libICP/certs_list.go at master · OpenICP-BR/libICP · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
package libICP

import (
	"math/big"
	"time"

	"github.com/OpenICP-BR/asn1"
)

type certificate_list struct {
	RawContent         asn1.RawContent
	TBSCertList        tbs_cert_list
	SignatureAlgorithm algorithm_identifier
	Signature          asn1.BitString
}

func (list *certificate_list) LoadFromDER(data []byte) ([]byte, CodedError) {
	rest, err := asn1.Unmarshal(data, list)
	if err != nil {
		merr := NewMultiError("failed to parse DER CRL", ERR_PARSE_CRL, nil, err)
		merr.SetParam("raw-data", data)
		return rest, merr
	}
	return rest, nil
}

func (list certificate_list) GetRawContent() []byte {
	return list.TBSCertList.RawContent
}

func (list certificate_list) GetSignatureAlgorithm() algorithm_identifier {
	return list.SignatureAlgorithm
}

func (list certificate_list) GetSignature() []byte {
	return list.Signature.Bytes
}

type tbs_cert_list struct {
	RawContent          asn1.RawContent
	Version             int `asn1:"optional,omitempty"`
	Signature           algorithm_identifier
	Issuer              nameT
	ThisUpdate          time.Time
	NextUpdate          time.Time             `asn1:"optional,omitempty"`
	RevokedCertificates []revoked_certificate `asn1:"optional,omitempty"`
	CRLExtensions       []extension           `asn1:"optional,omitempty,tag:0,explicit"`
}

type revoked_certificate struct {
	UserCertificate    *big.Int
	RevocationDate     time.Time
	CRLEntryExtensions []extension `asn1:"optional,omitempty"`
}

func (lcerts *tbs_cert_list) SetAppropriateVersion() {
	lcerts.Version = 0
	if lcerts.CRLExtensions != nil && len(lcerts.CRLExtensions) > 0 {
		lcerts.Version = 1
	}
	for _, rev := range lcerts.RevokedCertificates {
		if rev.CRLEntryExtensions != nil && len(rev.CRLEntryExtensions) > 0 {
			lcerts.Version = 1
			return
		}
	}
}

func (lcerts tbs_cert_list) HasCriticalExtension() asn1.ObjectIdentifier {
	for _, ext := range lcerts.CRLExtensions {
		if ext.Critical {
			return ext.ExtnID
		}
	}
	return nil
}

func (lcerts tbs_cert_list) HasCert(serial *big.Int) bool {
	if serial == nil {
		return false
	}
	for _, rev := range lcerts.RevokedCertificates {
		if rev.UserCertificate == nil {
			continue
		}
		if serial.Cmp(rev.UserCertificate) == 0 {
			return true
		}
	}
	return false
}