From c6f882f6c58ed56fa4bd2d8256ec55d9992c3583 Mon Sep 17 00:00:00 2001 From: Filippo Valsorda Date: Sat, 22 Nov 2025 16:26:24 +0100 Subject: [PATCH] crypto/x509: add ExtKeyUsage.String and KeyUsage.String methods Fixes #56866 Change-Id: Icc8f067820f5d74e0d5073bce160429e6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/723360 Reviewed-by: Daniel McCarney Reviewed-by: Cherry Mui Auto-Submit: Filippo Valsorda LUCI-TryBot-Result: Go LUCI Reviewed-by: Sean Liao Reviewed-by: Roland Shoemaker --- api/next/56866.txt | 2 + .../6-stdlib/99-minor/crypto/x509/56866.md | 2 + src/crypto/x509/verify.go | 2 +- src/crypto/x509/x509.go | 50 ++++++----- src/crypto/x509/x509_string.go | 90 +++++++++++++++++++ 5 files changed, 122 insertions(+), 24 deletions(-) create mode 100644 api/next/56866.txt create mode 100644 doc/next/6-stdlib/99-minor/crypto/x509/56866.md create mode 100644 src/crypto/x509/x509_string.go diff --git a/api/next/56866.txt b/api/next/56866.txt new file mode 100644 index 0000000000..ff6990af88 --- /dev/null +++ b/api/next/56866.txt @@ -0,0 +1,2 @@ +pkg crypto/x509, method (ExtKeyUsage) String() string #56866 +pkg crypto/x509, method (KeyUsage) String() string #56866 diff --git a/doc/next/6-stdlib/99-minor/crypto/x509/56866.md b/doc/next/6-stdlib/99-minor/crypto/x509/56866.md new file mode 100644 index 0000000000..0aa8f06621 --- /dev/null +++ b/doc/next/6-stdlib/99-minor/crypto/x509/56866.md @@ -0,0 +1,2 @@ +The [ExtKeyUsage] and [KeyUsage] types now have String methods that return the +correspodning OID names as defined in RFC 5280 and other registries. diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go index 12e59335b2..b13e093345 100644 --- a/src/crypto/x509/verify.go +++ b/src/crypto/x509/verify.go @@ -1157,7 +1157,7 @@ NextCert: } } - const invalidUsage ExtKeyUsage = -1 + const invalidUsage = -1 NextRequestedUsage: for i, requestedUsage := range usages { diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 1f06b4fbc5..afd3d8673a 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -582,16 +582,18 @@ func oidFromECDHCurve(curve ecdh.Curve) (asn1.ObjectIdentifier, bool) { // a bitmap of the KeyUsage* constants. type KeyUsage int +//go:generate stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go + const ( - KeyUsageDigitalSignature KeyUsage = 1 << iota - KeyUsageContentCommitment - KeyUsageKeyEncipherment - KeyUsageDataEncipherment - KeyUsageKeyAgreement - KeyUsageCertSign - KeyUsageCRLSign - KeyUsageEncipherOnly - KeyUsageDecipherOnly + KeyUsageDigitalSignature KeyUsage = 1 << iota // digitalSignature + KeyUsageContentCommitment // contentCommitment + KeyUsageKeyEncipherment // keyEncipherment + KeyUsageDataEncipherment // dataEncipherment + KeyUsageKeyAgreement // keyAgreement + KeyUsageCertSign // keyCertSign + KeyUsageCRLSign // cRLSign + KeyUsageEncipherOnly // encipherOnly + KeyUsageDecipherOnly // decipherOnly ) // RFC 5280, 4.2.1.12 Extended Key Usage @@ -606,6 +608,8 @@ const ( // id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } // id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } // id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } +// +// https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3 var ( oidExtKeyUsageAny = asn1.ObjectIdentifier{2, 5, 29, 37, 0} oidExtKeyUsageServerAuth = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1} @@ -628,20 +632,20 @@ var ( type ExtKeyUsage int const ( - ExtKeyUsageAny ExtKeyUsage = iota - ExtKeyUsageServerAuth - ExtKeyUsageClientAuth - ExtKeyUsageCodeSigning - ExtKeyUsageEmailProtection - ExtKeyUsageIPSECEndSystem - ExtKeyUsageIPSECTunnel - ExtKeyUsageIPSECUser - ExtKeyUsageTimeStamping - ExtKeyUsageOCSPSigning - ExtKeyUsageMicrosoftServerGatedCrypto - ExtKeyUsageNetscapeServerGatedCrypto - ExtKeyUsageMicrosoftCommercialCodeSigning - ExtKeyUsageMicrosoftKernelCodeSigning + ExtKeyUsageAny ExtKeyUsage = iota // anyExtendedKeyUsage + ExtKeyUsageServerAuth // serverAuth + ExtKeyUsageClientAuth // clientAuth + ExtKeyUsageCodeSigning // codeSigning + ExtKeyUsageEmailProtection // emailProtection + ExtKeyUsageIPSECEndSystem // ipsecEndSystem + ExtKeyUsageIPSECTunnel // ipsecTunnel + ExtKeyUsageIPSECUser // ipsecUser + ExtKeyUsageTimeStamping // timeStamping + ExtKeyUsageOCSPSigning // OCSPSigning + ExtKeyUsageMicrosoftServerGatedCrypto // msSGC + ExtKeyUsageNetscapeServerGatedCrypto // nsSGC + ExtKeyUsageMicrosoftCommercialCodeSigning // msCodeCom + ExtKeyUsageMicrosoftKernelCodeSigning // msKernelCode ) // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID. diff --git a/src/crypto/x509/x509_string.go b/src/crypto/x509/x509_string.go new file mode 100644 index 0000000000..9670b25bc3 --- /dev/null +++ b/src/crypto/x509/x509_string.go @@ -0,0 +1,90 @@ +// Code generated by "stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go"; DO NOT EDIT. + +package x509 + +import "strconv" + +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[KeyUsageDigitalSignature-1] + _ = x[KeyUsageContentCommitment-2] + _ = x[KeyUsageKeyEncipherment-4] + _ = x[KeyUsageDataEncipherment-8] + _ = x[KeyUsageKeyAgreement-16] + _ = x[KeyUsageCertSign-32] + _ = x[KeyUsageCRLSign-64] + _ = x[KeyUsageEncipherOnly-128] + _ = x[KeyUsageDecipherOnly-256] +} + +const ( + _KeyUsage_name_0 = "digitalSignaturecontentCommitment" + _KeyUsage_name_1 = "keyEncipherment" + _KeyUsage_name_2 = "dataEncipherment" + _KeyUsage_name_3 = "keyAgreement" + _KeyUsage_name_4 = "keyCertSign" + _KeyUsage_name_5 = "cRLSign" + _KeyUsage_name_6 = "encipherOnly" + _KeyUsage_name_7 = "decipherOnly" +) + +var ( + _KeyUsage_index_0 = [...]uint8{0, 16, 33} +) + +func (i KeyUsage) String() string { + switch { + case 1 <= i && i <= 2: + i -= 1 + return _KeyUsage_name_0[_KeyUsage_index_0[i]:_KeyUsage_index_0[i+1]] + case i == 4: + return _KeyUsage_name_1 + case i == 8: + return _KeyUsage_name_2 + case i == 16: + return _KeyUsage_name_3 + case i == 32: + return _KeyUsage_name_4 + case i == 64: + return _KeyUsage_name_5 + case i == 128: + return _KeyUsage_name_6 + case i == 256: + return _KeyUsage_name_7 + default: + return "KeyUsage(" + strconv.FormatInt(int64(i), 10) + ")" + } +} +func _() { + // An "invalid array index" compiler error signifies that the constant values have changed. + // Re-run the stringer command to generate them again. + var x [1]struct{} + _ = x[ExtKeyUsageAny-0] + _ = x[ExtKeyUsageServerAuth-1] + _ = x[ExtKeyUsageClientAuth-2] + _ = x[ExtKeyUsageCodeSigning-3] + _ = x[ExtKeyUsageEmailProtection-4] + _ = x[ExtKeyUsageIPSECEndSystem-5] + _ = x[ExtKeyUsageIPSECTunnel-6] + _ = x[ExtKeyUsageIPSECUser-7] + _ = x[ExtKeyUsageTimeStamping-8] + _ = x[ExtKeyUsageOCSPSigning-9] + _ = x[ExtKeyUsageMicrosoftServerGatedCrypto-10] + _ = x[ExtKeyUsageNetscapeServerGatedCrypto-11] + _ = x[ExtKeyUsageMicrosoftCommercialCodeSigning-12] + _ = x[ExtKeyUsageMicrosoftKernelCodeSigning-13] +} + +const _ExtKeyUsage_name = "anyExtendedKeyUsageserverAuthclientAuthcodeSigningemailProtectionipsecEndSystemipsecTunnelipsecUsertimeStampingOCSPSigningmsSGCnsSGCmsCodeCommsKernelCode" + +var _ExtKeyUsage_index = [...]uint8{0, 19, 29, 39, 50, 65, 79, 90, 99, 111, 122, 127, 132, 141, 153} + +func (i ExtKeyUsage) String() string { + idx := int(i) - 0 + if i < 0 || idx >= len(_ExtKeyUsage_index)-1 { + return "ExtKeyUsage(" + strconv.FormatInt(int64(i), 10) + ")" + } + return _ExtKeyUsage_name[_ExtKeyUsage_index[idx]:_ExtKeyUsage_index[idx+1]] +} -- 2.52.0