Source file src/github.com/letsencrypt/boulder/linter/lints/cpcps/lint_crl_has_no_aia.go

Documentation: github.com/letsencrypt/boulder/linter/lints/cpcps

     1  package cpcps
     2  
     3  import (
     4  	"github.com/zmap/zcrypto/encoding/asn1"
     5  	"github.com/zmap/zcrypto/x509"
     6  	"github.com/zmap/zlint/v3/lint"
     7  
     8  	"github.com/letsencrypt/boulder/linter/lints"
     9  )
    10  
    11  type crlHasNoAIA struct{}
    12  
    13  /************************************************
    14  RFC 5280: 5.2.7
    15  
    16  The requirements around the Authority Information Access extension are extensive.
    17  Therefore we do not include one.
    18  Conforming CRL issuers MUST include the nextUpdate field in all CRLs.
    19  ************************************************/
    20  
    21  func init() {
    22  	lint.RegisterRevocationListLint(&lint.RevocationListLint{
    23  		LintMetadata: lint.LintMetadata{
    24  			Name:          "e_crl_has_no_aia",
    25  			Description:   "Let's Encrypt does not include the CRL AIA extension",
    26  			Citation:      "",
    27  			Source:        lints.LetsEncryptCPS,
    28  			EffectiveDate: lints.CPSV33Date,
    29  		},
    30  		Lint: NewCrlHasNoAIA,
    31  	})
    32  }
    33  
    34  func NewCrlHasNoAIA() lint.RevocationListLintInterface {
    35  	return &crlHasNoAIA{}
    36  }
    37  
    38  func (l *crlHasNoAIA) CheckApplies(c *x509.RevocationList) bool {
    39  	return true
    40  }
    41  
    42  func (l *crlHasNoAIA) Execute(c *x509.RevocationList) *lint.LintResult {
    43  	aiaOID := asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 1, 1} // id-pe-authorityInfoAccess
    44  	if lints.GetExtWithOID(c.Extensions, aiaOID) != nil {
    45  		return &lint.LintResult{
    46  			Status:  lint.Notice,
    47  			Details: "CRL has an Authority Information Access url",
    48  		}
    49  	}
    50  	return &lint.LintResult{Status: lint.Pass}
    51  }
    52  

View as plain text