From 35334caf18cb35ecc7a43082b7bfcc7ce8d0de8f Mon Sep 17 00:00:00 2001 From: Roland Shoemaker Date: Wed, 27 Jan 2021 12:00:46 -0800 Subject: [PATCH] crypto/x509: remove leftover CertificateRequest field Removes the KeyUsage field that was missed in the rollback in CL 281235. Also updates CreateCertificateRequest to reflect that these fields were removed. For #43407. Updates #43477. Updates #37172. Change-Id: I6244aed4a3ef3c2460c38af5511e5c2e82546179 Reviewed-on: https://go-review.googlesource.com/c/go/+/287392 Trust: Alexander Rakoczy Trust: Roland Shoemaker Trust: Dmitri Shuralyov Run-TryBot: Alexander Rakoczy Reviewed-by: Alexander Rakoczy Reviewed-by: Dmitri Shuralyov Reviewed-by: Filippo Valsorda TryBot-Result: Go Bot --- src/crypto/x509/x509.go | 24 ------------------------ src/crypto/x509/x509_test.go | 4 ---- 2 files changed, 28 deletions(-) diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go index 42d8158d63..8c0299b11e 100644 --- a/src/crypto/x509/x509.go +++ b/src/crypto/x509/x509.go @@ -1997,15 +1997,6 @@ func buildCSRExtensions(template *CertificateRequest) ([]pkix.Extension, error) }) } - if template.KeyUsage != 0 && - !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) { - ext, err := marshalKeyUsage(template.KeyUsage) - if err != nil { - return nil, err - } - ret = append(ret, ext) - } - return append(ret, template.ExtraExtensions...), nil } @@ -2371,7 +2362,6 @@ type CertificateRequest struct { Version int Signature []byte SignatureAlgorithm SignatureAlgorithm - KeyUsage KeyUsage PublicKeyAlgorithm PublicKeyAlgorithm PublicKey interface{} @@ -2501,15 +2491,6 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error) // - EmailAddresses // - IPAddresses // - URIs -// - KeyUsage -// - ExtKeyUsage -// - UnknownExtKeyUsage -// - BasicConstraintsValid -// - IsCA -// - MaxPathLen -// - MaxPathLenZero -// - SubjectKeyId -// - PolicyIdentifiers // - ExtraExtensions // - Attributes (deprecated) // @@ -2734,11 +2715,6 @@ func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error if err != nil { return nil, err } - case extension.Id.Equal(oidExtensionKeyUsage): - out.KeyUsage, err = parseKeyUsageExtension(extension.Value) - if err != nil { - return nil, err - } } } diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go index d5c7ec466b..51dda16815 100644 --- a/src/crypto/x509/x509_test.go +++ b/src/crypto/x509/x509_test.go @@ -2977,7 +2977,6 @@ func TestCertificateRequestRoundtripFields(t *testing.T) { EmailAddresses: []string{"a@example.com", "b@example.com"}, IPAddresses: []net.IP{net.IPv4(192, 0, 2, 0), net.IPv6loopback}, URIs: []*url.URL{urlA, urlB}, - KeyUsage: KeyUsageCertSign, } out := marshalAndParseCSR(t, in) @@ -2995,7 +2994,4 @@ func TestCertificateRequestRoundtripFields(t *testing.T) { if !reflect.DeepEqual(in.URIs, out.URIs) { t.Fatalf("Unexpected URIs: got %v, want %v", out.URIs, in.URIs) } - if in.KeyUsage != out.KeyUsage { - t.Fatalf("Unexpected KeyUsage: got %v, want %v", out.KeyUsage, in.KeyUsage) - } }