mbiryukova/certificates
1
0
Fork 0
forked from TrueCloudLab/certificates
Code Pull requests Activity

Do not add the CRL distribution points extension.

Browse source 
This extension is added by CloudCAS.
This commit is contained in:
Mariano Cano 2020-09-21 17:09:46 -07:00
parent 38fa780775
commit 8e6d7accf8
2 changed files with 21 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

34
cas/cloudcas/certificate.go
View file

@ -15,25 +15,27 @@ import (
)
var (
oidExtensionSubjectKeyID = []int{2, 5, 29, 14}
oidExtensionKeyUsage = []int{2, 5, 29, 15}
oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
oidExtensionAuthorityKeyID = []int{2, 5, 29, 35}
oidExtensionBasicConstraints = []int{2, 5, 29, 19}
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
oidExtensionSubjectKeyID = []int{2, 5, 29, 14}
oidExtensionKeyUsage = []int{2, 5, 29, 15}
oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
oidExtensionAuthorityKeyID = []int{2, 5, 29, 35}
oidExtensionBasicConstraints = []int{2, 5, 29, 19}
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31}
oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
)
var extraExtensions = [...]asn1.ObjectIdentifier{
oidExtensionSubjectKeyID, // Added by CAS
oidExtensionKeyUsage, // Added in CertificateConfig.ReusableConfig
oidExtensionExtendedKeyUsage, // Added in CertificateConfig.ReusableConfig
oidExtensionAuthorityKeyID, // Added by CAS
oidExtensionBasicConstraints, // Added in CertificateConfig.ReusableConfig
oidExtensionSubjectAltName, // Added in CertificateConfig.SubjectConfig.SubjectAltName
oidExtensionCertificatePolicies, // Added in CertificateConfig.ReusableConfig
oidExtensionAuthorityInfoAccess, // Added in CertificateConfig.ReusableConfig and by CAS
oidExtensionSubjectKeyID, // Added by CAS
oidExtensionKeyUsage, // Added in CertificateConfig.ReusableConfig
oidExtensionExtendedKeyUsage, // Added in CertificateConfig.ReusableConfig
oidExtensionAuthorityKeyID, // Added by CAS
oidExtensionBasicConstraints, // Added in CertificateConfig.ReusableConfig
oidExtensionSubjectAltName, // Added in CertificateConfig.SubjectConfig.SubjectAltName
oidExtensionCRLDistributionPoints, // Added by CAS
oidExtensionCertificatePolicies, // Added in CertificateConfig.ReusableConfig
oidExtensionAuthorityInfoAccess, // Added in CertificateConfig.ReusableConfig and by CAS
}
var (

4
cas/cloudcas/certificate_test.go
View file

@ -501,8 +501,9 @@ func Test_createReusableConfig(t *testing.T) {
// Extensions
{"Extensions", args{&x509.Certificate{ExtraExtensions: []pkix.Extension{
{Id: []int{1, 2, 3, 4}, Critical: true, Value: []byte("foobar")},
{Id: []int{2, 5, 29, 17}, Critical: true, Value: []byte("SANs")},
{Id: []int{2, 5, 29, 17}, Critical: true, Value: []byte("SANs")}, //
{Id: []int{4, 3, 2, 1}, Critical: false, Value: []byte("zoobar")},
{Id: []int{2, 5, 29, 31}, Critical: false, Value: []byte("CRL Distribution points")},
}}}, withRCV(&pb.ReusableConfigValues{
AdditionalExtensions: []*pb.X509Extension{
{ObjectId: &pb.ObjectId{ObjectIdPath: []int32{1, 2, 3, 4}}, Critical: true, Value: []byte("foobar")},
@ -534,6 +535,7 @@ func Test_isExtraExtension(t *testing.T) {
{"oidExtensionAuthorityKeyID", args{oidExtensionAuthorityKeyID}, false},
{"oidExtensionBasicConstraints", args{oidExtensionBasicConstraints}, false},
{"oidExtensionSubjectAltName", args{oidExtensionSubjectAltName}, false},
{"oidExtensionCRLDistributionPoints", args{oidExtensionCRLDistributionPoints}, false},
{"oidExtensionCertificatePolicies", args{oidExtensionCertificatePolicies}, false},
{"oidExtensionAuthorityInfoAccess", args{oidExtensionAuthorityInfoAccess}, false},
{"other", args{[]int{1, 2, 3, 4}}, true},