Skip to content

Commit

Permalink
Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName, all: SHALL be…
Browse files Browse the repository at this point in the history
… present (7.1.2.3.h) (#744)

* Lint for CABF SMIME 7.1.2.3.h - subjectAlternativeName, all: SHALL be present (7.1.2.3.h)

* not exporting
  • Loading branch information
christopher-henderson authored Oct 15, 2023
1 parent 386a8dc commit 08a9354
Show file tree
Hide file tree
Showing 4 changed files with 167 additions and 0 deletions.
53 changes: 53 additions & 0 deletions v3/lints/cabf_smime_br/lint_san_shall_be_present.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
/*
* ZLint Copyright 2023 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/

package cabf_smime_br

import (
"github.com/zmap/zcrypto/x509"
"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/util"
)

func init() {
lint.RegisterLint(&lint.Lint{
Name: "e_san_shall_be_present",
Description: "Subject alternative name SHALL be present",
Citation: "7.1.2.3.h",
Source: lint.CABFSMIMEBaselineRequirements,
EffectiveDate: util.CABF_SMIME_BRs_1_0_0_Date,
Lint: NewSubjectAlternativeNameShallBePresent,
})
}

type subjectAlternativeNameShallBePresent struct{}

func NewSubjectAlternativeNameShallBePresent() lint.LintInterface {
return &subjectAlternativeNameShallBePresent{}
}

func (l *subjectAlternativeNameShallBePresent) CheckApplies(c *x509.Certificate) bool {
return util.IsSubscriberCert(c)
}

func (l *subjectAlternativeNameShallBePresent) Execute(c *x509.Certificate) *lint.LintResult {
if !util.IsExtInCert(c, util.SubjectAlternateNameOID) {
return &lint.LintResult{
Status: lint.Error,
Details: "SMIME certificate does not have a subject alternative name extension",
}
} else {
return &lint.LintResult{Status: lint.Pass}
}
}
35 changes: 35 additions & 0 deletions v3/lints/cabf_smime_br/lint_san_shall_be_present_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
package cabf_smime_br

import (
"testing"

"github.com/zmap/zlint/v3/lint"
"github.com/zmap/zlint/v3/test"
)

func TestSubscriberSubjectAlternativeNameShallBePresent(t *testing.T) {
testCases := []struct {
Name string
InputFilename string
ExpectedResult lint.LintStatus
}{
{
Name: "pass - cert with SAN",
InputFilename: "smime/with_subject_alternative_name.pem",
ExpectedResult: lint.Pass,
},
{
Name: "error - cert without SAN",
InputFilename: "smime/without_subject_alternative_name.pem",
ExpectedResult: lint.Error,
},
}
for _, tc := range testCases {
t.Run(tc.Name, func(t *testing.T) {
result := test.TestLint("e_san_shall_be_present", tc.InputFilename)
if result.Status != tc.ExpectedResult {
t.Errorf("expected result %v was %v - details: %v", tc.ExpectedResult, result.Status, result.Details)
}
})
}
}
41 changes: 41 additions & 0 deletions v3/testdata/smime/with_subject_alternative_name.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,41 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Sep 30 15:56:47 2023 GMT
Not After : Nov 30 00:00:00 9998 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:69:58:02:49:7d:98:10:6e:6d:f3:3f:8f:2b:9f:
10:df:09:42:d6:c5:1c:22:9c:86:87:e6:1d:ed:ed:
d5:98:1d:93:ce:ce:61:2a:8d:44:cb:73:59:90:06:
bb:68:e4:7c:24:d0:47:6a:b9:a4:a3:c9:60:a7:4d:
5e:c5:46:dd:bd
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Extended Key Usage:
E-mail Protection
X509v3 Subject Alternative Name:
email:coolguy@coolplace.come
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:21:00:eb:30:e0:f2:cf:6f:a4:95:ca:6a:e0:a9:e7:
06:ea:4d:b2:18:b7:bd:6e:69:4f:96:c0:07:86:3c:73:b2:2e:
3f:02:20:6e:83:bb:ca:79:8f:91:43:22:08:02:b3:86:30:85:
d7:1f:e7:ec:9c:0b:06:58:1b:47:15:08:25:26:99:c2:26
-----BEGIN CERTIFICATE-----
MIIBKjCB0aADAgECAgEDMAoGCCqGSM49BAMCMAAwIBcNMjMwOTMwMTU1NjQ3WhgP
OTk5ODExMzAwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpWAJJ
fZgQbm3zP48rnxDfCULWxRwinIaH5h3t7dWYHZPOzmEqjUTLc1mQBrto5Hwk0Edq
uaSjyWCnTV7FRt29ozowODATBgNVHSUEDDAKBggrBgEFBQcDBDAhBgNVHREEGjAY
gRZjb29sZ3V5QGNvb2xwbGFjZS5jb21lMAoGCCqGSM49BAMCA0gAMEUCIQDrMODy
z2+klcpq4KnnBupNshi3vW5pT5bAB4Y8c7IuPwIgboO7ynmPkUMiCAKzhjCF1x/n
7JwLBlgbRxUIJSaZwiY=
-----END CERTIFICATE-----
38 changes: 38 additions & 0 deletions v3/testdata/smime/without_subject_alternative_name.pem
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Sep 30 15:41:50 2023 GMT
Not After : Nov 30 00:00:00 9998 GMT
Subject:
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:8b:93:b2:84:b1:56:f4:cc:df:55:3f:f4:07:2b:
d1:5a:bc:52:10:41:aa:91:88:aa:25:ac:02:da:3e:
0c:0e:af:3b:65:49:d5:22:f9:a5:80:f1:83:c6:bc:
bb:8e:cf:d1:a6:b5:92:5d:85:6f:91:5e:31:1a:af:
69:04:62:31:86
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Extended Key Usage:
E-mail Protection
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:45:02:20:0f:4a:43:42:ff:8b:5a:b3:30:f0:c6:b2:63:1c:
92:39:4d:17:5d:b0:15:70:e9:15:2e:9a:3f:a1:d6:12:c2:79:
02:21:00:a6:91:19:20:11:17:8d:f1:65:e0:f1:33:89:38:42:
24:a5:41:e5:33:6b:53:21:7f:1f:49:49:0f:57:d8:0a:f2
-----BEGIN CERTIFICATE-----
MIIBBzCBrqADAgECAgEDMAoGCCqGSM49BAMCMAAwIBcNMjMwOTMwMTU0MTUwWhgP
OTk5ODExMzAwMDAwMDBaMAAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASLk7KE
sVb0zN9VP/QHK9FavFIQQaqRiKolrALaPgwOrztlSdUi+aWA8YPGvLuOz9GmtZJd
hW+RXjEar2kEYjGGoxcwFTATBgNVHSUEDDAKBggrBgEFBQcDBDAKBggqhkjOPQQD
AgNIADBFAiAPSkNC/4taszDwxrJjHJI5TRddsBVw6RUumj+h1hLCeQIhAKaRGSAR
F43xZeDxM4k4QiSlQeUza1Mhfx9JSQ9X2Ary
-----END CERTIFICATE-----

0 comments on commit 08a9354

Please sign in to comment.