From f78c82844afad640a880d1d25bfc641ddaa97879 Mon Sep 17 00:00:00 2001 From: Andrew Reed Date: Fri, 26 Jan 2024 13:34:16 -0600 Subject: [PATCH 1/3] Export NewExtraNames --- x509util/name.go | 8 ++++---- x509util/name_test.go | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/x509util/name.go b/x509util/name.go index 1d0ad12b..9a6e0eab 100644 --- a/x509util/name.go +++ b/x509util/name.go @@ -11,7 +11,7 @@ import ( ) // attributeTypeNames are the subject attributes managed by Go and this package. -// newExtraNames will populate .Insecure.CR.ExtraNames with the attributes not +// NewExtraNames will populate .Insecure.CR.ExtraNames with the attributes not // present on this map. var attributeTypeNames = map[string]string{ "2.5.4.6": "C", @@ -54,7 +54,7 @@ func newName(n pkix.Name) Name { PostalCode: n.PostalCode, SerialNumber: n.SerialNumber, CommonName: n.CommonName, - ExtraNames: newExtraNames(n.Names), + ExtraNames: NewExtraNames(n.Names), } } @@ -154,9 +154,9 @@ type DistinguishedName struct { Value interface{} `json:"value"` } -// newExtraNames returns a list of DistinguishedName with the attributes not +// NewExtraNames returns a list of DistinguishedName with the attributes not // present in attributeTypeNames. -func newExtraNames(atvs []pkix.AttributeTypeAndValue) []DistinguishedName { +func NewExtraNames(atvs []pkix.AttributeTypeAndValue) []DistinguishedName { var extraNames []DistinguishedName for _, atv := range atvs { if _, ok := attributeTypeNames[atv.Type.String()]; !ok { diff --git a/x509util/name_test.go b/x509util/name_test.go index 31e25ad7..15221eee 100644 --- a/x509util/name_test.go +++ b/x509util/name_test.go @@ -519,7 +519,7 @@ func TestIssuer_Set(t *testing.T) { } } -func Test_newExtraNames(t *testing.T) { +func Test_NewExtraNames(t *testing.T) { type args struct { atvs []pkix.AttributeTypeAndValue } @@ -540,7 +540,7 @@ func Test_newExtraNames(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - if got := newExtraNames(tt.args.atvs); !reflect.DeepEqual(got, tt.want) { + if got := NewExtraNames(tt.args.atvs); !reflect.DeepEqual(got, tt.want) { t.Errorf("newDistinguisedNames() = %v, want %v", got, tt.want) } }) From 23b5172f802570071777ad80cd7d7a7c9def7b2a Mon Sep 17 00:00:00 2001 From: Andrew Reed Date: Wed, 31 Jan 2024 11:52:30 -0600 Subject: [PATCH 2/3] Use camel case for extensions as strings --- x509util/extensions.go | 50 ++++++++++++------------- x509util/extensions_test.go | 75 +++++++++++++++++++++---------------- 2 files changed, 67 insertions(+), 58 deletions(-) diff --git a/x509util/extensions.go b/x509util/extensions.go index 61fd0a97..663425c5 100644 --- a/x509util/extensions.go +++ b/x509util/extensions.go @@ -439,7 +439,7 @@ func (s SubjectAlternativeName) RawValue() (asn1.RawValue, error) { // The default type is printable, but if the value is prefixed with a // type, use that. - var value, params = s.Value, "printable" + value, params := s.Value, "printable" if strings.Contains(value, sanTypeSeparator) { params = strings.Split(value, sanTypeSeparator)[0] value = value[len(params)+1:] @@ -649,31 +649,31 @@ func (k KeyUsage) MarshalJSON() ([]byte, error) { var usages []string if x509.KeyUsage(k)&x509.KeyUsageDigitalSignature != 0 { - usages = append(usages, KeyUsageDigitalSignature) + usages = append(usages, "digitalSignature") } if x509.KeyUsage(k)&x509.KeyUsageContentCommitment != 0 { - usages = append(usages, KeyUsageContentCommitment) + usages = append(usages, "contentCommitment") } if x509.KeyUsage(k)&x509.KeyUsageKeyEncipherment != 0 { - usages = append(usages, KeyUsageKeyEncipherment) + usages = append(usages, "keyEncipherment") } if x509.KeyUsage(k)&x509.KeyUsageDataEncipherment != 0 { - usages = append(usages, KeyUsageDataEncipherment) + usages = append(usages, "dataEncipherment") } if x509.KeyUsage(k)&x509.KeyUsageKeyAgreement != 0 { - usages = append(usages, KeyUsageKeyAgreement) + usages = append(usages, "keyAgreement") } if x509.KeyUsage(k)&x509.KeyUsageCertSign != 0 { - usages = append(usages, KeyUsageCertSign) + usages = append(usages, "certSign") } if x509.KeyUsage(k)&x509.KeyUsageCRLSign != 0 { - usages = append(usages, KeyUsageCRLSign) + usages = append(usages, "crlSign") } if x509.KeyUsage(k)&x509.KeyUsageEncipherOnly != 0 { - usages = append(usages, KeyUsageEncipherOnly) + usages = append(usages, "encipherOnly") } if x509.KeyUsage(k)&x509.KeyUsageDecipherOnly != 0 { - usages = append(usages, KeyUsageDecipherOnly) + usages = append(usages, "decipherOnly") } if len(usages) == 0 && k != 0 { @@ -749,33 +749,33 @@ func (k ExtKeyUsage) MarshalJSON() ([]byte, error) { for i, eku := range k { switch eku { case x509.ExtKeyUsageAny: - usages[i] = ExtKeyUsageAny + usages[i] = "any" case x509.ExtKeyUsageServerAuth: - usages[i] = ExtKeyUsageServerAuth + usages[i] = "serverAuth" case x509.ExtKeyUsageClientAuth: - usages[i] = ExtKeyUsageClientAuth + usages[i] = "clientAuth" case x509.ExtKeyUsageCodeSigning: - usages[i] = ExtKeyUsageCodeSigning + usages[i] = "codeSigning" case x509.ExtKeyUsageEmailProtection: - usages[i] = ExtKeyUsageEmailProtection + usages[i] = "emailProtection" case x509.ExtKeyUsageIPSECEndSystem: - usages[i] = ExtKeyUsageIPSECEndSystem + usages[i] = "ipsecEndSystem" case x509.ExtKeyUsageIPSECTunnel: - usages[i] = ExtKeyUsageIPSECTunnel + usages[i] = "ipsecTunnel" case x509.ExtKeyUsageIPSECUser: - usages[i] = ExtKeyUsageIPSECUser + usages[i] = "ipsecUser" case x509.ExtKeyUsageTimeStamping: - usages[i] = ExtKeyUsageTimeStamping + usages[i] = "timeStamping" case x509.ExtKeyUsageOCSPSigning: - usages[i] = ExtKeyUsageOCSPSigning + usages[i] = "ocspSigning" case x509.ExtKeyUsageMicrosoftServerGatedCrypto: - usages[i] = ExtKeyUsageMicrosoftServerGatedCrypto + usages[i] = "microsoftServerGatedCrypto" case x509.ExtKeyUsageNetscapeServerGatedCrypto: - usages[i] = ExtKeyUsageNetscapeServerGatedCrypto + usages[i] = "netscapeServerGatedCrypto" case x509.ExtKeyUsageMicrosoftCommercialCodeSigning: - usages[i] = ExtKeyUsageMicrosoftCommercialCodeSigning + usages[i] = "microsoftCommercialCodeSigning" case x509.ExtKeyUsageMicrosoftKernelCodeSigning: - usages[i] = ExtKeyUsageMicrosoftKernelCodeSigning + usages[i] = "microsoftKernelCodeSigning" default: return nil, fmt.Errorf("unsupported extKeyUsage %v", eku) } @@ -1117,7 +1117,7 @@ type SubjectAlternativeNames struct { PermanentIdentifiers []PermanentIdentifier HardwareModuleNames []HardwareModuleName TPMHardwareDetails TPMHardwareDetails - //OtherNames []OtherName // TODO(hs): unused at the moment; do we need it? what type definition to use? + // OtherNames []OtherName // TODO(hs): unused at the moment; do we need it? what type definition to use? } // TPMHardwareDetails is a container for some details diff --git a/x509util/extensions_test.go b/x509util/extensions_test.go index 0e364bca..7c80b44f 100644 --- a/x509util/extensions_test.go +++ b/x509util/extensions_test.go @@ -319,16 +319,20 @@ func TestSubjectAlternativeName_RawValue(t *testing.T) { FullBytes: bytes.Join([][]byte{ {160, 31, 6, 8, 43, 6, 1, 5, 5, 7, 8, 4}, {160, 19, 0x30, 17, asn1.TagOID, 3, 0x20 | 0x0A, 3, 4}, - {0x80 | asn1.TagOctetString, 10}, []byte("0123456789"), + {0x80 | asn1.TagOctetString, 10}, + []byte("0123456789"), }, nil), }, false}, {"directoryName", fields{"dn", "", []byte(`{"country":"US","organization":"ACME","commonName":"rocket"}`)}, asn1.RawValue{ Class: 2, Tag: 4, IsCompound: true, Bytes: bytes.Join([][]byte{ {0x30, 45, 49, 11}, - {48, 9, 6, 3, 85, 4, 6, asn1.TagPrintableString, 2}, []byte("US"), - {49, 13, 48, 11, 6, 3, 85, 4, 10, asn1.TagPrintableString, 4}, []byte("ACME"), - {49, 15, 48, 13, 6, 3, 85, 4, 3, asn1.TagPrintableString, 6}, []byte("rocket"), + {48, 9, 6, 3, 85, 4, 6, asn1.TagPrintableString, 2}, + []byte("US"), + {49, 13, 48, 11, 6, 3, 85, 4, 10, asn1.TagPrintableString, 4}, + []byte("ACME"), + {49, 15, 48, 13, 6, 3, 85, 4, 3, asn1.TagPrintableString, 6}, + []byte("rocket"), }, nil), }, false}, {"userPrincipalName", fields{"userPrincipalName", "foo@bar.com", nil}, asn1.RawValue{ @@ -464,16 +468,16 @@ func TestKeyUsage_MarshalJSON(t *testing.T) { want string wantErr bool }{ - {"DigitalSignature", KeyUsage(x509.KeyUsageDigitalSignature), `["digitalsignature"]`, false}, - {"ContentCommitment", KeyUsage(x509.KeyUsageContentCommitment), `["contentcommitment"]`, false}, - {"KeyEncipherment", KeyUsage(x509.KeyUsageKeyEncipherment), `["keyencipherment"]`, false}, - {"DataEncipherment", KeyUsage(x509.KeyUsageDataEncipherment), `["dataencipherment"]`, false}, - {"KeyAgreement", KeyUsage(x509.KeyUsageKeyAgreement), `["keyagreement"]`, false}, - {"CertSign", KeyUsage(x509.KeyUsageCertSign), `["certsign"]`, false}, - {"CRLSign", KeyUsage(x509.KeyUsageCRLSign), `["crlsign"]`, false}, - {"EncipherOnly", KeyUsage(x509.KeyUsageEncipherOnly), `["encipheronly"]`, false}, - {"DecipherOnly", KeyUsage(x509.KeyUsageDecipherOnly), `["decipheronly"]`, false}, - {"DigitalSignature + KeyEncipherment", KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment), `["digitalsignature","keyencipherment"]`, false}, + {"DigitalSignature", KeyUsage(x509.KeyUsageDigitalSignature), `["digitalSignature"]`, false}, + {"ContentCommitment", KeyUsage(x509.KeyUsageContentCommitment), `["contentCommitment"]`, false}, + {"KeyEncipherment", KeyUsage(x509.KeyUsageKeyEncipherment), `["keyEncipherment"]`, false}, + {"DataEncipherment", KeyUsage(x509.KeyUsageDataEncipherment), `["dataEncipherment"]`, false}, + {"KeyAgreement", KeyUsage(x509.KeyUsageKeyAgreement), `["keyAgreement"]`, false}, + {"CertSign", KeyUsage(x509.KeyUsageCertSign), `["certSign"]`, false}, + {"CRLSign", KeyUsage(x509.KeyUsageCRLSign), `["crlSign"]`, false}, + {"EncipherOnly", KeyUsage(x509.KeyUsageEncipherOnly), `["encipherOnly"]`, false}, + {"DecipherOnly", KeyUsage(x509.KeyUsageDecipherOnly), `["decipherOnly"]`, false}, + {"DigitalSignature + KeyEncipherment", KeyUsage(x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment), `["digitalSignature","keyEncipherment"]`, false}, {"Error", KeyUsage(x509.KeyUsageDecipherOnly << 1), "", true}, } for _, tt := range tests { @@ -589,20 +593,20 @@ func TestExtKeyUsage_MarshalJSON(t *testing.T) { wantErr bool }{ {"Any", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageAny}), `["any"]`, false}, - {"ServerAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), `["serverauth"]`, false}, - {"ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), `["clientauth"]`, false}, - {"CodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), `["codesigning"]`, false}, - {"EmailProtection", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), `["emailprotection"]`, false}, - {"IPSECEndSystem", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), `["ipsecendsystem"]`, false}, - {"IPSECTunnel", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), `["ipsectunnel"]`, false}, - {"IPSECUser", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), `["ipsecuser"]`, false}, - {"TimeStamping", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), `["timestamping"]`, false}, - {"OCSPSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), `["ocspsigning"]`, false}, - {"MicrosoftServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), `["microsoftservergatedcrypto"]`, false}, - {"NetscapeServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), `["netscapeservergatedcrypto"]`, false}, - {"MicrosoftCommercialCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), `["microsoftcommercialcodesigning"]`, false}, - {"MicrosoftKernelCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), `["microsoftkernelcodesigning"]`, false}, - {"ServerAuth + ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}), `["serverauth","clientauth"]`, false}, + {"ServerAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}), `["serverAuth"]`, false}, + {"ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}), `["clientAuth"]`, false}, + {"CodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageCodeSigning}), `["codeSigning"]`, false}, + {"EmailProtection", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageEmailProtection}), `["emailProtection"]`, false}, + {"IPSECEndSystem", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECEndSystem}), `["ipsecEndSystem"]`, false}, + {"IPSECTunnel", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECTunnel}), `["ipsecTunnel"]`, false}, + {"IPSECUser", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageIPSECUser}), `["ipsecUser"]`, false}, + {"TimeStamping", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageTimeStamping}), `["timeStamping"]`, false}, + {"OCSPSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageOCSPSigning}), `["ocspSigning"]`, false}, + {"MicrosoftServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftServerGatedCrypto}), `["microsoftServerGatedCrypto"]`, false}, + {"NetscapeServerGatedCrypto", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageNetscapeServerGatedCrypto}), `["netscapeServerGatedCrypto"]`, false}, + {"MicrosoftCommercialCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftCommercialCodeSigning}), `["microsoftCommercialCodeSigning"]`, false}, + {"MicrosoftKernelCodeSigning", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning}), `["microsoftKernelCodeSigning"]`, false}, + {"ServerAuth + ClientAuth", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth}), `["serverAuth","clientAuth"]`, false}, {"Error", ExtKeyUsage([]x509.ExtKeyUsage{x509.ExtKeyUsageMicrosoftKernelCodeSigning + 1}), "", true}, } for _, tt := range tests { @@ -1311,9 +1315,12 @@ func Test_createSubjectAltNameExtension(t *testing.T) { Critical: false, Value: bytes.Join([][]byte{ {0x30, (2 + 7) + (2 + 11) + (2 + 11) + (2 + 4)}, - {0x80 | nameTypeDNS, 7}, []byte("foo.com"), - {0x80 | nameTypeEmail, 11}, []byte("bar@foo.com"), - {0x80 | nameTypeURI, 11}, []byte("urn:foo:bar"), + {0x80 | nameTypeDNS, 7}, + []byte("foo.com"), + {0x80 | nameTypeEmail, 11}, + []byte("bar@foo.com"), + {0x80 | nameTypeURI, 11}, + []byte("urn:foo:bar"), {0x80 | nameTypeIP, 4, 1, 2, 3, 4}, }, nil), }, false}, @@ -1327,9 +1334,11 @@ func Test_createSubjectAltNameExtension(t *testing.T) { Critical: false, Value: bytes.Join([][]byte{ {0x30, (2 + 7) + (2 + 20)}, - {0x80 | nameTypeDNS, 7}, []byte("foo.com"), + {0x80 | nameTypeDNS, 7}, + []byte("foo.com"), {0xA0, 20, asn1.TagOID, 3, 0x20 | 0x0A, 3, 4}, - {0xA0, 13, asn1.TagUTF8String, 11}, []byte("bar@foo.com"), + {0xA0, 13, asn1.TagUTF8String, 11}, + []byte("bar@foo.com"), }, nil), }, false}, {"fail dns", args{Certificate{ From 219f8eef9ac972828f268b9346362b8e36ac88ad Mon Sep 17 00:00:00 2001 From: Andrew Reed Date: Wed, 31 Jan 2024 12:30:27 -0600 Subject: [PATCH 3/3] Use camel case for exported extension strings Only use lowercase when unmarshaling --- x509util/extensions.go | 142 ++++++++++++++++++++--------------------- 1 file changed, 71 insertions(+), 71 deletions(-) diff --git a/x509util/extensions.go b/x509util/extensions.go index 663425c5..df104f72 100644 --- a/x509util/extensions.go +++ b/x509util/extensions.go @@ -23,34 +23,34 @@ func convertName(s string) string { } // Names used for key usages. -var ( - KeyUsageDigitalSignature = convertName("DigitalSignature") - KeyUsageContentCommitment = convertName("ContentCommitment") - KeyUsageKeyEncipherment = convertName("KeyEncipherment") - KeyUsageDataEncipherment = convertName("DataEncipherment") - KeyUsageKeyAgreement = convertName("KeyAgreement") - KeyUsageCertSign = convertName("CertSign") - KeyUsageCRLSign = convertName("CRLSign") - KeyUsageEncipherOnly = convertName("EncipherOnly") - KeyUsageDecipherOnly = convertName("DecipherOnly") +const ( + KeyUsageDigitalSignature = "digitalSignature" + KeyUsageContentCommitment = "contentCommitment" + KeyUsageKeyEncipherment = "keyEncipherment" + KeyUsageDataEncipherment = "dataEncipherment" + KeyUsageKeyAgreement = "keyAgreement" + KeyUsageCertSign = "certSign" + KeyUsageCRLSign = "crlSign" + KeyUsageEncipherOnly = "encipherOnly" + KeyUsageDecipherOnly = "decipherOnly" ) // Names used for extended key usages. -var ( - ExtKeyUsageAny = convertName("Any") - ExtKeyUsageServerAuth = convertName("ServerAuth") - ExtKeyUsageClientAuth = convertName("ClientAuth") - ExtKeyUsageCodeSigning = convertName("CodeSigning") - ExtKeyUsageEmailProtection = convertName("EmailProtection") - ExtKeyUsageIPSECEndSystem = convertName("IPSECEndSystem") - ExtKeyUsageIPSECTunnel = convertName("IPSECTunnel") - ExtKeyUsageIPSECUser = convertName("IPSECUser") - ExtKeyUsageTimeStamping = convertName("TimeStamping") - ExtKeyUsageOCSPSigning = convertName("OCSPSigning") - ExtKeyUsageMicrosoftServerGatedCrypto = convertName("MicrosoftServerGatedCrypto") - ExtKeyUsageNetscapeServerGatedCrypto = convertName("NetscapeServerGatedCrypto") - ExtKeyUsageMicrosoftCommercialCodeSigning = convertName("MicrosoftCommercialCodeSigning") - ExtKeyUsageMicrosoftKernelCodeSigning = convertName("MicrosoftKernelCodeSigning") +const ( + ExtKeyUsageAny = "any" + ExtKeyUsageServerAuth = "serverAuth" + ExtKeyUsageClientAuth = "clientAuth" + ExtKeyUsageCodeSigning = "codeSigning" + ExtKeyUsageEmailProtection = "emailProtection" + ExtKeyUsageIPSECEndSystem = "ipsecEndSystem" + ExtKeyUsageIPSECTunnel = "ipsecTunnel" + ExtKeyUsageIPSECUser = "ipsecUser" + ExtKeyUsageTimeStamping = "timeStamping" + ExtKeyUsageOCSPSigning = "ocspSigning" + ExtKeyUsageMicrosoftServerGatedCrypto = "microsoftServerGatedCrypto" + ExtKeyUsageNetscapeServerGatedCrypto = "netscapeServerGatedCrypto" + ExtKeyUsageMicrosoftCommercialCodeSigning = "microsoftCommercialCodeSigning" + ExtKeyUsageMicrosoftKernelCodeSigning = "microsoftKernelCodeSigning" ) // Names used and SubjectAlternativeNames types. @@ -616,23 +616,23 @@ func (k *KeyUsage) UnmarshalJSON(data []byte) error { for _, s := range ms { var ku x509.KeyUsage switch convertName(s) { - case KeyUsageDigitalSignature: + case convertName(KeyUsageDigitalSignature): ku = x509.KeyUsageDigitalSignature - case KeyUsageContentCommitment: + case convertName(KeyUsageContentCommitment): ku = x509.KeyUsageContentCommitment - case KeyUsageKeyEncipherment: + case convertName(KeyUsageKeyEncipherment): ku = x509.KeyUsageKeyEncipherment - case KeyUsageDataEncipherment: + case convertName(KeyUsageDataEncipherment): ku = x509.KeyUsageDataEncipherment - case KeyUsageKeyAgreement: + case convertName(KeyUsageKeyAgreement): ku = x509.KeyUsageKeyAgreement - case KeyUsageCertSign: + case convertName(KeyUsageCertSign): ku = x509.KeyUsageCertSign - case KeyUsageCRLSign: + case convertName(KeyUsageCRLSign): ku = x509.KeyUsageCRLSign - case KeyUsageEncipherOnly: + case convertName(KeyUsageEncipherOnly): ku = x509.KeyUsageEncipherOnly - case KeyUsageDecipherOnly: + case convertName(KeyUsageDecipherOnly): ku = x509.KeyUsageDecipherOnly default: return errors.Errorf("unsupported keyUsage %s", s) @@ -649,31 +649,31 @@ func (k KeyUsage) MarshalJSON() ([]byte, error) { var usages []string if x509.KeyUsage(k)&x509.KeyUsageDigitalSignature != 0 { - usages = append(usages, "digitalSignature") + usages = append(usages, KeyUsageDigitalSignature) } if x509.KeyUsage(k)&x509.KeyUsageContentCommitment != 0 { - usages = append(usages, "contentCommitment") + usages = append(usages, KeyUsageContentCommitment) } if x509.KeyUsage(k)&x509.KeyUsageKeyEncipherment != 0 { - usages = append(usages, "keyEncipherment") + usages = append(usages, KeyUsageKeyEncipherment) } if x509.KeyUsage(k)&x509.KeyUsageDataEncipherment != 0 { - usages = append(usages, "dataEncipherment") + usages = append(usages, KeyUsageDataEncipherment) } if x509.KeyUsage(k)&x509.KeyUsageKeyAgreement != 0 { - usages = append(usages, "keyAgreement") + usages = append(usages, KeyUsageKeyAgreement) } if x509.KeyUsage(k)&x509.KeyUsageCertSign != 0 { - usages = append(usages, "certSign") + usages = append(usages, KeyUsageCertSign) } if x509.KeyUsage(k)&x509.KeyUsageCRLSign != 0 { - usages = append(usages, "crlSign") + usages = append(usages, KeyUsageCRLSign) } if x509.KeyUsage(k)&x509.KeyUsageEncipherOnly != 0 { - usages = append(usages, "encipherOnly") + usages = append(usages, KeyUsageEncipherOnly) } if x509.KeyUsage(k)&x509.KeyUsageDecipherOnly != 0 { - usages = append(usages, "decipherOnly") + usages = append(usages, KeyUsageDecipherOnly) } if len(usages) == 0 && k != 0 { @@ -703,33 +703,33 @@ func (k *ExtKeyUsage) UnmarshalJSON(data []byte) error { for i, s := range ms { var ku x509.ExtKeyUsage switch convertName(s) { - case ExtKeyUsageAny: + case convertName(ExtKeyUsageAny): ku = x509.ExtKeyUsageAny - case ExtKeyUsageServerAuth: + case convertName(ExtKeyUsageServerAuth): ku = x509.ExtKeyUsageServerAuth - case ExtKeyUsageClientAuth: + case convertName(ExtKeyUsageClientAuth): ku = x509.ExtKeyUsageClientAuth - case ExtKeyUsageCodeSigning: + case convertName(ExtKeyUsageCodeSigning): ku = x509.ExtKeyUsageCodeSigning - case ExtKeyUsageEmailProtection: + case convertName(ExtKeyUsageEmailProtection): ku = x509.ExtKeyUsageEmailProtection - case ExtKeyUsageIPSECEndSystem: + case convertName(ExtKeyUsageIPSECEndSystem): ku = x509.ExtKeyUsageIPSECEndSystem - case ExtKeyUsageIPSECTunnel: + case convertName(ExtKeyUsageIPSECTunnel): ku = x509.ExtKeyUsageIPSECTunnel - case ExtKeyUsageIPSECUser: + case convertName(ExtKeyUsageIPSECUser): ku = x509.ExtKeyUsageIPSECUser - case ExtKeyUsageTimeStamping: + case convertName(ExtKeyUsageTimeStamping): ku = x509.ExtKeyUsageTimeStamping - case ExtKeyUsageOCSPSigning: + case convertName(ExtKeyUsageOCSPSigning): ku = x509.ExtKeyUsageOCSPSigning - case ExtKeyUsageMicrosoftServerGatedCrypto: + case convertName(ExtKeyUsageMicrosoftServerGatedCrypto): ku = x509.ExtKeyUsageMicrosoftServerGatedCrypto - case ExtKeyUsageNetscapeServerGatedCrypto: + case convertName(ExtKeyUsageNetscapeServerGatedCrypto): ku = x509.ExtKeyUsageNetscapeServerGatedCrypto - case ExtKeyUsageMicrosoftCommercialCodeSigning: + case convertName(ExtKeyUsageMicrosoftCommercialCodeSigning): ku = x509.ExtKeyUsageMicrosoftCommercialCodeSigning - case ExtKeyUsageMicrosoftKernelCodeSigning: + case convertName(ExtKeyUsageMicrosoftKernelCodeSigning): ku = x509.ExtKeyUsageMicrosoftKernelCodeSigning default: return errors.Errorf("unsupported extKeyUsage %s", s) @@ -749,33 +749,33 @@ func (k ExtKeyUsage) MarshalJSON() ([]byte, error) { for i, eku := range k { switch eku { case x509.ExtKeyUsageAny: - usages[i] = "any" + usages[i] = ExtKeyUsageAny case x509.ExtKeyUsageServerAuth: - usages[i] = "serverAuth" + usages[i] = ExtKeyUsageServerAuth case x509.ExtKeyUsageClientAuth: - usages[i] = "clientAuth" + usages[i] = ExtKeyUsageClientAuth case x509.ExtKeyUsageCodeSigning: - usages[i] = "codeSigning" + usages[i] = ExtKeyUsageCodeSigning case x509.ExtKeyUsageEmailProtection: - usages[i] = "emailProtection" + usages[i] = ExtKeyUsageEmailProtection case x509.ExtKeyUsageIPSECEndSystem: - usages[i] = "ipsecEndSystem" + usages[i] = ExtKeyUsageIPSECEndSystem case x509.ExtKeyUsageIPSECTunnel: - usages[i] = "ipsecTunnel" + usages[i] = ExtKeyUsageIPSECTunnel case x509.ExtKeyUsageIPSECUser: - usages[i] = "ipsecUser" + usages[i] = ExtKeyUsageIPSECUser case x509.ExtKeyUsageTimeStamping: - usages[i] = "timeStamping" + usages[i] = ExtKeyUsageTimeStamping case x509.ExtKeyUsageOCSPSigning: - usages[i] = "ocspSigning" + usages[i] = ExtKeyUsageOCSPSigning case x509.ExtKeyUsageMicrosoftServerGatedCrypto: - usages[i] = "microsoftServerGatedCrypto" + usages[i] = ExtKeyUsageMicrosoftServerGatedCrypto case x509.ExtKeyUsageNetscapeServerGatedCrypto: - usages[i] = "netscapeServerGatedCrypto" + usages[i] = ExtKeyUsageNetscapeServerGatedCrypto case x509.ExtKeyUsageMicrosoftCommercialCodeSigning: - usages[i] = "microsoftCommercialCodeSigning" + usages[i] = ExtKeyUsageMicrosoftCommercialCodeSigning case x509.ExtKeyUsageMicrosoftKernelCodeSigning: - usages[i] = "microsoftKernelCodeSigning" + usages[i] = ExtKeyUsageMicrosoftKernelCodeSigning default: return nil, fmt.Errorf("unsupported extKeyUsage %v", eku) }