Duplicate lints about keyIdentifier in certificates (#726)

* Duplicate lints about keyIdentifier in certificates * fixed go imports styling * breaking up code comments to match conditional blocks * typo * simplifying check * Triggering GHA with empty commit * adding one more error cert to the corpus --------- Co-authored-by: Zakir Durumeric <zakird@gmail.com>
zmap · Jul 9, 2023 · 40f2b32 · 40f2b32
1 parent 3f1605e
commit 40f2b32
Show file tree

Hide file tree

Showing 4 changed files with 4 additions and 109 deletions.
diff --git a/v3/integration/config.json b/v3/integration/config.json
@@ -348,7 +348,7 @@
       "ErrCount": 37
     },
     "e_ext_authority_key_identifier_no_key_identifier": {
-      "ErrCount": 65
+      "ErrCount": 66
     },
     "e_ext_cert_policy_disallowed_any_policy_qualifier": {},
     "e_ext_cert_policy_duplicate": {},

diff --git a/v3/lints/rfc/lint_ext_authority_key_identifier_missing.go b/v3/lints/rfc/lint_ext_authority_key_identifier_missing.go
diff --git a/v3/lints/rfc/lint_ext_authority_key_identifier_missing_test.go b/v3/lints/rfc/lint_ext_authority_key_identifier_missing_test.go
diff --git a/v3/lints/rfc/lint_ext_authority_key_identifier_no_key_identifier.go b/v3/lints/rfc/lint_ext_authority_key_identifier_no_key_identifier.go
@@ -57,9 +57,9 @@ func (l *authorityKeyIdNoKeyIdField) CheckApplies(c *x509.Certificate) bool {
 }
 
 func (l *authorityKeyIdNoKeyIdField) Execute(c *x509.Certificate) *lint.LintResult {
-	if c.AuthorityKeyId == nil && !util.IsSelfSigned(c) { //will be nil by default if not found in x509.parseCert
-		return &lint.LintResult{Status: lint.Error}
-	} else {
+	if c.AuthorityKeyId != nil || util.IsCACert(c) && util.IsSelfSigned(c) {
 		return &lint.LintResult{Status: lint.Pass}
+	} else {
+		return &lint.LintResult{Status: lint.Error}
 	}
 }