crypto/x509: add ExtKeyUsage.String and KeyUsage.String methods

Fixes #56866

Change-Id: Icc8f067820f5d74e0d5073bce160429e6a6a6964
Reviewed-on: https://go-review.googlesource.com/c/go/+/723360
Reviewed-by: Daniel McCarney <daniel@binaryparadox.net>
Reviewed-by: Cherry Mui <cherryyz@google.com>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Sean Liao <sean@liao.dev>
Reviewed-by: Roland Shoemaker <roland@golang.org>

3 files changed, 118 insertions, 24 deletions

diff --git a/src/crypto/x509/verify.go b/src/crypto/x509/verify.go
index 12e59335b2..b13e093345 100644
--- a/src/crypto/x509/verify.go
+++ b/src/crypto/x509/verify.go
@@ -1157,7 +1157,7 @@ NextCert:
 			}
 		}
 
-		const invalidUsage ExtKeyUsage = -1
+		const invalidUsage = -1
 
 	NextRequestedUsage:
 		for i, requestedUsage := range usages {
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 1f06b4fbc5..afd3d8673a 100644
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -582,16 +582,18 @@ func oidFromECDHCurve(curve ecdh.Curve) (asn1.ObjectIdentifier, bool) {
 // a bitmap of the KeyUsage* constants.
 type KeyUsage int
 
+//go:generate stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go
+
 const (
-	KeyUsageDigitalSignature KeyUsage = 1 << iota
-	KeyUsageContentCommitment
-	KeyUsageKeyEncipherment
-	KeyUsageDataEncipherment
-	KeyUsageKeyAgreement
-	KeyUsageCertSign
-	KeyUsageCRLSign
-	KeyUsageEncipherOnly
-	KeyUsageDecipherOnly
+	KeyUsageDigitalSignature  KeyUsage = 1 << iota // digitalSignature
+	KeyUsageContentCommitment                      // contentCommitment
+	KeyUsageKeyEncipherment                        // keyEncipherment
+	KeyUsageDataEncipherment                       // dataEncipherment
+	KeyUsageKeyAgreement                           // keyAgreement
+	KeyUsageCertSign                               // keyCertSign
+	KeyUsageCRLSign                                // cRLSign
+	KeyUsageEncipherOnly                           // encipherOnly
+	KeyUsageDecipherOnly                           // decipherOnly
 )
 
 // RFC 5280, 4.2.1.12  Extended Key Usage
@@ -606,6 +608,8 @@ const (
 //	id-kp-emailProtection        OBJECT IDENTIFIER ::= { id-kp 4 }
 //	id-kp-timeStamping           OBJECT IDENTIFIER ::= { id-kp 8 }
 //	id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
+//
+// https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.3
 var (
 	oidExtKeyUsageAny                            = asn1.ObjectIdentifier{2, 5, 29, 37, 0}
 	oidExtKeyUsageServerAuth                     = asn1.ObjectIdentifier{1, 3, 6, 1, 5, 5, 7, 3, 1}
@@ -628,20 +632,20 @@ var (
 type ExtKeyUsage int
 
 const (
-	ExtKeyUsageAny ExtKeyUsage = iota
-	ExtKeyUsageServerAuth
-	ExtKeyUsageClientAuth
-	ExtKeyUsageCodeSigning
-	ExtKeyUsageEmailProtection
-	ExtKeyUsageIPSECEndSystem
-	ExtKeyUsageIPSECTunnel
-	ExtKeyUsageIPSECUser
-	ExtKeyUsageTimeStamping
-	ExtKeyUsageOCSPSigning
-	ExtKeyUsageMicrosoftServerGatedCrypto
-	ExtKeyUsageNetscapeServerGatedCrypto
-	ExtKeyUsageMicrosoftCommercialCodeSigning
-	ExtKeyUsageMicrosoftKernelCodeSigning
+	ExtKeyUsageAny                            ExtKeyUsage = iota // anyExtendedKeyUsage
+	ExtKeyUsageServerAuth                                        // serverAuth
+	ExtKeyUsageClientAuth                                        // clientAuth
+	ExtKeyUsageCodeSigning                                       // codeSigning
+	ExtKeyUsageEmailProtection                                   // emailProtection
+	ExtKeyUsageIPSECEndSystem                                    // ipsecEndSystem
+	ExtKeyUsageIPSECTunnel                                       // ipsecTunnel
+	ExtKeyUsageIPSECUser                                         // ipsecUser
+	ExtKeyUsageTimeStamping                                      // timeStamping
+	ExtKeyUsageOCSPSigning                                       // OCSPSigning
+	ExtKeyUsageMicrosoftServerGatedCrypto                        // msSGC
+	ExtKeyUsageNetscapeServerGatedCrypto                         // nsSGC
+	ExtKeyUsageMicrosoftCommercialCodeSigning                    // msCodeCom
+	ExtKeyUsageMicrosoftKernelCodeSigning                        // msKernelCode
 )
 
 // extKeyUsageOIDs contains the mapping between an ExtKeyUsage and its OID.
diff --git a/src/crypto/x509/x509_string.go b/src/crypto/x509/x509_string.go
new file mode 100644
index 0000000000..9670b25bc3
--- /dev/null
+++ b/src/crypto/x509/x509_string.go
@@ -0,0 +1,90 @@
+// Code generated by "stringer -linecomment -type=KeyUsage,ExtKeyUsage -output=x509_string.go"; DO NOT EDIT.
+
+package x509
+
+import "strconv"
+
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[KeyUsageDigitalSignature-1]
+	_ = x[KeyUsageContentCommitment-2]
+	_ = x[KeyUsageKeyEncipherment-4]
+	_ = x[KeyUsageDataEncipherment-8]
+	_ = x[KeyUsageKeyAgreement-16]
+	_ = x[KeyUsageCertSign-32]
+	_ = x[KeyUsageCRLSign-64]
+	_ = x[KeyUsageEncipherOnly-128]
+	_ = x[KeyUsageDecipherOnly-256]
+}
+
+const (
+	_KeyUsage_name_0 = "digitalSignaturecontentCommitment"
+	_KeyUsage_name_1 = "keyEncipherment"
+	_KeyUsage_name_2 = "dataEncipherment"
+	_KeyUsage_name_3 = "keyAgreement"
+	_KeyUsage_name_4 = "keyCertSign"
+	_KeyUsage_name_5 = "cRLSign"
+	_KeyUsage_name_6 = "encipherOnly"
+	_KeyUsage_name_7 = "decipherOnly"
+)
+
+var (
+	_KeyUsage_index_0 = [...]uint8{0, 16, 33}
+)
+
+func (i KeyUsage) String() string {
+	switch {
+	case 1 <= i && i <= 2:
+		i -= 1
+		return _KeyUsage_name_0[_KeyUsage_index_0[i]:_KeyUsage_index_0[i+1]]
+	case i == 4:
+		return _KeyUsage_name_1
+	case i == 8:
+		return _KeyUsage_name_2
+	case i == 16:
+		return _KeyUsage_name_3
+	case i == 32:
+		return _KeyUsage_name_4
+	case i == 64:
+		return _KeyUsage_name_5
+	case i == 128:
+		return _KeyUsage_name_6
+	case i == 256:
+		return _KeyUsage_name_7
+	default:
+		return "KeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+}
+func _() {
+	// An "invalid array index" compiler error signifies that the constant values have changed.
+	// Re-run the stringer command to generate them again.
+	var x [1]struct{}
+	_ = x[ExtKeyUsageAny-0]
+	_ = x[ExtKeyUsageServerAuth-1]
+	_ = x[ExtKeyUsageClientAuth-2]
+	_ = x[ExtKeyUsageCodeSigning-3]
+	_ = x[ExtKeyUsageEmailProtection-4]
+	_ = x[ExtKeyUsageIPSECEndSystem-5]
+	_ = x[ExtKeyUsageIPSECTunnel-6]
+	_ = x[ExtKeyUsageIPSECUser-7]
+	_ = x[ExtKeyUsageTimeStamping-8]
+	_ = x[ExtKeyUsageOCSPSigning-9]
+	_ = x[ExtKeyUsageMicrosoftServerGatedCrypto-10]
+	_ = x[ExtKeyUsageNetscapeServerGatedCrypto-11]
+	_ = x[ExtKeyUsageMicrosoftCommercialCodeSigning-12]
+	_ = x[ExtKeyUsageMicrosoftKernelCodeSigning-13]
+}
+
+const _ExtKeyUsage_name = "anyExtendedKeyUsageserverAuthclientAuthcodeSigningemailProtectionipsecEndSystemipsecTunnelipsecUsertimeStampingOCSPSigningmsSGCnsSGCmsCodeCommsKernelCode"
+
+var _ExtKeyUsage_index = [...]uint8{0, 19, 29, 39, 50, 65, 79, 90, 99, 111, 122, 127, 132, 141, 153}
+
+func (i ExtKeyUsage) String() string {
+	idx := int(i) - 0
+	if i < 0 || idx >= len(_ExtKeyUsage_index)-1 {
+		return "ExtKeyUsage(" + strconv.FormatInt(int64(i), 10) + ")"
+	}
+	return _ExtKeyUsage_name[_ExtKeyUsage_index[idx]:_ExtKeyUsage_index[idx+1]]
+}