-
Notifications
You must be signed in to change notification settings - Fork 43
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Added trustpolicy and truststore packages under verification (#192
) Signed-off-by: Patrick Zheng <[email protected]>
- Loading branch information
1 parent
c3e6e07
commit 79b49af
Showing
14 changed files
with
1,351 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| package pkix | ||
|
|
||
| import ( | ||
| "fmt" | ||
|
|
||
| ldapv3 "github.com/go-ldap/ldap/v3" | ||
| ) | ||
|
|
||
| // ParseDistinguishedName parses a DN name and validates Notary V2 rules | ||
| func ParseDistinguishedName(name string) (map[string]string, error) { | ||
| mandatoryFields := []string{"C", "ST", "O"} | ||
| attrKeyValue := make(map[string]string) | ||
| dn, err := ldapv3.ParseDN(name) | ||
|
|
||
| if err != nil { | ||
| return nil, fmt.Errorf("distinguished name (DN) %q is not valid, it must contain 'C', 'ST', and 'O' RDN attributes at a minimum, and follow RFC 4514 standard", name) | ||
| } | ||
|
|
||
| for _, rdn := range dn.RDNs { | ||
|
|
||
| // multi-valued RDNs are not supported (TODO: add spec reference here) | ||
| if len(rdn.Attributes) > 1 { | ||
| return nil, fmt.Errorf("distinguished name (DN) %q has multi-valued RDN attributes, remove multi-valued RDN attributes as they are not supported", name) | ||
| } | ||
| for _, attribute := range rdn.Attributes { | ||
| if attrKeyValue[attribute.Type] == "" { | ||
| attrKeyValue[attribute.Type] = attribute.Value | ||
| } else { | ||
| return nil, fmt.Errorf("distinguished name (DN) %q has duplicate RDN attribute for %q, DN can only have unique RDN attributes", name, attribute.Type) | ||
| } | ||
| } | ||
| } | ||
|
|
||
| // Verify mandatory fields are present | ||
| for _, field := range mandatoryFields { | ||
| if attrKeyValue[field] == "" { | ||
| return nil, fmt.Errorf("distinguished name (DN) %q has no mandatory RDN attribute for %q, it must contain 'C', 'ST', and 'O' RDN attributes at a minimum", name, field) | ||
| } | ||
| } | ||
| // No errors | ||
| return attrKeyValue, nil | ||
| } | ||
|
|
||
| // IsSubsetDN returns true if dn1 is a subset of dn2 i.e. every key/value pair of dn1 has a matching key/value pair in dn2, otherwise returns false | ||
| func IsSubsetDN(dn1 map[string]string, dn2 map[string]string) bool { | ||
| for key := range dn1 { | ||
| if dn1[key] != dn2[key] { | ||
| return false | ||
| } | ||
| } | ||
| return true | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,11 @@ | ||
| package slice | ||
|
|
||
| // Contains reports whether v is present in s. | ||
| func Contains[E comparable](s []E, v E) bool { | ||
| for _, vs := range s { | ||
| if v == vs { | ||
| return true | ||
| } | ||
| } | ||
| return false | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| package trustpolicy | ||
|
|
||
| const ( | ||
| Wildcard = "*" | ||
| X509Subject = "x509.subject" | ||
| ) |
1 change: 1 addition & 0 deletions
1
verification/testdata/truststore/x509/ca/trust-store-with-invalid-certs/invalid
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| invalid |
43 changes: 43 additions & 0 deletions
43
...stdata/truststore/x509/ca/trust-store-with-leaf-certs-in-single-file/RootAndLeafCerts.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL | ||
| MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe | ||
| MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX | ||
| DTIyMDkyMTA2MzExM1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD | ||
| VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1u | ||
| ZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiZp5O+ | ||
| 6YtaNO5GbWaZUxvJPXktJ7k7LBX5G/Kn6eh9JkJln1agqbax9MRDB/5YCdQBKMBq | ||
| NE2wYIwmCs7ArFU5DxvRhoBnCGLjcsIZ9pfaZ6lBppEvxMmUAYDmgjze0J13PwRp | ||
| WAZMfBlisZnJAWokgE5sWtggUXURyFk67H0R+4sWlm8SSZOiJCA/e0bYPCHTfFA/ | ||
| 2zg6koNRSwvI6zvftGnnJ9ny0BTuGOjZ6lDfIX5awFrgRdO8wmwejo4oJ45tUotF | ||
| /Rt/yHkmjdGhONbJjcMLf9AIyVwMHg6t6mj2SYbHqzIyTcpjk90HgeiU5eS5JMqj | ||
| Jkug5U9XrGGCqIcCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG | ||
| CCsGAQUFBwMDMB8GA1UdIwQYMBaAFLAy4Il5S9zOd/AMWF8hATmldAjYMA0GCSqG | ||
| SIb3DQEBCwUAA4IBAQBLYBnSuMNCzzLmeqH/wBr6kKUtF10AN9VF8/3iZW8iCj4B | ||
| Bx7VDq7iZR/G9UTLsWdZqkkxnOGu4QffBHz2Lc1v9D923EEPDAP5mJYvUchvdXYT | ||
| lmyQr9QEjRC6IFhlBB27Bi207QJ8UxYgmbseQ3FQFE16Usdmlg9iWDn5tx/DZn9/ | ||
| yUd81yKKYp2uLx0x2sQDJh61QSZB6jtzjN7w4Xax2NViabLaH7raMrDbIqigkXJh | ||
| iXG9fWx1Ax7S3dJVIglbZGPgYDW14Ass40gs8vcOBg8CwszrKiEuwp20d12Ky87/ | ||
| 0pLsOWJmcNyXbd3gztX01N1frSEbvTBJNI9E/jmI | ||
| -----END CERTIFICATE----- | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL | ||
| MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe | ||
| MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX | ||
| DTIyMTAyMDA2MzExM1owXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD | ||
| VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxHjAcBgNVBAMTFXdhYmJpdC1u | ||
| ZXR3b3Jrcy5pbyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNM | ||
| 3dUToC4TyegGMw47ax9aZt13pQgTeV7xZbVsOmZiv/8gZ9tEZWgQbvBJrWUH8y4o | ||
| eQLCVQOTESNP2TSyTqizNtG1ex6YfSpWKSqUkfGX2II9xCX8hNXZqTphAjrGGf2Z | ||
| EOLRIIkbhjkuiAR+7q4TF/KJhdfYD1HQBJ2PF92egV5JEZTrxIjVIi+WK19VKSwx | ||
| m7oFiijve4VPaQYQnWgj0dk+Tn9cMB/OMX6cszoJbn98ogQIvWaY3dd1qba4uGJ9 | ||
| vmkNKDJcUd1PbkaVlikXC4UM+PxXy7/ZvSihOXurAPIChS6JgWC8Ru2vxm9SC+BN | ||
| 5J/hr92W2TdsrvLkrc8CAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| MAoGCCsGAQUFBwMDMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFLAy4Il5 | ||
| S9zOd/AMWF8hATmldAjYMA0GCSqGSIb3DQEBCwUAA4IBAQCTf6GbT5Z0x5ciNr9i | ||
| 8i+QsIAg7ZHzv5RLLJuocGcKwbdi+btU6BPl/X4U5ZB6OArv4oiyPSbECoxkgGRq | ||
| cj+mfzXdm/3jEyRskHDfoxcJFYmcBsEykS7DoLYEy5HxgKSaGOLl4dMWbbj/E8mR | ||
| e9XC5ruvPNZX52pQMqSqUUTYlbR4YQojsp7ShcLLD/Iea90wXk44+wHAKNFpwkN1 | ||
| h5JMlYm+jKkol6u/Nmd3vNqhzrL91ZLPVtSWpfsBxh7l4BsDns2uPl+/fgCav9MJ | ||
| jUkWJbEaDPY5bSbHDhCbxMO37VbvkkFUvz7lfKAkXj6DnkPzMj3++KTFNdw3fJ4+ | ||
| WzLe | ||
| -----END CERTIFICATE----- |
22 changes: 22 additions & 0 deletions
22
verification/testdata/truststore/x509/ca/trust-store-with-leaf-certs/GlobalSignRootCA.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDjzCCAnegAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL | ||
| MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe | ||
| MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX | ||
| DTIyMTAyMDA2MzExM1owXTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD | ||
| VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxHjAcBgNVBAMTFXdhYmJpdC1u | ||
| ZXR3b3Jrcy5pbyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKNM | ||
| 3dUToC4TyegGMw47ax9aZt13pQgTeV7xZbVsOmZiv/8gZ9tEZWgQbvBJrWUH8y4o | ||
| eQLCVQOTESNP2TSyTqizNtG1ex6YfSpWKSqUkfGX2II9xCX8hNXZqTphAjrGGf2Z | ||
| EOLRIIkbhjkuiAR+7q4TF/KJhdfYD1HQBJ2PF92egV5JEZTrxIjVIi+WK19VKSwx | ||
| m7oFiijve4VPaQYQnWgj0dk+Tn9cMB/OMX6cszoJbn98ogQIvWaY3dd1qba4uGJ9 | ||
| vmkNKDJcUd1PbkaVlikXC4UM+PxXy7/ZvSihOXurAPIChS6JgWC8Ru2vxm9SC+BN | ||
| 5J/hr92W2TdsrvLkrc8CAwEAAaNaMFgwDgYDVR0PAQH/BAQDAgIEMBMGA1UdJQQM | ||
| MAoGCCsGAQUFBwMDMBIGA1UdEwEB/wQIMAYBAf8CAQEwHQYDVR0OBBYEFLAy4Il5 | ||
| S9zOd/AMWF8hATmldAjYMA0GCSqGSIb3DQEBCwUAA4IBAQCTf6GbT5Z0x5ciNr9i | ||
| 8i+QsIAg7ZHzv5RLLJuocGcKwbdi+btU6BPl/X4U5ZB6OArv4oiyPSbECoxkgGRq | ||
| cj+mfzXdm/3jEyRskHDfoxcJFYmcBsEykS7DoLYEy5HxgKSaGOLl4dMWbbj/E8mR | ||
| e9XC5ruvPNZX52pQMqSqUUTYlbR4YQojsp7ShcLLD/Iea90wXk44+wHAKNFpwkN1 | ||
| h5JMlYm+jKkol6u/Nmd3vNqhzrL91ZLPVtSWpfsBxh7l4BsDns2uPl+/fgCav9MJ | ||
| jUkWJbEaDPY5bSbHDhCbxMO37VbvkkFUvz7lfKAkXj6DnkPzMj3++KTFNdw3fJ4+ | ||
| WzLe | ||
| -----END CERTIFICATE----- |
21 changes: 21 additions & 0 deletions
21
verification/testdata/truststore/x509/ca/trust-store-with-leaf-certs/non-ca.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDejCCAmKgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJVUzEL | ||
| MAkGA1UECBMCV0ExEDAOBgNVBAcTB1NlYXR0bGUxDzANBgNVBAoTBk5vdGFyeTEe | ||
| MBwGA1UEAxMVd2FiYml0LW5ldHdvcmtzLmlvIENBMB4XDTIyMDkyMDA2MzExM1oX | ||
| DTIyMDkyMTA2MzExM1owWjELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAldBMRAwDgYD | ||
| VQQHEwdTZWF0dGxlMQ8wDQYDVQQKEwZOb3RhcnkxGzAZBgNVBAMTEndhYmJpdC1u | ||
| ZXR3b3Jrcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALiZp5O+ | ||
| 6YtaNO5GbWaZUxvJPXktJ7k7LBX5G/Kn6eh9JkJln1agqbax9MRDB/5YCdQBKMBq | ||
| NE2wYIwmCs7ArFU5DxvRhoBnCGLjcsIZ9pfaZ6lBppEvxMmUAYDmgjze0J13PwRp | ||
| WAZMfBlisZnJAWokgE5sWtggUXURyFk67H0R+4sWlm8SSZOiJCA/e0bYPCHTfFA/ | ||
| 2zg6koNRSwvI6zvftGnnJ9ny0BTuGOjZ6lDfIX5awFrgRdO8wmwejo4oJ45tUotF | ||
| /Rt/yHkmjdGhONbJjcMLf9AIyVwMHg6t6mj2SYbHqzIyTcpjk90HgeiU5eS5JMqj | ||
| Jkug5U9XrGGCqIcCAwEAAaNIMEYwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQMMAoG | ||
| CCsGAQUFBwMDMB8GA1UdIwQYMBaAFLAy4Il5S9zOd/AMWF8hATmldAjYMA0GCSqG | ||
| SIb3DQEBCwUAA4IBAQBLYBnSuMNCzzLmeqH/wBr6kKUtF10AN9VF8/3iZW8iCj4B | ||
| Bx7VDq7iZR/G9UTLsWdZqkkxnOGu4QffBHz2Lc1v9D923EEPDAP5mJYvUchvdXYT | ||
| lmyQr9QEjRC6IFhlBB27Bi207QJ8UxYgmbseQ3FQFE16Usdmlg9iWDn5tx/DZn9/ | ||
| yUd81yKKYp2uLx0x2sQDJh61QSZB6jtzjN7w4Xax2NViabLaH7raMrDbIqigkXJh | ||
| iXG9fWx1Ax7S3dJVIglbZGPgYDW14Ass40gs8vcOBg8CwszrKiEuwp20d12Ky87/ | ||
| 0pLsOWJmcNyXbd3gztX01N1frSEbvTBJNI9E/jmI | ||
| -----END CERTIFICATE----- |
1 change: 1 addition & 0 deletions
1
verification/testdata/truststore/x509/ca/valid-trust-store_SYMLINK/valid-trust-store_SYMLINK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| ca/valid-trust-store |
Binary file added
BIN
+867 Bytes
verification/testdata/truststore/x509/signingAuthority/valid-trust-store-2/GlobalSign.der
Binary file not shown.
21 changes: 21 additions & 0 deletions
21
...cation/testdata/truststore/x509/signingAuthority/valid-trust-store-2/GlobalSignRootCA.crt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4G | ||
| A1UECxMXR2xvYmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNp | ||
| Z24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4 | ||
| MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxTaWduIFJvb3QgQ0EgLSBSMzETMBEG | ||
| A1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2lnbjCCASIwDQYJKoZI | ||
| hvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWtiHL8 | ||
| RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsT | ||
| gHeMCOFJ0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmm | ||
| KPZpO/bLyCiR5Z2KYVc3rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zd | ||
| QQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjlOCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZ | ||
| XriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2xmmFghcCAwEAAaNCMEAw | ||
| DgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFI/wS3+o | ||
| LkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZU | ||
| RUm7lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMp | ||
| jjM5RcOO5LlXbKr8EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK | ||
| 6fBdRoyV3XpYKBovHd7NADdBj+1EbddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQX | ||
| mcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18YIvDQVETI53O9zJrlAGomecs | ||
| Mx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7rkpeDMdmztcpH | ||
| WD9f | ||
| -----END CERTIFICATE----- |
Oops, something went wrong.