1
2
3
4
5
6
7
8
9
10 package x509
11
12 import (
13 "bytes"
14 "crypto"
15 "crypto/dsa"
16 "crypto/ecdsa"
17 "crypto/elliptic"
18 "crypto/rsa"
19 _ "crypto/sha1"
20 _ "crypto/sha256"
21 _ "crypto/sha512"
22 "crypto/x509/pkix"
23 "encoding/asn1"
24 "encoding/pem"
25 "errors"
26 "fmt"
27 "io"
28 "math/big"
29 "net"
30 "net/url"
31 "strconv"
32 "strings"
33 "time"
34 "unicode/utf8"
35
36 "golang_org/x/crypto/cryptobyte"
37 cryptobyte_asn1 "golang_org/x/crypto/cryptobyte/asn1"
38 )
39
40
41
42 type pkixPublicKey struct {
43 Algo pkix.AlgorithmIdentifier
44 BitString asn1.BitString
45 }
46
47
48
49
50
51
52
53
54
55 func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) {
56 var pki publicKeyInfo
57 if rest, err := asn1.Unmarshal(derBytes, &pki); err != nil {
58 return nil, err
59 } else if len(rest) != 0 {
60 return nil, errors.New("x509: trailing data after ASN.1 of public-key")
61 }
62 algo := getPublicKeyAlgorithmFromOID(pki.Algorithm.Algorithm)
63 if algo == UnknownPublicKeyAlgorithm {
64 return nil, errors.New("x509: unknown public key algorithm")
65 }
66 return parsePublicKey(algo, &pki)
67 }
68
69 func marshalPublicKey(pub interface{}) (publicKeyBytes []byte, publicKeyAlgorithm pkix.AlgorithmIdentifier, err error) {
70 switch pub := pub.(type) {
71 case *rsa.PublicKey:
72 publicKeyBytes, err = asn1.Marshal(pkcs1PublicKey{
73 N: pub.N,
74 E: pub.E,
75 })
76 if err != nil {
77 return nil, pkix.AlgorithmIdentifier{}, err
78 }
79 publicKeyAlgorithm.Algorithm = oidPublicKeyRSA
80
81
82 publicKeyAlgorithm.Parameters = asn1.NullRawValue
83 case *ecdsa.PublicKey:
84 publicKeyBytes = elliptic.Marshal(pub.Curve, pub.X, pub.Y)
85 oid, ok := oidFromNamedCurve(pub.Curve)
86 if !ok {
87 return nil, pkix.AlgorithmIdentifier{}, errors.New("x509: unsupported elliptic curve")
88 }
89 publicKeyAlgorithm.Algorithm = oidPublicKeyECDSA
90 var paramBytes []byte
91 paramBytes, err = asn1.Marshal(oid)
92 if err != nil {
93 return
94 }
95 publicKeyAlgorithm.Parameters.FullBytes = paramBytes
96 default:
97 return nil, pkix.AlgorithmIdentifier{}, errors.New("x509: only RSA and ECDSA public keys supported")
98 }
99
100 return publicKeyBytes, publicKeyAlgorithm, nil
101 }
102
103
104 func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) {
105 var publicKeyBytes []byte
106 var publicKeyAlgorithm pkix.AlgorithmIdentifier
107 var err error
108
109 if publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(pub); err != nil {
110 return nil, err
111 }
112
113 pkix := pkixPublicKey{
114 Algo: publicKeyAlgorithm,
115 BitString: asn1.BitString{
116 Bytes: publicKeyBytes,
117 BitLength: 8 * len(publicKeyBytes),
118 },
119 }
120
121 ret, _ := asn1.Marshal(pkix)
122 return ret, nil
123 }
124
125
126
127 type certificate struct {
128 Raw asn1.RawContent
129 TBSCertificate tbsCertificate
130 SignatureAlgorithm pkix.AlgorithmIdentifier
131 SignatureValue asn1.BitString
132 }
133
134 type tbsCertificate struct {
135 Raw asn1.RawContent
136 Version int `asn1:"optional,explicit,default:0,tag:0"`
137 SerialNumber *big.Int
138 SignatureAlgorithm pkix.AlgorithmIdentifier
139 Issuer asn1.RawValue
140 Validity validity
141 Subject asn1.RawValue
142 PublicKey publicKeyInfo
143 UniqueId asn1.BitString `asn1:"optional,tag:1"`
144 SubjectUniqueId asn1.BitString `asn1:"optional,tag:2"`
145 Extensions []pkix.Extension `asn1:"optional,explicit,tag:3"`
146 }
147
148 type dsaAlgorithmParameters struct {
149 P, Q, G *big.Int
150 }
151
152 type dsaSignature struct {
153 R, S *big.Int
154 }
155
156 type ecdsaSignature dsaSignature
157
158 type validity struct {
159 NotBefore, NotAfter time.Time
160 }
161
162 type publicKeyInfo struct {
163 Raw asn1.RawContent
164 Algorithm pkix.AlgorithmIdentifier
165 PublicKey asn1.BitString
166 }
167
168
169 type authKeyId struct {
170 Id []byte `asn1:"optional,tag:0"`
171 }
172
173 type SignatureAlgorithm int
174
175 const (
176 UnknownSignatureAlgorithm SignatureAlgorithm = iota
177 MD2WithRSA
178 MD5WithRSA
179 SHA1WithRSA
180 SHA256WithRSA
181 SHA384WithRSA
182 SHA512WithRSA
183 DSAWithSHA1
184 DSAWithSHA256
185 ECDSAWithSHA1
186 ECDSAWithSHA256
187 ECDSAWithSHA384
188 ECDSAWithSHA512
189 SHA256WithRSAPSS
190 SHA384WithRSAPSS
191 SHA512WithRSAPSS
192 )
193
194 func (algo SignatureAlgorithm) isRSAPSS() bool {
195 switch algo {
196 case SHA256WithRSAPSS, SHA384WithRSAPSS, SHA512WithRSAPSS:
197 return true
198 default:
199 return false
200 }
201 }
202
203 func (algo SignatureAlgorithm) String() string {
204 for _, details := range signatureAlgorithmDetails {
205 if details.algo == algo {
206 return details.name
207 }
208 }
209 return strconv.Itoa(int(algo))
210 }
211
212 type PublicKeyAlgorithm int
213
214 const (
215 UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota
216 RSA
217 DSA
218 ECDSA
219 )
220
221 var publicKeyAlgoName = [...]string{
222 RSA: "RSA",
223 DSA: "DSA",
224 ECDSA: "ECDSA",
225 }
226
227 func (algo PublicKeyAlgorithm) String() string {
228 if 0 < algo && int(algo) < len(publicKeyAlgoName) {
229 return publicKeyAlgoName[algo]
230 }
231 return strconv.Itoa(int(algo))
232 }
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284 var (
285 oidSignatureMD2WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 2}
286 oidSignatureMD5WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4}
287 oidSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5}
288 oidSignatureSHA256WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11}
289 oidSignatureSHA384WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12}
290 oidSignatureSHA512WithRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13}
291 oidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
292 oidSignatureDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3}
293 oidSignatureDSAWithSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2}
294 oidSignatureECDSAWithSHA1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1}
295 oidSignatureECDSAWithSHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2}
296 oidSignatureECDSAWithSHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3}
297 oidSignatureECDSAWithSHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4}
298
299 oidSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
300 oidSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
301 oidSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
302
303 oidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8}
304
305
306
307
308 oidISOSignatureSHA1WithRSA = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 29}
309 )
310
311 var signatureAlgorithmDetails = []struct {
312 algo SignatureAlgorithm
313 name string
314 oid asn1.ObjectIdentifier
315 pubKeyAlgo PublicKeyAlgorithm
316 hash crypto.Hash
317 }{
318 {MD2WithRSA, "MD2-RSA", oidSignatureMD2WithRSA, RSA, crypto.Hash(0) },
319 {MD5WithRSA, "MD5-RSA", oidSignatureMD5WithRSA, RSA, crypto.MD5},
320 {SHA1WithRSA, "SHA1-RSA", oidSignatureSHA1WithRSA, RSA, crypto.SHA1},
321 {SHA1WithRSA, "SHA1-RSA", oidISOSignatureSHA1WithRSA, RSA, crypto.SHA1},
322 {SHA256WithRSA, "SHA256-RSA", oidSignatureSHA256WithRSA, RSA, crypto.SHA256},
323 {SHA384WithRSA, "SHA384-RSA", oidSignatureSHA384WithRSA, RSA, crypto.SHA384},
324 {SHA512WithRSA, "SHA512-RSA", oidSignatureSHA512WithRSA, RSA, crypto.SHA512},
325 {SHA256WithRSAPSS, "SHA256-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA256},
326 {SHA384WithRSAPSS, "SHA384-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA384},
327 {SHA512WithRSAPSS, "SHA512-RSAPSS", oidSignatureRSAPSS, RSA, crypto.SHA512},
328 {DSAWithSHA1, "DSA-SHA1", oidSignatureDSAWithSHA1, DSA, crypto.SHA1},
329 {DSAWithSHA256, "DSA-SHA256", oidSignatureDSAWithSHA256, DSA, crypto.SHA256},
330 {ECDSAWithSHA1, "ECDSA-SHA1", oidSignatureECDSAWithSHA1, ECDSA, crypto.SHA1},
331 {ECDSAWithSHA256, "ECDSA-SHA256", oidSignatureECDSAWithSHA256, ECDSA, crypto.SHA256},
332 {ECDSAWithSHA384, "ECDSA-SHA384", oidSignatureECDSAWithSHA384, ECDSA, crypto.SHA384},
333 {ECDSAWithSHA512, "ECDSA-SHA512", oidSignatureECDSAWithSHA512, ECDSA, crypto.SHA512},
334 }
335
336
337
338 type pssParameters struct {
339
340
341
342 Hash pkix.AlgorithmIdentifier `asn1:"explicit,tag:0"`
343 MGF pkix.AlgorithmIdentifier `asn1:"explicit,tag:1"`
344 SaltLength int `asn1:"explicit,tag:2"`
345 TrailerField int `asn1:"optional,explicit,tag:3,default:1"`
346 }
347
348
349
350 func rsaPSSParameters(hashFunc crypto.Hash) asn1.RawValue {
351 var hashOID asn1.ObjectIdentifier
352
353 switch hashFunc {
354 case crypto.SHA256:
355 hashOID = oidSHA256
356 case crypto.SHA384:
357 hashOID = oidSHA384
358 case crypto.SHA512:
359 hashOID = oidSHA512
360 }
361
362 params := pssParameters{
363 Hash: pkix.AlgorithmIdentifier{
364 Algorithm: hashOID,
365 Parameters: asn1.NullRawValue,
366 },
367 MGF: pkix.AlgorithmIdentifier{
368 Algorithm: oidMGF1,
369 },
370 SaltLength: hashFunc.Size(),
371 TrailerField: 1,
372 }
373
374 mgf1Params := pkix.AlgorithmIdentifier{
375 Algorithm: hashOID,
376 Parameters: asn1.NullRawValue,
377 }
378
379 var err error
380 params.MGF.Parameters.FullBytes, err = asn1.Marshal(mgf1Params)
381 if err != nil {
382 panic(err)
383 }
384
385 serialized, err := asn1.Marshal(params)
386 if err != nil {
387 panic(err)
388 }
389
390 return asn1.RawValue{FullBytes: serialized}
391 }
392
393 func getSignatureAlgorithmFromAI(ai pkix.AlgorithmIdentifier) SignatureAlgorithm {
394 if !ai.Algorithm.Equal(oidSignatureRSAPSS) {
395 for _, details := range signatureAlgorithmDetails {
396 if ai.Algorithm.Equal(details.oid) {
397 return details.algo
398 }
399 }
400 return UnknownSignatureAlgorithm
401 }
402
403
404
405
406 var params pssParameters
407 if _, err := asn1.Unmarshal(ai.Parameters.FullBytes, ¶ms); err != nil {
408 return UnknownSignatureAlgorithm
409 }
410
411 var mgf1HashFunc pkix.AlgorithmIdentifier
412 if _, err := asn1.Unmarshal(params.MGF.Parameters.FullBytes, &mgf1HashFunc); err != nil {
413 return UnknownSignatureAlgorithm
414 }
415
416
417
418
419
420
421
422
423 if !bytes.Equal(params.Hash.Parameters.FullBytes, asn1.NullBytes) ||
424 !params.MGF.Algorithm.Equal(oidMGF1) ||
425 !mgf1HashFunc.Algorithm.Equal(params.Hash.Algorithm) ||
426 !bytes.Equal(mgf1HashFunc.Parameters.FullBytes, asn1.NullBytes) ||
427 params.TrailerField != 1 {
428 return UnknownSignatureAlgorithm
429 }
430
431 switch {
432 case params.Hash.Algorithm.Equal(oidSHA256) && params.SaltLength == 32:
433 return SHA256WithRSAPSS
434 case params.Hash.Algorithm.Equal(oidSHA384) && params.SaltLength == 48:
435 return SHA384WithRSAPSS
436 case params.Hash.Algorithm.Equal(oidSHA512) && params.SaltLength == 64:
437 return SHA512WithRSAPSS
438 }
439
440 return UnknownSignatureAlgorithm
441 }
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457 var (
458 oidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
459 oidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
460 oidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}
461 )
462
463 func getPublicKeyAlgorithmFromOID(oid asn1.ObjectIdentifier) PublicKeyAlgorithm {
464 switch {
465 case oid.Equal(oidPublicKeyRSA):
466 return RSA
467 case oid.Equal(oidPublicKeyDSA):
468 return DSA
469 case oid.Equal(oidPublicKeyECDSA):
470 return ECDSA
471 }
472 return UnknownPublicKeyAlgorithm
473 }
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491 var (
492 oidNamedCurveP224 = asn1.ObjectIdentifier{1, 3, 132, 0, 33}
493 oidNamedCurveP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}
494 oidNamedCurveP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34}
495 oidNamedCurveP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35}
496 )
497
498 func namedCurveFromOID(oid asn1.ObjectIdentifier) elliptic.Curve {
499 switch {
500 case oid.Equal(oidNamedCurveP224):
501 return elliptic.P224()
502 case oid.Equal(oidNamedCurveP256):
503 return elliptic.P256()
504 case oid.Equal(oidNamedCurveP384):
505 return elliptic.P384()
506 case oid.Equal(oidNamedCurveP521):
507 return elliptic.P521()
508 }
509 return nil
510 }
511
512 func oidFromNamedCurve(curve elliptic.Curve) (asn1.ObjectIdentifier, bool) {
513 switch curve {
514 case elliptic.P224():
515 return oidNamedCurveP224, true
516 case elliptic.P256():
517 return oidNamedCurveP256, true
518 case elliptic.P384():
519 return oidNamedCurveP384, true
520 case elliptic.P521():
521 return oidNamedCurveP521, true
522 }
523
524 return nil, false
525 }
526
527
528
529 type KeyUsage int
530
531 const (
532 KeyUsageDigitalSignature KeyUsage = 1 << iota
533 KeyUsageContentCommitment
534 KeyUsageKeyEncipherment
535 KeyUsageDataEncipherment
536 KeyUsageKeyAgreement
537 KeyUsageCertSign
538 KeyUsageCRLSign
539 KeyUsageEncipherOnly
540 KeyUsageDecipherOnly
541 )
542
543
544
545
546
547
548
549
550
551
552
553
554
555 var (
556 oidExtKeyUsageAny = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
557 oidExtKeyUsageServerAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
558 oidExtKeyUsageClientAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 2}
559 oidExtKeyUsageCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 3}
560 oidExtKeyUsageEmailProtection = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 4}
561 oidExtKeyUsageIPSECEndSystem = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 5}
562 oidExtKeyUsageIPSECTunnel = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 6}
563 oidExtKeyUsageIPSECUser = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 7}
564 oidExtKeyUsageTimeStamping = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 8}
565 oidExtKeyUsageOCSPSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 9}
566 oidExtKeyUsageMicrosoftServerGatedCrypto = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 10, 3, 3}
567 oidExtKeyUsageNetscapeServerGatedCrypto = asn1.ObjectIdentifier{2, 16, 840, 1, 113730, 4, 1}
568 oidExtKeyUsageMicrosoftCommercialCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 2, 1, 22}
569 oidExtKeyUsageMicrosoftKernelCodeSigning = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 311, 61, 1, 1}
570 )
571
572
573
574 type ExtKeyUsage int
575
576 const (
577 ExtKeyUsageAny ExtKeyUsage = iota
578 ExtKeyUsageServerAuth
579 ExtKeyUsageClientAuth
580 ExtKeyUsageCodeSigning
581 ExtKeyUsageEmailProtection
582 ExtKeyUsageIPSECEndSystem
583 ExtKeyUsageIPSECTunnel
584 ExtKeyUsageIPSECUser
585 ExtKeyUsageTimeStamping
586 ExtKeyUsageOCSPSigning
587 ExtKeyUsageMicrosoftServerGatedCrypto
588 ExtKeyUsageNetscapeServerGatedCrypto
589 ExtKeyUsageMicrosoftCommercialCodeSigning
590 ExtKeyUsageMicrosoftKernelCodeSigning
591 )
592
593
594 var extKeyUsageOIDs = []struct {
595 extKeyUsage ExtKeyUsage
596 oid asn1.ObjectIdentifier
597 }{
598 {ExtKeyUsageAny, oidExtKeyUsageAny},
599 {ExtKeyUsageServerAuth, oidExtKeyUsageServerAuth},
600 {ExtKeyUsageClientAuth, oidExtKeyUsageClientAuth},
601 {ExtKeyUsageCodeSigning, oidExtKeyUsageCodeSigning},
602 {ExtKeyUsageEmailProtection, oidExtKeyUsageEmailProtection},
603 {ExtKeyUsageIPSECEndSystem, oidExtKeyUsageIPSECEndSystem},
604 {ExtKeyUsageIPSECTunnel, oidExtKeyUsageIPSECTunnel},
605 {ExtKeyUsageIPSECUser, oidExtKeyUsageIPSECUser},
606 {ExtKeyUsageTimeStamping, oidExtKeyUsageTimeStamping},
607 {ExtKeyUsageOCSPSigning, oidExtKeyUsageOCSPSigning},
608 {ExtKeyUsageMicrosoftServerGatedCrypto, oidExtKeyUsageMicrosoftServerGatedCrypto},
609 {ExtKeyUsageNetscapeServerGatedCrypto, oidExtKeyUsageNetscapeServerGatedCrypto},
610 {ExtKeyUsageMicrosoftCommercialCodeSigning, oidExtKeyUsageMicrosoftCommercialCodeSigning},
611 {ExtKeyUsageMicrosoftKernelCodeSigning, oidExtKeyUsageMicrosoftKernelCodeSigning},
612 }
613
614 func extKeyUsageFromOID(oid asn1.ObjectIdentifier) (eku ExtKeyUsage, ok bool) {
615 for _, pair := range extKeyUsageOIDs {
616 if oid.Equal(pair.oid) {
617 return pair.extKeyUsage, true
618 }
619 }
620 return
621 }
622
623 func oidFromExtKeyUsage(eku ExtKeyUsage) (oid asn1.ObjectIdentifier, ok bool) {
624 for _, pair := range extKeyUsageOIDs {
625 if eku == pair.extKeyUsage {
626 return pair.oid, true
627 }
628 }
629 return
630 }
631
632
633 type Certificate struct {
634 Raw []byte
635 RawTBSCertificate []byte
636 RawSubjectPublicKeyInfo []byte
637 RawSubject []byte
638 RawIssuer []byte
639
640 Signature []byte
641 SignatureAlgorithm SignatureAlgorithm
642
643 PublicKeyAlgorithm PublicKeyAlgorithm
644 PublicKey interface{}
645
646 Version int
647 SerialNumber *big.Int
648 Issuer pkix.Name
649 Subject pkix.Name
650 NotBefore, NotAfter time.Time
651 KeyUsage KeyUsage
652
653
654
655
656
657 Extensions []pkix.Extension
658
659
660
661
662
663 ExtraExtensions []pkix.Extension
664
665
666
667
668
669
670
671
672
673 UnhandledCriticalExtensions []asn1.ObjectIdentifier
674
675 ExtKeyUsage []ExtKeyUsage
676 UnknownExtKeyUsage []asn1.ObjectIdentifier
677
678
679
680 BasicConstraintsValid bool
681 IsCA bool
682
683
684
685
686
687
688
689
690
691
692
693
694
695 MaxPathLen int
696
697
698
699
700 MaxPathLenZero bool
701
702 SubjectKeyId []byte
703 AuthorityKeyId []byte
704
705
706 OCSPServer []string
707 IssuingCertificateURL []string
708
709
710 DNSNames []string
711 EmailAddresses []string
712 IPAddresses []net.IP
713 URIs []*url.URL
714
715
716 PermittedDNSDomainsCritical bool
717 PermittedDNSDomains []string
718 ExcludedDNSDomains []string
719 PermittedIPRanges []*net.IPNet
720 ExcludedIPRanges []*net.IPNet
721 PermittedEmailAddresses []string
722 ExcludedEmailAddresses []string
723 PermittedURIDomains []string
724 ExcludedURIDomains []string
725
726
727 CRLDistributionPoints []string
728
729 PolicyIdentifiers []asn1.ObjectIdentifier
730 }
731
732
733
734 var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")
735
736
737 type InsecureAlgorithmError SignatureAlgorithm
738
739 func (e InsecureAlgorithmError) Error() string {
740 return fmt.Sprintf("x509: cannot verify signature: insecure algorithm %v", SignatureAlgorithm(e))
741 }
742
743
744
745
746 type ConstraintViolationError struct{}
747
748 func (ConstraintViolationError) Error() string {
749 return "x509: invalid signature: parent certificate cannot sign this kind of certificate"
750 }
751
752 func (c *Certificate) Equal(other *Certificate) bool {
753 return bytes.Equal(c.Raw, other.Raw)
754 }
755
756 func (c *Certificate) hasSANExtension() bool {
757 return oidInExtensions(oidExtensionSubjectAltName, c.Extensions)
758 }
759
760
761
762
763
764
765
766
767
768
769 var entrustBrokenSPKI = []byte{
770 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09,
771 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
772 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00,
773 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01,
774 0x00, 0x97, 0xa3, 0x2d, 0x3c, 0x9e, 0xde, 0x05,
775 0xda, 0x13, 0xc2, 0x11, 0x8d, 0x9d, 0x8e, 0xe3,
776 0x7f, 0xc7, 0x4b, 0x7e, 0x5a, 0x9f, 0xb3, 0xff,
777 0x62, 0xab, 0x73, 0xc8, 0x28, 0x6b, 0xba, 0x10,
778 0x64, 0x82, 0x87, 0x13, 0xcd, 0x57, 0x18, 0xff,
779 0x28, 0xce, 0xc0, 0xe6, 0x0e, 0x06, 0x91, 0x50,
780 0x29, 0x83, 0xd1, 0xf2, 0xc3, 0x2a, 0xdb, 0xd8,
781 0xdb, 0x4e, 0x04, 0xcc, 0x00, 0xeb, 0x8b, 0xb6,
782 0x96, 0xdc, 0xbc, 0xaa, 0xfa, 0x52, 0x77, 0x04,
783 0xc1, 0xdb, 0x19, 0xe4, 0xae, 0x9c, 0xfd, 0x3c,
784 0x8b, 0x03, 0xef, 0x4d, 0xbc, 0x1a, 0x03, 0x65,
785 0xf9, 0xc1, 0xb1, 0x3f, 0x72, 0x86, 0xf2, 0x38,
786 0xaa, 0x19, 0xae, 0x10, 0x88, 0x78, 0x28, 0xda,
787 0x75, 0xc3, 0x3d, 0x02, 0x82, 0x02, 0x9c, 0xb9,
788 0xc1, 0x65, 0x77, 0x76, 0x24, 0x4c, 0x98, 0xf7,
789 0x6d, 0x31, 0x38, 0xfb, 0xdb, 0xfe, 0xdb, 0x37,
790 0x02, 0x76, 0xa1, 0x18, 0x97, 0xa6, 0xcc, 0xde,
791 0x20, 0x09, 0x49, 0x36, 0x24, 0x69, 0x42, 0xf6,
792 0xe4, 0x37, 0x62, 0xf1, 0x59, 0x6d, 0xa9, 0x3c,
793 0xed, 0x34, 0x9c, 0xa3, 0x8e, 0xdb, 0xdc, 0x3a,
794 0xd7, 0xf7, 0x0a, 0x6f, 0xef, 0x2e, 0xd8, 0xd5,
795 0x93, 0x5a, 0x7a, 0xed, 0x08, 0x49, 0x68, 0xe2,
796 0x41, 0xe3, 0x5a, 0x90, 0xc1, 0x86, 0x55, 0xfc,
797 0x51, 0x43, 0x9d, 0xe0, 0xb2, 0xc4, 0x67, 0xb4,
798 0xcb, 0x32, 0x31, 0x25, 0xf0, 0x54, 0x9f, 0x4b,
799 0xd1, 0x6f, 0xdb, 0xd4, 0xdd, 0xfc, 0xaf, 0x5e,
800 0x6c, 0x78, 0x90, 0x95, 0xde, 0xca, 0x3a, 0x48,
801 0xb9, 0x79, 0x3c, 0x9b, 0x19, 0xd6, 0x75, 0x05,
802 0xa0, 0xf9, 0x88, 0xd7, 0xc1, 0xe8, 0xa5, 0x09,
803 0xe4, 0x1a, 0x15, 0xdc, 0x87, 0x23, 0xaa, 0xb2,
804 0x75, 0x8c, 0x63, 0x25, 0x87, 0xd8, 0xf8, 0x3d,
805 0xa6, 0xc2, 0xcc, 0x66, 0xff, 0xa5, 0x66, 0x68,
806 0x55, 0x02, 0x03, 0x01, 0x00, 0x01,
807 }
808
809
810
811 func (c *Certificate) CheckSignatureFrom(parent *Certificate) error {
812
813
814
815
816
817
818 if (parent.Version == 3 && !parent.BasicConstraintsValid ||
819 parent.BasicConstraintsValid && !parent.IsCA) &&
820 !bytes.Equal(c.RawSubjectPublicKeyInfo, entrustBrokenSPKI) {
821 return ConstraintViolationError{}
822 }
823
824 if parent.KeyUsage != 0 && parent.KeyUsage&KeyUsageCertSign == 0 {
825 return ConstraintViolationError{}
826 }
827
828 if parent.PublicKeyAlgorithm == UnknownPublicKeyAlgorithm {
829 return ErrUnsupportedAlgorithm
830 }
831
832
833
834 return parent.CheckSignature(c.SignatureAlgorithm, c.RawTBSCertificate, c.Signature)
835 }
836
837
838
839 func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error {
840 return checkSignature(algo, signed, signature, c.PublicKey)
841 }
842
843 func (c *Certificate) hasNameConstraints() bool {
844 for _, e := range c.Extensions {
845 if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 && e.Id[3] == 30 {
846 return true
847 }
848 }
849
850 return false
851 }
852
853 func (c *Certificate) getSANExtension() ([]byte, bool) {
854 for _, e := range c.Extensions {
855 if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 && e.Id[3] == 17 {
856 return e.Value, true
857 }
858 }
859
860 return nil, false
861 }
862
863 func signaturePublicKeyAlgoMismatchError(expectedPubKeyAlgo PublicKeyAlgorithm, pubKey interface{}) error {
864 return fmt.Errorf("x509: signature algorithm specifies an %s public key, but have public key of type %T", expectedPubKeyAlgo.String(), pubKey)
865 }
866
867
868
869 func checkSignature(algo SignatureAlgorithm, signed, signature []byte, publicKey crypto.PublicKey) (err error) {
870 var hashType crypto.Hash
871 var pubKeyAlgo PublicKeyAlgorithm
872
873 for _, details := range signatureAlgorithmDetails {
874 if details.algo == algo {
875 hashType = details.hash
876 pubKeyAlgo = details.pubKeyAlgo
877 }
878 }
879
880 switch hashType {
881 case crypto.Hash(0):
882 return ErrUnsupportedAlgorithm
883 case crypto.MD5:
884 return InsecureAlgorithmError(algo)
885 }
886
887 if !hashType.Available() {
888 return ErrUnsupportedAlgorithm
889 }
890 h := hashType.New()
891
892 h.Write(signed)
893 digest := h.Sum(nil)
894
895 switch pub := publicKey.(type) {
896 case *rsa.PublicKey:
897 if pubKeyAlgo != RSA {
898 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
899 }
900 if algo.isRSAPSS() {
901 return rsa.VerifyPSS(pub, hashType, digest, signature, &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash})
902 } else {
903 return rsa.VerifyPKCS1v15(pub, hashType, digest, signature)
904 }
905 case *dsa.PublicKey:
906 if pubKeyAlgo != DSA {
907 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
908 }
909 dsaSig := new(dsaSignature)
910 if rest, err := asn1.Unmarshal(signature, dsaSig); err != nil {
911 return err
912 } else if len(rest) != 0 {
913 return errors.New("x509: trailing data after DSA signature")
914 }
915 if dsaSig.R.Sign() <= 0 || dsaSig.S.Sign() <= 0 {
916 return errors.New("x509: DSA signature contained zero or negative values")
917 }
918 if !dsa.Verify(pub, digest, dsaSig.R, dsaSig.S) {
919 return errors.New("x509: DSA verification failure")
920 }
921 return
922 case *ecdsa.PublicKey:
923 if pubKeyAlgo != ECDSA {
924 return signaturePublicKeyAlgoMismatchError(pubKeyAlgo, pub)
925 }
926 ecdsaSig := new(ecdsaSignature)
927 if rest, err := asn1.Unmarshal(signature, ecdsaSig); err != nil {
928 return err
929 } else if len(rest) != 0 {
930 return errors.New("x509: trailing data after ECDSA signature")
931 }
932 if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 {
933 return errors.New("x509: ECDSA signature contained zero or negative values")
934 }
935 if !ecdsa.Verify(pub, digest, ecdsaSig.R, ecdsaSig.S) {
936 return errors.New("x509: ECDSA verification failure")
937 }
938 return
939 }
940 return ErrUnsupportedAlgorithm
941 }
942
943
944 func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error {
945 algo := getSignatureAlgorithmFromAI(crl.SignatureAlgorithm)
946 return c.CheckSignature(algo, crl.TBSCertList.Raw, crl.SignatureValue.RightAlign())
947 }
948
949 type UnhandledCriticalExtension struct{}
950
951 func (h UnhandledCriticalExtension) Error() string {
952 return "x509: unhandled critical extension"
953 }
954
955 type basicConstraints struct {
956 IsCA bool `asn1:"optional"`
957 MaxPathLen int `asn1:"optional,default:-1"`
958 }
959
960
961 type policyInformation struct {
962 Policy asn1.ObjectIdentifier
963
964 }
965
966 const (
967 nameTypeEmail = 1
968 nameTypeDNS = 2
969 nameTypeURI = 6
970 nameTypeIP = 7
971 )
972
973
974 type authorityInfoAccess struct {
975 Method asn1.ObjectIdentifier
976 Location asn1.RawValue
977 }
978
979
980 type distributionPoint struct {
981 DistributionPoint distributionPointName `asn1:"optional,tag:0"`
982 Reason asn1.BitString `asn1:"optional,tag:1"`
983 CRLIssuer asn1.RawValue `asn1:"optional,tag:2"`
984 }
985
986 type distributionPointName struct {
987 FullName []asn1.RawValue `asn1:"optional,tag:0"`
988 RelativeName pkix.RDNSequence `asn1:"optional,tag:1"`
989 }
990
991 func parsePublicKey(algo PublicKeyAlgorithm, keyData *publicKeyInfo) (interface{}, error) {
992 asn1Data := keyData.PublicKey.RightAlign()
993 switch algo {
994 case RSA:
995
996
997 if !bytes.Equal(keyData.Algorithm.Parameters.FullBytes, asn1.NullBytes) {
998 return nil, errors.New("x509: RSA key missing NULL parameters")
999 }
1000
1001 p := new(pkcs1PublicKey)
1002 rest, err := asn1.Unmarshal(asn1Data, p)
1003 if err != nil {
1004 return nil, err
1005 }
1006 if len(rest) != 0 {
1007 return nil, errors.New("x509: trailing data after RSA public key")
1008 }
1009
1010 if p.N.Sign() <= 0 {
1011 return nil, errors.New("x509: RSA modulus is not a positive number")
1012 }
1013 if p.E <= 0 {
1014 return nil, errors.New("x509: RSA public exponent is not a positive number")
1015 }
1016
1017 pub := &rsa.PublicKey{
1018 E: p.E,
1019 N: p.N,
1020 }
1021 return pub, nil
1022 case DSA:
1023 var p *big.Int
1024 rest, err := asn1.Unmarshal(asn1Data, &p)
1025 if err != nil {
1026 return nil, err
1027 }
1028 if len(rest) != 0 {
1029 return nil, errors.New("x509: trailing data after DSA public key")
1030 }
1031 paramsData := keyData.Algorithm.Parameters.FullBytes
1032 params := new(dsaAlgorithmParameters)
1033 rest, err = asn1.Unmarshal(paramsData, params)
1034 if err != nil {
1035 return nil, err
1036 }
1037 if len(rest) != 0 {
1038 return nil, errors.New("x509: trailing data after DSA parameters")
1039 }
1040 if p.Sign() <= 0 || params.P.Sign() <= 0 || params.Q.Sign() <= 0 || params.G.Sign() <= 0 {
1041 return nil, errors.New("x509: zero or negative DSA parameter")
1042 }
1043 pub := &dsa.PublicKey{
1044 Parameters: dsa.Parameters{
1045 P: params.P,
1046 Q: params.Q,
1047 G: params.G,
1048 },
1049 Y: p,
1050 }
1051 return pub, nil
1052 case ECDSA:
1053 paramsData := keyData.Algorithm.Parameters.FullBytes
1054 namedCurveOID := new(asn1.ObjectIdentifier)
1055 rest, err := asn1.Unmarshal(paramsData, namedCurveOID)
1056 if err != nil {
1057 return nil, err
1058 }
1059 if len(rest) != 0 {
1060 return nil, errors.New("x509: trailing data after ECDSA parameters")
1061 }
1062 namedCurve := namedCurveFromOID(*namedCurveOID)
1063 if namedCurve == nil {
1064 return nil, errors.New("x509: unsupported elliptic curve")
1065 }
1066 x, y := elliptic.Unmarshal(namedCurve, asn1Data)
1067 if x == nil {
1068 return nil, errors.New("x509: failed to unmarshal elliptic curve point")
1069 }
1070 pub := &ecdsa.PublicKey{
1071 Curve: namedCurve,
1072 X: x,
1073 Y: y,
1074 }
1075 return pub, nil
1076 default:
1077 return nil, nil
1078 }
1079 }
1080
1081 func forEachSAN(extension []byte, callback func(tag int, data []byte) error) error {
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098 var seq asn1.RawValue
1099 rest, err := asn1.Unmarshal(extension, &seq)
1100 if err != nil {
1101 return err
1102 } else if len(rest) != 0 {
1103 return errors.New("x509: trailing data after X.509 extension")
1104 }
1105 if !seq.IsCompound || seq.Tag != 16 || seq.Class != 0 {
1106 return asn1.StructuralError{Msg: "bad SAN sequence"}
1107 }
1108
1109 rest = seq.Bytes
1110 for len(rest) > 0 {
1111 var v asn1.RawValue
1112 rest, err = asn1.Unmarshal(rest, &v)
1113 if err != nil {
1114 return err
1115 }
1116
1117 if err := callback(v.Tag, v.Bytes); err != nil {
1118 return err
1119 }
1120 }
1121
1122 return nil
1123 }
1124
1125 func parseSANExtension(value []byte) (dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL, err error) {
1126 err = forEachSAN(value, func(tag int, data []byte) error {
1127 switch tag {
1128 case nameTypeEmail:
1129 mailbox := string(data)
1130 if _, ok := parseRFC2821Mailbox(mailbox); !ok {
1131 return fmt.Errorf("x509: cannot parse rfc822Name %q", mailbox)
1132 }
1133 emailAddresses = append(emailAddresses, mailbox)
1134 case nameTypeDNS:
1135 domain := string(data)
1136 if _, ok := domainToReverseLabels(domain); !ok {
1137 return fmt.Errorf("x509: cannot parse dnsName %q", string(data))
1138 }
1139 dnsNames = append(dnsNames, domain)
1140 case nameTypeURI:
1141 uri, err := url.Parse(string(data))
1142 if err != nil {
1143 return fmt.Errorf("x509: cannot parse URI %q: %s", string(data), err)
1144 }
1145 if len(uri.Host) > 0 {
1146 if _, ok := domainToReverseLabels(uri.Host); !ok {
1147 return fmt.Errorf("x509: cannot parse URI %q: invalid domain", string(data))
1148 }
1149 }
1150 uris = append(uris, uri)
1151 case nameTypeIP:
1152 switch len(data) {
1153 case net.IPv4len, net.IPv6len:
1154 ipAddresses = append(ipAddresses, data)
1155 default:
1156 return errors.New("x509: certificate contained IP address of length " + strconv.Itoa(len(data)))
1157 }
1158 }
1159
1160 return nil
1161 })
1162
1163 return
1164 }
1165
1166
1167 func isValidIPMask(mask []byte) bool {
1168 seenZero := false
1169
1170 for _, b := range mask {
1171 if seenZero {
1172 if b != 0 {
1173 return false
1174 }
1175
1176 continue
1177 }
1178
1179 switch b {
1180 case 0x00, 0x80, 0xc0, 0xe0, 0xf0, 0xf8, 0xfc, 0xfe:
1181 seenZero = true
1182 case 0xff:
1183 default:
1184 return false
1185 }
1186 }
1187
1188 return true
1189 }
1190
1191 func parseNameConstraintsExtension(out *Certificate, e pkix.Extension) (unhandled bool, err error) {
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207 outer := cryptobyte.String(e.Value)
1208 var toplevel, permitted, excluded cryptobyte.String
1209 var havePermitted, haveExcluded bool
1210 if !outer.ReadASN1(&toplevel, cryptobyte_asn1.SEQUENCE) ||
1211 !outer.Empty() ||
1212 !toplevel.ReadOptionalASN1(&permitted, &havePermitted, cryptobyte_asn1.Tag(0).ContextSpecific().Constructed()) ||
1213 !toplevel.ReadOptionalASN1(&excluded, &haveExcluded, cryptobyte_asn1.Tag(1).ContextSpecific().Constructed()) ||
1214 !toplevel.Empty() {
1215 return false, errors.New("x509: invalid NameConstraints extension")
1216 }
1217
1218 if !havePermitted && !haveExcluded || len(permitted) == 0 && len(excluded) == 0 {
1219
1220
1221
1222
1223 return false, errors.New("x509: empty name constraints extension")
1224 }
1225
1226 getValues := func(subtrees cryptobyte.String) (dnsNames []string, ips []*net.IPNet, emails, uriDomains []string, err error) {
1227 for !subtrees.Empty() {
1228 var seq, value cryptobyte.String
1229 var tag cryptobyte_asn1.Tag
1230 if !subtrees.ReadASN1(&seq, cryptobyte_asn1.SEQUENCE) ||
1231 !seq.ReadAnyASN1(&value, &tag) {
1232 return nil, nil, nil, nil, fmt.Errorf("x509: invalid NameConstraints extension")
1233 }
1234
1235 var (
1236 dnsTag = cryptobyte_asn1.Tag(2).ContextSpecific()
1237 emailTag = cryptobyte_asn1.Tag(1).ContextSpecific()
1238 ipTag = cryptobyte_asn1.Tag(7).ContextSpecific()
1239 uriTag = cryptobyte_asn1.Tag(6).ContextSpecific()
1240 )
1241
1242 switch tag {
1243 case dnsTag:
1244 domain := string(value)
1245 if err := isIA5String(domain); err != nil {
1246 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1247 }
1248
1249 trimmedDomain := domain
1250 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
1251
1252
1253
1254
1255 trimmedDomain = trimmedDomain[1:]
1256 }
1257 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
1258 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse dnsName constraint %q", domain)
1259 }
1260 dnsNames = append(dnsNames, domain)
1261
1262 case ipTag:
1263 l := len(value)
1264 var ip, mask []byte
1265
1266 switch l {
1267 case 8:
1268 ip = value[:4]
1269 mask = value[4:]
1270
1271 case 32:
1272 ip = value[:16]
1273 mask = value[16:]
1274
1275 default:
1276 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained value of length %d", l)
1277 }
1278
1279 if !isValidIPMask(mask) {
1280 return nil, nil, nil, nil, fmt.Errorf("x509: IP constraint contained invalid mask %x", mask)
1281 }
1282
1283 ips = append(ips, &net.IPNet{IP: net.IP(ip), Mask: net.IPMask(mask)})
1284
1285 case emailTag:
1286 constraint := string(value)
1287 if err := isIA5String(constraint); err != nil {
1288 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1289 }
1290
1291
1292
1293 if strings.Contains(constraint, "@") {
1294 if _, ok := parseRFC2821Mailbox(constraint); !ok {
1295 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
1296 }
1297 } else {
1298
1299 domain := constraint
1300 if len(domain) > 0 && domain[0] == '.' {
1301 domain = domain[1:]
1302 }
1303 if _, ok := domainToReverseLabels(domain); !ok {
1304 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse rfc822Name constraint %q", constraint)
1305 }
1306 }
1307 emails = append(emails, constraint)
1308
1309 case uriTag:
1310 domain := string(value)
1311 if err := isIA5String(domain); err != nil {
1312 return nil, nil, nil, nil, errors.New("x509: invalid constraint value: " + err.Error())
1313 }
1314
1315 if net.ParseIP(domain) != nil {
1316 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q: cannot be IP address", domain)
1317 }
1318
1319 trimmedDomain := domain
1320 if len(trimmedDomain) > 0 && trimmedDomain[0] == '.' {
1321
1322
1323
1324
1325 trimmedDomain = trimmedDomain[1:]
1326 }
1327 if _, ok := domainToReverseLabels(trimmedDomain); !ok {
1328 return nil, nil, nil, nil, fmt.Errorf("x509: failed to parse URI constraint %q", domain)
1329 }
1330 uriDomains = append(uriDomains, domain)
1331
1332 default:
1333 unhandled = true
1334 }
1335 }
1336
1337 return dnsNames, ips, emails, uriDomains, nil
1338 }
1339
1340 if out.PermittedDNSDomains, out.PermittedIPRanges, out.PermittedEmailAddresses, out.PermittedURIDomains, err = getValues(permitted); err != nil {
1341 return false, err
1342 }
1343 if out.ExcludedDNSDomains, out.ExcludedIPRanges, out.ExcludedEmailAddresses, out.ExcludedURIDomains, err = getValues(excluded); err != nil {
1344 return false, err
1345 }
1346 out.PermittedDNSDomainsCritical = e.Critical
1347
1348 return unhandled, nil
1349 }
1350
1351 func parseCertificate(in *certificate) (*Certificate, error) {
1352 out := new(Certificate)
1353 out.Raw = in.Raw
1354 out.RawTBSCertificate = in.TBSCertificate.Raw
1355 out.RawSubjectPublicKeyInfo = in.TBSCertificate.PublicKey.Raw
1356 out.RawSubject = in.TBSCertificate.Subject.FullBytes
1357 out.RawIssuer = in.TBSCertificate.Issuer.FullBytes
1358
1359 out.Signature = in.SignatureValue.RightAlign()
1360 out.SignatureAlgorithm =
1361 getSignatureAlgorithmFromAI(in.TBSCertificate.SignatureAlgorithm)
1362
1363 out.PublicKeyAlgorithm =
1364 getPublicKeyAlgorithmFromOID(in.TBSCertificate.PublicKey.Algorithm.Algorithm)
1365 var err error
1366 out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCertificate.PublicKey)
1367 if err != nil {
1368 return nil, err
1369 }
1370
1371 out.Version = in.TBSCertificate.Version + 1
1372 out.SerialNumber = in.TBSCertificate.SerialNumber
1373
1374 var issuer, subject pkix.RDNSequence
1375 if rest, err := asn1.Unmarshal(in.TBSCertificate.Subject.FullBytes, &subject); err != nil {
1376 return nil, err
1377 } else if len(rest) != 0 {
1378 return nil, errors.New("x509: trailing data after X.509 subject")
1379 }
1380 if rest, err := asn1.Unmarshal(in.TBSCertificate.Issuer.FullBytes, &issuer); err != nil {
1381 return nil, err
1382 } else if len(rest) != 0 {
1383 return nil, errors.New("x509: trailing data after X.509 subject")
1384 }
1385
1386 out.Issuer.FillFromRDNSequence(&issuer)
1387 out.Subject.FillFromRDNSequence(&subject)
1388
1389 out.NotBefore = in.TBSCertificate.Validity.NotBefore
1390 out.NotAfter = in.TBSCertificate.Validity.NotAfter
1391
1392 for _, e := range in.TBSCertificate.Extensions {
1393 out.Extensions = append(out.Extensions, e)
1394 unhandled := false
1395
1396 if len(e.Id) == 4 && e.Id[0] == 2 && e.Id[1] == 5 && e.Id[2] == 29 {
1397 switch e.Id[3] {
1398 case 15:
1399
1400 var usageBits asn1.BitString
1401 if rest, err := asn1.Unmarshal(e.Value, &usageBits); err != nil {
1402 return nil, err
1403 } else if len(rest) != 0 {
1404 return nil, errors.New("x509: trailing data after X.509 KeyUsage")
1405 }
1406
1407 var usage int
1408 for i := 0; i < 9; i++ {
1409 if usageBits.At(i) != 0 {
1410 usage |= 1 << uint(i)
1411 }
1412 }
1413 out.KeyUsage = KeyUsage(usage)
1414
1415 case 19:
1416
1417 var constraints basicConstraints
1418 if rest, err := asn1.Unmarshal(e.Value, &constraints); err != nil {
1419 return nil, err
1420 } else if len(rest) != 0 {
1421 return nil, errors.New("x509: trailing data after X.509 BasicConstraints")
1422 }
1423
1424 out.BasicConstraintsValid = true
1425 out.IsCA = constraints.IsCA
1426 out.MaxPathLen = constraints.MaxPathLen
1427 out.MaxPathLenZero = out.MaxPathLen == 0
1428
1429 case 17:
1430 out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(e.Value)
1431 if err != nil {
1432 return nil, err
1433 }
1434
1435 if len(out.DNSNames) == 0 && len(out.EmailAddresses) == 0 && len(out.IPAddresses) == 0 && len(out.URIs) == 0 {
1436
1437 unhandled = true
1438 }
1439
1440 case 30:
1441 unhandled, err = parseNameConstraintsExtension(out, e)
1442 if err != nil {
1443 return nil, err
1444 }
1445
1446 case 31:
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460 var cdp []distributionPoint
1461 if rest, err := asn1.Unmarshal(e.Value, &cdp); err != nil {
1462 return nil, err
1463 } else if len(rest) != 0 {
1464 return nil, errors.New("x509: trailing data after X.509 CRL distribution point")
1465 }
1466
1467 for _, dp := range cdp {
1468
1469 if len(dp.DistributionPoint.FullName) == 0 {
1470 continue
1471 }
1472
1473 for _, fullName := range dp.DistributionPoint.FullName {
1474 if fullName.Tag == 6 {
1475 out.CRLDistributionPoints = append(out.CRLDistributionPoints, string(fullName.Bytes))
1476 }
1477 }
1478 }
1479
1480 case 35:
1481
1482 var a authKeyId
1483 if rest, err := asn1.Unmarshal(e.Value, &a); err != nil {
1484 return nil, err
1485 } else if len(rest) != 0 {
1486 return nil, errors.New("x509: trailing data after X.509 authority key-id")
1487 }
1488 out.AuthorityKeyId = a.Id
1489
1490 case 37:
1491
1492
1493
1494
1495
1496
1497
1498
1499 var keyUsage []asn1.ObjectIdentifier
1500 if rest, err := asn1.Unmarshal(e.Value, &keyUsage); err != nil {
1501 return nil, err
1502 } else if len(rest) != 0 {
1503 return nil, errors.New("x509: trailing data after X.509 ExtendedKeyUsage")
1504 }
1505
1506 for _, u := range keyUsage {
1507 if extKeyUsage, ok := extKeyUsageFromOID(u); ok {
1508 out.ExtKeyUsage = append(out.ExtKeyUsage, extKeyUsage)
1509 } else {
1510 out.UnknownExtKeyUsage = append(out.UnknownExtKeyUsage, u)
1511 }
1512 }
1513
1514 case 14:
1515
1516 var keyid []byte
1517 if rest, err := asn1.Unmarshal(e.Value, &keyid); err != nil {
1518 return nil, err
1519 } else if len(rest) != 0 {
1520 return nil, errors.New("x509: trailing data after X.509 key-id")
1521 }
1522 out.SubjectKeyId = keyid
1523
1524 case 32:
1525
1526 var policies []policyInformation
1527 if rest, err := asn1.Unmarshal(e.Value, &policies); err != nil {
1528 return nil, err
1529 } else if len(rest) != 0 {
1530 return nil, errors.New("x509: trailing data after X.509 certificate policies")
1531 }
1532 out.PolicyIdentifiers = make([]asn1.ObjectIdentifier, len(policies))
1533 for i, policy := range policies {
1534 out.PolicyIdentifiers[i] = policy.Policy
1535 }
1536
1537 default:
1538
1539 unhandled = true
1540 }
1541 } else if e.Id.Equal(oidExtensionAuthorityInfoAccess) {
1542
1543 var aia []authorityInfoAccess
1544 if rest, err := asn1.Unmarshal(e.Value, &aia); err != nil {
1545 return nil, err
1546 } else if len(rest) != 0 {
1547 return nil, errors.New("x509: trailing data after X.509 authority information")
1548 }
1549
1550 for _, v := range aia {
1551
1552 if v.Location.Tag != 6 {
1553 continue
1554 }
1555 if v.Method.Equal(oidAuthorityInfoAccessOcsp) {
1556 out.OCSPServer = append(out.OCSPServer, string(v.Location.Bytes))
1557 } else if v.Method.Equal(oidAuthorityInfoAccessIssuers) {
1558 out.IssuingCertificateURL = append(out.IssuingCertificateURL, string(v.Location.Bytes))
1559 }
1560 }
1561 } else {
1562
1563 unhandled = true
1564 }
1565
1566 if e.Critical && unhandled {
1567 out.UnhandledCriticalExtensions = append(out.UnhandledCriticalExtensions, e.Id)
1568 }
1569 }
1570
1571 return out, nil
1572 }
1573
1574
1575 func ParseCertificate(asn1Data []byte) (*Certificate, error) {
1576 var cert certificate
1577 rest, err := asn1.Unmarshal(asn1Data, &cert)
1578 if err != nil {
1579 return nil, err
1580 }
1581 if len(rest) > 0 {
1582 return nil, asn1.SyntaxError{Msg: "trailing data"}
1583 }
1584
1585 return parseCertificate(&cert)
1586 }
1587
1588
1589
1590 func ParseCertificates(asn1Data []byte) ([]*Certificate, error) {
1591 var v []*certificate
1592
1593 for len(asn1Data) > 0 {
1594 cert := new(certificate)
1595 var err error
1596 asn1Data, err = asn1.Unmarshal(asn1Data, cert)
1597 if err != nil {
1598 return nil, err
1599 }
1600 v = append(v, cert)
1601 }
1602
1603 ret := make([]*Certificate, len(v))
1604 for i, ci := range v {
1605 cert, err := parseCertificate(ci)
1606 if err != nil {
1607 return nil, err
1608 }
1609 ret[i] = cert
1610 }
1611
1612 return ret, nil
1613 }
1614
1615 func reverseBitsInAByte(in byte) byte {
1616 b1 := in>>4 | in<<4
1617 b2 := b1>>2&0x33 | b1<<2&0xcc
1618 b3 := b2>>1&0x55 | b2<<1&0xaa
1619 return b3
1620 }
1621
1622
1623
1624
1625 func asn1BitLength(bitString []byte) int {
1626 bitLen := len(bitString) * 8
1627
1628 for i := range bitString {
1629 b := bitString[len(bitString)-i-1]
1630
1631 for bit := uint(0); bit < 8; bit++ {
1632 if (b>>bit)&1 == 1 {
1633 return bitLen
1634 }
1635 bitLen--
1636 }
1637 }
1638
1639 return 0
1640 }
1641
1642 var (
1643 oidExtensionSubjectKeyId = []int{2, 5, 29, 14}
1644 oidExtensionKeyUsage = []int{2, 5, 29, 15}
1645 oidExtensionExtendedKeyUsage = []int{2, 5, 29, 37}
1646 oidExtensionAuthorityKeyId = []int{2, 5, 29, 35}
1647 oidExtensionBasicConstraints = []int{2, 5, 29, 19}
1648 oidExtensionSubjectAltName = []int{2, 5, 29, 17}
1649 oidExtensionCertificatePolicies = []int{2, 5, 29, 32}
1650 oidExtensionNameConstraints = []int{2, 5, 29, 30}
1651 oidExtensionCRLDistributionPoints = []int{2, 5, 29, 31}
1652 oidExtensionAuthorityInfoAccess = []int{1, 3, 6, 1, 5, 5, 7, 1, 1}
1653 )
1654
1655 var (
1656 oidAuthorityInfoAccessOcsp = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 1}
1657 oidAuthorityInfoAccessIssuers = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 48, 2}
1658 )
1659
1660
1661
1662 func oidInExtensions(oid asn1.ObjectIdentifier, extensions []pkix.Extension) bool {
1663 for _, e := range extensions {
1664 if e.Id.Equal(oid) {
1665 return true
1666 }
1667 }
1668 return false
1669 }
1670
1671
1672
1673 func marshalSANs(dnsNames, emailAddresses []string, ipAddresses []net.IP, uris []*url.URL) (derBytes []byte, err error) {
1674 var rawValues []asn1.RawValue
1675 for _, name := range dnsNames {
1676 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeDNS, Class: 2, Bytes: []byte(name)})
1677 }
1678 for _, email := range emailAddresses {
1679 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeEmail, Class: 2, Bytes: []byte(email)})
1680 }
1681 for _, rawIP := range ipAddresses {
1682
1683 ip := rawIP.To4()
1684 if ip == nil {
1685 ip = rawIP
1686 }
1687 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeIP, Class: 2, Bytes: ip})
1688 }
1689 for _, uri := range uris {
1690 rawValues = append(rawValues, asn1.RawValue{Tag: nameTypeURI, Class: 2, Bytes: []byte(uri.String())})
1691 }
1692 return asn1.Marshal(rawValues)
1693 }
1694
1695 func isIA5String(s string) error {
1696 for _, r := range s {
1697 if r >= utf8.RuneSelf {
1698 return fmt.Errorf("x509: %q cannot be encoded as an IA5String", s)
1699 }
1700 }
1701
1702 return nil
1703 }
1704
1705 func buildExtensions(template *Certificate, subjectIsEmpty bool, authorityKeyId []byte) (ret []pkix.Extension, err error) {
1706 ret = make([]pkix.Extension, 10 )
1707 n := 0
1708
1709 if template.KeyUsage != 0 &&
1710 !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) {
1711 ret[n].Id = oidExtensionKeyUsage
1712 ret[n].Critical = true
1713
1714 var a [2]byte
1715 a[0] = reverseBitsInAByte(byte(template.KeyUsage))
1716 a[1] = reverseBitsInAByte(byte(template.KeyUsage >> 8))
1717
1718 l := 1
1719 if a[1] != 0 {
1720 l = 2
1721 }
1722
1723 bitString := a[:l]
1724 ret[n].Value, err = asn1.Marshal(asn1.BitString{Bytes: bitString, BitLength: asn1BitLength(bitString)})
1725 if err != nil {
1726 return
1727 }
1728 n++
1729 }
1730
1731 if (len(template.ExtKeyUsage) > 0 || len(template.UnknownExtKeyUsage) > 0) &&
1732 !oidInExtensions(oidExtensionExtendedKeyUsage, template.ExtraExtensions) {
1733 ret[n].Id = oidExtensionExtendedKeyUsage
1734
1735 var oids []asn1.ObjectIdentifier
1736 for _, u := range template.ExtKeyUsage {
1737 if oid, ok := oidFromExtKeyUsage(u); ok {
1738 oids = append(oids, oid)
1739 } else {
1740 panic("internal error")
1741 }
1742 }
1743
1744 oids = append(oids, template.UnknownExtKeyUsage...)
1745
1746 ret[n].Value, err = asn1.Marshal(oids)
1747 if err != nil {
1748 return
1749 }
1750 n++
1751 }
1752
1753 if template.BasicConstraintsValid && !oidInExtensions(oidExtensionBasicConstraints, template.ExtraExtensions) {
1754
1755
1756
1757 maxPathLen := template.MaxPathLen
1758 if maxPathLen == 0 && !template.MaxPathLenZero {
1759 maxPathLen = -1
1760 }
1761 ret[n].Id = oidExtensionBasicConstraints
1762 ret[n].Value, err = asn1.Marshal(basicConstraints{template.IsCA, maxPathLen})
1763 ret[n].Critical = true
1764 if err != nil {
1765 return
1766 }
1767 n++
1768 }
1769
1770 if len(template.SubjectKeyId) > 0 && !oidInExtensions(oidExtensionSubjectKeyId, template.ExtraExtensions) {
1771 ret[n].Id = oidExtensionSubjectKeyId
1772 ret[n].Value, err = asn1.Marshal(template.SubjectKeyId)
1773 if err != nil {
1774 return
1775 }
1776 n++
1777 }
1778
1779 if len(authorityKeyId) > 0 && !oidInExtensions(oidExtensionAuthorityKeyId, template.ExtraExtensions) {
1780 ret[n].Id = oidExtensionAuthorityKeyId
1781 ret[n].Value, err = asn1.Marshal(authKeyId{authorityKeyId})
1782 if err != nil {
1783 return
1784 }
1785 n++
1786 }
1787
1788 if (len(template.OCSPServer) > 0 || len(template.IssuingCertificateURL) > 0) &&
1789 !oidInExtensions(oidExtensionAuthorityInfoAccess, template.ExtraExtensions) {
1790 ret[n].Id = oidExtensionAuthorityInfoAccess
1791 var aiaValues []authorityInfoAccess
1792 for _, name := range template.OCSPServer {
1793 aiaValues = append(aiaValues, authorityInfoAccess{
1794 Method: oidAuthorityInfoAccessOcsp,
1795 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1796 })
1797 }
1798 for _, name := range template.IssuingCertificateURL {
1799 aiaValues = append(aiaValues, authorityInfoAccess{
1800 Method: oidAuthorityInfoAccessIssuers,
1801 Location: asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1802 })
1803 }
1804 ret[n].Value, err = asn1.Marshal(aiaValues)
1805 if err != nil {
1806 return
1807 }
1808 n++
1809 }
1810
1811 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) &&
1812 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) {
1813 ret[n].Id = oidExtensionSubjectAltName
1814
1815
1816
1817 ret[n].Critical = subjectIsEmpty
1818 ret[n].Value, err = marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs)
1819 if err != nil {
1820 return
1821 }
1822 n++
1823 }
1824
1825 if len(template.PolicyIdentifiers) > 0 &&
1826 !oidInExtensions(oidExtensionCertificatePolicies, template.ExtraExtensions) {
1827 ret[n].Id = oidExtensionCertificatePolicies
1828 policies := make([]policyInformation, len(template.PolicyIdentifiers))
1829 for i, policy := range template.PolicyIdentifiers {
1830 policies[i].Policy = policy
1831 }
1832 ret[n].Value, err = asn1.Marshal(policies)
1833 if err != nil {
1834 return
1835 }
1836 n++
1837 }
1838
1839 if (len(template.PermittedDNSDomains) > 0 || len(template.ExcludedDNSDomains) > 0 ||
1840 len(template.PermittedIPRanges) > 0 || len(template.ExcludedIPRanges) > 0 ||
1841 len(template.PermittedEmailAddresses) > 0 || len(template.ExcludedEmailAddresses) > 0 ||
1842 len(template.PermittedURIDomains) > 0 || len(template.ExcludedURIDomains) > 0) &&
1843 !oidInExtensions(oidExtensionNameConstraints, template.ExtraExtensions) {
1844 ret[n].Id = oidExtensionNameConstraints
1845 ret[n].Critical = template.PermittedDNSDomainsCritical
1846
1847 ipAndMask := func(ipNet *net.IPNet) []byte {
1848 maskedIP := ipNet.IP.Mask(ipNet.Mask)
1849 ipAndMask := make([]byte, 0, len(maskedIP)+len(ipNet.Mask))
1850 ipAndMask = append(ipAndMask, maskedIP...)
1851 ipAndMask = append(ipAndMask, ipNet.Mask...)
1852 return ipAndMask
1853 }
1854
1855 serialiseConstraints := func(dns []string, ips []*net.IPNet, emails []string, uriDomains []string) (der []byte, err error) {
1856 var b cryptobyte.Builder
1857
1858 for _, name := range dns {
1859 if err = isIA5String(name); err != nil {
1860 return nil, err
1861 }
1862
1863 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1864 b.AddASN1(cryptobyte_asn1.Tag(2).ContextSpecific(), func(b *cryptobyte.Builder) {
1865 b.AddBytes([]byte(name))
1866 })
1867 })
1868 }
1869
1870 for _, ipNet := range ips {
1871 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1872 b.AddASN1(cryptobyte_asn1.Tag(7).ContextSpecific(), func(b *cryptobyte.Builder) {
1873 b.AddBytes(ipAndMask(ipNet))
1874 })
1875 })
1876 }
1877
1878 for _, email := range emails {
1879 if err = isIA5String(email); err != nil {
1880 return nil, err
1881 }
1882
1883 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1884 b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific(), func(b *cryptobyte.Builder) {
1885 b.AddBytes([]byte(email))
1886 })
1887 })
1888 }
1889
1890 for _, uriDomain := range uriDomains {
1891 if err = isIA5String(uriDomain); err != nil {
1892 return nil, err
1893 }
1894
1895 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1896 b.AddASN1(cryptobyte_asn1.Tag(6).ContextSpecific(), func(b *cryptobyte.Builder) {
1897 b.AddBytes([]byte(uriDomain))
1898 })
1899 })
1900 }
1901
1902 return b.Bytes()
1903 }
1904
1905 permitted, err := serialiseConstraints(template.PermittedDNSDomains, template.PermittedIPRanges, template.PermittedEmailAddresses, template.PermittedURIDomains)
1906 if err != nil {
1907 return nil, err
1908 }
1909
1910 excluded, err := serialiseConstraints(template.ExcludedDNSDomains, template.ExcludedIPRanges, template.ExcludedEmailAddresses, template.ExcludedURIDomains)
1911 if err != nil {
1912 return nil, err
1913 }
1914
1915 var b cryptobyte.Builder
1916 b.AddASN1(cryptobyte_asn1.SEQUENCE, func(b *cryptobyte.Builder) {
1917 if len(permitted) > 0 {
1918 b.AddASN1(cryptobyte_asn1.Tag(0).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) {
1919 b.AddBytes(permitted)
1920 })
1921 }
1922
1923 if len(excluded) > 0 {
1924 b.AddASN1(cryptobyte_asn1.Tag(1).ContextSpecific().Constructed(), func(b *cryptobyte.Builder) {
1925 b.AddBytes(excluded)
1926 })
1927 }
1928 })
1929
1930 ret[n].Value, err = b.Bytes()
1931 if err != nil {
1932 return nil, err
1933 }
1934 n++
1935 }
1936
1937 if len(template.CRLDistributionPoints) > 0 &&
1938 !oidInExtensions(oidExtensionCRLDistributionPoints, template.ExtraExtensions) {
1939 ret[n].Id = oidExtensionCRLDistributionPoints
1940
1941 var crlDp []distributionPoint
1942 for _, name := range template.CRLDistributionPoints {
1943 dp := distributionPoint{
1944 DistributionPoint: distributionPointName{
1945 FullName: []asn1.RawValue{
1946 asn1.RawValue{Tag: 6, Class: 2, Bytes: []byte(name)},
1947 },
1948 },
1949 }
1950 crlDp = append(crlDp, dp)
1951 }
1952
1953 ret[n].Value, err = asn1.Marshal(crlDp)
1954 if err != nil {
1955 return
1956 }
1957 n++
1958 }
1959
1960
1961
1962
1963 return append(ret[:n], template.ExtraExtensions...), nil
1964 }
1965
1966 func subjectBytes(cert *Certificate) ([]byte, error) {
1967 if len(cert.RawSubject) > 0 {
1968 return cert.RawSubject, nil
1969 }
1970
1971 return asn1.Marshal(cert.Subject.ToRDNSequence())
1972 }
1973
1974
1975
1976
1977 func signingParamsForPublicKey(pub interface{}, requestedSigAlgo SignatureAlgorithm) (hashFunc crypto.Hash, sigAlgo pkix.AlgorithmIdentifier, err error) {
1978 var pubType PublicKeyAlgorithm
1979
1980 switch pub := pub.(type) {
1981 case *rsa.PublicKey:
1982 pubType = RSA
1983 hashFunc = crypto.SHA256
1984 sigAlgo.Algorithm = oidSignatureSHA256WithRSA
1985 sigAlgo.Parameters = asn1.NullRawValue
1986
1987 case *ecdsa.PublicKey:
1988 pubType = ECDSA
1989
1990 switch pub.Curve {
1991 case elliptic.P224(), elliptic.P256():
1992 hashFunc = crypto.SHA256
1993 sigAlgo.Algorithm = oidSignatureECDSAWithSHA256
1994 case elliptic.P384():
1995 hashFunc = crypto.SHA384
1996 sigAlgo.Algorithm = oidSignatureECDSAWithSHA384
1997 case elliptic.P521():
1998 hashFunc = crypto.SHA512
1999 sigAlgo.Algorithm = oidSignatureECDSAWithSHA512
2000 default:
2001 err = errors.New("x509: unknown elliptic curve")
2002 }
2003
2004 default:
2005 err = errors.New("x509: only RSA and ECDSA keys supported")
2006 }
2007
2008 if err != nil {
2009 return
2010 }
2011
2012 if requestedSigAlgo == 0 {
2013 return
2014 }
2015
2016 found := false
2017 for _, details := range signatureAlgorithmDetails {
2018 if details.algo == requestedSigAlgo {
2019 if details.pubKeyAlgo != pubType {
2020 err = errors.New("x509: requested SignatureAlgorithm does not match private key type")
2021 return
2022 }
2023 sigAlgo.Algorithm, hashFunc = details.oid, details.hash
2024 if hashFunc == 0 {
2025 err = errors.New("x509: cannot sign with hash function requested")
2026 return
2027 }
2028 if requestedSigAlgo.isRSAPSS() {
2029 sigAlgo.Parameters = rsaPSSParameters(hashFunc)
2030 }
2031 found = true
2032 break
2033 }
2034 }
2035
2036 if !found {
2037 err = errors.New("x509: unknown SignatureAlgorithm")
2038 }
2039
2040 return
2041 }
2042
2043
2044
2045 var emptyASN1Subject = []byte{0x30, 0}
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066 func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error) {
2067 key, ok := priv.(crypto.Signer)
2068 if !ok {
2069 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2070 }
2071
2072 if template.SerialNumber == nil {
2073 return nil, errors.New("x509: no SerialNumber given")
2074 }
2075
2076 hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
2077 if err != nil {
2078 return nil, err
2079 }
2080
2081 publicKeyBytes, publicKeyAlgorithm, err := marshalPublicKey(pub)
2082 if err != nil {
2083 return nil, err
2084 }
2085
2086 asn1Issuer, err := subjectBytes(parent)
2087 if err != nil {
2088 return
2089 }
2090
2091 asn1Subject, err := subjectBytes(template)
2092 if err != nil {
2093 return
2094 }
2095
2096 authorityKeyId := template.AuthorityKeyId
2097 if !bytes.Equal(asn1Issuer, asn1Subject) && len(parent.SubjectKeyId) > 0 {
2098 authorityKeyId = parent.SubjectKeyId
2099 }
2100
2101 extensions, err := buildExtensions(template, bytes.Equal(asn1Subject, emptyASN1Subject), authorityKeyId)
2102 if err != nil {
2103 return
2104 }
2105
2106 encodedPublicKey := asn1.BitString{BitLength: len(publicKeyBytes) * 8, Bytes: publicKeyBytes}
2107 c := tbsCertificate{
2108 Version: 2,
2109 SerialNumber: template.SerialNumber,
2110 SignatureAlgorithm: signatureAlgorithm,
2111 Issuer: asn1.RawValue{FullBytes: asn1Issuer},
2112 Validity: validity{template.NotBefore.UTC(), template.NotAfter.UTC()},
2113 Subject: asn1.RawValue{FullBytes: asn1Subject},
2114 PublicKey: publicKeyInfo{nil, publicKeyAlgorithm, encodedPublicKey},
2115 Extensions: extensions,
2116 }
2117
2118 tbsCertContents, err := asn1.Marshal(c)
2119 if err != nil {
2120 return
2121 }
2122
2123 c.Raw = tbsCertContents
2124
2125 h := hashFunc.New()
2126 h.Write(tbsCertContents)
2127 digest := h.Sum(nil)
2128
2129 var signerOpts crypto.SignerOpts
2130 signerOpts = hashFunc
2131 if template.SignatureAlgorithm != 0 && template.SignatureAlgorithm.isRSAPSS() {
2132 signerOpts = &rsa.PSSOptions{
2133 SaltLength: rsa.PSSSaltLengthEqualsHash,
2134 Hash: hashFunc,
2135 }
2136 }
2137
2138 var signature []byte
2139 signature, err = key.Sign(rand, digest, signerOpts)
2140 if err != nil {
2141 return
2142 }
2143
2144 return asn1.Marshal(certificate{
2145 nil,
2146 c,
2147 signatureAlgorithm,
2148 asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
2149 })
2150 }
2151
2152
2153
2154 var pemCRLPrefix = []byte("-----BEGIN X509 CRL")
2155
2156
2157 var pemType = "X509 CRL"
2158
2159
2160
2161
2162
2163 func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error) {
2164 if bytes.HasPrefix(crlBytes, pemCRLPrefix) {
2165 block, _ := pem.Decode(crlBytes)
2166 if block != nil && block.Type == pemType {
2167 crlBytes = block.Bytes
2168 }
2169 }
2170 return ParseDERCRL(crlBytes)
2171 }
2172
2173
2174 func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error) {
2175 certList := new(pkix.CertificateList)
2176 if rest, err := asn1.Unmarshal(derBytes, certList); err != nil {
2177 return nil, err
2178 } else if len(rest) != 0 {
2179 return nil, errors.New("x509: trailing data after CRL")
2180 }
2181 return certList, nil
2182 }
2183
2184
2185
2186 func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, now, expiry time.Time) (crlBytes []byte, err error) {
2187 key, ok := priv.(crypto.Signer)
2188 if !ok {
2189 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2190 }
2191
2192 hashFunc, signatureAlgorithm, err := signingParamsForPublicKey(key.Public(), 0)
2193 if err != nil {
2194 return nil, err
2195 }
2196
2197
2198 revokedCertsUTC := make([]pkix.RevokedCertificate, len(revokedCerts))
2199 for i, rc := range revokedCerts {
2200 rc.RevocationTime = rc.RevocationTime.UTC()
2201 revokedCertsUTC[i] = rc
2202 }
2203
2204 tbsCertList := pkix.TBSCertificateList{
2205 Version: 1,
2206 Signature: signatureAlgorithm,
2207 Issuer: c.Subject.ToRDNSequence(),
2208 ThisUpdate: now.UTC(),
2209 NextUpdate: expiry.UTC(),
2210 RevokedCertificates: revokedCertsUTC,
2211 }
2212
2213
2214 if len(c.SubjectKeyId) > 0 {
2215 var aki pkix.Extension
2216 aki.Id = oidExtensionAuthorityKeyId
2217 aki.Value, err = asn1.Marshal(authKeyId{Id: c.SubjectKeyId})
2218 if err != nil {
2219 return
2220 }
2221 tbsCertList.Extensions = append(tbsCertList.Extensions, aki)
2222 }
2223
2224 tbsCertListContents, err := asn1.Marshal(tbsCertList)
2225 if err != nil {
2226 return
2227 }
2228
2229 h := hashFunc.New()
2230 h.Write(tbsCertListContents)
2231 digest := h.Sum(nil)
2232
2233 var signature []byte
2234 signature, err = key.Sign(rand, digest, hashFunc)
2235 if err != nil {
2236 return
2237 }
2238
2239 return asn1.Marshal(pkix.CertificateList{
2240 TBSCertList: tbsCertList,
2241 SignatureAlgorithm: signatureAlgorithm,
2242 SignatureValue: asn1.BitString{Bytes: signature, BitLength: len(signature) * 8},
2243 })
2244 }
2245
2246
2247 type CertificateRequest struct {
2248 Raw []byte
2249 RawTBSCertificateRequest []byte
2250 RawSubjectPublicKeyInfo []byte
2251 RawSubject []byte
2252
2253 Version int
2254 Signature []byte
2255 SignatureAlgorithm SignatureAlgorithm
2256
2257 PublicKeyAlgorithm PublicKeyAlgorithm
2258 PublicKey interface{}
2259
2260 Subject pkix.Name
2261
2262
2263 Attributes []pkix.AttributeTypeAndValueSET
2264
2265
2266
2267
2268 Extensions []pkix.Extension
2269
2270
2271
2272
2273
2274
2275
2276
2277 ExtraExtensions []pkix.Extension
2278
2279
2280 DNSNames []string
2281 EmailAddresses []string
2282 IPAddresses []net.IP
2283 URIs []*url.URL
2284 }
2285
2286
2287
2288
2289 type tbsCertificateRequest struct {
2290 Raw asn1.RawContent
2291 Version int
2292 Subject asn1.RawValue
2293 PublicKey publicKeyInfo
2294 RawAttributes []asn1.RawValue `asn1:"tag:0"`
2295 }
2296
2297 type certificateRequest struct {
2298 Raw asn1.RawContent
2299 TBSCSR tbsCertificateRequest
2300 SignatureAlgorithm pkix.AlgorithmIdentifier
2301 SignatureValue asn1.BitString
2302 }
2303
2304
2305
2306 var oidExtensionRequest = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 9, 14}
2307
2308
2309
2310 func newRawAttributes(attributes []pkix.AttributeTypeAndValueSET) ([]asn1.RawValue, error) {
2311 var rawAttributes []asn1.RawValue
2312 b, err := asn1.Marshal(attributes)
2313 if err != nil {
2314 return nil, err
2315 }
2316 rest, err := asn1.Unmarshal(b, &rawAttributes)
2317 if err != nil {
2318 return nil, err
2319 }
2320 if len(rest) != 0 {
2321 return nil, errors.New("x509: failed to unmarshal raw CSR Attributes")
2322 }
2323 return rawAttributes, nil
2324 }
2325
2326
2327 func parseRawAttributes(rawAttributes []asn1.RawValue) []pkix.AttributeTypeAndValueSET {
2328 var attributes []pkix.AttributeTypeAndValueSET
2329 for _, rawAttr := range rawAttributes {
2330 var attr pkix.AttributeTypeAndValueSET
2331 rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr)
2332
2333
2334 if err == nil && len(rest) == 0 {
2335 attributes = append(attributes, attr)
2336 }
2337 }
2338 return attributes
2339 }
2340
2341
2342
2343 func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) {
2344
2345
2346 type pkcs10Attribute struct {
2347 Id asn1.ObjectIdentifier
2348 Values []asn1.RawValue `asn1:"set"`
2349 }
2350
2351 var ret []pkix.Extension
2352 for _, rawAttr := range rawAttributes {
2353 var attr pkcs10Attribute
2354 if rest, err := asn1.Unmarshal(rawAttr.FullBytes, &attr); err != nil || len(rest) != 0 || len(attr.Values) == 0 {
2355
2356 continue
2357 }
2358
2359 if !attr.Id.Equal(oidExtensionRequest) {
2360 continue
2361 }
2362
2363 var extensions []pkix.Extension
2364 if _, err := asn1.Unmarshal(attr.Values[0].FullBytes, &extensions); err != nil {
2365 return nil, err
2366 }
2367 ret = append(ret, extensions...)
2368 }
2369
2370 return ret, nil
2371 }
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382 func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) {
2383 key, ok := priv.(crypto.Signer)
2384 if !ok {
2385 return nil, errors.New("x509: certificate private key does not implement crypto.Signer")
2386 }
2387
2388 var hashFunc crypto.Hash
2389 var sigAlgo pkix.AlgorithmIdentifier
2390 hashFunc, sigAlgo, err = signingParamsForPublicKey(key.Public(), template.SignatureAlgorithm)
2391 if err != nil {
2392 return nil, err
2393 }
2394
2395 var publicKeyBytes []byte
2396 var publicKeyAlgorithm pkix.AlgorithmIdentifier
2397 publicKeyBytes, publicKeyAlgorithm, err = marshalPublicKey(key.Public())
2398 if err != nil {
2399 return nil, err
2400 }
2401
2402 var extensions []pkix.Extension
2403
2404 if (len(template.DNSNames) > 0 || len(template.EmailAddresses) > 0 || len(template.IPAddresses) > 0 || len(template.URIs) > 0) &&
2405 !oidInExtensions(oidExtensionSubjectAltName, template.ExtraExtensions) {
2406 sanBytes, err := marshalSANs(template.DNSNames, template.EmailAddresses, template.IPAddresses, template.URIs)
2407 if err != nil {
2408 return nil, err
2409 }
2410
2411 extensions = append(extensions, pkix.Extension{
2412 Id: oidExtensionSubjectAltName,
2413 Value: sanBytes,
2414 })
2415 }
2416
2417 extensions = append(extensions, template.ExtraExtensions...)
2418
2419 var attributes []pkix.AttributeTypeAndValueSET
2420 attributes = append(attributes, template.Attributes...)
2421
2422 if len(extensions) > 0 {
2423
2424
2425 specifiedExtensions := make(map[string]bool)
2426
2427 for _, atvSet := range template.Attributes {
2428 if !atvSet.Type.Equal(oidExtensionRequest) {
2429 continue
2430 }
2431
2432 for _, atvs := range atvSet.Value {
2433 for _, atv := range atvs {
2434 specifiedExtensions[atv.Type.String()] = true
2435 }
2436 }
2437 }
2438
2439 atvs := make([]pkix.AttributeTypeAndValue, 0, len(extensions))
2440 for _, e := range extensions {
2441 if specifiedExtensions[e.Id.String()] {
2442
2443
2444 continue
2445 }
2446
2447 atvs = append(atvs, pkix.AttributeTypeAndValue{
2448
2449 Type: e.Id,
2450 Value: e.Value,
2451 })
2452 }
2453
2454
2455 appended := false
2456 for _, atvSet := range attributes {
2457 if !atvSet.Type.Equal(oidExtensionRequest) || len(atvSet.Value) == 0 {
2458 continue
2459 }
2460
2461 atvSet.Value[0] = append(atvSet.Value[0], atvs...)
2462 appended = true
2463 break
2464 }
2465
2466
2467 if !appended {
2468 attributes = append(attributes, pkix.AttributeTypeAndValueSET{
2469 Type: oidExtensionRequest,
2470 Value: [][]pkix.AttributeTypeAndValue{
2471 atvs,
2472 },
2473 })
2474 }
2475 }
2476
2477 asn1Subject := template.RawSubject
2478 if len(asn1Subject) == 0 {
2479 asn1Subject, err = asn1.Marshal(template.Subject.ToRDNSequence())
2480 if err != nil {
2481 return
2482 }
2483 }
2484
2485 rawAttributes, err := newRawAttributes(attributes)
2486 if err != nil {
2487 return
2488 }
2489
2490 tbsCSR := tbsCertificateRequest{
2491 Version: 0,
2492 Subject: asn1.RawValue{FullBytes: asn1Subject},
2493 PublicKey: publicKeyInfo{
2494 Algorithm: publicKeyAlgorithm,
2495 PublicKey: asn1.BitString{
2496 Bytes: publicKeyBytes,
2497 BitLength: len(publicKeyBytes) * 8,
2498 },
2499 },
2500 RawAttributes: rawAttributes,
2501 }
2502
2503 tbsCSRContents, err := asn1.Marshal(tbsCSR)
2504 if err != nil {
2505 return
2506 }
2507 tbsCSR.Raw = tbsCSRContents
2508
2509 h := hashFunc.New()
2510 h.Write(tbsCSRContents)
2511 digest := h.Sum(nil)
2512
2513 var signature []byte
2514 signature, err = key.Sign(rand, digest, hashFunc)
2515 if err != nil {
2516 return
2517 }
2518
2519 return asn1.Marshal(certificateRequest{
2520 TBSCSR: tbsCSR,
2521 SignatureAlgorithm: sigAlgo,
2522 SignatureValue: asn1.BitString{
2523 Bytes: signature,
2524 BitLength: len(signature) * 8,
2525 },
2526 })
2527 }
2528
2529
2530
2531 func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error) {
2532 var csr certificateRequest
2533
2534 rest, err := asn1.Unmarshal(asn1Data, &csr)
2535 if err != nil {
2536 return nil, err
2537 } else if len(rest) != 0 {
2538 return nil, asn1.SyntaxError{Msg: "trailing data"}
2539 }
2540
2541 return parseCertificateRequest(&csr)
2542 }
2543
2544 func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error) {
2545 out := &CertificateRequest{
2546 Raw: in.Raw,
2547 RawTBSCertificateRequest: in.TBSCSR.Raw,
2548 RawSubjectPublicKeyInfo: in.TBSCSR.PublicKey.Raw,
2549 RawSubject: in.TBSCSR.Subject.FullBytes,
2550
2551 Signature: in.SignatureValue.RightAlign(),
2552 SignatureAlgorithm: getSignatureAlgorithmFromAI(in.SignatureAlgorithm),
2553
2554 PublicKeyAlgorithm: getPublicKeyAlgorithmFromOID(in.TBSCSR.PublicKey.Algorithm.Algorithm),
2555
2556 Version: in.TBSCSR.Version,
2557 Attributes: parseRawAttributes(in.TBSCSR.RawAttributes),
2558 }
2559
2560 var err error
2561 out.PublicKey, err = parsePublicKey(out.PublicKeyAlgorithm, &in.TBSCSR.PublicKey)
2562 if err != nil {
2563 return nil, err
2564 }
2565
2566 var subject pkix.RDNSequence
2567 if rest, err := asn1.Unmarshal(in.TBSCSR.Subject.FullBytes, &subject); err != nil {
2568 return nil, err
2569 } else if len(rest) != 0 {
2570 return nil, errors.New("x509: trailing data after X.509 Subject")
2571 }
2572
2573 out.Subject.FillFromRDNSequence(&subject)
2574
2575 if out.Extensions, err = parseCSRExtensions(in.TBSCSR.RawAttributes); err != nil {
2576 return nil, err
2577 }
2578
2579 for _, extension := range out.Extensions {
2580 if extension.Id.Equal(oidExtensionSubjectAltName) {
2581 out.DNSNames, out.EmailAddresses, out.IPAddresses, out.URIs, err = parseSANExtension(extension.Value)
2582 if err != nil {
2583 return nil, err
2584 }
2585 }
2586 }
2587
2588 return out, nil
2589 }
2590
2591
2592 func (c *CertificateRequest) CheckSignature() error {
2593 return checkSignature(c.SignatureAlgorithm, c.RawTBSCertificateRequest, c.Signature, c.PublicKey)
2594 }
2595
View as plain text