Update to use Zcrypto instead of stdlib crypto for RevocationList

v3/go.mod

@@ -6,13 +6,13 @@ require (
 	github.com/kr/text v0.2.0 // indirect
 	github.com/pelletier/go-toml v1.9.3
 	github.com/sirupsen/logrus v1.8.1
-	github.com/zmap/zcrypto v0.0.0-20220402174210-599ec18ecbac
+	github.com/zmap/zcrypto v0.0.0-20230205235340-d51ce4775101
 	golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4
 	golang.org/x/net v0.0.0-20220412020605-290c469a71a5
 	golang.org/x/text v0.3.7
 )
 
 require (
-	github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236 // indirect
+	github.com/weppos/publicsuffix-go v0.15.1-0.20220724114530-e087fba66a37 // indirect
 	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e // indirect
 )

v3/go.sum

@@ -2,6 +2,8 @@ github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ3
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
@@ -23,12 +25,22 @@ github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/weppos/publicsuffix-go v0.12.0/go.mod h1:z3LCPQ38eedDQSwmsSRW4Y7t2L8Ln16JPQ02lHAdn5k=
 github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236 h1:vMJBP3PQViZsF6cOINtvyMC8ptpLsyJ4EwyFnzuWNxc=
 github.com/weppos/publicsuffix-go v0.15.1-0.20220329081811-9a40b608a236/go.mod h1:HYux0V0Zi04bHNwOHy4cXJVz/TQjYonnF6aoYhj+3QE=
+github.com/weppos/publicsuffix-go v0.15.1-0.20220724114530-e087fba66a37 h1:oRCu5zb6sklsDvy5sOz3dFqGg5vAEYBBD2MAYhNThCQ=
+github.com/weppos/publicsuffix-go v0.15.1-0.20220724114530-e087fba66a37/go.mod h1:5ZC/Uv3fIEUE0eP6o9+Yg4+5+W8V0/BieMi05feGXVA=
+github.com/weppos/publicsuffix-go/publicsuffix/generator v0.0.0-20220704091424-e0182326a282/go.mod h1:GHfoeIdZLdZmLjMlzBftbTDntahTttUMWjxZwQJhULE=
 github.com/zmap/rc2 v0.0.0-20131011165748-24b9757f5521/go.mod h1:3YZ9o3WnatTIZhuOtot4IcUfzoKVjUHqu6WALIyI0nE=
 github.com/zmap/zcertificate v0.0.0-20180516150559-0e3d58b1bac4/go.mod h1:5iU54tB79AMBcySS0R2XIyZBAVmeHranShAFELYx7is=
 github.com/zmap/zcrypto v0.0.0-20220402174210-599ec18ecbac h1:+nr36qrZEH0RIYNjcUEnOrCUdcSG3om2ANaFA6iSVWA=
 github.com/zmap/zcrypto v0.0.0-20220402174210-599ec18ecbac/go.mod h1:egdRkzUylATvPkWMpebZbXhv0FMEMJGX/ur0D3Csk2s=
+github.com/zmap/zcrypto v0.0.0-20230205195205-1c421628af71 h1:PNxWKuvxmZnPGk9eOq7k4/ABqwwrUqI3CVAtUsQjbA0=
+github.com/zmap/zcrypto v0.0.0-20230205195205-1c421628af71/go.mod h1:bRZdjnJaHWVXKEwrfAZMd0gfRjZGNhTbZwzp07s0Abw=
+github.com/zmap/zcrypto v0.0.0-20230205195858-4b26afb03fca h1:eaBMNCbgXuMHCWoblI2DuVpWJJlCqsH6sPX6cbz/t/Y=
+github.com/zmap/zcrypto v0.0.0-20230205195858-4b26afb03fca/go.mod h1:bRZdjnJaHWVXKEwrfAZMd0gfRjZGNhTbZwzp07s0Abw=
+github.com/zmap/zcrypto v0.0.0-20230205235340-d51ce4775101 h1:QuLjRpIBjqene8VvB+VhQ4eTcQGCQ7JDuk0/Fp4sLLw=
+github.com/zmap/zcrypto v0.0.0-20230205235340-d51ce4775101/go.mod h1:bRZdjnJaHWVXKEwrfAZMd0gfRjZGNhTbZwzp07s0Abw=
 golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
@@ -38,18 +50,25 @@ golang.org/x/crypto v0.0.0-20220411220226-7b82a4e95df4/go.mod h1:IxCIyHEi3zRg3s0
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5 h1:bRb386wvrE+oBNdF1d/Xh9mQrfQ4ecYhW5qJ5GvTGT4=
 golang.org/x/net v0.0.0-20220412020605-290c469a71a5/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e h1:fLOSk5Q00efkSvAm+4xcoXD+RRmLmmulPn5I3Y9F2EM=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/term v0.0.0-20201117132131-f5c789dd3221/go.mod h1:Nr5EML6q2oocZ2LXRh80K7BxOlk5/8JxuGnuhpl+muw=
+golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
+golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7 h1:olpwvP2KacW1ZWvsR7uQhoyTYvKAupfQrRGBFM352Gk=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=

v3/lint/base.go

@@ -15,7 +15,6 @@ package lint
  */
 
 import (
-	ox509 "crypto/x509"
 	"time"
 
 	"github.com/zmap/zcrypto/x509"
@@ -33,11 +32,11 @@ type RevocationListLintInterface interface {
 	// Lint should run on the given certificate. If CheckApplies returns
 	// false, the Lint result is automatically set to NA without calling
 	// CheckEffective() or Run().
-	CheckApplies(r *ox509.RevocationList) bool
+	CheckApplies(r *x509.RevocationList) bool
 
 	// Execute is the body of the lint. It is called for every revocation list
 	// for which CheckApplies returns true.
-	Execute(r *ox509.RevocationList) *LintResult
+	Execute(r *x509.RevocationList) *LintResult
 }
 
 // CertificateLintInterface is implemented by each certificate linter.
@@ -254,7 +253,7 @@ type RevocationListLint struct {
 // If EffectiveDate is zero, then only IneffectiveDate is checked. Conversely,
 // if IneffectiveDate is zero then only EffectiveDate is checked. If both EffectiveDate
 // and IneffectiveDate are zero then CheckEffective always returns true.
-func (l *RevocationListLint) CheckEffective(r *ox509.RevocationList) bool {
+func (l *RevocationListLint) CheckEffective(r *x509.RevocationList) bool {
 	return checkEffective(l.EffectiveDate, l.IneffectiveDate, r.ThisUpdate)
 }
 
@@ -265,7 +264,7 @@ func (l *RevocationListLint) CheckEffective(r *ox509.RevocationList) bool {
 // CheckApplies()
 // CheckEffective()
 // Execute()
-func (l *RevocationListLint) Execute(r *ox509.RevocationList, config Configuration) *LintResult {
+func (l *RevocationListLint) Execute(r *x509.RevocationList, config Configuration) *LintResult {
 	lint := l.Lint()
 	err := config.MaybeConfigure(lint, l.Name)
 	if err != nil {

v3/lint/base_test.go

@@ -15,7 +15,6 @@ package lint
  */
 
 import (
-	ox509 "crypto/x509"
 	"testing"
 	"time"
 
@@ -201,32 +200,32 @@ func TestLint_RevocationListLint_CheckEffective(t *testing.T) {
 
 	type revocationList struct {
 		Description    string
-		RevocationList *ox509.RevocationList
+		RevocationList *x509.RevocationList
 	}
 
 	cZero := revocationList{
 		Description:    "cZero",
-		RevocationList: &ox509.RevocationList{ThisUpdate: zero},
+		RevocationList: &x509.RevocationList{ThisUpdate: zero},
 	}
 	cOne := revocationList{
 		Description:    "cOne",
-		RevocationList: &ox509.RevocationList{ThisUpdate: one},
+		RevocationList: &x509.RevocationList{ThisUpdate: one},
 	}
 	cTwo := revocationList{
 		Description:    "cTwo",
-		RevocationList: &ox509.RevocationList{ThisUpdate: two},
+		RevocationList: &x509.RevocationList{ThisUpdate: two},
 	}
 	cThree := revocationList{
 		Description:    "cThree",
-		RevocationList: &ox509.RevocationList{ThisUpdate: three},
+		RevocationList: &x509.RevocationList{ThisUpdate: three},
 	}
 	cFour := revocationList{
 		Description:    "cFour",
-		RevocationList: &ox509.RevocationList{ThisUpdate: four},
+		RevocationList: &x509.RevocationList{ThisUpdate: four},
 	}
 	cFive := revocationList{
 		Description:    "cFive",
-		RevocationList: &ox509.RevocationList{ThisUpdate: five},
+		RevocationList: &x509.RevocationList{ThisUpdate: five},
 	}
 
 	data := []struct {

v3/lint/lint_lookup.go

@@ -27,8 +27,8 @@ var (
 )
 
 type linterLookup interface {
-	// Names returns a list of all of the lint names that have been registered
-	// in string sorted order.
+	// Names returns a list of all lint names that have been registered.
+	// The returned list is sorted by lexicographical ordering.
 	Names() []string
 	// Sources returns a SourceList of registered LintSources. The list is not
 	// sorted but can be sorted by the caller with sort.Sort() if required.
@@ -37,7 +37,7 @@ type linterLookup interface {
 
 type linterLookupImpl struct {
 	sync.RWMutex
-	// lintNames is a sorted list of all of the registered lint names. It is
+	// lintNames is a sorted list of all registered lint names. It is
 	// equivalent to collecting the keys from lintsByName into a slice and sorting
 	// them lexicographically.
 	lintNames []string

v3/lint/registration_test.go

@@ -15,7 +15,6 @@ package lint
  */
 
 import (
-	ox509 "crypto/x509"
 	"reflect"
 	"regexp"
 	"sort"
@@ -70,11 +69,11 @@ func (m mockLint) Execute(c *x509.Certificate) *LintResult {
 
 type mockRevocationListLint struct{}
 
-func (m mockRevocationListLint) CheckApplies(c *ox509.RevocationList) bool {
+func (m mockRevocationListLint) CheckApplies(c *x509.RevocationList) bool {
 	return true
 }
 
-func (m mockRevocationListLint) Execute(c *ox509.RevocationList) *LintResult {
+func (m mockRevocationListLint) Execute(c *x509.RevocationList) *LintResult {
 	return nil
 }
 

v3/resultset.go

@@ -15,8 +15,6 @@
 package zlint
 
 import (
-	ox509 "crypto/x509"
-
 	"github.com/zmap/zcrypto/x509"
 	"github.com/zmap/zlint/v3/lint"
 )
@@ -49,7 +47,7 @@ func (z *ResultSet) executeCertificate(o *x509.Certificate, registry lint.Regist
 // Execute lints on the given CRL with all of the lints in the provided
 // registry. The ResultSet is mutated to trace the lint results obtained from
 // linting the CRL.
-func (z *ResultSet) executeRevocationList(o *ox509.RevocationList, registry lint.Registry) {
+func (z *ResultSet) executeRevocationList(o *x509.RevocationList, registry lint.Registry) {
 	z.Results = make(map[string]*lint.LintResult, len(registry.Names()))
 	// Run each lints from the registry.
 	for _, lint := range registry.RevocationListLints().Lints() {

v3/zlint.go

@@ -17,7 +17,6 @@
 package zlint
 
 import (
-	ox509 "crypto/x509"
 	"time"
 
 	"github.com/zmap/zcrypto/x509"
@@ -65,8 +64,8 @@ func LintCertificateEx(c *x509.Certificate, registry lint.Registry) *ResultSet {
 // LintRevocationList runs all registered lints on r using default options,
 // producing a ResultSet.
 //
-// Using LintRevocationList(r) is equivalent to calling LintRevocationList(r, nil).
-func LintRevocationList(r *ox509.RevocationList) *ResultSet {
+// Using LintRevocationList(r) is equivalent to calling LintRevocationListEx(r, nil).
+func LintRevocationList(r *x509.RevocationList) *ResultSet {
 	return LintRevocationListEx(r, nil)
 }
 
@@ -76,7 +75,7 @@ func LintRevocationList(r *ox509.RevocationList) *ResultSet {
 //
 // If registry is nil then the global registry of all lints is used and this
 // function is equivalent to calling LintRevocationListEx(r).
-func LintRevocationListEx(r *ox509.RevocationList, registry lint.Registry) *ResultSet {
+func LintRevocationListEx(r *x509.RevocationList, registry lint.Registry) *ResultSet {
 	if r == nil {
 		return nil
 	}