crypto/x509: remove leftover CertificateRequest field

Removes the KeyUsage field that was missed in the rollback in
CL 281235.
Also updates CreateCertificateRequest to reflect that these fields
were removed.

For #43407.
Updates #43477.
Updates #37172.

Change-Id: I6244aed4a3ef3c2460c38af5511e5c2e82546179
Reviewed-on: https://go-review.googlesource.com/c/go/+/287392
Trust: Alexander Rakoczy <alex@golang.org>
Trust: Roland Shoemaker <roland@golang.org>
Trust: Dmitri Shuralyov <dmitshur@golang.org>
Run-TryBot: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Alexander Rakoczy <alex@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 42d8158d63ce75052e0b74eea7f62d33143434f6..8c0299b11e9b5ad606591c38304cc8f2c3684437 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1997,15 +1997,6 @@ func buildCSRExtensions(template *CertificateRequest) ([]pkix.Extension, error)
                })
        }
 
-       if template.KeyUsage != 0 &&
-               !oidInExtensions(oidExtensionKeyUsage, template.ExtraExtensions) {
-               ext, err := marshalKeyUsage(template.KeyUsage)
-               if err != nil {
-                       return nil, err
-               }
-               ret = append(ret, ext)
-       }
-
        return append(ret, template.ExtraExtensions...), nil
 }
 
@@ -2371,7 +2362,6 @@ type CertificateRequest struct {
        Version            int
        Signature          []byte
        SignatureAlgorithm SignatureAlgorithm
-       KeyUsage           KeyUsage
 
        PublicKeyAlgorithm PublicKeyAlgorithm
        PublicKey          interface{}
@@ -2501,15 +2491,6 @@ func parseCSRExtensions(rawAttributes []asn1.RawValue) ([]pkix.Extension, error)
 //  - EmailAddresses
 //  - IPAddresses
 //  - URIs
-//  - KeyUsage
-//  - ExtKeyUsage
-//  - UnknownExtKeyUsage
-//  - BasicConstraintsValid
-//  - IsCA
-//  - MaxPathLen
-//  - MaxPathLenZero
-//  - SubjectKeyId
-//  - PolicyIdentifiers
 //  - ExtraExtensions
 //  - Attributes (deprecated)
 //
@@ -2734,11 +2715,6 @@ func parseCertificateRequest(in *certificateRequest) (*CertificateRequest, error
                        if err != nil {
                                return nil, err
                        }
-               case extension.Id.Equal(oidExtensionKeyUsage):
-                       out.KeyUsage, err = parseKeyUsageExtension(extension.Value)
-                       if err != nil {
-                               return nil, err
-                       }
                }
        }
 

diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index d5c7ec466b852d3baef3ecfb6503e262eecf5ada..51dda16815b0bb13d7bb6eb9c817ef203edd1c75 100644 (file)
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2977,7 +2977,6 @@ func TestCertificateRequestRoundtripFields(t *testing.T) {
                EmailAddresses: []string{"a@example.com", "b@example.com"},
                IPAddresses:    []net.IP{net.IPv4(192, 0, 2, 0), net.IPv6loopback},
                URIs:           []*url.URL{urlA, urlB},
-               KeyUsage:       KeyUsageCertSign,
        }
        out := marshalAndParseCSR(t, in)
 
@@ -2995,7 +2994,4 @@ func TestCertificateRequestRoundtripFields(t *testing.T) {
        if !reflect.DeepEqual(in.URIs, out.URIs) {
                t.Fatalf("Unexpected URIs: got %v, want %v", out.URIs, in.URIs)
        }
-       if in.KeyUsage != out.KeyUsage {
-               t.Fatalf("Unexpected KeyUsage: got %v, want %v", out.KeyUsage, in.KeyUsage)
-       }
 }