_length.go
- lint_subject_surname_max_length.go
- lint_utc_time_does_not_include_seconds.go
- lint_utc_time_not_in_zulu.go
- lint_validity_time_not_positive.go
- lint_wrong_time_format_pre2050.go
- result.go
- testingUtil.go
Click to show internal directories.
Click to hide internal directories.