mirror/gmsm
1
0
Fork 0
mirror of https://github.com/emmansun/gmsm.git synced 2025-04-26 12:16:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

code checking

Browse Source
This commit is contained in:
Emman 2022-01-28 13:13:26 +08:00
parent de8cfcc588
commit 6baee1e5e8
2 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
smx509/root_windows.go
View File

@ -92,9 +92,9 @@ func checkChainTrustStatus(c *Certificate, chainCtx *syscall.CertChainContext) e
status := chainCtx.TrustStatus.ErrorStatus status := chainCtx.TrustStatus.ErrorStatus
switch status { switch status {
case syscall.CERT_TRUST_IS_NOT_TIME_VALID: case syscall.CERT_TRUST_IS_NOT_TIME_VALID:
return CertificateInvalidError{c.asX509(), Expired, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: Expired, Detail: ""}
case syscall.CERT_TRUST_IS_NOT_VALID_FOR_USAGE: case syscall.CERT_TRUST_IS_NOT_VALID_FOR_USAGE:
return CertificateInvalidError{c.asX509(), IncompatibleUsage, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: IncompatibleUsage, Detail: ""}
// TODO(filippo): surface more error statuses. // TODO(filippo): surface more error statuses.
default: default:
return UnknownAuthorityError{c, nil, nil} return UnknownAuthorityError{c, nil, nil}

24
smx509/verify.go
View File

@ -261,18 +261,18 @@ func (c *Certificate) checkNameConstraints(count *int,
*count += excludedValue.Len() *count += excludedValue.Len()
if *count > maxConstraintComparisons { if *count > maxConstraintComparisons {
return CertificateInvalidError{c.asX509(), TooManyConstraints, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: TooManyConstraints, Detail: ""}
} }
for i := 0; i < excludedValue.Len(); i++ { for i := 0; i < excludedValue.Len(); i++ {
constraint := excludedValue.Index(i).Interface() constraint := excludedValue.Index(i).Interface()
match, err := match(parsedName, constraint) match, err := match(parsedName, constraint)
if err != nil { if err != nil {
return CertificateInvalidError{c.asX509(), CANotAuthorizedForThisName, err.Error()} return CertificateInvalidError{Cert: c.asX509(), Reason: CANotAuthorizedForThisName, Detail: err.Error()}
} }
if match { if match {
return CertificateInvalidError{c.asX509(), CANotAuthorizedForThisName, fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint)} return CertificateInvalidError{Cert: c.asX509(), Reason: CANotAuthorizedForThisName, Detail: fmt.Sprintf("%s %q is excluded by constraint %q", nameType, name, constraint)}
} }
} }
@ -280,7 +280,7 @@ func (c *Certificate) checkNameConstraints(count *int,
*count += permittedValue.Len() *count += permittedValue.Len()
if *count > maxConstraintComparisons { if *count > maxConstraintComparisons {
return CertificateInvalidError{c.asX509(), TooManyConstraints, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: TooManyConstraints, Detail: ""}
} }
ok := true ok := true
@ -289,7 +289,7 @@ func (c *Certificate) checkNameConstraints(count *int,
var err error var err error
if ok, err = match(parsedName, constraint); err != nil { if ok, err = match(parsedName, constraint); err != nil {
return CertificateInvalidError{c.asX509(), CANotAuthorizedForThisName, err.Error()} return CertificateInvalidError{Cert: c.asX509(), Reason: CANotAuthorizedForThisName, Detail: err.Error()}
} }
if ok { if ok {
@ -298,7 +298,7 @@ func (c *Certificate) checkNameConstraints(count *int,
} }
if !ok { if !ok {
return CertificateInvalidError{c.asX509(), CANotAuthorizedForThisName, fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name)} return CertificateInvalidError{Cert: c.asX509(), Reason: CANotAuthorizedForThisName, Detail: fmt.Sprintf("%s %q is not permitted by any constraint", nameType, name)}
} }
return nil return nil
@ -349,7 +349,7 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
if len(currentChain) > 0 { if len(currentChain) > 0 {
child := currentChain[len(currentChain)-1] child := currentChain[len(currentChain)-1]
if !bytes.Equal(child.RawIssuer, c.RawSubject) { if !bytes.Equal(child.RawIssuer, c.RawSubject) {
return CertificateInvalidError{c.asX509(), NameMismatch, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: NameMismatch, Detail: ""}
} }
} }
@ -473,13 +473,13 @@ func (c *Certificate) isValid(certType int, currentChain []*Certificate, opts *V
// encryption key could only be used for Diffie-Hellman key agreement. // encryption key could only be used for Diffie-Hellman key agreement.
if certType == intermediateCertificate && (!c.BasicConstraintsValid || !c.IsCA) { if certType == intermediateCertificate && (!c.BasicConstraintsValid || !c.IsCA) {
return CertificateInvalidError{c.asX509(), NotAuthorizedToSign, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: NotAuthorizedToSign, Detail: ""}
} }
if c.BasicConstraintsValid && c.MaxPathLen >= 0 { if c.BasicConstraintsValid && c.MaxPathLen >= 0 {
numIntermediates := len(currentChain) - 1 numIntermediates := len(currentChain) - 1
if numIntermediates > c.MaxPathLen { if numIntermediates > c.MaxPathLen {
return CertificateInvalidError{c.asX509(), TooManyIntermediates, ""} return CertificateInvalidError{Cert: c.asX509(), Reason: TooManyIntermediates, Detail: ""}
} }
} }
@ -586,7 +586,7 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e
} }
if len(chains) == 0 { if len(chains) == 0 {
return nil, CertificateInvalidError{c.asX509(), IncompatibleUsage, ""} return nil, CertificateInvalidError{Cert: c.asX509(), Reason: IncompatibleUsage, Detail: ""}
} }
return chains, nil return chains, nil
@ -813,7 +813,7 @@ func (c *Certificate) VerifyHostname(h string) error {
return nil return nil
} }
} }
return x509.HostnameError{c.asX509(), candidateIP} return x509.HostnameError{Certificate: c.asX509(), Host: candidateIP}
} }
candidateName := toLowerCaseASCII(h) // Save allocations inside the loop. candidateName := toLowerCaseASCII(h) // Save allocations inside the loop.
@ -835,7 +835,7 @@ func (c *Certificate) VerifyHostname(h string) error {
} }
} }
} }
return x509.HostnameError{c.asX509(), h} return x509.HostnameError{Certificate: c.asX509(), Host: h}
} }
func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool { func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {