in certificate/certificate.go [297:337]
func getCertExtensions(cert *x509.Certificate) Extensions {
// initialize []string to store them as `[]` instead of null
san := make([]string, 0)
san = append(san, cert.DNSNames...)
crld := make([]string, 0)
crld = append(crld, cert.CRLDistributionPoints...)
constraints, _ := GetConstraints(cert)
ipNetSliceToStringSlice := func(in []*net.IPNet) []string {
out := make([]string, 0)
for _, ipnet := range in {
out = append(out, ipnet.String())
}
return out
}
permittedIPAddresses := ipNetSliceToStringSlice(constraints.PermittedIPRanges)
excludedIPAddresses := ipNetSliceToStringSlice(constraints.ExcludedIPRanges)
ext := Extensions{
AuthorityKeyId: base64.StdEncoding.EncodeToString(cert.AuthorityKeyId),
SubjectKeyId: base64.StdEncoding.EncodeToString(cert.SubjectKeyId),
KeyUsage: getKeyUsages(cert),
ExtendedKeyUsage: getExtKeyUsages(cert),
ExtendedKeyUsageOID: getExtKeyUsageOIDs(cert),
PolicyIdentifiers: getPolicyIdentifiers(cert),
SubjectAlternativeName: san,
CRLDistributionPoints: crld,
PermittedDNSDomains: constraints.PermittedDNSDomains,
ExcludedDNSDomains: constraints.ExcludedDNSDomains,
PermittedIPAddresses: permittedIPAddresses,
ExcludedIPAddresses: excludedIPAddresses,
}
for _, v := range cert.Extensions {
if OIDFieldName(v.Id) == "InhibitAnyPolicy" {
value, _ := strconv.Atoi(string(v.Value))
ext.InhibitAnyPolicy = &value
}
}
return ext
}