Initial commit

2026-04-23 18:30:01 +07:00 · 2026-04-23 18:30:01 +07:00 · c1020c8be7
commit c1020c8be7
parent b97f30faf4
16 changed files with 118 additions and 209 deletions
--- a/checker/types.go
+++ b/checker/types.go
@ -1,9 +1,3 @@
-// This file is part of the happyDomain (R) project.
-// Copyright (c) 2026 happyDomain
-// Authors: Pierre-Olivier Mercier, et al.
-//
-// Licensed under the MIT License (see LICENSE).
-
 // Package checker implements the OPENPGPKEY/SMIMEA DANE checker for
 // happyDomain. It runs a comprehensive testsuite on the DNS-published
 // OpenPGP key (RFC 7929) or S/MIME certificate (RFC 8162) corresponding
@ -44,42 +38,42 @@ const (
 // UI keys remediation templates off them.
 const (
 	// DNS-level.
-	CodeDNSQueryFailed   = "dns_query_failed"
-	CodeDNSNoRecord      = "dns_no_record"
+	CodeDNSQueryFailed    = "dns_query_failed"
+	CodeDNSNoRecord       = "dns_no_record"
 	CodeDNSRecordMismatch = "dns_record_mismatch"
-	CodeDNSNotSecure     = "dnssec_not_validated"
+	CodeDNSNotSecure      = "dnssec_not_validated"
 	CodeOwnerHashMismatch = "owner_hash_mismatch"

 	// OpenPGP.
-	CodePGPParseError      = "pgp_parse_error"
-	CodePGPNoEntity        = "pgp_no_entity"
-	CodePGPRevoked         = "pgp_primary_revoked"
-	CodePGPExpired         = "pgp_primary_expired"
-	CodePGPExpiringSoon    = "pgp_primary_expiring_soon"
-	CodePGPWeakAlgorithm   = "pgp_weak_algorithm"
-	CodePGPWeakKeySize     = "pgp_weak_key_size"
-	CodePGPNoEncryption    = "pgp_no_encryption_subkey"
-	CodePGPNoIdentity      = "pgp_no_identity"
-	CodePGPUIDMismatch     = "pgp_uid_mismatch"
+	CodePGPParseError       = "pgp_parse_error"
+	CodePGPNoEntity         = "pgp_no_entity"
+	CodePGPRevoked          = "pgp_primary_revoked"
+	CodePGPExpired          = "pgp_primary_expired"
+	CodePGPExpiringSoon     = "pgp_primary_expiring_soon"
+	CodePGPWeakAlgorithm    = "pgp_weak_algorithm"
+	CodePGPWeakKeySize      = "pgp_weak_key_size"
+	CodePGPNoEncryption     = "pgp_no_encryption_subkey"
+	CodePGPNoIdentity       = "pgp_no_identity"
+	CodePGPUIDMismatch      = "pgp_uid_mismatch"
 	CodePGPMultipleEntities = "pgp_multiple_entities"
-	CodePGPRecordTooLarge  = "pgp_record_too_large"
+	CodePGPRecordTooLarge   = "pgp_record_too_large"

 	// SMIMEA.
-	CodeSMIMEABadUsage       = "smimea_bad_usage"
-	CodeSMIMEABadSelector    = "smimea_bad_selector"
-	CodeSMIMEABadMatchType   = "smimea_bad_match_type"
-	CodeSMIMEACertParseError = "smimea_cert_parse_error"
-	CodeSMIMEACertExpired    = "smimea_cert_expired"
-	CodeSMIMEACertExpiringSoon = "smimea_cert_expiring_soon"
-	CodeSMIMEACertNotYetValid = "smimea_cert_not_yet_valid"
+	CodeSMIMEABadUsage          = "smimea_bad_usage"
+	CodeSMIMEABadSelector       = "smimea_bad_selector"
+	CodeSMIMEABadMatchType      = "smimea_bad_match_type"
+	CodeSMIMEACertParseError    = "smimea_cert_parse_error"
+	CodeSMIMEACertExpired       = "smimea_cert_expired"
+	CodeSMIMEACertExpiringSoon  = "smimea_cert_expiring_soon"
+	CodeSMIMEACertNotYetValid   = "smimea_cert_not_yet_valid"
 	CodeSMIMEANoEmailProtection = "smimea_no_email_protection_eku"
-	CodeSMIMEAEmailMismatch    = "smimea_email_mismatch"
-	CodeSMIMEAWeakKeySize      = "smimea_weak_key_size"
-	CodeSMIMEAWeakSignatureAlg = "smimea_weak_signature_algorithm"
-	CodeSMIMEANoKeyUsage       = "smimea_missing_key_usage"
-	CodeSMIMEAChainUntrusted   = "smimea_chain_untrusted"
-	CodeSMIMEASelfSigned       = "smimea_self_signed"
-	CodeSMIMEAHashOnly         = "smimea_hash_only"
+	CodeSMIMEAEmailMismatch     = "smimea_email_mismatch"
+	CodeSMIMEAWeakKeySize       = "smimea_weak_key_size"
+	CodeSMIMEAWeakSignatureAlg  = "smimea_weak_signature_algorithm"
+	CodeSMIMEANoKeyUsage        = "smimea_missing_key_usage"
+	CodeSMIMEAChainUntrusted    = "smimea_chain_untrusted"
+	CodeSMIMEASelfSigned        = "smimea_self_signed"
+	CodeSMIMEAHashOnly          = "smimea_hash_only"
 )

 // Finding describes a single observation produced while running the
@ -184,14 +178,14 @@ type OpenPGPInfo struct {

 // SubkeyInfo summarises one OpenPGP subkey.
 type SubkeyInfo struct {
-	Algorithm string    `json:"algorithm"`
-	Bits      int       `json:"bits,omitempty"`
-	CanSign   bool      `json:"can_sign,omitempty"`
-	CanEncrypt bool     `json:"can_encrypt,omitempty"`
-	CanAuth   bool      `json:"can_auth,omitempty"`
-	CreatedAt time.Time `json:"created_at,omitempty"`
-	ExpiresAt time.Time `json:"expires_at,omitempty"`
-	Revoked   bool      `json:"revoked,omitempty"`
+	Algorithm  string    `json:"algorithm"`
+	Bits       int       `json:"bits,omitempty"`
+	CanSign    bool      `json:"can_sign,omitempty"`
+	CanEncrypt bool      `json:"can_encrypt,omitempty"`
+	CanAuth    bool      `json:"can_auth,omitempty"`
+	CreatedAt  time.Time `json:"created_at,omitempty"`
+	ExpiresAt  time.Time `json:"expires_at,omitempty"`
+	Revoked    bool      `json:"revoked,omitempty"`
 }

 // SMIMEAInfo summarises the S/MIME record.
@ -204,7 +198,7 @@ type SMIMEAInfo struct {
 	// certificate (selector 0, matching type 0). For selector 1 + type 0
 	// only PublicKey is populated. For matching types 1/2, neither is
 	// populated; only the digest is transported.
-	Certificate *CertInfo  `json:"certificate,omitempty"`
+	Certificate *CertInfo   `json:"certificate,omitempty"`
 	PublicKey   *PubKeyInfo `json:"public_key,omitempty"`

 	// HashHex, when set, is the hex digest embedded in the record.
@ -213,21 +207,21 @@ type SMIMEAInfo struct {

 // CertInfo summarises an X.509 certificate.
 type CertInfo struct {
-	Subject              string    `json:"subject,omitempty"`
-	Issuer               string    `json:"issuer,omitempty"`
-	SerialHex            string    `json:"serial_hex,omitempty"`
-	NotBefore            time.Time `json:"not_before,omitempty"`
-	NotAfter             time.Time `json:"not_after,omitempty"`
-	SignatureAlgorithm   string    `json:"signature_algorithm,omitempty"`
-	PublicKeyAlgorithm   string    `json:"public_key_algorithm,omitempty"`
-	PublicKeyBits        int       `json:"public_key_bits,omitempty"`
-	EmailAddresses       []string  `json:"email_addresses,omitempty"`
-	DNSNames             []string  `json:"dns_names,omitempty"`
-	HasEmailProtectionEKU bool     `json:"has_email_protection_eku,omitempty"`
-	HasDigitalSignature   bool     `json:"has_digital_signature,omitempty"`
-	HasKeyEncipherment    bool     `json:"has_key_encipherment,omitempty"`
-	IsSelfSigned          bool     `json:"is_self_signed,omitempty"`
-	IsCA                  bool     `json:"is_ca,omitempty"`
+	Subject               string    `json:"subject,omitempty"`
+	Issuer                string    `json:"issuer,omitempty"`
+	SerialHex             string    `json:"serial_hex,omitempty"`
+	NotBefore             time.Time `json:"not_before,omitempty"`
+	NotAfter              time.Time `json:"not_after,omitempty"`
+	SignatureAlgorithm    string    `json:"signature_algorithm,omitempty"`
+	PublicKeyAlgorithm    string    `json:"public_key_algorithm,omitempty"`
+	PublicKeyBits         int       `json:"public_key_bits,omitempty"`
+	EmailAddresses        []string  `json:"email_addresses,omitempty"`
+	DNSNames              []string  `json:"dns_names,omitempty"`
+	HasEmailProtectionEKU bool      `json:"has_email_protection_eku,omitempty"`
+	HasDigitalSignature   bool      `json:"has_digital_signature,omitempty"`
+	HasKeyEncipherment    bool      `json:"has_key_encipherment,omitempty"`
+	IsSelfSigned          bool      `json:"is_self_signed,omitempty"`
+	IsCA                  bool      `json:"is_ca,omitempty"`
 }

 // PubKeyInfo summarises an SPKI-only SMIMEA record.