Skip to content

rename x509fork to lax509 #199

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Mar 18, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion internal/x509fork/README.md → internal/lax509/README.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
# x509fork
# lax509

This is a minimalist fork of [`crypto/x509`](https://pkg.go.dev/crypto/x509).

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509fork
package lax509

import (
"bytes"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509fork
package lax509

import (
"crypto/x509"
Expand Down
2 changes: 1 addition & 1 deletion internal/x509fork/verify.go → internal/lax509/verify.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509fork
package lax509

import (
"bytes"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.

package x509fork
package lax509

import (
"crypto"
Expand Down Expand Up @@ -1232,7 +1232,7 @@ func TestPathBuilding(t *testing.T) {
// * Trust Anchor -> A -> B -> EE
// * Trust Anchor -> C -> A -> B -> EE
//
// [x509fork edit]: These paths should also be valid since EKU checks have been disabled.
// [lax509 edit]: These paths should also be valid since EKU checks have been disabled.
// * Trust Anchor -> A -> C -> B -> EE
// * Trust Anchor -> C -> B -> EE
//
Expand Down Expand Up @@ -1315,7 +1315,7 @@ func TestPathBuilding(t *testing.T) {
// * Trust Anchor -> A -> B -> EE
// * Trust Anchor -> C -> A -> B -> EE
//
// [x509fork edit]: These paths should also be valid since EKU checks have been disabled.
// [lax509 edit]: These paths should also be valid since EKU checks have been disabled.
// * Trust Anchor -> C -> B -> EE
// * Trust Anchor -> A -> C -> B -> EE
//
Expand Down Expand Up @@ -1561,7 +1561,7 @@ func TestPathBuilding(t *testing.T) {
// Build a basic graph with two paths from leaf to root, but the path passing
// through C should be ignored, because it has invalid EKU nesting.
//
// [x509fork edit]: the second path should not be ignored since EKU checks
// [lax509 edit]: the second path should not be ignored since EKU checks
// have been disabled.
name: "ignore invalid EKU path",
graph: trustGraphDescription{
Expand Down
2 changes: 1 addition & 1 deletion internal/x509fork/x509.go → internal/lax509/x509.go
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package x509fork
package lax509

var (
oidExtensionSubjectAltName = []int{2, 5, 29, 17}
Expand Down
10 changes: 5 additions & 5 deletions internal/scti/chain_validation.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,8 +24,8 @@ import (
"strings"
"time"

"github.com/transparency-dev/static-ct/internal/lax509"
"github.com/transparency-dev/static-ct/internal/types"
"github.com/transparency-dev/static-ct/internal/x509fork"
"github.com/transparency-dev/static-ct/internal/x509util"
"k8s.io/klog/v2"
)
Expand Down Expand Up @@ -231,18 +231,18 @@ func validateChain(rawChain [][]byte, validationOpts ChainValidationOpts) ([]*x5
}
}

// We can now do the verification. Use x509fork with looser verification
// We can now do the verification. Use lax509 with looser verification
// constraints to:
// - allow pre-certificates and chains with pre-issuers
// - allow certificate without policing them since this is not CT's responsibility
// See /internal/x509fork/README.md for further information.
verifyOpts := x509fork.VerifyOptions{
// See /internal/lax509/README.md for further information.
verifyOpts := lax509.VerifyOptions{
Roots: validationOpts.trustedRoots.CertPool(),
Intermediates: intermediatePool.CertPool(),
KeyUsages: validationOpts.extKeyUsages,
}

verifiedChains, err := x509fork.Verify(cert, verifyOpts)
verifiedChains, err := lax509.Verify(cert, verifyOpts)
if err != nil {
return nil, err
}
Expand Down
8 changes: 4 additions & 4 deletions internal/x509util/pem_cert_pool.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ import (
"fmt"
"os"

"github.com/transparency-dev/static-ct/internal/x509fork"
"github.com/transparency-dev/static-ct/internal/lax509"
"k8s.io/klog/v2"
)

Expand All @@ -37,12 +37,12 @@ type PEMCertPool struct {
// maps from sha-256 to certificate, used for dup detection
fingerprintToCertMap map[[sha256.Size]byte]x509.Certificate
rawCerts []*x509.Certificate
certPool *x509fork.CertPool
certPool *lax509.CertPool
}

// NewPEMCertPool creates a new, empty, instance of PEMCertPool.
func NewPEMCertPool() *PEMCertPool {
return &PEMCertPool{fingerprintToCertMap: make(map[[sha256.Size]byte]x509.Certificate), certPool: x509fork.NewCertPool()}
return &PEMCertPool{fingerprintToCertMap: make(map[[sha256.Size]byte]x509.Certificate), certPool: lax509.NewCertPool()}
}

// AddCert adds a certificate to a pool. Uses fingerprint to weed out duplicates.
Expand Down Expand Up @@ -111,7 +111,7 @@ func (p *PEMCertPool) Subjects() (res [][]byte) {
}

// CertPool returns the underlying CertPool.
func (p *PEMCertPool) CertPool() *x509fork.CertPool {
func (p *PEMCertPool) CertPool() *lax509.CertPool {
return p.certPool
}

Expand Down
Loading