-
Notifications
You must be signed in to change notification settings - Fork 2.1k
/
usages.go
114 lines (94 loc) · 3.71 KB
/
usages.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/*
Copyright 2020 The cert-manager Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package util
import (
"crypto/x509"
"math/bits"
cmapi "github.com/cert-manager/cert-manager/pkg/apis/certmanager/v1"
)
var keyUsages = map[cmapi.KeyUsage]x509.KeyUsage{
cmapi.UsageSigning: x509.KeyUsageDigitalSignature,
cmapi.UsageDigitalSignature: x509.KeyUsageDigitalSignature,
cmapi.UsageContentCommitment: x509.KeyUsageContentCommitment,
cmapi.UsageKeyEncipherment: x509.KeyUsageKeyEncipherment,
cmapi.UsageKeyAgreement: x509.KeyUsageKeyAgreement,
cmapi.UsageDataEncipherment: x509.KeyUsageDataEncipherment,
cmapi.UsageCertSign: x509.KeyUsageCertSign,
cmapi.UsageCRLSign: x509.KeyUsageCRLSign,
cmapi.UsageEncipherOnly: x509.KeyUsageEncipherOnly,
cmapi.UsageDecipherOnly: x509.KeyUsageDecipherOnly,
}
var extKeyUsages = map[cmapi.KeyUsage]x509.ExtKeyUsage{
cmapi.UsageAny: x509.ExtKeyUsageAny,
cmapi.UsageServerAuth: x509.ExtKeyUsageServerAuth,
cmapi.UsageClientAuth: x509.ExtKeyUsageClientAuth,
cmapi.UsageCodeSigning: x509.ExtKeyUsageCodeSigning,
cmapi.UsageEmailProtection: x509.ExtKeyUsageEmailProtection,
cmapi.UsageSMIME: x509.ExtKeyUsageEmailProtection,
cmapi.UsageIPsecEndSystem: x509.ExtKeyUsageIPSECEndSystem,
cmapi.UsageIPsecTunnel: x509.ExtKeyUsageIPSECTunnel,
cmapi.UsageIPsecUser: x509.ExtKeyUsageIPSECUser,
cmapi.UsageTimestamping: x509.ExtKeyUsageTimeStamping,
cmapi.UsageOCSPSigning: x509.ExtKeyUsageOCSPSigning,
cmapi.UsageMicrosoftSGC: x509.ExtKeyUsageMicrosoftServerGatedCrypto,
cmapi.UsageNetscapeSGC: x509.ExtKeyUsageNetscapeServerGatedCrypto,
}
// KeyUsageType returns the relevant x509.KeyUsage or false if not found
func KeyUsageType(usage cmapi.KeyUsage) (x509.KeyUsage, bool) {
u, ok := keyUsages[usage]
return u, ok
}
// ExtKeyUsageType returns the relevant x509.ExtKeyUsage or false if not found
func ExtKeyUsageType(usage cmapi.KeyUsage) (x509.ExtKeyUsage, bool) {
eu, ok := extKeyUsages[usage]
return eu, ok
}
// KeyUsageStrings returns the cmapi.KeyUsage and "unknown" if not found
func KeyUsageStrings(usage x509.KeyUsage) []cmapi.KeyUsage {
var usageStr []cmapi.KeyUsage
for i := 0; i < bits.UintSize; i++ {
if v := usage & (1 << uint(i)); v != 0 {
usageStr = append(usageStr, keyUsageString(v))
}
}
return usageStr
}
// ExtKeyUsageStrings returns the cmapi.KeyUsage and "unknown" if not found
func ExtKeyUsageStrings(usage []x509.ExtKeyUsage) []cmapi.KeyUsage {
var usageStr []cmapi.KeyUsage
for _, u := range usage {
usageStr = append(usageStr, extKeyUsageString(u))
}
return usageStr
}
// keyUsageString returns the cmapi.KeyUsage and "unknown" if not found
func keyUsageString(usage x509.KeyUsage) cmapi.KeyUsage {
for k, v := range keyUsages {
if usage == x509.KeyUsageDigitalSignature {
return cmapi.UsageDigitalSignature // we have KeyUsageDigitalSignature twice in our array, we should be consistent when parsing
}
if usage == v {
return k
}
}
return "unknown"
}
// extKeyUsageString returns the cmapi.ExtKeyUsage and "unknown" if not found
func extKeyUsageString(usage x509.ExtKeyUsage) cmapi.KeyUsage {
for k, v := range extKeyUsages {
if usage == v {
return k
}
}
return "unknown"
}