Alias x509 types

2025-04-26 12:16:20 +08:00 · 2022-01-20 18:15:26 +08:00 · 2022-01-20 18:15:26 +08:00 · b0a5a1c74a
commit b0a5a1c74a
parent f3a1eab5fe
4 changed files with 47 additions and 27 deletions
--- a/smx509/parser.go
+++ b/smx509/parser.go
@ -7,7 +7,6 @@ import (
 	"crypto/ed25519"
 	"crypto/elliptic"
 	"crypto/rsa"
-	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/asn1"
 	"encoding/pem"
@ -420,8 +419,8 @@ func parseSANExtension(der cryptobyte.String) (dnsNames, emailAddresses []string
 	return
 }

-func parseExtKeyUsageExtension(der cryptobyte.String) ([]x509.ExtKeyUsage, []asn1.ObjectIdentifier, error) {
-	var extKeyUsages []x509.ExtKeyUsage
+func parseExtKeyUsageExtension(der cryptobyte.String) ([]ExtKeyUsage, []asn1.ObjectIdentifier, error) {
+	var extKeyUsages []ExtKeyUsage
 	var unknownUsages []asn1.ObjectIdentifier
 	if !der.ReadASN1(&der, cryptobyte_asn1.SEQUENCE) {
 		return nil, nil, errors.New("x509: invalid extended key usages")
--- a/smx509/root_windows.go
+++ b/smx509/root_windows.go
@ -148,7 +148,7 @@ func checkChainSSLServerPolicy(c *Certificate, chainCtx *syscall.CertChainContex

 // windowsExtKeyUsageOIDs are the C NUL-terminated string representations of the
 // OIDs for use with the Windows API.
-var windowsExtKeyUsageOIDs = make(map[x509.ExtKeyUsage][]byte, len(extKeyUsageOIDs))
+var windowsExtKeyUsageOIDs = make(map[ExtKeyUsage][]byte, len(extKeyUsageOIDs))

 func init() {
 	for _, eku := range extKeyUsageOIDs {
--- a/smx509/verify.go
+++ b/smx509/verify.go
@ -66,7 +66,7 @@ type VerifyOptions struct {
 	// KeyUsages specifies which Extended Key Usage values are acceptable. A
 	// chain is accepted if it allows any of the listed values. An empty list
 	// means ExtKeyUsageServerAuth. To accept any key usage, include ExtKeyUsageAny.
-	KeyUsages []x509.ExtKeyUsage
+	KeyUsages []ExtKeyUsage

 	// MaxConstraintComparisions is the maximum number of comparisons to
 	// perform when checking a given certificate's name constraints. If
@ -554,7 +554,7 @@ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err e

 	keyUsages := opts.KeyUsages
 	if len(keyUsages) == 0 {
-		keyUsages = []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}
+		keyUsages = []ExtKeyUsage{x509.ExtKeyUsageServerAuth}
 	}

 	// If any key usage is acceptable then we're done.
@ -823,8 +823,8 @@ func (c *Certificate) VerifyHostname(h string) error {
 	return x509.HostnameError{&c.Certificate, h}
 }

-func checkChainForKeyUsage(chain []*Certificate, keyUsages []x509.ExtKeyUsage) bool {
-	usages := make([]x509.ExtKeyUsage, len(keyUsages))
+func checkChainForKeyUsage(chain []*Certificate, keyUsages []ExtKeyUsage) bool {
+	usages := make([]ExtKeyUsage, len(keyUsages))
 	copy(usages, keyUsages)

 	if len(chain) == 0 {
@ -852,7 +852,7 @@ NextCert:
 			}
 		}

-		const invalidUsage x509.ExtKeyUsage = -1
+		const invalidUsage ExtKeyUsage = -1

 	NextRequestedUsage:
 		for i, requestedUsage := range usages {
--- a/smx509/x509.go
+++ b/smx509/x509.go
@ -501,28 +501,49 @@ var (
 	oidExtKeyUsageMicrosoftKernelCodeSigning     = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}
 )

+// ExtKeyUsage represents an extended set of actions that are valid for a given key.
+// Each of the ExtKeyUsage* constants define a unique action.
+type ExtKeyUsage = x509.ExtKeyUsage
+
+const (
+	ExtKeyUsageAny                            = x509.ExtKeyUsageAny
+	ExtKeyUsageServerAuth                     = x509.ExtKeyUsageServerAuth
+	ExtKeyUsageClientAuth                     = x509.ExtKeyUsageClientAuth
+	ExtKeyUsageCodeSigning                    = x509.ExtKeyUsageCodeSigning
+	ExtKeyUsageEmailProtection                = x509.ExtKeyUsageEmailProtection
+	ExtKeyUsageIPSECEndSystem                 = x509.ExtKeyUsageIPSECEndSystem
+	ExtKeyUsageIPSECTunnel                    = x509.ExtKeyUsageIPSECTunnel
+	ExtKeyUsageIPSECUser                      = x509.ExtKeyUsageIPSECUser
+	ExtKeyUsageTimeStamping                   = x509.ExtKeyUsageTimeStamping
+	ExtKeyUsageOCSPSigning                    = x509.ExtKeyUsageOCSPSigning
+	ExtKeyUsageMicrosoftServerGatedCrypto     = x509.ExtKeyUsageMicrosoftServerGatedCrypto
+	ExtKeyUsageNetscapeServerGatedCrypto      = x509.ExtKeyUsageNetscapeServerGatedCrypto
+	ExtKeyUsageMicrosoftCommercialCodeSigning = x509.ExtKeyUsageMicrosoftCommercialCodeSigning
+	ExtKeyUsageMicrosoftKernelCodeSigning     = x509.ExtKeyUsageMicrosoftKernelCodeSigning
+)
+
 // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID.
 var extKeyUsageOIDs = []struct {
-	extKeyUsage x509.ExtKeyUsage
+	extKeyUsage ExtKeyUsage
 	oid         asn1.ObjectIdentifier
 }{
-	{x509.ExtKeyUsageAny, oidExtKeyUsageAny},
-	{x509.ExtKeyUsageServerAuth, oidExtKeyUsageServerAuth},
-	{x509.ExtKeyUsageClientAuth, oidExtKeyUsageClientAuth},
-	{x509.ExtKeyUsageCodeSigning, oidExtKeyUsageCodeSigning},
-	{x509.ExtKeyUsageEmailProtection, oidExtKeyUsageEmailProtection},
-	{x509.ExtKeyUsageIPSECEndSystem, oidExtKeyUsageIPSECEndSystem},
-	{x509.ExtKeyUsageIPSECTunnel, oidExtKeyUsageIPSECTunnel},
-	{x509.ExtKeyUsageIPSECUser, oidExtKeyUsageIPSECUser},
-	{x509.ExtKeyUsageTimeStamping, oidExtKeyUsageTimeStamping},
-	{x509.ExtKeyUsageOCSPSigning, oidExtKeyUsageOCSPSigning},
-	{x509.ExtKeyUsageMicrosoftServerGatedCrypto, oidExtKeyUsageMicrosoftServerGatedCrypto},
-	{x509.ExtKeyUsageNetscapeServerGatedCrypto, oidExtKeyUsageNetscapeServerGatedCrypto},
-	{x509.ExtKeyUsageMicrosoftCommercialCodeSigning, oidExtKeyUsageMicrosoftCommercialCodeSigning},
-	{x509.ExtKeyUsageMicrosoftKernelCodeSigning, oidExtKeyUsageMicrosoftKernelCodeSigning},
+	{ExtKeyUsageAny, oidExtKeyUsageAny},
+	{ExtKeyUsageServerAuth, oidExtKeyUsageServerAuth},
+	{ExtKeyUsageClientAuth, oidExtKeyUsageClientAuth},
+	{ExtKeyUsageCodeSigning, oidExtKeyUsageCodeSigning},
+	{ExtKeyUsageEmailProtection, oidExtKeyUsageEmailProtection},
+	{ExtKeyUsageIPSECEndSystem, oidExtKeyUsageIPSECEndSystem},
+	{ExtKeyUsageIPSECTunnel, oidExtKeyUsageIPSECTunnel},
+	{ExtKeyUsageIPSECUser, oidExtKeyUsageIPSECUser},
+	{ExtKeyUsageTimeStamping, oidExtKeyUsageTimeStamping},
+	{ExtKeyUsageOCSPSigning, oidExtKeyUsageOCSPSigning},
+	{ExtKeyUsageMicrosoftServerGatedCrypto, oidExtKeyUsageMicrosoftServerGatedCrypto},
+	{ExtKeyUsageNetscapeServerGatedCrypto, oidExtKeyUsageNetscapeServerGatedCrypto},
+	{ExtKeyUsageMicrosoftCommercialCodeSigning, oidExtKeyUsageMicrosoftCommercialCodeSigning},
+	{ExtKeyUsageMicrosoftKernelCodeSigning, oidExtKeyUsageMicrosoftKernelCodeSigning},
 }

-func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku x509.ExtKeyUsage, ok bool) {
+func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok bool) {
 	for _, pair := range extKeyUsageOIDs {
 		if oid.Equal(pair.oid) {
 			return pair.extKeyUsage, true
@ -531,7 +552,7 @@ func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku x509.ExtKeyUsage, ok boo
 	return
 }

-func oidFromExtKeyUsage(eku x509.ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) {
+func oidFromExtKeyUsage(eku ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) {
 	for _, pair := range extKeyUsageOIDs {
 		if eku == pair.extKeyUsage {
 			return pair.oid, true
@ -1071,7 +1092,7 @@ func marshalKeyUsage(ku KeyUsage) (pkix.Extension, error) {
 	return ext, nil
 }

-func marshalExtKeyUsage(extUsages []x509.ExtKeyUsage, unknownUsages []asn1.ObjectIdentifier) (pkix.Extension, error) {
+func marshalExtKeyUsage(extUsages []ExtKeyUsage, unknownUsages []asn1.ObjectIdentifier) (pkix.Extension, error) {
 	ext := pkix.Extension{Id: oidExtensionExtendedKeyUsage}

 	oids := make([]asn1.ObjectIdentifier, len(extUsages)+len(unknownUsages))