Use camel case for extensions as strings

smallstep · Jan 31, 2024 · 807ab63 · 807ab63
1 parent 3560910
commit 807ab63
Show file tree

Hide file tree

Showing 2 changed files with 67 additions and 58 deletions.
diff --git a/x509util/extensions.go b/x509util/extensions.go
@@ -439,7 +439,7 @@ func (s SubjectAlternativeName) RawValue() (asn1.RawValue, error) {
 
 		// The default type is printable, but if the value is prefixed with a
 		// type, use that.
-		var value, params = s.Value, "printable"
+		value, params := s.Value, "printable"
 		if strings.Contains(value, sanTypeSeparator) {
 			params = strings.Split(value, sanTypeSeparator)[0]
 			value = value[len(params)+1:]
@@ -649,31 +649,31 @@ func (k KeyUsage) MarshalJSON() ([]byte, error) {
 	var usages []string
 
 	if x509.KeyUsage(k)&x509.KeyUsageDigitalSignature != 0 {
-		usages = append(usages, KeyUsageDigitalSignature)
+		usages = append(usages, "digitalSignature")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageContentCommitment != 0 {
-		usages = append(usages, KeyUsageContentCommitment)
+		usages = append(usages, "contentCommitment")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageKeyEncipherment != 0 {
-		usages = append(usages, KeyUsageKeyEncipherment)
+		usages = append(usages, "keyEncipherment")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageDataEncipherment != 0 {
-		usages = append(usages, KeyUsageDataEncipherment)
+		usages = append(usages, "dataEncipherment")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageKeyAgreement != 0 {
-		usages = append(usages, KeyUsageKeyAgreement)
+		usages = append(usages, "keyAgreement")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageCertSign != 0 {
-		usages = append(usages, KeyUsageCertSign)
+		usages = append(usages, "certSign")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageCRLSign != 0 {
-		usages = append(usages, KeyUsageCRLSign)
+		usages = append(usages, "crlSign")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageEncipherOnly != 0 {
-		usages = append(usages, KeyUsageEncipherOnly)
+		usages = append(usages, "encipherOnly")
 	}
 	if x509.KeyUsage(k)&x509.KeyUsageDecipherOnly != 0 {
-		usages = append(usages, KeyUsageDecipherOnly)
+		usages = append(usages, "decipherOnly")
 	}
 
 	if len(usages) == 0 && k != 0 {
@@ -749,33 +749,33 @@ func (k ExtKeyUsage) MarshalJSON() ([]byte, error) {
 	for i, eku := range k {
 		switch eku {
 		case x509.ExtKeyUsageAny:
-			usages[i] = ExtKeyUsageAny
+			usages[i] = "any"
 		case x509.ExtKeyUsageServerAuth:
-			usages[i] = ExtKeyUsageServerAuth
+			usages[i] = "serverAuth"
 		case x509.ExtKeyUsageClientAuth:
-			usages[i] = ExtKeyUsageClientAuth
+			usages[i] = "clientAuth"
 		case x509.ExtKeyUsageCodeSigning:
-			usages[i] = ExtKeyUsageCodeSigning
+			usages[i] = "codeSigning"
 		case x509.ExtKeyUsageEmailProtection:
-			usages[i] = ExtKeyUsageEmailProtection
+			usages[i] = "emailProtection"
 		case x509.ExtKeyUsageIPSECEndSystem:
-			usages[i] = ExtKeyUsageIPSECEndSystem
+			usages[i] = "ipsecEndSystem"
 		case x509.ExtKeyUsageIPSECTunnel:
-			usages[i] = ExtKeyUsageIPSECTunnel
+			usages[i] = "ipsecTunnel"
 		case x509.ExtKeyUsageIPSECUser:
-			usages[i] = ExtKeyUsageIPSECUser
+			usages[i] = "ipsecUser"
 		case x509.ExtKeyUsageTimeStamping:
-			usages[i] = ExtKeyUsageTimeStamping
+			usages[i] = "timeStamping"
 		case x509.ExtKeyUsageOCSPSigning:
-			usages[i] = ExtKeyUsageOCSPSigning
+			usages[i] = "ocspSigning"
 		case x509.ExtKeyUsageMicrosoftServerGatedCrypto:
-			usages[i] = ExtKeyUsageMicrosoftServerGatedCrypto
+			usages[i] = "microsoftServerGatedCrypto"
 		case x509.ExtKeyUsageNetscapeServerGatedCrypto:
-			usages[i] = ExtKeyUsageNetscapeServerGatedCrypto
+			usages[i] = "netscapeServerGatedCrypto"
 		case x509.ExtKeyUsageMicrosoftCommercialCodeSigning:
-			usages[i] = ExtKeyUsageMicrosoftCommercialCodeSigning
+			usages[i] = "microsoftCommercialCodeSigning"
 		case x509.ExtKeyUsageMicrosoftKernelCodeSigning:
-			usages[i] = ExtKeyUsageMicrosoftKernelCodeSigning
+			usages[i] = "microsoftKernelCodeSigning"
 		default:
 			return nil, fmt.Errorf("unsupported extKeyUsage %v", eku)
 		}
@@ -1117,7 +1117,7 @@ type SubjectAlternativeNames struct {
 	PermanentIdentifiers []PermanentIdentifier
 	HardwareModuleNames  []HardwareModuleName
 	TPMHardwareDetails   TPMHardwareDetails
-	//OtherNames          []OtherName // TODO(hs): unused at the moment; do we need it? what type definition to use?
+	// OtherNames          []OtherName // TODO(hs): unused at the moment; do we need it? what type definition to use?
 }
 
 // TPMHardwareDetails is a container for some details

diff --git a/x509util/extensions_test.go b/x509util/extensions_test.go
@@ -319,16 +319,20 @@ func TestSubjectAlternativeName_RawValue(t *testing.T) {
 			FullBytes: bytes.Join([][]byte{
 				{160, 31, 6, 8, 43, 6, 1, 5, 5, 7, 8, 4},
 				{160, 19, 0x30, 17, asn1.TagOID, 3, 0x20 | 0x0A, 3, 4},
-				{0x80 | asn1.TagOctetString, 10}, []byte("0123456789"),
+				{0x80 | asn1.TagOctetString, 10},
+				[]byte("0123456789"),
 			}, nil),
 		}, false},
 		{"directoryName", fields{"dn", "", []byte(`{"country":"US","organization":"ACME","commonName":"rocket"}`)}, asn1.RawValue{
 			Class: 2, Tag: 4, IsCompound: true,
 			Bytes: bytes.Join([][]byte{
 				{0x30, 45, 49, 11},
-				{48, 9, 6, 3, 85, 4, 6, asn1.TagPrintableString, 2}, []byte("US"),
-				{49, 13, 48, 11, 6, 3, 85, 4, 10, asn1.TagPrintableString, 4}, []byte("ACME"),
-				{49, 15, 48, 13, 6, 3, 85, 4, 3, asn1.TagPrintableString, 6}, []byte("rocket"),
+				{48, 9, 6, 3, 85, 4, 6, asn1.TagPrintableString, 2},
+				[]byte("US"),
+				{49, 13, 48, 11, 6, 3, 85, 4, 10, asn1.TagPrintableString, 4},
+				[]byte("ACME"),
+				{49, 15, 48, 13, 6, 3, 85, 4, 3, asn1.TagPrintableString, 6},
+				[]byte("rocket"),
 			}, nil),
 		}, false},
 		{"userPrincipalName", fields{"userPrincipalName", "foo@bar.com", nil}, asn1.RawValue{
@@ -464,16 +468,16 @@ func TestKeyUsage_MarshalJSON(t *testing.T) {
 		want    string
 		wantErr bool
 	}{
-		{"DigitalSignature", KeyUsage(x509.KeyUsageDigitalSignature), `["digitalsignature"]`, false},
-		{"ContentCommitment", KeyUsage(x509.KeyUsageContentCommitment), `["contentcommitment"]`, false},
-		{"KeyEncipherment", KeyUsage(x509.KeyUsageKeyEncipherment), `["keyencipherment"]`, false},
-		{"DataEncipherment", KeyUsage(x509.KeyUsageDataEncipherment), `["dataencipherment"]`, false},
-		{"KeyAgreement", KeyUsage(x509.KeyUsageKeyAgreement), `["keyagreement"]`, false},
-		{"CertSign", KeyUsage(x509.KeyUsageCertSign), `["certsign"]`, false},
-		{"CRLSign", KeyUsage(x509.KeyUsageCRLSign), `["crlsign"]`, false},
-		{"EncipherOnly", KeyUsage(x509.KeyUsageEncipherOnly), `["encipheronly"]`, false},
-		{"DecipherOnly", KeyUsage(x509.KeyUsageDecipherOnly), `["decipheronly"]`, false},
-		{"DigitalSignature + KeyEncipherment", KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment), `["digitalsignature","keyencipherment"]`, false},
+		{"DigitalSignature", KeyUsage(x509.KeyUsageDigitalSignature), `["digitalSignature"]`, false},
+		{"ContentCommitment", KeyUsage(x509.KeyUsageContentCommitment), `["contentCommitment"]`, false},
+		{"KeyEncipherment", KeyUsage(x509.KeyUsageKeyEncipherment), `["keyEncipherment"]`, false},
+		{"DataEncipherment", KeyUsage(x509.KeyUsageDataEncipherment), `["dataEncipherment"]`, false},
+		{"KeyAgreement", KeyUsage(x509.KeyUsageKeyAgreement), `["keyAgreement"]`, false},
+		{"CertSign", KeyUsage(x509.KeyUsageCertSign), `["certSign"]`, false},
+		{"CRLSign", KeyUsage(x509.KeyUsageCRLSign), `["crlSign"]`, false},
+		{"EncipherOnly", KeyUsage(x509.KeyUsageEncipherOnly), `["encipherOnly"]`, false},
+		{"DecipherOnly", KeyUsage(x509.KeyUsageDecipherOnly), `["decipherOnly"]`, false},
+		{"DigitalSignature + KeyEncipherment", KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment), `["digitalSignature","keyEncipherment"]`, false},
 		{"Error", KeyUsage(x509.KeyUsageDecipherOnly << 1), "", true},
 	}
 	for _, tt := range tests {
@@ -589,20 +593,20 @@ func TestExtKeyUsage_MarshalJSON(t *testing.T) {
 		wantErr bool
 	}{
 		{"Any", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageAny}), `["any"]`, false},
-		{"ServerAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), `["serverauth"]`, false},
-		{"ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), `["clientauth"]`, false},
-		{"CodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), `["codesigning"]`, false},
-		{"EmailProtection", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), `["emailprotection"]`, false},
-		{"IPSECEndSystem", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), `["ipsecendsystem"]`, false},
-		{"IPSECTunnel", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), `["ipsectunnel"]`, false},
-		{"IPSECUser", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), `["ipsecuser"]`, false},
-		{"TimeStamping", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), `["timestamping"]`, false},
-		{"OCSPSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), `["ocspsigning"]`, false},
-		{"MicrosoftServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), `["microsoftservergatedcrypto"]`, false},
-		{"NetscapeServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), `["netscapeservergatedcrypto"]`, false},
-		{"MicrosoftCommercialCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), `["microsoftcommercialcodesigning"]`, false},
-		{"MicrosoftKernelCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), `["microsoftkernelcodesigning"]`, false},
-		{"ServerAuth + ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}), `["serverauth","clientauth"]`, false},
+		{"ServerAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), `["serverAuth"]`, false},
+		{"ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), `["clientAuth"]`, false},
+		{"CodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), `["codeSigning"]`, false},
+		{"EmailProtection", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), `["emailProtection"]`, false},
+		{"IPSECEndSystem", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), `["ipsecEndSystem"]`, false},
+		{"IPSECTunnel", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), `["ipsecTunnel"]`, false},
+		{"IPSECUser", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), `["ipsecUser"]`, false},
+		{"TimeStamping", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), `["timeStamping"]`, false},
+		{"OCSPSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), `["ocspSigning"]`, false},
+		{"MicrosoftServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), `["microsoftServerGatedCrypto"]`, false},
+		{"NetscapeServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), `["netscapeServerGatedCrypto"]`, false},
+		{"MicrosoftCommercialCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), `["microsoftCommercialCodeSigning"]`, false},
+		{"MicrosoftKernelCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), `["microsoftKernelCodeSigning"]`, false},
+		{"ServerAuth + ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}), `["serverAuth","clientAuth"]`, false},
 		{"Error", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning + 1}), "", true},
 	}
 	for _, tt := range tests {
@@ -1311,9 +1315,12 @@ func Test_createSubjectAltNameExtension(t *testing.T) {
 			Critical: false,
 			Value: bytes.Join([][]byte{
 				{0x30, (2 + 7) + (2 + 11) + (2 + 11) + (2 + 4)},
-				{0x80 | nameTypeDNS, 7}, []byte("foo.com"),
-				{0x80 | nameTypeEmail, 11}, []byte("bar@foo.com"),
-				{0x80 | nameTypeURI, 11}, []byte("urn:foo:bar"),
+				{0x80 | nameTypeDNS, 7},
+				[]byte("foo.com"),
+				{0x80 | nameTypeEmail, 11},
+				[]byte("bar@foo.com"),
+				{0x80 | nameTypeURI, 11},
+				[]byte("urn:foo:bar"),
 				{0x80 | nameTypeIP, 4, 1, 2, 3, 4},
 			}, nil),
 		}, false},
@@ -1327,9 +1334,11 @@ func Test_createSubjectAltNameExtension(t *testing.T) {
 			Critical: false,
 			Value: bytes.Join([][]byte{
 				{0x30, (2 + 7) + (2 + 20)},
-				{0x80 | nameTypeDNS, 7}, []byte("foo.com"),
+				{0x80 | nameTypeDNS, 7},
+				[]byte("foo.com"),
 				{0xA0, 20, asn1.TagOID, 3, 0x20 | 0x0A, 3, 4},
-				{0xA0, 13, asn1.TagUTF8String, 11}, []byte("bar@foo.com"),
+				{0xA0, 13, asn1.TagUTF8String, 11},
+				[]byte("bar@foo.com"),
 			}, nil),
 		}, false},
 		{"fail dns", args{Certificate{