[go-nuts] How to parse IDP extension information in a CRL using Go

Fri, 04 Apr 2025 17:28:15 -0700 

Developer, I wrote some code in Go to parse the IDP extension information 
in a CRL, but I'm encountering an error while parsing the 
DistributionPoint. I've tried multiple times, but I can't get it to work. 
Can you help me figure out what is wrong with this code?
package main

import (
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"flag"
"fmt"
"os"
)

type IssuingDistributionPoint struct {
DistributionPoint        asn1.RawValue `asn1:"optional,tag:0,explicit"`
OnlyContainsUserCerts    bool          `asn1:"optional,tag:1"`
OnlyContainsCACerts      bool          `asn1:"optional,tag:2"`
OnlySomeReasons          asn1.BitString `asn1:"optional,tag:3"`
IndirectCRL              bool          `asn1:"optional,tag:4"`
OnlyContainsAttributeCerts bool        `asn1:"optional,tag:5"`
}

type GeneralNames []asn1.RawValue

func main() {
// 1. Command line flag processing
crlFilePath := flag.String("crl", "", "CRL file path")
flag.Parse()

if *crlFilePath == "" {
fmt.Println("CRL file path is required")
os.Exit(1)
}

// 2. File reading
derBytes, err := os.ReadFile(*crlFilePath)
if err != nil {
fmt.Printf("Unable to read file: %v\n", err)
os.Exit(1)
}

// 3. CRL parsing
crl, err := x509.ParseRevocationList(derBytes)
if err != nil {
fmt.Printf("CRL parsing failed: %v\n", err)
os.Exit(1)
}

oidIssuingDistributionPoint := asn1.ObjectIdentifier{2, 5, 29, 28}

// 4. Process extensions of the CRL
for _, ext := range crl.Extensions {
if ext.Id.Equal(oidIssuingDistributionPoint) {
var idp IssuingDistributionPoint
if _, err := asn1.Unmarshal(ext.Value, &idp); err != nil {
fmt.Printf("Unable to decode IDP extension: %v\n", err)
continue
}

// 5. Print IDP flags
fmt.Printf("IDP Extension Flags:\n")
fmt.Printf(" OnlyContainsUserCerts: %t\n", idp.OnlyContainsUserCerts)
fmt.Printf(" OnlyContainsCACerts: %t\n", idp.OnlyContainsCACerts)
fmt.Printf(" IndirectCRL: %t\n", idp.IndirectCRL)

// 6.
if len(idp.DistributionPoint.Bytes) > 0 {
// Unpack outer explicit tag
var explicitTag struct {
Raw asn1.RawContent `asn1:"tag:0,explicit"`
}
if _, err := asn1.Unmarshal(idp.DistributionPoint.Bytes, &explicitTag); err 
!= nil {
fmt.Printf("Failed to unpack explicit tag: %v\n", err)
continue
}

// Parse GeneralNames
var generalNames GeneralNames
if _, err := asn1.Unmarshal(explicitTag.Raw, &generalNames); err != nil {
fmt.Printf("Unable to parse GeneralNames: %v\n", err)
continue
}

// 7. Process URI and DirectoryName
for _, rawGN := range generalNames {
switch rawGN.Tag {
case 6: // URI
var uri string
if _, err := asn1.Unmarshal(rawGN.Bytes, &uri); err != nil {
fmt.Printf("Failed to parse URI: %v\n", err)
continue
}
fmt.Printf(" URI: %s\n", uri)

case 4: // DirectoryName
var rdnSeq pkix.RDNSequence
if _, err := asn1.Unmarshal(rawGN.Bytes, &rdnSeq); err != nil {
fmt.Printf("Failed to parse DirectoryName: %v\n", err)
continue
}
var name pkix.Name
name.FillFromRDNSequence(&rdnSeq)
fmt.Printf(" DirectoryName: %s\n", name.String())
}
}
}
}
}
}

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion visit 
https://groups.google.com/d/msgid/golang-nuts/1f5b7071-ac04-41a5-847c-09a860785627n%40googlegroups.com.

Attachment: crl_IDP_Normal.der
Description: application/x509-ca-cert

Reply via email to