MCPcopy
hub / github.com/grpc/grpc-go / parseCertIssuerExt

Function parseCertIssuerExt

security/advancedtls/crl.go:255–285  ·  view source on GitHub ↗
(ext pkix.Extension)

Source from the content-addressed store, hash-verified

253}
254
255func parseCertIssuerExt(ext pkix.Extension) ([]byte, error) {
256 // 5.3.3 Certificate Issuer
257 // CertificateIssuer ::= GeneralNames
258 // GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName
259 var generalNames []asn1.RawValue
260 if rest, err := asn1.Unmarshal(ext.Value, &generalNames); err != nil || len(rest) != 0 {
261 return nil, fmt.Errorf("asn1.Unmarshal failed: %v", err)
262 }
263
264 for _, generalName := range generalNames {
265 // GeneralName ::= CHOICE {
266 // otherName [0] OtherName,
267 // rfc822Name [1] IA5String,
268 // dNSName [2] IA5String,
269 // x400Address [3] ORAddress,
270 // directoryName [4] Name,
271 // ediPartyName [5] EDIPartyName,
272 // uniformResourceIdentifier [6] IA5String,
273 // iPAddress [7] OCTET STRING,
274 // registeredID [8] OBJECT IDENTIFIER }
275 if generalName.Tag == tagDirectoryName {
276 return generalName.Bytes, nil
277 }
278 }
279 // Conforming CRL issuers MUST include in this extension the
280 // distinguished name (DN) from the issuer field of the certificate that
281 // corresponds to this CRL entry.
282 // If we couldn't get a directoryName, we can't reason about this file so cert status is
283 // RevocationUndetermined.
284 return nil, errors.New("no DN found in certificate issuer")
285}
286
287// RFC 5280, 4.2.1.1
288type authKeyID struct {

Callers 1

checkCertRevocationFunction · 0.85

Calls 2

UnmarshalMethod · 0.65
ErrorfMethod · 0.65

Tested by

no test coverage detected