Fork: 0
yangyangxie / AnthosCertManager
Transfer to URL with SHA Find file
Newer
Older
AnthosCertManager / pkg / api / util / usages.go
@Yangyang Xie Yangyang Xie on 24 Nov 2022 3 KB add cr controller && keymanager && cr request
Raw Blame History 
package util

import (
	"crypto/x509"
	"math/bits"

	acmapi "gitbucket.jerxie.com/yangyangxie/AnthosCertManager/pkg/apis/anthoscertmanager/v1"
)

var keyUsages = map[acmapi.KeyUsage]x509.KeyUsage{
	acmapi.UsageSigning:           x509.KeyUsageDigitalSignature,
	acmapi.UsageDigitalSignature:  x509.KeyUsageDigitalSignature,
	acmapi.UsageContentCommitment: x509.KeyUsageContentCommitment,
	acmapi.UsageKeyEncipherment:   x509.KeyUsageKeyEncipherment,
	acmapi.UsageKeyAgreement:      x509.KeyUsageKeyAgreement,
	acmapi.UsageDataEncipherment:  x509.KeyUsageDataEncipherment,
	acmapi.UsageCertSign:          x509.KeyUsageCertSign,
	acmapi.UsageCRLSign:           x509.KeyUsageCRLSign,
	acmapi.UsageEncipherOnly:      x509.KeyUsageEncipherOnly,
	acmapi.UsageDecipherOnly:      x509.KeyUsageDecipherOnly,
}

var extKeyUsages = map[acmapi.KeyUsage]x509.ExtKeyUsage{
	acmapi.UsageAny:             x509.ExtKeyUsageAny,
	acmapi.UsageServerAuth:      x509.ExtKeyUsageServerAuth,
	acmapi.UsageClientAuth:      x509.ExtKeyUsageClientAuth,
	acmapi.UsageCodeSigning:     x509.ExtKeyUsageCodeSigning,
	acmapi.UsageEmailProtection: x509.ExtKeyUsageEmailProtection,
	acmapi.UsageSMIME:           x509.ExtKeyUsageEmailProtection,
	acmapi.UsageIPsecEndSystem:  x509.ExtKeyUsageIPSECEndSystem,
	acmapi.UsageIPsecTunnel:     x509.ExtKeyUsageIPSECTunnel,
	acmapi.UsageIPsecUser:       x509.ExtKeyUsageIPSECUser,
	acmapi.UsageTimestamping:    x509.ExtKeyUsageTimeStamping,
	acmapi.UsageOCSPSigning:     x509.ExtKeyUsageOCSPSigning,
	acmapi.UsageMicrosoftSGC:    x509.ExtKeyUsageMicrosoftServerGatedCrypto,
	acmapi.UsageNetscapeSGC:     x509.ExtKeyUsageNetscapeServerGatedCrypto,
}

// KeyUsageType returns the relevant x509.KeyUsage or false if not found
func KeyUsageType(usage acmapi.KeyUsage) (x509.KeyUsage, bool) {
	u, ok := keyUsages[usage]
	return u, ok
}

// ExtKeyUsageType returns the relevant x509.ExtKeyUsage or false if not found
func ExtKeyUsageType(usage acmapi.KeyUsage) (x509.ExtKeyUsage, bool) {
	eu, ok := extKeyUsages[usage]
	return eu, ok
}

// KeyUsageStrings returns the acmapi.KeyUsage and "unknown" if not found
func KeyUsageStrings(usage x509.KeyUsage) []acmapi.KeyUsage {
	var usageStr []acmapi.KeyUsage

	for i := 0; i < bits.UintSize; i++ {
		if v := usage & (1 << uint(i)); v != 0 {
			usageStr = append(usageStr, keyUsageString(v))
		}
	}

	return usageStr
}

// ExtKeyUsageStrings returns the acmapi.KeyUsage and "unknown" if not found
func ExtKeyUsageStrings(usage []x509.ExtKeyUsage) []acmapi.KeyUsage {
	var usageStr []acmapi.KeyUsage

	for _, u := range usage {
		usageStr = append(usageStr, extKeyUsageString(u))
	}

	return usageStr
}

// keyUsageString returns the acmapi.KeyUsage and "unknown" if not found
func keyUsageString(usage x509.KeyUsage) acmapi.KeyUsage {
	for k, v := range keyUsages {
		if usage == x509.KeyUsageDigitalSignature {
			return acmapi.UsageDigitalSignature // we have KeyUsageDigitalSignature twice in our array, we should be consistent when parsing
		}
		if usage == v {
			return k
		}
	}

	return "unknown"
}

// extKeyUsageString returns the acmapi.ExtKeyUsage and "unknown" if not found
func extKeyUsageString(usage x509.ExtKeyUsage) acmapi.KeyUsage {
	for k, v := range extKeyUsages {
		if usage == v {
			return k
		}
	}

	return "unknown"
}