(ext pkix.Extension)
| 253 | } |
| 254 | |
| 255 | func parseCertIssuerExt(ext pkix.Extension) ([]byte, error) { |
| 256 | // 5.3.3 Certificate Issuer |
| 257 | // CertificateIssuer ::= GeneralNames |
| 258 | // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName |
| 259 | var generalNames []asn1.RawValue |
| 260 | if rest, err := asn1.Unmarshal(ext.Value, &generalNames); err != nil || len(rest) != 0 { |
| 261 | return nil, fmt.Errorf("asn1.Unmarshal failed: %v", err) |
| 262 | } |
| 263 | |
| 264 | for _, generalName := range generalNames { |
| 265 | // GeneralName ::= CHOICE { |
| 266 | // otherName [0] OtherName, |
| 267 | // rfc822Name [1] IA5String, |
| 268 | // dNSName [2] IA5String, |
| 269 | // x400Address [3] ORAddress, |
| 270 | // directoryName [4] Name, |
| 271 | // ediPartyName [5] EDIPartyName, |
| 272 | // uniformResourceIdentifier [6] IA5String, |
| 273 | // iPAddress [7] OCTET STRING, |
| 274 | // registeredID [8] OBJECT IDENTIFIER } |
| 275 | if generalName.Tag == tagDirectoryName { |
| 276 | return generalName.Bytes, nil |
| 277 | } |
| 278 | } |
| 279 | // Conforming CRL issuers MUST include in this extension the |
| 280 | // distinguished name (DN) from the issuer field of the certificate that |
| 281 | // corresponds to this CRL entry. |
| 282 | // If we couldn't get a directoryName, we can't reason about this file so cert status is |
| 283 | // RevocationUndetermined. |
| 284 | return nil, errors.New("no DN found in certificate issuer") |
| 285 | } |
| 286 | |
| 287 | // RFC 5280, 4.2.1.1 |
| 288 | type authKeyID struct { |
no test coverage detected