-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathcert.go
93 lines (77 loc) · 2.31 KB
/
cert.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
package dyocsp
import (
"encoding/asn1"
"encoding/binary"
"fmt"
)
const (
constructedBit = 0x20
constructedSequence = asn1.TagSequence | constructedBit
iniZeroOfBitString = 0x00
longFormCheckMask = 0x80
tagLen = 1
shortFormLen = 1
)
func skipIDAndLenOctets(octets []byte, offset int) int {
offset += tagLen // Identifier octet
if octets[offset]&longFormCheckMask > 0 {
lenLen := ((octets[offset] << 1) >> 1)
offset++
offset += int(lenLen) // length octet
} else {
offset += shortFormLen // length octet
}
return offset
}
func skipIDAndLenAndContOctets(octets []byte, offset int) int {
offset += tagLen // Identifier octet - 1byte
if octets[offset]&longFormCheckMask > 0 {
lenLen := ((octets[offset] << 1) >> 1)
offset++
conLen := int(binary.BigEndian.Uint64(octets[offset:lenLen]))
offset += int(lenLen) // length octet
offset += conLen // content octet
} else {
offset += shortFormLen // length octet
offset += int(octets[offset-1]) // content octet
}
return offset
}
func extractSubjectPublicKey(keyInfo []byte) ([]byte, error) {
var offset int
// Constructed SEQUENCE
if keyInfo[offset] != constructedSequence {
return nil, invalidPKIResourceError{
responderCert, fmt.Sprintf("offset %d is not ASN.1 Constructed SEQUENCE.", offset),
}
}
// subectPublicKeyInfo identifier and length octets
offset = skipIDAndLenOctets(keyInfo, offset)
// Constructed SEQUENCE
if keyInfo[offset] != constructedSequence {
return nil, invalidPKIResourceError{
responderCert, fmt.Sprintf("offset %d is not ASN.1 Constructed SEQUENCE.", offset),
}
}
// subectPublicKeyInfo identifier and length and content octets
offset = skipIDAndLenAndContOctets(keyInfo, offset)
// Primitive BIT STRING
if keyInfo[offset] != asn1.TagBitString {
return nil, invalidPKIResourceError{
responderCert, fmt.Sprintf("offset %d is not ASN.1 BIT STRING.", offset),
}
}
// subectPublicKey identifier and length octets
offset = skipIDAndLenOctets(keyInfo, offset)
// initial octet followed by zero of BIT STRING content
if keyInfo[offset] != iniZeroOfBitString {
return nil, invalidPKIResourceError{
responderCert, fmt.Sprintf(
"offset %d is not ASN.1 initial octet followed by zero of BIT STRING content.",
offset,
),
}
}
offset++
return keyInfo[offset:], nil
}