lint_crl_has_issuer_name.go

Documentation: github.com/letsencrypt/boulder/linter/lints/rfc

     1  package rfc
     2  
     3  import (
     4  	"github.com/zmap/zcrypto/x509"
     5  	"github.com/zmap/zlint/v3/lint"
     6  	"github.com/zmap/zlint/v3/util"
     7  )
     8  
     9  type crlHasIssuerName struct{}
    10  
    11  /************************************************
    12  RFC 5280: 5.1.2.3
    13  The issuer field MUST contain a non-empty X.500 distinguished name (DN).
    14  
    15  This lint does not enforce that the issuer field complies with the rest of
    16  the encoding rules of a certificate issuer name, because it (perhaps wrongly)
    17  assumes that those were checked when the issuer was itself issued, and on all
    18  certificates issued by this CRL issuer.
    19  ************************************************/
    20  
    21  func init() {
    22  	lint.RegisterRevocationListLint(&lint.RevocationListLint{
    23  		LintMetadata: lint.LintMetadata{
    24  			Name:          "e_crl_has_issuer_name",
    25  			Description:   "The CRL Issuer field MUST contain a non-empty X.500 distinguished name",
    26  			Citation:      "RFC 5280: 5.1.2.3",
    27  			Source:        lint.RFC5280,
    28  			EffectiveDate: util.RFC5280Date,
    29  		},
    30  		Lint: NewCrlHasIssuerName,
    31  	})
    32  }
    33  
    34  func NewCrlHasIssuerName() lint.RevocationListLintInterface {
    35  	return &crlHasIssuerName{}
    36  }
    37  
    38  func (l *crlHasIssuerName) CheckApplies(c *x509.RevocationList) bool {
    39  	return true
    40  }
    41  
    42  func (l *crlHasIssuerName) Execute(c *x509.RevocationList) *lint.LintResult {
    43  	if len(c.Issuer.Names) == 0 {
    44  		return &lint.LintResult{
    45  			Status:  lint.Error,
    46  			Details: "The CRL Issuer field MUST contain a non-empty X.500 distinguished name",
    47  		}
    48  	}
    49  	return &lint.LintResult{Status: lint.Pass}
    50  }
    51
View as plain text