in capi/lib/service/interpretation.go [38:107]
func InterpretResult(result *model.TestWebsiteResult, expectation Expectation) {
switch expectation {
case Valid:
//////// Expiration checks
// Leaf must NOT be expired
result.Opinion.Append(assertNotExpired(result.Chain.Leaf, Leaf))
// Intermediates must NOT be expired
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertNotExpired(intermediate, Intermediate))
}
// Root must NOT be expired.
result.Opinion.Append(assertNotExpired(result.Chain.Root, Root))
/////// Revocation checks
// Leaf MUST be Good
result.Opinion.Append(assertNotRevoked(result.Chain.Leaf, Leaf))
// Intermediates MUST be Good.
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertNotRevoked(intermediate, Intermediate))
}
// Root must be Good
result.Opinion.Append(assertNotRevoked(result.Chain.Root, Root))
case Expired:
//////// Expiration checks
// Leaf MUST be expired
result.Opinion.Append(assertExpired(result.Chain.Leaf, Leaf))
// Intermediates MAY be expired
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertMayBeExpired(intermediate, Intermediate))
}
// Root must NOT be expired.
result.Opinion.Append(assertNotExpired(result.Chain.Root, Root))
/////// Revocation checks
//
// By policy, we do not care whether or not the leaf certificate
// is revoked by any CRL or OCSP responder.
//
// Intermediates may be good (or Unauthorized iff they are expired)
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertNotRevoked(intermediate, Intermediate))
}
// Root must be Good
result.Opinion.Append(assertNotRevoked(result.Chain.Root, Root))
case Revoked:
//////// Expiration checks
// Leaf must not be expired.
result.Opinion.Append(assertNotExpired(result.Chain.Leaf, Leaf))
// Intermediates must not be expired
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertNotExpired(intermediate, Intermediate))
}
// Root must not be expired
result.Opinion.Append(assertNotExpired(result.Chain.Root, Root))
/////// Revocation checks
// Leaf MUST be revoked.
result.Opinion.Append(assertRevoked(result.Chain.Leaf, Leaf))
// Intermediates MAY be revoked
for _, intermediate := range result.Chain.Intermediates {
result.Opinion.Append(assertMayBeRevoked(intermediate, Intermediate))
}
// Root must NOT be revoked
result.Opinion.Append(assertNotRevoked(result.Chain.Root, Root))
}
switch len(result.Opinion.Errors) == 0 {
case true:
result.Opinion.Result = model.PASS
case false:
result.Opinion.Result = model.FAIL
}
}