Blame - osbase/pki/x509.go - monogon

blob: 2db1b19dfab71baefee70826991d45695f554e5d [file] [log] [blame]

Tim Windelschmidt	6d33a43	2025-02-04 14:34:25 +0100	[diff] [blame]	1	// Copyright The Monogon Project Authors.
Serge Bazanski	9411f7c	2021-03-10 13:12:53 +0100	[diff] [blame]	2	// SPDX-License-Identifier: Apache-2.0
Serge Bazanski	9411f7c	2021-03-10 13:12:53 +0100	[diff] [blame]	3
				4	package pki
				5
				6	import (
				7	"crypto"
				8	"crypto/sha1"
				9	"crypto/x509"
				10	"crypto/x509/pkix"
				11	"encoding/asn1"
				12	"time"
				13	)
				14
				15	var (
				16	// From RFC 5280 Section 4.1.2.5
Serge Bazanski	d7d6e02	2021-09-01 15:03:06 +0200	[diff] [blame]	17	UnknownNotAfter = time.Unix(253402300799, 0)
Serge Bazanski	9411f7c	2021-03-10 13:12:53 +0100	[diff] [blame]	18	)
				19
Serge Bazanski	216fe7b	2021-05-21 18:36:16 +0200	[diff] [blame]	20	// Workaround for https://github.com/golang/go/issues/26676 in Go's
				21	// crypto/x509. Specifically Go violates Section 4.2.1.2 of RFC 5280 without
				22	// this. Fixed for 1.15 in https://go-review.googlesource.com/c/go/+/227098/.
Serge Bazanski	9411f7c	2021-03-10 13:12:53 +0100	[diff] [blame]	23	//
Serge Bazanski	216fe7b	2021-05-21 18:36:16 +0200	[diff] [blame]	24	// Taken from https://github.com/FiloSottile/mkcert/blob/master/cert.go#L295
				25	// Written by one of Go's crypto engineers
Serge Bazanski	9411f7c	2021-03-10 13:12:53 +0100	[diff] [blame]	26	//
				27	// TODO(lorenz): remove this once we migrate to Go 1.15.
				28	func calculateSKID(pubKey crypto.PublicKey) ([]byte, error) {
				29	spkiASN1, err := x509.MarshalPKIXPublicKey(pubKey)
				30	if err != nil {
				31	return nil, err
				32	}
				33
				34	var spki struct {
				35	Algorithm pkix.AlgorithmIdentifier
				36	SubjectPublicKey asn1.BitString
				37	}
				38	_, err = asn1.Unmarshal(spkiASN1, &spki)
				39	if err != nil {
				40	return nil, err
				41	}
				42	skid := sha1.Sum(spki.SubjectPublicKey.Bytes)
				43	return skid[:], nil
				44	}