diff options
-rw-r--r-- | .cargo_vcs_info.json | 2 | ||||
-rw-r--r-- | Android.bp | 2 | ||||
-rw-r--r-- | CHANGELOG.md | 24 | ||||
-rw-r--r-- | Cargo.toml | 21 | ||||
-rw-r--r-- | Cargo.toml.orig | 13 | ||||
-rw-r--r-- | METADATA | 8 | ||||
-rw-r--r-- | README.md | 4 | ||||
-rw-r--r-- | assets/crl-ext/crl-complex.der | bin | 0 -> 965 bytes | |||
-rw-r--r-- | assets/crl-ext/crl-no-crl.der | bin | 0 -> 807 bytes | |||
-rw-r--r-- | assets/crl-ext/crl-simple.der | bin | 0 -> 853 bytes | |||
-rw-r--r-- | assets/csr-empty-attributes.csr | bin | 0 -> 670 bytes | |||
-rw-r--r-- | assets/empty.crl | bin | 0 -> 293 bytes | |||
-rw-r--r-- | assets/example.crl | bin | 0 -> 792 bytes | |||
-rw-r--r-- | assets/minimal.crl | bin | 0 -> 359 bytes | |||
-rw-r--r-- | assets/test.csr | 8 | ||||
-rw-r--r-- | patches/rustdoc.patch | 24 | ||||
-rw-r--r-- | src/certificate.rs | 18 | ||||
-rw-r--r-- | src/extensions.rs | 4 | ||||
-rw-r--r-- | src/lib.rs | 4 | ||||
-rw-r--r-- | src/x509.rs | 8 | ||||
-rw-r--r-- | tests/test01.rs | 15 |
21 files changed, 84 insertions, 71 deletions
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json index a19dcef..b81562c 100644 --- a/.cargo_vcs_info.json +++ b/.cargo_vcs_info.json @@ -1,5 +1,5 @@ { "git": { - "sha1": "8c8e7a47c7728b3ff6e6bf91bcc54d6acd9eeca5" + "sha1": "e81f1f2dd19b765c9a034dda316c5814ff97d157" } } @@ -42,7 +42,7 @@ rust_library { host_supported: true, crate_name: "x509_parser", cargo_env_compat: true, - cargo_pkg_version: "0.10.0", + cargo_pkg_version: "0.12.0", srcs: ["src/lib.rs"], edition: "2018", features: ["default"], diff --git a/CHANGELOG.md b/CHANGELOG.md index dfcd92a..bc402dd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,30 @@ ### Thanks +## 0.12.0 + +### Added/Changed/Fixed + +- Upgrade to nom 7 + +## 0.11.0 + +### Added + +- Add SubjectPublicKeyInfo::raw field + +### Changed/Fixed + +- Fix der-parser dependency (#102) +- Update oid-registry dependency (#77) +- Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec) +- Extend the lifetimes exposed on TbsCertificate (#104) +- Add missing test assets (#103) + +### Thanks + +- @jgalenson, @g2p, @kpp + ## 0.10.0 ### Added @@ -3,19 +3,18 @@ # When uploading crates to the registry Cargo will automatically # "normalize" Cargo.toml files for maximal compatibility # with all versions of Cargo and also rewrite `path` dependencies -# to registry (e.g., crates.io) dependencies +# to registry (e.g., crates.io) dependencies. # -# If you believe there's an error in this file please file an -# issue against the rust-lang/cargo repository. If you're -# editing this file be aware that the upstream Cargo.toml -# will likely look very different (and much more reasonable) +# If you are reading this file be aware that the original Cargo.toml +# will likely look very different (and much more reasonable). +# See Cargo.toml.orig for the original contents. [package] edition = "2018" name = "x509-parser" -version = "0.10.0" +version = "0.12.0" authors = ["Pierre Chifflier <chifflier@wzdftpd.net>"] -include = ["CHANGELOG.md", "LICENSE-*", "README.md", ".gitignore", ".travis.yml", "Cargo.toml", "src/*.rs", "tests/*.rs", "assets/*.der", "assets/*.pem", "examples/*.rs"] +include = ["CHANGELOG.md", "LICENSE-*", "README.md", ".gitignore", ".travis.yml", "Cargo.toml", "src/*.rs", "tests/*.rs", "assets/*.crl", "assets/*.csr", "assets/*.der", "assets/*.pem", "assets/crl-ext/*.der", "examples/*.rs"] description = "Parser for the X.509 v3 format (RFC 5280 certificates)" homepage = "https://github.com/rusticata/x509-parser" readme = "README.md" @@ -38,17 +37,17 @@ default-features = false version = "2.2.1" [dependencies.der-parser] -version = "5.1" +version = "6.0.0" features = ["bigint"] [dependencies.lazy_static] version = "1.4" [dependencies.nom] -version = "6.0" +version = "7.0" [dependencies.oid-registry] -version = "0.1.1" +version = "0.2.0" features = ["crypto", "x509"] [dependencies.ring] @@ -56,7 +55,7 @@ version = "0.16" optional = true [dependencies.rusticata-macros] -version = "3.0" +version = "4.0" [dependencies.thiserror] version = "1.0" diff --git a/Cargo.toml.orig b/Cargo.toml.orig index 0833677..bd19297 100644 --- a/Cargo.toml.orig +++ b/Cargo.toml.orig @@ -1,6 +1,6 @@ [package] name = "x509-parser" -version = "0.10.0" +version = "0.12.0" description = "Parser for the X.509 v3 format (RFC 5280 certificates)" license = "MIT/Apache-2.0" keywords = ["X509","Certificate","parser","nom"] @@ -20,8 +20,11 @@ include = [ "Cargo.toml", "src/*.rs", "tests/*.rs", + "assets/*.crl", + "assets/*.csr", "assets/*.der", "assets/*.pem", + "assets/crl-ext/*.der", "examples/*.rs" ] @@ -39,9 +42,9 @@ base64 = "0.13" chrono = { version="0.4", default-features=false, features=["std"] } data-encoding = "2.2.1" lazy_static = "1.4" -nom = "6.0" -oid-registry = { version="0.1.1", features=["crypto", "x509"] } -rusticata-macros = "3.0" +nom = "7.0" +oid-registry = { version="0.2.0", features=["crypto", "x509"] } +rusticata-macros = "4.0" ring = { version="0.16", optional=true } -der-parser = { version = "5.1", features=["bigint"] } +der-parser = { version = "6.0.0", features=["bigint"] } thiserror = "1.0" @@ -7,13 +7,13 @@ third_party { } url { type: ARCHIVE - value: "https://static.crates.io/crates/x509-parser/x509-parser-0.10.0.crate" + value: "https://static.crates.io/crates/x509-parser/x509-parser-0.12.0.crate" } - version: "0.10.0" + version: "0.12.0" license_type: NOTICE last_upgrade_date { year: 2021 - month: 8 - day: 9 + month: 9 + day: 23 } } @@ -6,7 +6,7 @@ [![crates.io](https://img.shields.io/crates/v/x509-parser.svg)](https://crates.io/crates/x509-parser) [![Download numbers](https://img.shields.io/crates/d/x509-parser.svg)](https://crates.io/crates/x509-parser) [![Github CI](https://github.com/rusticata/x509-parser/workflows/Continuous%20integration/badge.svg)](https://github.com/rusticata/x509-parser/actions) -[![Minimum rustc version](https://img.shields.io/badge/rustc-1.45.0+-lightgray.svg)](#rust-version-requirements) +[![Minimum rustc version](https://img.shields.io/badge/rustc-1.46.0+-lightgray.svg)](#rust-version-requirements) # X.509 Parser @@ -103,7 +103,7 @@ pub fn check_signature(cert: &X509Certificate<'_>, issuer: &X509Certificate<'_>) ## Rust version requirements -`x509-parser` requires **Rustc version 1.45 or greater**, based on nom 6 +`x509-parser` requires **Rustc version 1.46 or greater**, based on nom 7 dependencies and for proc-macro attributes support. [RFC5280]: https://tools.ietf.org/html/rfc5280 diff --git a/assets/crl-ext/crl-complex.der b/assets/crl-ext/crl-complex.der Binary files differnew file mode 100644 index 0000000..f5140f1 --- /dev/null +++ b/assets/crl-ext/crl-complex.der diff --git a/assets/crl-ext/crl-no-crl.der b/assets/crl-ext/crl-no-crl.der Binary files differnew file mode 100644 index 0000000..03f7357 --- /dev/null +++ b/assets/crl-ext/crl-no-crl.der diff --git a/assets/crl-ext/crl-simple.der b/assets/crl-ext/crl-simple.der Binary files differnew file mode 100644 index 0000000..224a743 --- /dev/null +++ b/assets/crl-ext/crl-simple.der diff --git a/assets/csr-empty-attributes.csr b/assets/csr-empty-attributes.csr Binary files differnew file mode 100644 index 0000000..bfb84c8 --- /dev/null +++ b/assets/csr-empty-attributes.csr diff --git a/assets/empty.crl b/assets/empty.crl Binary files differnew file mode 100644 index 0000000..fc3f6b3 --- /dev/null +++ b/assets/empty.crl diff --git a/assets/example.crl b/assets/example.crl Binary files differnew file mode 100644 index 0000000..3df0b6f --- /dev/null +++ b/assets/example.crl diff --git a/assets/minimal.crl b/assets/minimal.crl Binary files differnew file mode 100644 index 0000000..32cd969 --- /dev/null +++ b/assets/minimal.crl diff --git a/assets/test.csr b/assets/test.csr new file mode 100644 index 0000000..729df67 --- /dev/null +++ b/assets/test.csr @@ -0,0 +1,8 @@ +-----BEGIN CERTIFICATE REQUEST-----
+MIIBBjCBrQIBADAcMRowGAYDVQQDDBF0ZXN0LnJ1c3RpY2F0YS5mcjBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABMP1frFxwJLXiLU6UoqOPf31ucCm2NqR2yqpcHo6
+W7iWJe31OzYs0izP2qeUvdKfz2fpAbuGiRjwvN+H10dQQEGgLzAtBgkqhkiG9w0B
+CQ4xIDAeMBwGA1UdEQQVMBOCEXRlc3QucnVzdGljYXRhLmZyMAoGCCqGSM49BAMC
+A0gAMEUCIGqQHPHgpeyZa5YMLP2X5IwfmrvpIcg5fQ2xkXotGAa0AiEAydeBwr4r
+Iu7XDe015h8uz8xZs2QUEgRdr73lJXTX+Ck=
+-----END CERTIFICATE REQUEST-----
diff --git a/patches/rustdoc.patch b/patches/rustdoc.patch deleted file mode 100644 index d6ec591..0000000 --- a/patches/rustdoc.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff --git a/src/traits.rs b/src/traits.rs -index bd4d070..aae96e5 100644 ---- a/src/traits.rs -+++ b/src/traits.rs -@@ -5,7 +5,18 @@ use crate::error::X509Result; - /// - /// The returned object uses zero-copy, and so has the same lifetime as the input. - /// --/// Note that only parsing is done, not validation (see the [`Validate`](crate::validate::Validate) trait). -+#[cfg_attr( -+ feature = "validate", -+ doc = r#" -+Note that only parsing is done, not validation (see the [`Validate`](crate::validate::Validate) trait). -+"# -+)] -+#[cfg_attr( -+ not(feature = "validate"), -+ doc = r#" -+Note that only parsing is done, not validation. -+"# -+)] - /// - /// # Example - /// diff --git a/src/certificate.rs b/src/certificate.rs index 1d937b1..b2f2c63 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -322,27 +322,27 @@ pub struct TbsCertificate<'a> { impl<'a> TbsCertificate<'a> { /// Returns the certificate extensions #[inline] - pub fn extensions(&self) -> &[X509Extension] { + pub fn extensions(&self) -> &[X509Extension<'a>] { &self.extensions } /// Returns an iterator over the certificate extensions #[inline] - pub fn iter_extensions(&self) -> impl Iterator<Item = &X509Extension> { + pub fn iter_extensions(&self) -> impl Iterator<Item = &X509Extension<'a>> { self.extensions.iter() } /// Searches for an extension with the given `Oid`. /// /// Note: if there are several extensions with the same `Oid`, the first one is returned. - pub fn find_extension(&self, oid: &Oid) -> Option<&X509Extension> { + pub fn find_extension(&self, oid: &Oid) -> Option<&X509Extension<'a>> { self.extensions.iter().find(|&ext| ext.oid == *oid) } /// Builds and returns a map of extensions. /// /// If an extension is present twice, this will fail and return `DuplicateExtensions`. - pub fn extensions_map(&self) -> Result<HashMap<Oid, &X509Extension>, X509Error> { + pub fn extensions_map(&self) -> Result<HashMap<Oid, &X509Extension<'a>>, X509Error> { self.extensions .iter() .try_fold(HashMap::new(), |mut m, ext| { @@ -370,7 +370,7 @@ impl<'a> TbsCertificate<'a> { }) } - pub fn extended_key_usage(&self) -> Option<(bool, &ExtendedKeyUsage)> { + pub fn extended_key_usage(&self) -> Option<(bool, &ExtendedKeyUsage<'a>)> { self.find_extension(&OID_X509_EXT_EXTENDED_KEY_USAGE) .and_then(|ext| match ext.parsed_extension { ParsedExtension::ExtendedKeyUsage(ref eku) => Some((ext.critical, eku)), @@ -394,7 +394,7 @@ impl<'a> TbsCertificate<'a> { }) } - pub fn policy_mappings(&self) -> Option<(bool, &PolicyMappings)> { + pub fn policy_mappings(&self) -> Option<(bool, &PolicyMappings<'a>)> { self.find_extension(&OID_X509_EXT_POLICY_MAPPINGS) .and_then(|ext| match ext.parsed_extension { ParsedExtension::PolicyMappings(ref pm) => Some((ext.critical, pm)), @@ -402,7 +402,7 @@ impl<'a> TbsCertificate<'a> { }) } - pub fn subject_alternative_name(&self) -> Option<(bool, &SubjectAlternativeName)> { + pub fn subject_alternative_name(&self) -> Option<(bool, &SubjectAlternativeName<'a>)> { self.find_extension(&OID_X509_EXT_SUBJECT_ALT_NAME) .and_then(|ext| match ext.parsed_extension { ParsedExtension::SubjectAlternativeName(ref san) => Some((ext.critical, san)), @@ -410,7 +410,7 @@ impl<'a> TbsCertificate<'a> { }) } - pub fn name_constraints(&self) -> Option<(bool, &NameConstraints)> { + pub fn name_constraints(&self) -> Option<(bool, &NameConstraints<'a>)> { self.find_extension(&OID_X509_EXT_NAME_CONSTRAINTS) .and_then(|ext| match ext.parsed_extension { ParsedExtension::NameConstraints(ref nc) => Some((ext.critical, nc)), @@ -426,7 +426,7 @@ impl<'a> TbsCertificate<'a> { } /// Get the raw bytes of the certificate serial number - pub fn raw_serial(&self) -> &[u8] { + pub fn raw_serial(&self) -> &'a [u8] { self.raw_serial } diff --git a/src/extensions.rs b/src/extensions.rs index 6172d47..676cf04 100644 --- a/src/extensions.rs +++ b/src/extensions.rs @@ -10,7 +10,7 @@ use der_parser::der::*; use der_parser::error::{BerError, BerResult}; use der_parser::num_bigint::BigUint; use der_parser::oid::Oid; -use nom::combinator::{all_consuming, complete, map, map_opt, map_res, opt}; +use nom::combinator::{all_consuming, complete, map, map_res, opt}; use nom::multi::{many0, many1}; use nom::{Err, IResult, Parser}; use oid_registry::*; @@ -1428,7 +1428,7 @@ pub(crate) mod parser { // CRLNumber ::= INTEGER (0..MAX) // Note from RFC 3280: "CRL verifiers MUST be able to handle CRLNumber values up to 20 octets." fn parse_crl_number(i: &[u8]) -> IResult<&[u8], ParsedExtension, BerError> { - let (rest, num) = map_opt(parse_der_integer, |obj| obj.as_biguint())(i)?; + let (rest, num) = map_res(parse_der_integer, |obj| obj.as_biguint())(i)?; Ok((rest, ParsedExtension::CRLNumber(num))) } } @@ -4,7 +4,7 @@ //! [![crates.io](https://img.shields.io/crates/v/x509-parser.svg)](https://crates.io/crates/x509-parser) //! [![Download numbers](https://img.shields.io/crates/d/x509-parser.svg)](https://crates.io/crates/x509-parser) //! [![Github CI](https://github.com/rusticata/x509-parser/workflows/Continuous%20integration/badge.svg)](https://github.com/rusticata/x509-parser/actions) -//! [![Minimum rustc version](https://img.shields.io/badge/rustc-1.45.0+-lightgray.svg)](#rust-version-requirements) +//! [![Minimum rustc version](https://img.shields.io/badge/rustc-1.46.0+-lightgray.svg)](#rust-version-requirements) //! //! # X.509 Parser //! @@ -109,7 +109,7 @@ //! //! ## Rust version requirements //! -//! `x509-parser` requires **Rustc version 1.45 or greater**, based on nom 6 +//! `x509-parser` requires **Rustc version 1.46 or greater**, based on nom 7 //! dependencies and for proc-macro attributes support. //! //! [RFC5280]: https://tools.ietf.org/html/rfc5280 diff --git a/src/x509.rs b/src/x509.rs index ecee084..95d1257 100644 --- a/src/x509.rs +++ b/src/x509.rs @@ -224,12 +224,15 @@ impl<'a> FromDer<'a> for RelativeDistinguishedName<'a> { pub struct SubjectPublicKeyInfo<'a> { pub algorithm: AlgorithmIdentifier<'a>, pub subject_public_key: BitStringObject<'a>, + /// A raw unparsed PKIX, ASN.1 DER form (see RFC 5280, Section 4.1). + pub raw: &'a [u8], } impl<'a> FromDer<'a> for SubjectPublicKeyInfo<'a> { /// Parse the SubjectPublicKeyInfo struct portion of a DER-encoded X.509 Certificate fn from_der(i: &'a [u8]) -> X509Result<Self> { - parse_der_sequence_defined_g(|i, _| { + let start_i = i; + parse_der_sequence_defined_g(move |i, _| { let (i, algorithm) = AlgorithmIdentifier::from_der(i)?; let (i, subject_public_key) = map_res(parse_der_bitstring, |x: DerObject<'a>| { match x.content { @@ -238,9 +241,12 @@ impl<'a> FromDer<'a> for SubjectPublicKeyInfo<'a> { } })(i) .or(Err(X509Error::InvalidSPKI))?; + let len = start_i.offset(i); + let raw = &start_i[..len]; let spki = SubjectPublicKeyInfo { algorithm, subject_public_key, + raw, }; Ok((i, spki)) })(i) diff --git a/tests/test01.rs b/tests/test01.rs index 1559888..45c0dca 100644 --- a/tests/test01.rs +++ b/tests/test01.rs @@ -1,5 +1,4 @@ -#[macro_use] -extern crate nom; +use nom::bytes::complete::take; #[test] fn test01() { @@ -7,13 +6,11 @@ fn test01() { let _ = x509_parser::parse_x509_certificate(data); } -named!(parser02<&[u8],()>, - do_parse!( - _hdr: take!(1) >> - _data: take!(18_446_744_073_709_551_615) >> - ( () ) - ) -); +fn parser02(input: &[u8]) -> nom::IResult<&[u8], ()> { + let (_hdr, input) = take(1_usize)(input)?; + let (_data, input) = take(18_446_744_073_709_551_615_usize)(input)?; + Ok((input, ())) +} #[test] fn test02() { |