Skip to content

Commit 42aa2b0

Browse files
asraaasraa
authored
use email from SAN (sigstore#288)
Signed-off-by: Asra Ali <asraa@google.com>
1 parent 5d11711 commit 42aa2b0

File tree

2 files changed

+25
-18
lines changed

2 files changed

+25
-18
lines changed

pkg/pki/x509/x509.go

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ import (
3030
"io"
3131
"io/ioutil"
3232
"strings"
33+
34+
"github.com/go-playground/validator"
3335
)
3436

3537
// EmailAddressOID defined by https://oidref.com/1.2.840.113549.1.9.1
@@ -176,9 +178,11 @@ func (k PublicKey) CanonicalValue() ([]byte, error) {
176178
func (k PublicKey) EmailAddresses() []string {
177179
var names []string
178180
if k.cert != nil {
179-
for _, name := range k.cert.c.Subject.Names {
180-
if name.Type.Equal(EmailAddressOID) {
181-
names = append(names, strings.ToLower(name.Value.(string)))
181+
for _, name := range k.cert.c.EmailAddresses {
182+
validate := validator.New()
183+
errs := validate.Var(name, "required,email")
184+
if errs == nil {
185+
names = append(names, strings.ToLower(name))
182186
}
183187
}
184188
}

tests/x509.go

Lines changed: 18 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -47,21 +47,24 @@ baT2ax2dXBcpInWaFESqGF35KISflP1EmMvEnfG+AzHecQ0WQp5QzNId+w==
4747
// Generated with:
4848
// openssl req -newkey rsa:2048 -nodes -keyout test.key -x509 -out test.crt
4949
const rsaCert = `-----BEGIN CERTIFICATE-----
50-
MIICujCCAaICCQDV0chJ/QVmCTANBgkqhkiG9w0BAQsFADAfMR0wGwYJKoZIhvcN
51-
AQkBFg50ZXN0QHJla29yLmRldjAeFw0yMTAyMjAxOTUyMTZaFw0yMTAzMjIxOTUy
52-
MTZaMB8xHTAbBgkqhkiG9w0BCQEWDnRlc3RAcmVrb3IuZGV2MIIBIjANBgkqhkiG
53-
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wqI/TysUiKTgY1bz+wdJfEOil4MEsRASKGz
54-
JddZ6x9hb+rn2UVoJmuxN62XI0TMoMn4mukgfCgY6jgTB58V+/LaeSA8Wz1p4gOx
55-
hk1mcgbF4HyxR+xlRgYfH4iSbXy+Ez/8ZjM2OO68fKr4JZEA5LXZkhJr32JqH+Ui
56-
Fw/wgSPWA8aV0AfRAXHdekJ48B1ChxJTrOJWSPTnj/E0lfLVsrJKtXDuC8T0vFmV
57-
U726tI6fODsEE6VrSahvw1ENUHzI34sbfrmrggwPO4iMAQvqwu2gn2lx6ajWsh80
58-
6FItiXN+DuizMnx4KMBI0IJynoQpWOFbstGiV0LygZkQ6sozvwIDAQABMA0GCSqG
59-
SIb3DQEBCwUAA4IBAQCe/lpUhsJVRkwXfndUEqiGVoPApGpwFMg4l1UnlPcbDXGV
60-
+z564uZlS0LyjsJjaalP/CJ9R+DO5dpRcKmBzBbMHjGSqoFW/ZIUm8Yybnd2eC7b
61-
JQD+JTB4XTd4yX3Yl6qWITPYpye3zuu3oCrHoBubWyzR9EakIaEBIenYReI4jD0n
62-
40Erllt4ra2N0CkIaYei0ZfuMRkoav3jc+2OcbCzQzTDq7HIxfSirz9up6+hjn+G
63-
GZXHemYIVbviNo9qr5cVY4OCJJQIUmGOcp+F4sNIqjbeEkTWFkeAy7sPSU8c8WQX
64-
l7ArJO7hmz6eJON+xDbhcYtAOavUqbT+fVcgi2qm
50+
MIIDOjCCAiKgAwIBAgIUEP925shVBKERFCsymdSqESLZFyMwDQYJKoZIhvcNAQEL
51+
BQAwHzEdMBsGCSqGSIb3DQEJARYOdGVzdEByZWtvci5kZXYwHhcNMjEwNDIxMjAy
52+
ODAzWhcNMjEwNTIxMjAyODAzWjAfMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHJla29y
53+
LmRldjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN8KiP08rFIik4GN
54+
W8/sHSXxDopeDBLEQEihsyXXWesfYW/q59lFaCZrsTetlyNEzKDJ+JrpIHwoGOo4
55+
EwefFfvy2nkgPFs9aeIDsYZNZnIGxeB8sUfsZUYGHx+Ikm18vhM//GYzNjjuvHyq
56+
+CWRAOS12ZISa99iah/lIhcP8IEj1gPGldAH0QFx3XpCePAdQocSU6ziVkj054/x
57+
NJXy1bKySrVw7gvE9LxZlVO9urSOnzg7BBOla0mob8NRDVB8yN+LG365q4IMDzuI
58+
jAEL6sLtoJ9pcemo1rIfNOhSLYlzfg7oszJ8eCjASNCCcp6EKVjhW7LRoldC8oGZ
59+
EOrKM78CAwEAAaNuMGwwHQYDVR0OBBYEFGjs8EHKT3x1itwwptJLuQQg/hQcMB8G
60+
A1UdIwQYMBaAFGjs8EHKT3x1itwwptJLuQQg/hQcMA8GA1UdEwEB/wQFMAMBAf8w
61+
GQYDVR0RBBIwEIEOdGVzdEByZWtvci5kZXYwDQYJKoZIhvcNAQELBQADggEBAAHE
62+
bYuePN3XpM7pHoCz6g4uTHu0VrezqJyK1ohysgWJmSJzzazUeISXk0xWnHPk1Zxi
63+
kzoEuysI8b0P7yodMA8e16zbIOL6QbGe3lNXYqRIg+bl+4OPFGVMX8xHNZmeh0kD
64+
vX1JVS+y9uyo4/z/pm0JhaSCn85ft/Y5uXMQYn1wFR5DAcJH+iWjNX4fipGxGRE9
65+
Cy0DjFnYJ3SRY4HPQ0oUSQmyhrwe2DiYzeqtbL2KJBXPcFQKWhkf/fupdYFljvcH
66+
d9NNfRb0p2oFGG/J0ROg9pEcP1/aZP5k8P2pRdt3y7h1MAtmg2bgEdugZgXwAUmM
67+
BmU8k2FeTuqV15piPCE=
6568
-----END CERTIFICATE-----`
6669

6770
const rsaKey = `-----BEGIN PRIVATE KEY-----

0 commit comments

Comments
 (0)