From 0862f4fe627a9933b103d1a0e504c7c434e3aff9 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 17:35:26 -0400 Subject: [PATCH 01/15] certificate: new APIs Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 52 ++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index 06fc3a3ba4df..f5073c30fa77 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -4,8 +4,21 @@ use crate::common; use crate::extensions; -use crate::extensions::Extensions; +use crate::extensions::{Extension, Extensions}; use crate::name; +use crate::name::NameReadable; + +#[derive(Debug, PartialEq)] +pub enum CertificateError { + DuplicateExtension(asn1::ObjectIdentifier), + Malformed(asn1::ParseError), +} + +impl From for CertificateError { + fn from(value: asn1::ParseError) -> Self { + CertificateError::Malformed(value) + } +} #[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] pub struct Certificate<'a> { @@ -14,6 +27,43 @@ pub struct Certificate<'a> { pub signature: asn1::BitString<'a>, } +impl Certificate<'_> { + pub fn issuer(&self) -> &NameReadable<'_> { + self.tbs_cert.issuer.unwrap_read() + } + + pub fn subject(&self) -> &NameReadable<'_> { + self.tbs_cert.subject.unwrap_read() + } + + pub fn is_self_issued(&self) -> bool { + self.issuer() == self.subject() + } + + pub fn extensions(&self) -> Result, CertificateError> { + self.tbs_cert + .extensions() + .map_err(CertificateError::DuplicateExtension) + } + + pub fn extension_is_critical(&self, oid: &asn1::ObjectIdentifier) -> bool { + match self.extensions() { + Ok(exts) => exts + .get_extension(oid) + .map(|ext| ext.critical) + .unwrap_or(false), + Err(_) => false, + } + } + + pub fn extension( + &self, + oid: &asn1::ObjectIdentifier, + ) -> Result>, CertificateError> { + Ok(self.extensions()?.get_extension(oid)) + } +} + #[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] pub struct TbsCertificate<'a> { #[explicit(0)] From 8e5e703b3fc9003565f24351d5365080fb7be932 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 17:38:01 -0400 Subject: [PATCH 02/15] certificate: docs Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index f5073c30fa77..f5ffba4388db 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -28,24 +28,32 @@ pub struct Certificate<'a> { } impl Certificate<'_> { + /// Returns the certificate's issuer. pub fn issuer(&self) -> &NameReadable<'_> { self.tbs_cert.issuer.unwrap_read() } + /// Returns the certificate's subject. pub fn subject(&self) -> &NameReadable<'_> { self.tbs_cert.subject.unwrap_read() } + /// Returns whether the certificate is "self-issued", whether its + /// issuer and subject are the same. pub fn is_self_issued(&self) -> bool { self.issuer() == self.subject() } + /// Returns an iterable container over the certificate's extension, or + /// an error if the extension set contains a duplicate extension. pub fn extensions(&self) -> Result, CertificateError> { self.tbs_cert .extensions() .map_err(CertificateError::DuplicateExtension) } + /// Returns whether the given extension (by OID) is critical, or + /// false if the extension is not present. pub fn extension_is_critical(&self, oid: &asn1::ObjectIdentifier) -> bool { match self.extensions() { Ok(exts) => exts @@ -56,6 +64,7 @@ impl Certificate<'_> { } } + /// Returns a specific extension by OID. pub fn extension( &self, oid: &asn1::ObjectIdentifier, From b9bd4c843d181a57fd5054cd52d94fc4073852db Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 17:51:45 -0400 Subject: [PATCH 03/15] certificate: remove some APIs Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 27 +++---------------- 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index f5ffba4388db..cff656a6c5b5 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -47,29 +47,7 @@ impl Certificate<'_> { /// Returns an iterable container over the certificate's extension, or /// an error if the extension set contains a duplicate extension. pub fn extensions(&self) -> Result, CertificateError> { - self.tbs_cert - .extensions() - .map_err(CertificateError::DuplicateExtension) - } - - /// Returns whether the given extension (by OID) is critical, or - /// false if the extension is not present. - pub fn extension_is_critical(&self, oid: &asn1::ObjectIdentifier) -> bool { - match self.extensions() { - Ok(exts) => exts - .get_extension(oid) - .map(|ext| ext.critical) - .unwrap_or(false), - Err(_) => false, - } - } - - /// Returns a specific extension by OID. - pub fn extension( - &self, - oid: &asn1::ObjectIdentifier, - ) -> Result>, CertificateError> { - Ok(self.extensions()?.get_extension(oid)) + self.tbs_cert.extensions() } } @@ -95,8 +73,9 @@ pub struct TbsCertificate<'a> { } impl TbsCertificate<'_> { - pub fn extensions(&self) -> Result, asn1::ObjectIdentifier> { + pub fn extensions(&self) -> Result, CertificateError> { Extensions::from_raw_extensions(self.raw_extensions.as_ref()) + .map_err(CertificateError::DuplicateExtension) } } From ee514c110c780e547e0655e9c21bceaf3263216d Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 17:53:41 -0400 Subject: [PATCH 04/15] remove import Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index cff656a6c5b5..14a5e9fb309e 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -4,7 +4,7 @@ use crate::common; use crate::extensions; -use crate::extensions::{Extension, Extensions}; +use crate::extensions::Extensions; use crate::name; use crate::name::NameReadable; From 4b85e407aaa788970941f5021c7fa0fbd271b258 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:02:41 -0400 Subject: [PATCH 05/15] rust: fixup error types Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 6 +++--- src/rust/cryptography-x509/src/extensions.rs | 8 ++++---- src/rust/src/x509/certificate.rs | 6 +++--- src/rust/src/x509/common.rs | 6 +++--- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index 14a5e9fb309e..acf112a9ea7e 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -5,6 +5,7 @@ use crate::common; use crate::extensions; use crate::extensions::Extensions; +use crate::extensions::ExtensionsError; use crate::name; use crate::name::NameReadable; @@ -46,7 +47,7 @@ impl Certificate<'_> { /// Returns an iterable container over the certificate's extension, or /// an error if the extension set contains a duplicate extension. - pub fn extensions(&self) -> Result, CertificateError> { + pub fn extensions(&self) -> Result, ExtensionsError> { self.tbs_cert.extensions() } } @@ -73,9 +74,8 @@ pub struct TbsCertificate<'a> { } impl TbsCertificate<'_> { - pub fn extensions(&self) -> Result, CertificateError> { + pub fn extensions(&self) -> Result, ExtensionsError> { Extensions::from_raw_extensions(self.raw_extensions.as_ref()) - .map_err(CertificateError::DuplicateExtension) } } diff --git a/src/rust/cryptography-x509/src/extensions.rs b/src/rust/cryptography-x509/src/extensions.rs index cf48fdbf6087..a0062a258dba 100644 --- a/src/rust/cryptography-x509/src/extensions.rs +++ b/src/rust/cryptography-x509/src/extensions.rs @@ -8,6 +8,8 @@ use crate::common; use crate::crl; use crate::name; +pub struct ExtensionsError(pub asn1::ObjectIdentifier); + pub type RawExtensions<'a> = common::Asn1ReadableOrWritable< 'a, asn1::SequenceOf<'a, Extension<'a>>, @@ -25,16 +27,14 @@ impl<'a> Extensions<'a> { /// /// Returns an `Err` variant containing the first duplicated extension's /// OID, if there are any duplicates. - pub fn from_raw_extensions( - raw: Option<&RawExtensions<'a>>, - ) -> Result { + pub fn from_raw_extensions(raw: Option<&RawExtensions<'a>>) -> Result { match raw { Some(raw_exts) => { let mut seen_oids = HashSet::new(); for ext in raw_exts.unwrap_read().clone() { if !seen_oids.insert(ext.extn_id.clone()) { - return Err(ext.extn_id); + return Err(ExtensionsError(ext.extn_id)); } } diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index c085ab683820..5c413aec5c09 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -185,10 +185,10 @@ impl Certificate { let result = asn1::write_single(&tbs_precert)?; Ok(pyo3::types::PyBytes::new(py, &result)) } - Err(oid) => { - let oid_obj = oid_to_py_oid(py, &oid)?; + Err(err) => { + let oid_obj = oid_to_py_oid(py, &err.0)?; Err(exceptions::DuplicateExtension::new_err(( - format!("Duplicate {} extension found", oid), + format!("Duplicate {} extension found", &err.0), oid_obj.into_py(py), )) .into()) diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs index e38f9b321730..bfb1f743ac85 100644 --- a/src/rust/src/x509/common.rs +++ b/src/rust/src/x509/common.rs @@ -395,10 +395,10 @@ pub(crate) fn parse_and_cache_extensions< let extensions = match Extensions::from_raw_extensions(raw_extensions.as_ref()) { Ok(extensions) => extensions, - Err(oid) => { - let oid_obj = oid_to_py_oid(py, &oid)?; + Err(err) => { + let oid_obj = oid_to_py_oid(py, &err.0)?; return Err(exceptions::DuplicateExtension::new_err(( - format!("Duplicate {} extension found", oid), + format!("Duplicate {} extension found", &err.0), oid_obj.into_py(py), ))); } From 8feec2714c00db1b15115b163ebaf3001f30e66f Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:03:40 -0400 Subject: [PATCH 06/15] extensions: Debug Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/extensions.rs | 1 + 1 file changed, 1 insertion(+) diff --git a/src/rust/cryptography-x509/src/extensions.rs b/src/rust/cryptography-x509/src/extensions.rs index a0062a258dba..5c6b4a1d8b7a 100644 --- a/src/rust/cryptography-x509/src/extensions.rs +++ b/src/rust/cryptography-x509/src/extensions.rs @@ -8,6 +8,7 @@ use crate::common; use crate::crl; use crate::name; +#[derive(Debug)] pub struct ExtensionsError(pub asn1::ObjectIdentifier); pub type RawExtensions<'a> = common::Asn1ReadableOrWritable< From e76fcac17e449742aa1feed4301670dc3f23b5b9 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:04:33 -0400 Subject: [PATCH 07/15] certificate: remove CertificateError Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index acf112a9ea7e..1da248dc43fe 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -9,18 +9,6 @@ use crate::extensions::ExtensionsError; use crate::name; use crate::name::NameReadable; -#[derive(Debug, PartialEq)] -pub enum CertificateError { - DuplicateExtension(asn1::ObjectIdentifier), - Malformed(asn1::ParseError), -} - -impl From for CertificateError { - fn from(value: asn1::ParseError) -> Self { - CertificateError::Malformed(value) - } -} - #[derive(asn1::Asn1Read, asn1::Asn1Write, Hash, PartialEq, Eq, Clone)] pub struct Certificate<'a> { pub tbs_cert: TbsCertificate<'a>, From b2577cade8a59f541bfbd6e704a22ecb7ae17bb0 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:12:03 -0400 Subject: [PATCH 08/15] rename error Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 6 +++--- src/rust/cryptography-x509/src/extensions.rs | 8 +++++--- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index 1da248dc43fe..ecec95308a67 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -4,8 +4,8 @@ use crate::common; use crate::extensions; +use crate::extensions::DuplicateExtensionsError; use crate::extensions::Extensions; -use crate::extensions::ExtensionsError; use crate::name; use crate::name::NameReadable; @@ -35,7 +35,7 @@ impl Certificate<'_> { /// Returns an iterable container over the certificate's extension, or /// an error if the extension set contains a duplicate extension. - pub fn extensions(&self) -> Result, ExtensionsError> { + pub fn extensions(&self) -> Result, DuplicateExtensionsError> { self.tbs_cert.extensions() } } @@ -62,7 +62,7 @@ pub struct TbsCertificate<'a> { } impl TbsCertificate<'_> { - pub fn extensions(&self) -> Result, ExtensionsError> { + pub fn extensions(&self) -> Result, DuplicateExtensionsError> { Extensions::from_raw_extensions(self.raw_extensions.as_ref()) } } diff --git a/src/rust/cryptography-x509/src/extensions.rs b/src/rust/cryptography-x509/src/extensions.rs index 5c6b4a1d8b7a..3c3be4f7b87f 100644 --- a/src/rust/cryptography-x509/src/extensions.rs +++ b/src/rust/cryptography-x509/src/extensions.rs @@ -9,7 +9,7 @@ use crate::crl; use crate::name; #[derive(Debug)] -pub struct ExtensionsError(pub asn1::ObjectIdentifier); +pub struct DuplicateExtensionsError(pub asn1::ObjectIdentifier); pub type RawExtensions<'a> = common::Asn1ReadableOrWritable< 'a, @@ -28,14 +28,16 @@ impl<'a> Extensions<'a> { /// /// Returns an `Err` variant containing the first duplicated extension's /// OID, if there are any duplicates. - pub fn from_raw_extensions(raw: Option<&RawExtensions<'a>>) -> Result { + pub fn from_raw_extensions( + raw: Option<&RawExtensions<'a>>, + ) -> Result { match raw { Some(raw_exts) => { let mut seen_oids = HashSet::new(); for ext in raw_exts.unwrap_read().clone() { if !seen_oids.insert(ext.extn_id.clone()) { - return Err(ExtensionsError(ext.extn_id)); + return Err(DuplicateExtensionsError(ext.extn_id)); } } From dfef3ccaf9b1ec125eed992c0c844f74505ea458 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:23:37 -0400 Subject: [PATCH 09/15] rust: nicer error unpacking Signed-off-by: William Woodruff --- src/rust/src/x509/certificate.rs | 13 +++++++------ src/rust/src/x509/common.rs | 10 ++++++---- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index 5c413aec5c09..05e1a1e42160 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -13,9 +13,10 @@ use cryptography_x509::certificate::Certificate as RawCertificate; use cryptography_x509::common::{AlgorithmParameters, Asn1ReadableOrWritable}; use cryptography_x509::extensions::{ AuthorityKeyIdentifier, BasicConstraints, DisplayText, DistributionPoint, - DistributionPointName, IssuerAlternativeName, KeyUsage, MSCertificateTemplate, NameConstraints, - PolicyConstraints, PolicyInformation, PolicyQualifierInfo, Qualifier, RawExtensions, - SequenceOfAccessDescriptions, SequenceOfSubtrees, UserNotice, + DistributionPointName, DuplicateExtensionsError, IssuerAlternativeName, KeyUsage, + MSCertificateTemplate, NameConstraints, PolicyConstraints, PolicyInformation, + PolicyQualifierInfo, Qualifier, RawExtensions, SequenceOfAccessDescriptions, + SequenceOfSubtrees, UserNotice, }; use cryptography_x509::extensions::{Extension, SubjectAlternativeName}; use cryptography_x509::{common, oid}; @@ -185,10 +186,10 @@ impl Certificate { let result = asn1::write_single(&tbs_precert)?; Ok(pyo3::types::PyBytes::new(py, &result)) } - Err(err) => { - let oid_obj = oid_to_py_oid(py, &err.0)?; + Err(DuplicateExtensionsError(oid)) => { + let oid_obj = oid_to_py_oid(py, &oid)?; Err(exceptions::DuplicateExtension::new_err(( - format!("Duplicate {} extension found", &err.0), + format!("Duplicate {} extension found", &oid), oid_obj.into_py(py), )) .into()) diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs index bfb1f743ac85..172f94a02914 100644 --- a/src/rust/src/x509/common.rs +++ b/src/rust/src/x509/common.rs @@ -6,7 +6,9 @@ use crate::asn1::{oid_to_py_oid, py_oid_to_oid}; use crate::error::{CryptographyError, CryptographyResult}; use crate::{exceptions, x509}; use cryptography_x509::common::{Asn1ReadableOrWritable, AttributeTypeValue, RawTlv}; -use cryptography_x509::extensions::{AccessDescription, Extension, Extensions, RawExtensions}; +use cryptography_x509::extensions::{ + AccessDescription, DuplicateExtensionsError, Extension, Extensions, RawExtensions, +}; use cryptography_x509::name::{GeneralName, Name, OtherName, UnvalidatedIA5String}; use pyo3::types::IntoPyDict; use pyo3::{IntoPy, ToPyObject}; @@ -395,10 +397,10 @@ pub(crate) fn parse_and_cache_extensions< let extensions = match Extensions::from_raw_extensions(raw_extensions.as_ref()) { Ok(extensions) => extensions, - Err(err) => { - let oid_obj = oid_to_py_oid(py, &err.0)?; + Err(DuplicateExtensionsError(oid)) => { + let oid_obj = oid_to_py_oid(py, &oid)?; return Err(exceptions::DuplicateExtension::new_err(( - format!("Duplicate {} extension found", &err.0), + format!("Duplicate {} extension found", &oid), oid_obj.into_py(py), ))); } From f01254a177cc348e8d05e0569b1afb998f293f79 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:30:46 -0400 Subject: [PATCH 10/15] certificate: use extensions() Signed-off-by: William Woodruff --- src/rust/src/x509/certificate.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index 05e1a1e42160..3f24c811a662 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -161,7 +161,7 @@ impl Certificate { let val = self.raw.borrow_dependent(); let mut tbs_precert = val.tbs_cert.clone(); // Remove the SCT list extension - match val.tbs_cert.extensions() { + match val.extensions() { Ok(extensions) => { let ext_count = extensions .as_raw() From 705de99a121a61b17e73c9c32747332b3102500b Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:34:47 -0400 Subject: [PATCH 11/15] rust: use subject() and issuer() APIs Signed-off-by: William Woodruff --- src/rust/src/x509/certificate.rs | 12 ++++-------- src/rust/src/x509/common.rs | 8 ++++---- src/rust/src/x509/crl.rs | 7 ++++++- src/rust/src/x509/csr.rs | 2 +- src/rust/src/x509/ocsp_resp.rs | 4 +++- 5 files changed, 18 insertions(+), 15 deletions(-) diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index 3f24c811a662..64c9ac85b102 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -130,18 +130,14 @@ impl Certificate { #[getter] fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok( - x509::parse_name(py, &self.raw.borrow_dependent().tbs_cert.issuer) - .map_err(|e| e.add_location(asn1::ParseLocation::Field("issuer")))?, - ) + Ok(x509::parse_name(py, &self.raw.borrow_dependent().issuer()) + .map_err(|e| e.add_location(asn1::ParseLocation::Field("issuer")))?) } #[getter] fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok( - x509::parse_name(py, &self.raw.borrow_dependent().tbs_cert.subject) - .map_err(|e| e.add_location(asn1::ParseLocation::Field("subject")))?, - ) + Ok(x509::parse_name(py, &self.raw.borrow_dependent().subject()) + .map_err(|e| e.add_location(asn1::ParseLocation::Field("subject")))?) } #[getter] diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs index 172f94a02914..ead503b945bb 100644 --- a/src/rust/src/x509/common.rs +++ b/src/rust/src/x509/common.rs @@ -9,7 +9,7 @@ use cryptography_x509::common::{Asn1ReadableOrWritable, AttributeTypeValue, RawT use cryptography_x509::extensions::{ AccessDescription, DuplicateExtensionsError, Extension, Extensions, RawExtensions, }; -use cryptography_x509::name::{GeneralName, Name, OtherName, UnvalidatedIA5String}; +use cryptography_x509::name::{GeneralName, Name, NameReadable, OtherName, UnvalidatedIA5String}; use pyo3::types::IntoPyDict; use pyo3::{IntoPy, ToPyObject}; @@ -175,11 +175,11 @@ pub(crate) fn encode_access_descriptions<'a>( pub(crate) fn parse_name<'p>( py: pyo3::Python<'p>, - name: &Name<'_>, + name: &NameReadable<'_>, ) -> Result<&'p pyo3::PyAny, CryptographyError> { let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?; let py_rdns = pyo3::types::PyList::empty(py); - for rdn in name.unwrap_read().clone() { + for rdn in name.clone() { let py_rdn = parse_rdn(py, &rdn)?; py_rdns.append(py_rdn)?; } @@ -274,7 +274,7 @@ pub(crate) fn parse_general_name( .call_method1(pyo3::intern!(py, "_init_without_validation"), (data.0,))? .to_object(py), GeneralName::DirectoryName(data) => { - let py_name = parse_name(py, &data)?; + let py_name = parse_name(py, &data.unwrap_read())?; x509_module .call_method1(pyo3::intern!(py, "DirectoryName"), (py_name,))? .to_object(py) diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs index fbb7b4668bb1..4c372e0cefe5 100644 --- a/src/rust/src/x509/crl.rs +++ b/src/rust/src/x509/crl.rs @@ -240,7 +240,12 @@ impl CertificateRevocationList { fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { Ok(x509::parse_name( py, - &self.owned.borrow_dependent().tbs_cert_list.issuer, + &self + .owned + .borrow_dependent() + .tbs_cert_list + .issuer + .unwrap_read(), )?) } diff --git a/src/rust/src/x509/csr.rs b/src/rust/src/x509/csr.rs index 0df274c3e693..7ff9d76a68a7 100644 --- a/src/rust/src/x509/csr.rs +++ b/src/rust/src/x509/csr.rs @@ -74,7 +74,7 @@ impl CertificateSigningRequest { fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { Ok(x509::parse_name( py, - &self.raw.borrow_dependent().csr_info.subject, + &self.raw.borrow_dependent().csr_info.subject.unwrap_read(), )?) } diff --git a/src/rust/src/x509/ocsp_resp.rs b/src/rust/src/x509/ocsp_resp.rs index abb32d526392..49cd67fda8aa 100644 --- a/src/rust/src/x509/ocsp_resp.rs +++ b/src/rust/src/x509/ocsp_resp.rs @@ -147,7 +147,9 @@ impl OCSPResponse { fn responder_name<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { let resp = self.requires_successful_response()?; match resp.tbs_response_data.responder_id { - ocsp_resp::ResponderId::ByName(ref name) => Ok(x509::parse_name(py, name)?), + ocsp_resp::ResponderId::ByName(ref name) => { + Ok(x509::parse_name(py, name.unwrap_read())?) + } ocsp_resp::ResponderId::ByKey(_) => Ok(py.None().into_ref(py)), } } From 13117ad727a8d065213a2346e8c3512429154022 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:39:27 -0400 Subject: [PATCH 12/15] certificate: rm `is_self_issued` Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/certificate.rs | 6 ------ 1 file changed, 6 deletions(-) diff --git a/src/rust/cryptography-x509/src/certificate.rs b/src/rust/cryptography-x509/src/certificate.rs index ecec95308a67..d5b48a537194 100644 --- a/src/rust/cryptography-x509/src/certificate.rs +++ b/src/rust/cryptography-x509/src/certificate.rs @@ -27,12 +27,6 @@ impl Certificate<'_> { self.tbs_cert.subject.unwrap_read() } - /// Returns whether the certificate is "self-issued", whether its - /// issuer and subject are the same. - pub fn is_self_issued(&self) -> bool { - self.issuer() == self.subject() - } - /// Returns an iterable container over the certificate's extension, or /// an error if the extension set contains a duplicate extension. pub fn extensions(&self) -> Result, DuplicateExtensionsError> { From 2f2e29d9e01bbd60c7bb0051a94f0317d8a4e5ef Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:41:00 -0400 Subject: [PATCH 13/15] clippage Signed-off-by: William Woodruff --- src/rust/src/x509/certificate.rs | 4 ++-- src/rust/src/x509/common.rs | 2 +- src/rust/src/x509/crl.rs | 2 +- src/rust/src/x509/csr.rs | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/rust/src/x509/certificate.rs b/src/rust/src/x509/certificate.rs index 64c9ac85b102..49b048207f06 100644 --- a/src/rust/src/x509/certificate.rs +++ b/src/rust/src/x509/certificate.rs @@ -130,13 +130,13 @@ impl Certificate { #[getter] fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok(x509::parse_name(py, &self.raw.borrow_dependent().issuer()) + Ok(x509::parse_name(py, self.raw.borrow_dependent().issuer()) .map_err(|e| e.add_location(asn1::ParseLocation::Field("issuer")))?) } #[getter] fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { - Ok(x509::parse_name(py, &self.raw.borrow_dependent().subject()) + Ok(x509::parse_name(py, self.raw.borrow_dependent().subject()) .map_err(|e| e.add_location(asn1::ParseLocation::Field("subject")))?) } diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs index ead503b945bb..81bf25326ab7 100644 --- a/src/rust/src/x509/common.rs +++ b/src/rust/src/x509/common.rs @@ -274,7 +274,7 @@ pub(crate) fn parse_general_name( .call_method1(pyo3::intern!(py, "_init_without_validation"), (data.0,))? .to_object(py), GeneralName::DirectoryName(data) => { - let py_name = parse_name(py, &data.unwrap_read())?; + let py_name = parse_name(py, data.unwrap_read())?; x509_module .call_method1(pyo3::intern!(py, "DirectoryName"), (py_name,))? .to_object(py) diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs index 4c372e0cefe5..ab164a691164 100644 --- a/src/rust/src/x509/crl.rs +++ b/src/rust/src/x509/crl.rs @@ -240,7 +240,7 @@ impl CertificateRevocationList { fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { Ok(x509::parse_name( py, - &self + self .owned .borrow_dependent() .tbs_cert_list diff --git a/src/rust/src/x509/csr.rs b/src/rust/src/x509/csr.rs index 7ff9d76a68a7..0a0941265216 100644 --- a/src/rust/src/x509/csr.rs +++ b/src/rust/src/x509/csr.rs @@ -74,7 +74,7 @@ impl CertificateSigningRequest { fn subject<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { Ok(x509::parse_name( py, - &self.raw.borrow_dependent().csr_info.subject.unwrap_read(), + self.raw.borrow_dependent().csr_info.subject.unwrap_read(), )?) } From e9090473351cd00145ed5f5ad287ecbd644b6e0a Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 18:43:11 -0400 Subject: [PATCH 14/15] fmt Signed-off-by: William Woodruff --- src/rust/src/x509/crl.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/rust/src/x509/crl.rs b/src/rust/src/x509/crl.rs index ab164a691164..807d3ddc1270 100644 --- a/src/rust/src/x509/crl.rs +++ b/src/rust/src/x509/crl.rs @@ -240,8 +240,7 @@ impl CertificateRevocationList { fn issuer<'p>(&self, py: pyo3::Python<'p>) -> pyo3::PyResult<&'p pyo3::PyAny> { Ok(x509::parse_name( py, - self - .owned + self.owned .borrow_dependent() .tbs_cert_list .issuer From 6be59ce9783f71c6fb09599e26d97f5a5309b821 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Wed, 26 Jul 2023 19:11:05 -0400 Subject: [PATCH 15/15] extensions: remove Debug Signed-off-by: William Woodruff --- src/rust/cryptography-x509/src/extensions.rs | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/rust/cryptography-x509/src/extensions.rs b/src/rust/cryptography-x509/src/extensions.rs index 3c3be4f7b87f..cb24682a3b7b 100644 --- a/src/rust/cryptography-x509/src/extensions.rs +++ b/src/rust/cryptography-x509/src/extensions.rs @@ -8,7 +8,6 @@ use crate::common; use crate::crl; use crate::name; -#[derive(Debug)] pub struct DuplicateExtensionsError(pub asn1::ObjectIdentifier); pub type RawExtensions<'a> = common::Asn1ReadableOrWritable< @@ -314,7 +313,7 @@ mod tests { let der = asn1::write_single(&extensions).unwrap(); let raw = asn1::parse_single(&der).unwrap(); - let extensions: Extensions = Extensions::from_raw_extensions(Some(&raw)).unwrap(); + let extensions: Extensions = Extensions::from_raw_extensions(Some(&raw)).ok().unwrap(); assert!(&extensions.get_extension(&BASIC_CONSTRAINTS_OID).is_some()); assert!(&extensions @@ -338,7 +337,7 @@ mod tests { let der = asn1::write_single(&extensions).unwrap(); let parsed = asn1::parse_single(&der).unwrap(); - let extensions: Extensions = Extensions::from_raw_extensions(Some(&parsed)).unwrap(); + let extensions: Extensions = Extensions::from_raw_extensions(Some(&parsed)).ok().unwrap(); let extension_list: Vec<_> = extensions.iter().collect(); assert_eq!(extension_list.len(), 1);