crypto/x509: add ExtKeyUsage.String and KeyUsage.String methods

author Filippo Valsorda <filippo@golang.org>

Sat, 22 Nov 2025 15:26:24 +0000 (16:26 +0100)

committer Gopher Robot <gobot@golang.org>

Tue, 25 Nov 2025 00:19:47 +0000 (16:19 -0800)
author Filippo Valsorda <filippo@golang.org>
Sat, 22 Nov 2025 15:26:24 +0000 (16:26 +0100)
committer Gopher Robot <gobot@golang.org>
Tue, 25 Nov 2025 00:19:47 +0000 (16:19 -0800)
diff --git a/api/next/56866.txt b/api/next/56866.txt

new file mode 100644 (file)

index 0000000..ff6990a
--- /dev/null
+++ b/api/next/56866.txt
@@ -0,0 +1,2 @@
+pkg crypto/x509, method (ExtKeyUsage) String() string #56866
+pkg crypto/x509, method (KeyUsage) String() string #56866
diff --git a/doc/next/6-stdlib/99-minor/crypto/x509/56866.md b/doc/next/6-stdlib/99-minor/crypto/x509/56866.md

new file mode 100644 (file)

index 0000000..0aa8f06
--- /dev/null
+++ b/doc/next/6-stdlib/99-minor/crypto/x509/56866.md
@@ -0,0 +1,2 @@
+The [ExtKeyUsage] and [KeyUsage] types now have String methods that return the
+correspodning OID names as defined in RFC 5280 and other registries.
diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go

index 12e59335b2d88f8a9c036b284c3766eeef8dbdc2..b13e0933456f5392db98bdf90404fc635b09a470 100644 (file)
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -1157,7 +1157,7 @@ NextCert:
                         }
                 }
  
-               const invalidUsage ExtKeyUsage = -1
+               const invalidUsage = -1
  
         NextRequestedUsage:
                 for i, requestedUsage := range usages {
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go

index 1f06b4fbc578fe250016b902843a9fdfb09273a4..afd3d8673a7ac9c2bc7ff8b90cbd195d50836def 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -582,16 +582,18 @@ func oidFromECDHCurve(curve ecdh.Curve) (asn1.ObjectIdentifier, bool) {
  // a bitmap of the KeyUsage* constants.
  type KeyUsage int
  
+//go:generate stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go
+
  const (
-       KeyUsageDigitalSignature KeyUsage = 1 << iota
-       KeyUsageContentCommitment
-       KeyUsageKeyEncipherment
-       KeyUsageDataEncipherment
-       KeyUsageKeyAgreement
-       KeyUsageCertSign
-       KeyUsageCRLSign
-       KeyUsageEncipherOnly
-       KeyUsageDecipherOnly
+       KeyUsageDigitalSignature  KeyUsage = 1 << iota // digitalSignature
+       KeyUsageContentCommitment                      // contentCommitment
+       KeyUsageKeyEncipherment                        // keyEncipherment
+       KeyUsageDataEncipherment                       // dataEncipherment
+       KeyUsageKeyAgreement                           // keyAgreement
+       KeyUsageCertSign                               // keyCertSign
+       KeyUsageCRLSign                                // cRLSign
+       KeyUsageEncipherOnly                           // encipherOnly
+       KeyUsageDecipherOnly                           // decipherOnly
  )
  
  // RFC 5280, 4.2.1.12  Extended Key Usage
@@ -606,6 +608,8 @@ const (
  //     id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
  //     id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
  //     id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+//
+// https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
  var (
         oidExtKeyUsageAny                            = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
         oidExtKeyUsageServerAuth                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
@@ -628,20 +632,20 @@ var (
  type ExtKeyUsage int
  
  const (
-       ExtKeyUsageAny ExtKeyUsage = iota
-       ExtKeyUsageServerAuth
-       ExtKeyUsageClientAuth
-       ExtKeyUsageCodeSigning
-       ExtKeyUsageEmailProtection
-       ExtKeyUsageIPSECEndSystem
-       ExtKeyUsageIPSECTunnel
-       ExtKeyUsageIPSECUser
-       ExtKeyUsageTimeStamping
-       ExtKeyUsageOCSPSigning
-       ExtKeyUsageMicrosoftServerGatedCrypto
-       ExtKeyUsageNetscapeServerGatedCrypto
-       ExtKeyUsageMicrosoftCommercialCodeSigning
-       ExtKeyUsageMicrosoftKernelCodeSigning
+       ExtKeyUsageAny                            ExtKeyUsage = iota // anyExtendedKeyUsage
+       ExtKeyUsageServerAuth                                        // serverAuth
+       ExtKeyUsageClientAuth                                        // clientAuth
+       ExtKeyUsageCodeSigning                                       // codeSigning
+       ExtKeyUsageEmailProtection                                   // emailProtection
+       ExtKeyUsageIPSECEndSystem                                    // ipsecEndSystem
+       ExtKeyUsageIPSECTunnel                                       // ipsecTunnel
+       ExtKeyUsageIPSECUser                                         // ipsecUser
+       ExtKeyUsageTimeStamping                                      // timeStamping
+       ExtKeyUsageOCSPSigning                                       // OCSPSigning
+       ExtKeyUsageMicrosoftServerGatedCrypto                        // msSGC
+       ExtKeyUsageNetscapeServerGatedCrypto                         // nsSGC
+       ExtKeyUsageMicrosoftCommercialCodeSigning                    // msCodeCom
+       ExtKeyUsageMicrosoftKernelCodeSigning                        // msKernelCode
  )
  
  // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID.
diff --git a/src/crypto/x509/x509_string.go b/src/crypto/x509/x509_string.go

new file mode 100644 (file)

index 0000000..9670b25
--- /dev/null
+++ b/src/crypto/x509/x509_string.go
@@ -0,0 +1,90 @@
+// Code generated by "stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go"; DO NOT EDIT.
+
+package x509
+
+import "strconv"
+
+func _() {
+       // An "invalid array index" compiler error signifies that the constant values have changed.
+       // Re-run the stringer command to generate them again.
+       var x [1]struct{}
+       _ = x[KeyUsageDigitalSignature-1]
+       _ = x[KeyUsageContentCommitment-2]
+       _ = x[KeyUsageKeyEncipherment-4]
+       _ = x[KeyUsageDataEncipherment-8]
+       _ = x[KeyUsageKeyAgreement-16]
+       _ = x[KeyUsageCertSign-32]
+       _ = x[KeyUsageCRLSign-64]
+       _ = x[KeyUsageEncipherOnly-128]
+       _ = x[KeyUsageDecipherOnly-256]
+}
+
+const (
+       _KeyUsage_name_0 = "digitalSignaturecontentCommitment"
+       _KeyUsage_name_1 = "keyEncipherment"
+       _KeyUsage_name_2 = "dataEncipherment"
+       _KeyUsage_name_3 = "keyAgreement"
+       _KeyUsage_name_4 = "keyCertSign"
+       _KeyUsage_name_5 = "cRLSign"
+       _KeyUsage_name_6 = "encipherOnly"
+       _KeyUsage_name_7 = "decipherOnly"
+)
+
+var (
+       _KeyUsage_index_0 = [...]uint8{0, 16, 33}
+)
+
+func (i KeyUsage) String() string {
+       switch {
+       case 1 <= i && i <= 2:
+               i -= 1
+               return _KeyUsage_name_0[_KeyUsage_index_0[i]:_KeyUsage_index_0[i+1]]
+       case i == 4:
+               return _KeyUsage_name_1
+       case i == 8:
+               return _KeyUsage_name_2
+       case i == 16:
+               return _KeyUsage_name_3
+       case i == 32:
+               return _KeyUsage_name_4
+       case i == 64:
+               return _KeyUsage_name_5
+       case i == 128:
+               return _KeyUsage_name_6
+       case i == 256:
+               return _KeyUsage_name_7
+       default:
+               return "KeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
+       }
+}
+func _() {
+       // An "invalid array index" compiler error signifies that the constant values have changed.
+       // Re-run the stringer command to generate them again.
+       var x [1]struct{}
+       _ = x[ExtKeyUsageAny-0]
+       _ = x[ExtKeyUsageServerAuth-1]
+       _ = x[ExtKeyUsageClientAuth-2]
+       _ = x[ExtKeyUsageCodeSigning-3]
+       _ = x[ExtKeyUsageEmailProtection-4]
+       _ = x[ExtKeyUsageIPSECEndSystem-5]
+       _ = x[ExtKeyUsageIPSECTunnel-6]
+       _ = x[ExtKeyUsageIPSECUser-7]
+       _ = x[ExtKeyUsageTimeStamping-8]
+       _ = x[ExtKeyUsageOCSPSigning-9]
+       _ = x[ExtKeyUsageMicrosoftServerGatedCrypto-10]
+       _ = x[ExtKeyUsageNetscapeServerGatedCrypto-11]
+       _ = x[ExtKeyUsageMicrosoftCommercialCodeSigning-12]
+       _ = x[ExtKeyUsageMicrosoftKernelCodeSigning-13]
+}
+
+const _ExtKeyUsage_name = "anyExtendedKeyUsageserverAuthclientAuthcodeSigningemailProtectionipsecEndSystemipsecTunnelipsecUsertimeStampingOCSPSigningmsSGCnsSGCmsCodeCommsKernelCode"
+
+var _ExtKeyUsage_index = [...]uint8{0, 19, 29, 39, 50, 65, 79, 90, 99, 111, 122, 127, 132, 141, 153}
+
+func (i ExtKeyUsage) String() string {
+       idx := int(i) - 0
+       if i < 0 || idx >= len(_ExtKeyUsage_index)-1 {
+               return "ExtKeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
+       }
+       return _ExtKeyUsage_name[_ExtKeyUsage_index[idx]:_ExtKeyUsage_index[idx+1]]
+}
author	Filippo Valsorda <filippo@golang.org>
	Sat, 22 Nov 2025 15:26:24 +0000 (16:26 +0100)
committer	Gopher Robot <gobot@golang.org>
	Tue, 25 Nov 2025 00:19:47 +0000 (16:19 -0800)
api/next/56866.txt	[new file with mode: 0644]	patch \| blob
doc/next/6-stdlib/99-minor/crypto/x509/56866.md	[new file with mode: 0644]	patch \| blob
src/crypto/x509/verify.go		patch \| blob \| history
src/crypto/x509/x509.go		patch \| blob \| history
src/crypto/x509/x509_string.go	[new file with mode: 0644]	patch \| blob