Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

lint e_organizational_unit_name_prohibited CheckApplies is overly permissive #691

Merged
merged 1 commit into from
Sep 18, 2022
Merged

lint e_organizational_unit_name_prohibited CheckApplies is overly permissive #691

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion v3/lints/cabf_br/lint_organizational_unit_name_prohibited.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ func NewOrganizationalUnitNameProhibited() lint.LintInterface {
}

func (l *OrganizationalUnitNameProhibited) CheckApplies(c *x509.Certificate) bool {
return true
return !c.IsCA
}

func (l *OrganizationalUnitNameProhibited) Execute(c *x509.Certificate) *lint.LintResult {
Expand Down
5 changes: 5 additions & 0 deletions v3/lints/cabf_br/lint_organizational_unit_name_prohibited_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,11 @@ func TestOrganizationalUnitNameProhibited(t *testing.T) {
InputFilename: "ouPresentBeforeSep22.pem",
ExpectedResult: lint.NE,
},
{
Name: "CA Certificate issued after rule comes into effect",
InputFilename: "ouPresentCATrueAfterSep22.pem",
ExpectedResult: lint.NA,
},
{
Name: "Certificate issued after rule applies that contains an OU",
InputFilename: "ouPresentAfterSep22.pem",
Expand Down
38 changes: 38 additions & 0 deletions v3/testdata/ouPresentCATrueAfterSep22.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 3 (0x3)
Signature Algorithm: ecdsa-with-SHA256
Issuer:
Validity
Not Before: Sep 2 00:00:00 2022 GMT
Not After : Nov 30 00:00:00 9998 GMT
Subject: CN = example.com, OU = Example Unit
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:5e:05:90:dd:e5:d8:36:49:98:ff:ef:b1:d7:5f:
e6:04:e8:e1:bf:6e:5f:ef:16:8a:45:ad:3f:6d:75:
99:60:50:de:24:ad:45:59:99:c0:30:bb:5f:32:4c:
07:0e:1a:af:4c:72:6e:aa:58:da:76:b5:f8:62:e9:
00:f7:9c:73:fd
ASN1 OID: prime256v1
NIST CURVE: P-256
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: ecdsa-with-SHA256
30:46:02:21:00:fd:3e:9b:d8:59:53:53:76:b6:af:ae:ba:7f:
34:69:7e:55:4e:78:44:ff:fc:24:d4:36:86:98:21:63:cc:19:
23:02:21:00:df:d8:9d:7f:52:c0:cd:98:ab:70:43:54:6b:5c:
c3:17:bc:42:fc:27:5b:cb:24:a3:a8:cf:c3:54:52:d1:95:b3
-----BEGIN CERTIFICATE-----
MIIBMTCB16ADAgECAgEDMAoGCCqGSM49BAMCMAAwIBcNMjIwOTAyMDAwMDAwWhgP
OTk5ODExMzAwMDAwMDBaMC0xFDASBgNVBAMTC2V4YW1wbGUuY29tMRUwEwYDVQQL
EwxFeGFtcGxlIFVuaXQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAReBZDd5dg2
SZj/77HXX+YE6OG/bl/vFopFrT9tdZlgUN4krUVZmcAwu18yTAcOGq9Mcm6qWNp2
tfhi6QD3nHP9oxMwETAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMCA0kAMEYC
IQD9PpvYWVNTdravrrp/NGl+VU54RP/8JNQ2hpghY8wZIwIhAN/YnX9SwM2Yq3BD
VGtcwxe8QvwnW8sko6jPw1RS0ZWz
-----END CERTIFICATE-----