crypto/x509: add ExtKeyUsage.String and KeyUsage.String methods

Fixes #56866 Change-Id: Icc8f067820f5d74e0d5073bce160429e6a6a6964 Reviewed-on: https://go-review.googlesource.com/c/go/+/723360 Reviewed-by: Daniel McCarney <daniel@binaryparadox.net> Reviewed-by: Cherry Mui <cherryyz@google.com> Auto-Submit: Filippo Valsorda <filippo@golang.org> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Sean Liao <sean@liao.dev> Reviewed-by: Roland Shoemaker <roland@golang.org>
2025-12-08 06:10:04 +00:00 · 2025-11-22 16:26:24 +01:00 · 2025-11-22 16:26:24 +01:00 · c6f882f6c5
commit c6f882f6c5
parent 97d5295f6f
5 changed files with 122 additions and 24 deletions
--- a/api/next/56866.txt
+++ b/api/next/56866.txt
@ -0,0 +1,2 @@
 pkg crypto/x509, method (ExtKeyUsage) String() string #56866
 pkg crypto/x509, method (KeyUsage) String() string #56866
--- a/doc/next/6-stdlib/99-minor/crypto/x509/56866.md
+++ b/doc/next/6-stdlib/99-minor/crypto/x509/56866.md
@ -0,0 +1,2 @@
 The [ExtKeyUsage] and [KeyUsage] types now have String methods that return the
 correspodning OID names as defined in RFC 5280 and other registries.
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@ -1157,7 +1157,7 @@ NextCert:
 			}
 		}
-		const invalidUsage ExtKeyUsage = -1
+		const invalidUsage = -1
 	NextRequestedUsage:
 		for i, requestedUsage := range usages {
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@ -582,16 +582,18 @@ func oidFromECDHCurve(curve ecdh.Curve) (asn1.ObjectIdentifier, bool) {
 // a bitmap of the KeyUsage* constants.
 type KeyUsage int
 //go:generate stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go
 const (
-	KeyUsageDigitalSignature KeyUsage = 1 << iota
+	KeyUsageDigitalSignature  KeyUsage = 1 << iota // digitalSignature
-	KeyUsageContentCommitment
+	KeyUsageContentCommitment                      // contentCommitment
-	KeyUsageKeyEncipherment
+	KeyUsageKeyEncipherment                        // keyEncipherment
-	KeyUsageDataEncipherment
+	KeyUsageDataEncipherment                       // dataEncipherment
-	KeyUsageKeyAgreement
+	KeyUsageKeyAgreement                           // keyAgreement
-	KeyUsageCertSign
+	KeyUsageCertSign                               // keyCertSign
-	KeyUsageCRLSign
+	KeyUsageCRLSign                                // cRLSign
-	KeyUsageEncipherOnly
+	KeyUsageEncipherOnly                           // encipherOnly
-	KeyUsageDecipherOnly
+	KeyUsageDecipherOnly                           // decipherOnly
 )
 // RFC 5280, 4.2.1.12  Extended Key Usage
@ -606,6 +608,8 @@ const (
 //	id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
 //	id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
 //	id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
 //
 // https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
 var (
 	oidExtKeyUsageAny                            = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
 	oidExtKeyUsageServerAuth                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
@ -628,20 +632,20 @@ var (
 type ExtKeyUsage int
 const (
-	ExtKeyUsageAny ExtKeyUsage = iota
+	ExtKeyUsageAny                            ExtKeyUsage = iota // anyExtendedKeyUsage
-	ExtKeyUsageServerAuth
+	ExtKeyUsageServerAuth                                        // serverAuth
-	ExtKeyUsageClientAuth
+	ExtKeyUsageClientAuth                                        // clientAuth
-	ExtKeyUsageCodeSigning
+	ExtKeyUsageCodeSigning                                       // codeSigning
-	ExtKeyUsageEmailProtection
+	ExtKeyUsageEmailProtection                                   // emailProtection
-	ExtKeyUsageIPSECEndSystem
+	ExtKeyUsageIPSECEndSystem                                    // ipsecEndSystem
-	ExtKeyUsageIPSECTunnel
+	ExtKeyUsageIPSECTunnel                                       // ipsecTunnel
-	ExtKeyUsageIPSECUser
+	ExtKeyUsageIPSECUser                                         // ipsecUser
-	ExtKeyUsageTimeStamping
+	ExtKeyUsageTimeStamping                                      // timeStamping
-	ExtKeyUsageOCSPSigning
+	ExtKeyUsageOCSPSigning                                       // OCSPSigning
-	ExtKeyUsageMicrosoftServerGatedCrypto
+	ExtKeyUsageMicrosoftServerGatedCrypto                        // msSGC
-	ExtKeyUsageNetscapeServerGatedCrypto
+	ExtKeyUsageNetscapeServerGatedCrypto                         // nsSGC
-	ExtKeyUsageMicrosoftCommercialCodeSigning
+	ExtKeyUsageMicrosoftCommercialCodeSigning                    // msCodeCom
-	ExtKeyUsageMicrosoftKernelCodeSigning
+	ExtKeyUsageMicrosoftKernelCodeSigning                        // msKernelCode
 )
 // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID.
--- a/src/crypto/x509/x509_string.go
+++ b/src/crypto/x509/x509_string.go
@ -0,0 +1,90 @@
 // Code generated by "stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go"; DO NOT EDIT.
 package x509
 import "strconv"
 func _() {
 	// An "invalid array index" compiler error signifies that the constant values have changed.
 	// Re-run the stringer command to generate them again.
 	var x [1]struct{}
 	_ = x[KeyUsageDigitalSignature-1]
 	_ = x[KeyUsageContentCommitment-2]
 	_ = x[KeyUsageKeyEncipherment-4]
 	_ = x[KeyUsageDataEncipherment-8]
 	_ = x[KeyUsageKeyAgreement-16]
 	_ = x[KeyUsageCertSign-32]
 	_ = x[KeyUsageCRLSign-64]
 	_ = x[KeyUsageEncipherOnly-128]
 	_ = x[KeyUsageDecipherOnly-256]
 }
 const (
 	_KeyUsage_name_0 = "digitalSignaturecontentCommitment"
 	_KeyUsage_name_1 = "keyEncipherment"
 	_KeyUsage_name_2 = "dataEncipherment"
 	_KeyUsage_name_3 = "keyAgreement"
 	_KeyUsage_name_4 = "keyCertSign"
 	_KeyUsage_name_5 = "cRLSign"
 	_KeyUsage_name_6 = "encipherOnly"
 	_KeyUsage_name_7 = "decipherOnly"
 )
 var (
 	_KeyUsage_index_0 = [...]uint8{0, 16, 33}
 )
 func (i KeyUsage) String() string {
 	switch {
 	case 1 <= i && i <= 2:
 		i -= 1
 		return _KeyUsage_name_0[_KeyUsage_index_0[i]:_KeyUsage_index_0[i+1]]
 	case i == 4:
 		return _KeyUsage_name_1
 	case i == 8:
 		return _KeyUsage_name_2
 	case i == 16:
 		return _KeyUsage_name_3
 	case i == 32:
 		return _KeyUsage_name_4
 	case i == 64:
 		return _KeyUsage_name_5
 	case i == 128:
 		return _KeyUsage_name_6
 	case i == 256:
 		return _KeyUsage_name_7
 	default:
 		return "KeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
 	}
 }
 func _() {
 	// An "invalid array index" compiler error signifies that the constant values have changed.
 	// Re-run the stringer command to generate them again.
 	var x [1]struct{}
 	_ = x[ExtKeyUsageAny-0]
 	_ = x[ExtKeyUsageServerAuth-1]
 	_ = x[ExtKeyUsageClientAuth-2]
 	_ = x[ExtKeyUsageCodeSigning-3]
 	_ = x[ExtKeyUsageEmailProtection-4]
 	_ = x[ExtKeyUsageIPSECEndSystem-5]
 	_ = x[ExtKeyUsageIPSECTunnel-6]
 	_ = x[ExtKeyUsageIPSECUser-7]
 	_ = x[ExtKeyUsageTimeStamping-8]
 	_ = x[ExtKeyUsageOCSPSigning-9]
 	_ = x[ExtKeyUsageMicrosoftServerGatedCrypto-10]
 	_ = x[ExtKeyUsageNetscapeServerGatedCrypto-11]
 	_ = x[ExtKeyUsageMicrosoftCommercialCodeSigning-12]
 	_ = x[ExtKeyUsageMicrosoftKernelCodeSigning-13]
 }
 const _ExtKeyUsage_name = "anyExtendedKeyUsageserverAuthclientAuthcodeSigningemailProtectionipsecEndSystemipsecTunnelipsecUsertimeStampingOCSPSigningmsSGCnsSGCmsCodeCommsKernelCode"
 var _ExtKeyUsage_index = [...]uint8{0, 19, 29, 39, 50, 65, 79, 90, 99, 111, 122, 127, 132, 141, 153}
 func (i ExtKeyUsage) String() string {
 	idx := int(i) - 0
 	if i < 0 || idx >= len(_ExtKeyUsage_index)-1 {
 		return "ExtKeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
 	}
 	return _ExtKeyUsage_name[_ExtKeyUsage_index[idx]:_ExtKeyUsage_index[idx+1]]
 }
		`@ -0,0 +1,2 @@`
							`pkg crypto/x509, method (ExtKeyUsage) String() string #56866`
							`pkg crypto/x509, method (KeyUsage) String() string #56866`
		`@ -0,0 +1,2 @@`
							`The [ExtKeyUsage] and [KeyUsage] types now have String methods that return the`
							`correspodning OID names as defined in RFC 5280 and other registries.`