Source file src/github.com/letsencrypt/boulder/linter/lints/cpcps/lint_validity_period_has_extra_second.go

Documentation: github.com/letsencrypt/boulder/linter/lints/cpcps

     1  package cpcps
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/zmap/zcrypto/x509"
     7  	"github.com/zmap/zlint/v3/lint"
     8  
     9  	"github.com/letsencrypt/boulder/linter/lints"
    10  )
    11  
    12  type certValidityNotRound struct{}
    13  
    14  func init() {
    15  	lint.RegisterLint(&lint.Lint{
    16  		Name:          "w_validity_period_has_extra_second",
    17  		Description:   "Let's Encrypt Certificates have Validity Periods that are a round number of seconds",
    18  		Citation:      "CPS: 7.1",
    19  		Source:        lints.LetsEncryptCPS,
    20  		EffectiveDate: lints.CPSV33Date,
    21  		Lint:          NewCertValidityNotRound,
    22  	})
    23  }
    24  
    25  func NewCertValidityNotRound() lint.LintInterface {
    26  	return &certValidityNotRound{}
    27  }
    28  
    29  func (l *certValidityNotRound) CheckApplies(c *x509.Certificate) bool {
    30  	return true
    31  }
    32  
    33  func (l *certValidityNotRound) Execute(c *x509.Certificate) *lint.LintResult {
    34  	// RFC 5280 4.1.2.5: "The validity period for a certificate is the period
    35  	// of time from notBefore through notAfter, inclusive."
    36  	certValidity := c.NotAfter.Add(time.Second).Sub(c.NotBefore)
    37  
    38  	if certValidity%60 == 0 {
    39  		return &lint.LintResult{Status: lint.Pass}
    40  	}
    41  
    42  	return &lint.LintResult{Status: lint.Error}
    43  }
    44  

View as plain text