/
eku.go
56 lines (50 loc) · 1.41 KB
/
eku.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package util
import (
"fmt"
"sort"
"github.com/zmap/zcrypto/x509"
)
// HasEKU tests whether an Extended Key Usage (EKU) is present in a certificate.
func HasEKU(cert *x509.Certificate, eku x509.ExtKeyUsage) bool {
for _, currentEku := range cert.ExtKeyUsage {
if currentEku == eku {
return true
}
}
return false
}
// GetEKUString returns a human friendly Extended Key Usage (EKU) string.
func GetEKUString(eku x509.ExtKeyUsage) string {
switch eku {
case x509.ExtKeyUsageAny:
return "any"
case x509.ExtKeyUsageServerAuth:
return "serverAuth"
case x509.ExtKeyUsageClientAuth:
return "clientAuth"
case x509.ExtKeyUsageCodeSigning:
return "codeSigning"
case x509.ExtKeyUsageEmailProtection:
return "emailProtection"
case x509.ExtKeyUsageIpsecUser:
return "ipSecUser"
case x509.ExtKeyUsageIpsecTunnel:
return "ipSecTunnel"
case x509.ExtKeyUsageOcspSigning:
return "ocspSigning"
case x509.ExtKeyUsageMicrosoftServerGatedCrypto:
return "microsoftServerGatedCrypto"
case x509.ExtKeyUsageNetscapeServerGatedCrypto:
return "netscapeServerGatedCrypto"
}
return fmt.Sprintf("unknown EKU %d", eku)
}
// GetEKUStrings returns a list of human friendly Extended Key Usage (EKU) strings.
func GetEKUStrings(eku []x509.ExtKeyUsage) []string {
var ekuStrings []string
for _, currentEku := range eku {
ekuStrings = append(ekuStrings, GetEKUString(currentEku))
}
sort.Strings(ekuStrings)
return ekuStrings
}