diff options
author | Jeff Vander Stoep <jeffv@google.com> | 2022-12-19 12:12:40 +0100 |
---|---|---|
committer | Jeff Vander Stoep <jeffv@google.com> | 2022-12-19 12:13:15 +0100 |
commit | 9519b01c4c978249a3f24be16410d7df7a84c46e (patch) | |
tree | e04e192418bc84ca7c26f08558e078b93682c021 | |
parent | 4d17139f564d45e5ea890c0b954853ff965c12bb (diff) | |
download | x509-cert-9519b01c4c978249a3f24be16410d7df7a84c46e.tar.gz |
Upgrade x509-cert to 0.1.1main-16k-with-phones
This project was upgraded with external_updater.
Usage: tools/external_updater/updater.sh update rust/crates/x509-cert
For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md
Test: TreeHugger
Change-Id: Id3576d9ba5d3ab19bc46734b16fd75b218dab05f
-rw-r--r-- | .cargo_vcs_info.json | 2 | ||||
-rw-r--r-- | Android.bp | 4 | ||||
-rw-r--r-- | CHANGELOG.md | 16 | ||||
-rw-r--r-- | Cargo.toml | 7 | ||||
-rw-r--r-- | Cargo.toml.orig | 10 | ||||
-rw-r--r-- | LICENSE-MIT | 25 | ||||
-rw-r--r-- | METADATA | 13 | ||||
-rw-r--r-- | src/attr.rs | 10 | ||||
-rw-r--r-- | src/certificate.rs | 22 | ||||
-rw-r--r-- | src/crl.rs | 12 | ||||
-rw-r--r-- | src/ext.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/access.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/certpolicy.rs | 6 | ||||
-rw-r--r-- | src/ext/pkix/crl/dp.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/name/dirstr.rs | 9 | ||||
-rw-r--r-- | src/ext/pkix/name/dp.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/name/ediparty.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/name/general.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/name/other.rs | 4 | ||||
-rw-r--r-- | src/ext/pkix/policymap.rs | 4 | ||||
-rw-r--r-- | src/lib.rs | 5 | ||||
-rw-r--r-- | src/macros.rs | 7 | ||||
-rw-r--r-- | src/time.rs | 6 | ||||
-rw-r--r-- | tests/certificate.rs | 2 | ||||
-rw-r--r-- | tests/name.rs | 20 | ||||
-rw-r--r-- | tests/pkix_extensions.rs | 35 | ||||
-rw-r--r-- | tests/validity.rs | 2 |
27 files changed, 174 insertions, 71 deletions
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json index 10ff1a0..271baca 100644 --- a/.cargo_vcs_info.json +++ b/.cargo_vcs_info.json @@ -1,6 +1,6 @@ { "git": { - "sha1": "e89ac245b40bb044b9d9babdae6ea4ffadb59af2" + "sha1": "5747b144d21463fe471a2aaa34a5a1bd67b611f2" }, "path_in_vcs": "x509-cert" }
\ No newline at end of file @@ -1,8 +1,6 @@ // This file is generated by cargo2android.py --config cargo2android.json. // Do not modify this file as changes will be overridden on upgrade. - - package { default_applicable_licenses: ["external_rust_crates_x509-cert_license"], } @@ -37,7 +35,7 @@ rust_library_host { name: "libx509_cert", crate_name: "x509_cert", cargo_env_compat: true, - cargo_pkg_version: "0.1.0", + cargo_pkg_version: "0.1.1", srcs: ["src/lib.rs"], edition: "2021", features: ["alloc"], diff --git a/CHANGELOG.md b/CHANGELOG.md index db80bf4..83406c9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,5 +4,21 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## 0.1.1 (2022-12-10) +### Added +- Support `TeletexString` in `DirectoryString` ([#692]) +- Re-export `spki` ([#701]) +- `PemLabel` impl for `Certificate` ([#763]) +- `ValueOrd` impl for `Version` and other derived types ([#723]) + +### Fixed +- `countryName` should always be `PrintableString` ([#760]) + +[#692]: https://github.com/RustCrypto/formats/pull/692 +[#701]: https://github.com/RustCrypto/formats/pull/701 +[#723]: https://github.com/RustCrypto/formats/pull/723 +[#760]: https://github.com/RustCrypto/formats/pull/760 +[#763]: https://github.com/RustCrypto/formats/pull/763 + ## 0.1.0 (2022-07-23) - Initial release @@ -13,7 +13,7 @@ edition = "2021" rust-version = "1.56" name = "x509-cert" -version = "0.1.0" +version = "0.1.1" authors = ["RustCrypto Developers"] description = """ Pure Rust implementation of the X.509 Public Key Infrastructure Certificate @@ -28,8 +28,7 @@ categories = [ "no-std", ] license = "Apache-2.0 OR MIT" -repository = "https://github.com/RustCrypto/formats/tree/master/x509" -resolver = "2" +repository = "https://github.com/RustCrypto/formats/tree/master/x509-cert" [package.metadata.docs.rs] all-features = true @@ -60,7 +59,7 @@ version = "0.6" version = "0.3" [dev-dependencies.rstest] -version = "0.12.0" +version = "0.12" [features] alloc = ["der/alloc"] diff --git a/Cargo.toml.orig b/Cargo.toml.orig index c2b650f..723504f 100644 --- a/Cargo.toml.orig +++ b/Cargo.toml.orig @@ -1,13 +1,13 @@ [package] name = "x509-cert" -version = "0.1.0" # Also update html_root_url in lib.rs when bumping this +version = "0.1.1" description = """ Pure Rust implementation of the X.509 Public Key Infrastructure Certificate format as described in RFC 5280 """ authors = ["RustCrypto Developers"] license = "Apache-2.0 OR MIT" -repository = "https://github.com/RustCrypto/formats/tree/master/x509" +repository = "https://github.com/RustCrypto/formats/tree/master/x509-cert" categories = ["cryptography", "data-structures", "encoding", "no-std"] keywords = ["crypto"] readme = "README.md" @@ -22,7 +22,11 @@ spki = { version = "0.6", path = "../spki" } [dev-dependencies] hex-literal = "0.3" -rstest = "0.12.0" + +# NOTE: upgrading requires MSRV bumps +# - rstest v0.13 requires 1.59 (for `async-global-executor`) +# - rstest v0.14 requires a workspace-wide 1.60 MSRV (for namespaced features) +rstest = "0.12" [features] alloc = ["der/alloc"] diff --git a/LICENSE-MIT b/LICENSE-MIT new file mode 100644 index 0000000..c869ada --- /dev/null +++ b/LICENSE-MIT @@ -0,0 +1,25 @@ +Copyright (c) 2021 The RustCrypto Project Developers + +Permission is hereby granted, free of charge, to any +person obtaining a copy of this software and associated +documentation files (the "Software"), to deal in the +Software without restriction, including without +limitation the rights to use, copy, modify, merge, +publish, distribute, sublicense, and/or sell copies of +the Software, and to permit persons to whom the Software +is furnished to do so, subject to the following +conditions: + +The above copyright notice and this permission notice +shall be included in all copies or substantial portions +of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED +TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A +PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT +SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY +CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR +IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER +DEALINGS IN THE SOFTWARE. @@ -1,3 +1,7 @@ +# This project was upgraded with external_updater. +# Usage: tools/external_updater/updater.sh update rust/crates/x509-cert +# For more info, check https://cs.android.com/android/platform/superproject/+/master:tools/external_updater/README.md + name: "x509-cert" description: "Pure Rust implementation of the X.509 Public Key Infrastructure Certificate format as described in RFC 5280." third_party { @@ -7,14 +11,13 @@ third_party { } url { type: ARCHIVE - value: "https://static.crates.io/crates/x509-cert/x509-cert-0.1.0.crate" + value: "https://static.crates.io/crates/x509-cert/x509-cert-0.1.1.crate" } - version: "0.1.0" - # Dual-licensed, using the least restrictive per go/thirdpartylicenses#same. + version: "0.1.1" license_type: NOTICE last_upgrade_date { year: 2022 - month: 9 - day: 6 + month: 12 + day: 19 } } diff --git a/src/attr.rs b/src/attr.rs index 9a0d2d2..2b4336a 100644 --- a/src/attr.rs +++ b/src/attr.rs @@ -1,6 +1,7 @@ //! Attribute-related definitions as defined in X.501 (and updated by RFC 5280). use alloc::vec::Vec; +use const_oid::db::rfc4519::{COUNTRY_NAME, DOMAIN_COMPONENT}; use core::fmt::{self, Write}; use const_oid::db::DB; @@ -181,8 +182,14 @@ impl AttributeTypeAndValue<'_> { parser.add(c)?; } + let tag = match oid { + COUNTRY_NAME => Tag::PrintableString, + DOMAIN_COMPONENT => Tag::Ia5String, + _ => Tag::Utf8String, + }; + // Serialize. - let value = AnyRef::new(Tag::Utf8String, parser.as_bytes())?; + let value = AnyRef::new(tag, parser.as_bytes())?; let atv = AttributeTypeAndValue { oid, value }; atv.to_vec() } @@ -220,6 +227,7 @@ impl fmt::Display for AttributeTypeAndValue<'_> { Tag::PrintableString => self.value.printable_string().ok().map(|s| s.as_str()), Tag::Utf8String => self.value.utf8_string().ok().map(|s| s.as_str()), Tag::Ia5String => self.value.ia5_string().ok().map(|s| s.as_str()), + Tag::TeletexString => self.value.teletex_string().ok().map(|s| s.as_str()), _ => None, }; diff --git a/src/certificate.rs b/src/certificate.rs index cca7f83..cf71948 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -3,12 +3,16 @@ use crate::{name::Name, time::Validity}; use alloc::vec::Vec; +use core::cmp::Ordering; use const_oid::AssociatedOid; use der::asn1::{BitStringRef, UIntRef}; -use der::{Decode, Enumerated, Error, ErrorKind, Sequence}; +use der::{Decode, Enumerated, Error, ErrorKind, Sequence, ValueOrd}; use spki::{AlgorithmIdentifier, SubjectPublicKeyInfo}; +#[cfg(feature = "pem")] +use der::pem::PemLabel; + /// Certificate `Version` as defined in [RFC 5280 Section 4.1]. /// /// ```text @@ -30,6 +34,12 @@ pub enum Version { V3 = 2, } +impl ValueOrd for Version { + fn value_cmp(&self, other: &Self) -> der::Result<Ordering> { + (&(*self as u8)).value_cmp(&(*other as u8)) + } +} + impl Default for Version { fn default() -> Self { Self::V1 @@ -61,7 +71,7 @@ impl Default for Version { /// ``` /// /// [RFC 5280 Section 4.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct TbsCertificate<'a> { /// The certificate version @@ -135,7 +145,7 @@ impl<'a> TbsCertificate<'a> { /// ``` /// /// [RFC 5280 Section 4.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct Certificate<'a> { pub tbs_certificate: TbsCertificate<'a>, @@ -143,6 +153,12 @@ pub struct Certificate<'a> { pub signature: BitStringRef<'a>, } +#[cfg(feature = "pem")] +#[cfg_attr(docsrs, doc(cfg(feature = "pem")))] +impl PemLabel for Certificate<'_> { + const PEM_LABEL: &'static str = "CERTIFICATE"; +} + /// `PkiPath` as defined by X.509 and referenced by [RFC 6066]. /// /// This contains a series of certificates in validation order from the @@ -8,12 +8,12 @@ use crate::Version; use alloc::vec::Vec; use der::asn1::{BitStringRef, UIntRef}; -use der::Sequence; +use der::{Sequence, ValueOrd}; use spki::AlgorithmIdentifier; /// `CertificateList` as defined in [RFC 5280 Section 5.1]. /// -///```text +/// ```text /// CertificateList ::= SEQUENCE { /// tbsCertList TBSCertList, /// signatureAlgorithm AlgorithmIdentifier, @@ -22,7 +22,7 @@ use spki::AlgorithmIdentifier; /// ``` /// /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct CertificateList<'a> { pub tbs_cert_list: TbsCertList<'a>, @@ -35,7 +35,7 @@ pub struct CertificateList<'a> { /// This type is used for the `revoked_certificates` field of `TbsCertList`. /// See [RFC 5280 Section 5.1]. /// -///```text +/// ```text /// RevokedCert ::= SEQUENCE { /// userCertificate CertificateSerialNumber, /// revocationDate Time, @@ -44,7 +44,7 @@ pub struct CertificateList<'a> { /// ``` /// /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct RevokedCert<'a> { pub serial_number: UIntRef<'a>, @@ -71,7 +71,7 @@ pub struct RevokedCert<'a> { /// ``` /// /// [RFC 5280 Section 5.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-5.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct TbsCertList<'a> { pub version: Version, @@ -1,6 +1,6 @@ //! Standardized X.509 Certificate Extensions -use der::Sequence; +use der::{Sequence, ValueOrd}; use spki::ObjectIdentifier; pub mod pkix; @@ -22,7 +22,7 @@ pub mod pkix; /// ``` /// /// [RFC 5280 Section 4.1.2.9]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.9 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct Extension<'a> { pub extn_id: ObjectIdentifier, diff --git a/src/ext/pkix/access.rs b/src/ext/pkix/access.rs index 5b74b6f..0390235 100644 --- a/src/ext/pkix/access.rs +++ b/src/ext/pkix/access.rs @@ -6,7 +6,7 @@ use const_oid::{ db::rfc5280::{ID_PE_AUTHORITY_INFO_ACCESS, ID_PE_SUBJECT_INFO_ACCESS}, AssociatedOid, }; -use der::{asn1::ObjectIdentifier, Sequence}; +use der::{asn1::ObjectIdentifier, Sequence, ValueOrd}; /// AuthorityInfoAccessSyntax as defined in [RFC 5280 Section 4.2.2.1]. /// @@ -50,7 +50,7 @@ impl_newtype!(SubjectInfoAccessSyntax<'a>, Vec<AccessDescription<'a>>); /// ``` /// /// [RFC 5280 Section 4.2.2.1]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.2.1 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct AccessDescription<'a> { pub access_method: ObjectIdentifier, diff --git a/src/ext/pkix/certpolicy.rs b/src/ext/pkix/certpolicy.rs index 3821427..bb2211f 100644 --- a/src/ext/pkix/certpolicy.rs +++ b/src/ext/pkix/certpolicy.rs @@ -5,7 +5,7 @@ use alloc::vec::Vec; use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES; use const_oid::AssociatedOid; use der::asn1::{GeneralizedTime, Ia5StringRef, ObjectIdentifier, UIntRef, Utf8StringRef}; -use der::{AnyRef, Choice, Sequence}; +use der::{AnyRef, Choice, Sequence, ValueOrd}; /// CertificatePolicies as defined in [RFC 5280 Section 4.2.1.4]. /// @@ -35,7 +35,7 @@ impl_newtype!(CertificatePolicies<'a>, Vec<PolicyInformation<'a>>); /// ``` /// /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct PolicyInformation<'a> { pub policy_identifier: ObjectIdentifier, @@ -52,7 +52,7 @@ pub struct PolicyInformation<'a> { /// ``` /// /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct PolicyQualifierInfo<'a> { pub policy_qualifier_id: ObjectIdentifier, diff --git a/src/ext/pkix/crl/dp.rs b/src/ext/pkix/crl/dp.rs index 7aa8a2d..f7d1ab7 100644 --- a/src/ext/pkix/crl/dp.rs +++ b/src/ext/pkix/crl/dp.rs @@ -1,7 +1,7 @@ //! PKIX distribution point types use const_oid::{db::rfc5280::ID_PE_SUBJECT_INFO_ACCESS, AssociatedOid, ObjectIdentifier}; -use der::Sequence; +use der::{Sequence, ValueOrd}; use flagset::{flags, FlagSet}; use crate::ext::pkix::name::{DistributionPointName, GeneralNames}; @@ -74,7 +74,7 @@ impl<'a> AssociatedOid for IssuingDistributionPoint<'a> { /// ``` /// /// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13 -#[derive(Clone, Debug, PartialEq, Eq, Sequence)] +#[derive(Clone, Debug, PartialEq, Eq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct DistributionPoint<'a> { #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")] diff --git a/src/ext/pkix/name/dirstr.rs b/src/ext/pkix/name/dirstr.rs index e2af698..2aaa732 100644 --- a/src/ext/pkix/name/dirstr.rs +++ b/src/ext/pkix/name/dirstr.rs @@ -1,5 +1,5 @@ -use der::asn1::{PrintableStringRef, Utf8StringRef}; -use der::Choice; +use der::asn1::{PrintableStringRef, TeletexStringRef, Utf8StringRef}; +use der::{Choice, ValueOrd}; /// DirectoryString as defined in [RFC 5280 Section 4.2.1.4]. /// @@ -38,12 +38,15 @@ use der::Choice; /// the need arises, we only support `PrintableString` and `UTF8String`. /// /// [RFC 5280 Section 4.2.1.4]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.4 -#[derive(Clone, Debug, Eq, PartialEq, Choice)] +#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)] #[allow(missing_docs)] pub enum DirectoryString<'a> { #[asn1(type = "PrintableString")] PrintableString(PrintableStringRef<'a>), + #[asn1(type = "TeletexString")] + TeletexString(TeletexStringRef<'a>), + #[asn1(type = "UTF8String")] Utf8String(Utf8StringRef<'a>), } diff --git a/src/ext/pkix/name/dp.rs b/src/ext/pkix/name/dp.rs index 3cfdf96..e895f88 100644 --- a/src/ext/pkix/name/dp.rs +++ b/src/ext/pkix/name/dp.rs @@ -1,7 +1,7 @@ use super::GeneralNames; use crate::name::RelativeDistinguishedName; -use der::Choice; +use der::{Choice, ValueOrd}; /// DistributionPointName as defined in [RFC 5280 Section 4.2.1.13]. /// @@ -13,7 +13,7 @@ use der::Choice; /// ``` /// /// [RFC 5280 Section 4.2.1.13]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.13 -#[derive(Clone, Debug, Eq, PartialEq, Choice)] +#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)] #[allow(missing_docs)] pub enum DistributionPointName<'a> { #[asn1(context_specific = "0", tag_mode = "IMPLICIT", constructed = "true")] diff --git a/src/ext/pkix/name/ediparty.rs b/src/ext/pkix/name/ediparty.rs index 06ee320..94af09b 100644 --- a/src/ext/pkix/name/ediparty.rs +++ b/src/ext/pkix/name/ediparty.rs @@ -1,4 +1,4 @@ -use der::Sequence; +use der::{Sequence, ValueOrd}; use super::DirectoryString; @@ -25,7 +25,7 @@ use super::DirectoryString; /// /// [this OpenSSL bug]: https://github.com/openssl/openssl/issues/6859 /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct EdiPartyName<'a> { #[asn1(context_specific = "0", tag_mode = "EXPLICIT", optional = "true")] diff --git a/src/ext/pkix/name/general.rs b/src/ext/pkix/name/general.rs index 0daa368..f6861d4 100644 --- a/src/ext/pkix/name/general.rs +++ b/src/ext/pkix/name/general.rs @@ -4,7 +4,7 @@ use super::{EdiPartyName, OtherName}; use crate::name::Name; use der::asn1::{Ia5StringRef, ObjectIdentifier, OctetStringRef}; -use der::Choice; +use der::{Choice, ValueOrd}; /// GeneralNames as defined in [RFC 5280 Section 4.2.1.6]. /// @@ -34,7 +34,7 @@ pub type GeneralNames<'a> = alloc::vec::Vec<GeneralName<'a>>; /// This implementation does not currently support the `x400Address` choice. /// /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 -#[derive(Clone, Debug, Eq, PartialEq, Choice)] +#[derive(Clone, Debug, Eq, PartialEq, Choice, ValueOrd)] #[allow(missing_docs)] pub enum GeneralName<'a> { #[asn1(context_specific = "0", tag_mode = "IMPLICIT", constructed = "true")] diff --git a/src/ext/pkix/name/other.rs b/src/ext/pkix/name/other.rs index 4a250bb..a33601c 100644 --- a/src/ext/pkix/name/other.rs +++ b/src/ext/pkix/name/other.rs @@ -1,4 +1,4 @@ -use der::{asn1::ObjectIdentifier, AnyRef, Sequence}; +use der::{asn1::ObjectIdentifier, AnyRef, Sequence, ValueOrd}; /// OtherName as defined in [RFC 5280 Section 4.2.1.6]. /// @@ -10,7 +10,7 @@ use der::{asn1::ObjectIdentifier, AnyRef, Sequence}; /// ``` /// /// [RFC 5280 Section 4.2.1.6]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.6 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct OtherName<'a> { pub type_id: ObjectIdentifier, diff --git a/src/ext/pkix/policymap.rs b/src/ext/pkix/policymap.rs index 35b1d49..e6b55ba 100644 --- a/src/ext/pkix/policymap.rs +++ b/src/ext/pkix/policymap.rs @@ -3,7 +3,7 @@ use alloc::vec::Vec; use const_oid::db::rfc5280::ID_CE_POLICY_MAPPINGS; use const_oid::AssociatedOid; use der::asn1::ObjectIdentifier; -use der::Sequence; +use der::{Sequence, ValueOrd}; /// PolicyMappings as defined in [RFC 5280 Section 4.2.1.5]. /// @@ -31,7 +31,7 @@ impl_newtype!(PolicyMappings, Vec<PolicyMapping>); /// ``` /// /// [RFC 5280 Section 4.2.1.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.2.1.5 -#[derive(Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] #[allow(missing_docs)] pub struct PolicyMapping { pub issuer_domain_policy: ObjectIdentifier, @@ -2,8 +2,8 @@ #![cfg_attr(docsrs, feature(doc_cfg))] #![doc = include_str!("../README.md")] #![doc( - html_logo_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg", - html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/meta/master/logo.svg" + html_logo_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg", + html_favicon_url = "https://raw.githubusercontent.com/RustCrypto/media/6ee8e381/logo.svg" )] #![forbid(unsafe_code)] #![warn( @@ -36,3 +36,4 @@ pub mod time; pub use certificate::{Certificate, PkiPath, TbsCertificate, Version}; pub use der; +pub use spki; diff --git a/src/macros.rs b/src/macros.rs index 3256c24..638d516 100644 --- a/src/macros.rs +++ b/src/macros.rs @@ -69,5 +69,12 @@ macro_rules! impl_newtype { self.0.value_len() } } + + #[allow(unused_lifetimes)] + impl<'a> ::der::ValueOrd for $newtype { + fn value_cmp(&self, other: &Self) -> ::der::Result<::core::cmp::Ordering> { + self.0.value_cmp(&other.0) + } + } }; } diff --git a/src/time.rs b/src/time.rs index e938c13..d1f2ec5 100644 --- a/src/time.rs +++ b/src/time.rs @@ -3,7 +3,7 @@ use core::fmt; use core::time::Duration; use der::asn1::{GeneralizedTime, UtcTime}; -use der::{Choice, DateTime, Decode, Error, Result, Sequence}; +use der::{Choice, DateTime, Decode, Error, Result, Sequence, ValueOrd}; #[cfg(feature = "std")] use std::time::SystemTime; @@ -21,7 +21,7 @@ use std::time::SystemTime; /// /// [RFC 5280 Section 4.1.2.5]: https://tools.ietf.org/html/rfc5280#section-4.1.2.5 /// [RFC 5280 Appendix A]: https://tools.ietf.org/html/rfc5280#page-117 -#[derive(Choice, Copy, Clone, Debug, Eq, PartialEq)] +#[derive(Choice, Copy, Clone, Debug, Eq, PartialEq, ValueOrd)] pub enum Time { /// Legacy UTC time (has 2-digit year, valid only through 2050). #[asn1(type = "UTCTime")] @@ -113,7 +113,7 @@ impl TryFrom<SystemTime> for Time { /// } /// ``` /// [RFC 5280 Section 4.1.2.5]: https://datatracker.ietf.org/doc/html/rfc5280#section-4.1.2.5 -#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence)] +#[derive(Copy, Clone, Debug, Eq, PartialEq, Sequence, ValueOrd)] pub struct Validity { /// notBefore value pub not_before: Time, diff --git a/tests/certificate.rs b/tests/certificate.rs index e952ca3..86215e3 100644 --- a/tests/certificate.rs +++ b/tests/certificate.rs @@ -127,7 +127,7 @@ fn reencode_cert() { let parsed_coverage_tbs = DeferDecodeTbsCertificate::from_der(defer_cert.tbs_certificate).unwrap(); - // TODO - defer decode then reencode version field + // TODO - defer decode then re-encode version field let encoded_serial = parsed_tbs.serial_number.to_vec().unwrap(); assert_eq!(parsed_coverage_tbs.serial_number, encoded_serial); diff --git a/tests/name.rs b/tests/name.rs index 6a4a5fa..e52b2c7 100644 --- a/tests/name.rs +++ b/tests/name.rs @@ -1,7 +1,7 @@ //! Name tests use const_oid::ObjectIdentifier; -use der::asn1::{OctetStringRef, SetOfVec, Utf8StringRef}; +use der::asn1::{Ia5StringRef, OctetStringRef, PrintableStringRef, SetOfVec, Utf8StringRef}; use der::{AnyRef, Decode, Encode, Tag, Tagged}; use hex_literal::hex; use x509_cert::attr::AttributeTypeAndValue; @@ -207,7 +207,7 @@ fn rdns_serde() { &[ AttributeTypeAndValue { oid: const_oid::db::rfc4519::C, - value: AnyRef::from(Utf8StringRef::new("baz").unwrap()), + value: AnyRef::from(PrintableStringRef::new("baz").unwrap()), }, AttributeTypeAndValue { oid: const_oid::db::rfc4519::L, @@ -226,11 +226,11 @@ fn rdns_serde() { }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("example").unwrap()), + value: AnyRef::from(Ia5StringRef::new("example").unwrap()), }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("net").unwrap()), + value: AnyRef::from(Ia5StringRef::new("net").unwrap()), }], ], ), @@ -250,11 +250,11 @@ fn rdns_serde() { ], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("example").unwrap()), + value: AnyRef::from(Ia5StringRef::new("example").unwrap()), }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("net").unwrap()), + value: AnyRef::from(Ia5StringRef::new("net").unwrap()), }], ], ), @@ -268,11 +268,11 @@ fn rdns_serde() { }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("example").unwrap()), + value: AnyRef::from(Ia5StringRef::new("example").unwrap()), }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("net").unwrap()), + value: AnyRef::from(Ia5StringRef::new("net").unwrap()), }], ], ), @@ -286,11 +286,11 @@ fn rdns_serde() { }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("example").unwrap()), + value: AnyRef::from(Ia5StringRef::new("example").unwrap()), }], &[AttributeTypeAndValue { oid: const_oid::db::rfc4519::DC, - value: AnyRef::from(Utf8StringRef::new("net").unwrap()), + value: AnyRef::from(Ia5StringRef::new("net").unwrap()), }], ], ), diff --git a/tests/pkix_extensions.rs b/tests/pkix_extensions.rs index d6af0b9..c08fcb8 100644 --- a/tests/pkix_extensions.rs +++ b/tests/pkix_extensions.rs @@ -1001,6 +1001,35 @@ fn decode_idp() { } } + // Tag on second RDN in first name is TeletexString (20) instead of PrintableString (19) + let idp = + IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A14165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF")).unwrap(); + assert_eq!(idp.only_contains_ca_certs, false); + assert_eq!(idp.only_contains_attribute_certs, false); + assert_eq!(idp.only_contains_user_certs, false); + assert_eq!(idp.indirect_crl, true); + assert!(idp.only_some_reasons.is_none()); + assert!(idp.distribution_point.is_some()); + let dp = idp.distribution_point.unwrap(); + match dp { + DistributionPointName::FullName(dp) => { + assert_eq!(3, dp.len()); + for gn in dp { + match gn { + GeneralName::DirectoryName(gn) => { + assert_eq!(4, gn.0.len()); + } + _ => { + panic!("Expected DirectoryName") + } + } + } + } + _ => { + panic!("Expected FullName") + } + } + //--------------------------------- // Negative tests //--------------------------------- @@ -1091,12 +1120,6 @@ fn decode_idp() { let err = idp.err().unwrap(); assert_eq!(ErrorKind::Noncanonical { tag: Tag::Boolean }, err.kind()); - // Tag on second RDN in first name is TeletexString (20) instead of PrintableString (19) (and TeletexString is not supported) - let idp = - IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A14165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF")); - let err = idp.err().unwrap(); - assert_eq!(ErrorKind::TagUnknown { byte: 20u8.into() }, err.kind()); - // Length on second RDN in first name indicates more bytes than are present let idp = IssuingDistributionPoint::from_der(&hex!("30820168A0820161A082015DA4753073310B3009060355040613025553311F301D060355040A13995465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434136A4753073310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353129302706035504031320696E6469726563742043524C20666F7220696E64697265637443524C20434137A46D306B310B3009060355040613025553311F301D060355040A13165465737420436572746966696361746573203230313731183016060355040B130F696E64697265637443524C204341353121301F0603550403131843524C3120666F7220696E64697265637443524C204341358401FF")); diff --git a/tests/validity.rs b/tests/validity.rs index fcdffcd..d243773 100644 --- a/tests/validity.rs +++ b/tests/validity.rs @@ -89,7 +89,7 @@ fn decode_validity() { #[test] fn encode_validity() { - // Decode Validity from GoodCACert.crt in NIST's PKITS certificate collection then reencode + // Decode Validity from GoodCACert.crt in NIST's PKITS certificate collection then re-encode // 102 30: SEQUENCE { // 104 13: UTCTime 01/01/2010 08:30:00 GMT // 119 13: UTCTime 31/12/2030 08:30:00 GMT |