diff options
| author | Alex Gaynor <alex.gaynor@gmail.com> | 2021-10-22 21:13:12 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-10-23 09:13:12 +0800 |
| commit | 48a947ae4d83a99ac949cc6fdef17fc29d2464cd (patch) | |
| tree | e98cc12e7b36bcfe962bec0a9990e4fdaef8c0c8 /src/rust | |
| parent | 4ba40bdce93ce0e579f43ea7589d7bfe634fb724 (diff) | |
| download | cryptography-48a947ae4d83a99ac949cc6fdef17fc29d2464cd.tar.gz | |
Refactor OCSP code for reuse in OCSP response serialization (#6459)
Diffstat (limited to 'src/rust')
| -rw-r--r-- | src/rust/src/x509/ocsp.rs | 41 | ||||
| -rw-r--r-- | src/rust/src/x509/ocsp_req.rs | 29 |
2 files changed, 42 insertions, 28 deletions
diff --git a/src/rust/src/x509/ocsp.rs b/src/rust/src/x509/ocsp.rs index ff8b2d34b..ee7f98863 100644 --- a/src/rust/src/x509/ocsp.rs +++ b/src/rust/src/x509/ocsp.rs @@ -2,6 +2,7 @@ // 2.0, and the BSD License. See the LICENSE file in the root of this repository // for complete details. +use crate::asn1::PyAsn1Result; use crate::x509; use std::collections::HashMap; @@ -32,6 +33,10 @@ lazy_static::lazy_static! { }; pub(crate) static ref NONCE_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("1.3.6.1.5.5.7.48.1.2").unwrap(); + + // TODO: kind of verbose way to say "\x05\x00". + static ref NULL_DER: Vec<u8> = asn1::write_single(&()); + pub(crate) static ref NULL_TLV: asn1::Tlv<'static> = asn1::parse_single(&NULL_DER).unwrap(); } #[derive(asn1::Asn1Read, asn1::Asn1Write)] @@ -42,6 +47,42 @@ pub(crate) struct CertID<'a> { pub(crate) serial_number: asn1::BigUint<'a>, } +impl CertID<'_> { + pub(crate) fn new<'p>( + py: pyo3::Python<'p>, + cert: &'p x509::Certificate, + issuer: &'p x509::Certificate, + hash_algorithm: &'p pyo3::PyAny, + ) -> PyAsn1Result<CertID<'p>> { + let issuer_name_hash = hash_data( + py, + hash_algorithm, + &asn1::write_single(&cert.raw.borrow_value_public().tbs_cert.issuer), + )?; + let issuer_key_hash = hash_data( + py, + hash_algorithm, + issuer + .raw + .borrow_value_public() + .tbs_cert + .spki + .subject_public_key + .as_bytes(), + )?; + + Ok(CertID { + hash_algorithm: x509::AlgorithmIdentifier { + oid: HASH_NAME_TO_OIDS[hash_algorithm.getattr("name")?.extract::<&str>()?].clone(), + params: Some(*NULL_TLV), + }, + issuer_name_hash, + issuer_key_hash, + serial_number: cert.raw.borrow_value_public().tbs_cert.serial, + }) + } +} + pub(crate) fn hash_data<'p>( py: pyo3::Python<'p>, py_hash_alg: &'p pyo3::PyAny, diff --git a/src/rust/src/x509/ocsp_req.rs b/src/rust/src/x509/ocsp_req.rs index d41e1196c..a1552e2fd 100644 --- a/src/rust/src/x509/ocsp_req.rs +++ b/src/rust/src/x509/ocsp_req.rs @@ -181,40 +181,13 @@ fn create_ocsp_request(py: pyo3::Python<'_>, builder: &pyo3::PyAny) -> PyAsn1Res &pyo3::PyAny, ) = builder.getattr("_request")?.extract()?; - let issuer_name_hash = ocsp::hash_data( - py, - py_hash, - &asn1::write_single(&py_cert.raw.borrow_value_public().tbs_cert.issuer), - )?; - let issuer_key_hash = ocsp::hash_data( - py, - py_hash, - py_issuer - .raw - .borrow_value_public() - .tbs_cert - .spki - .subject_public_key - .as_bytes(), - )?; - let extensions = x509::common::encode_extensions( py, builder.getattr("_extensions")?, encode_ocsp_request_extension, )?; - let null_der = asn1::write_single(&()); let reqs = [Request { - req_cert: ocsp::CertID { - hash_algorithm: x509::AlgorithmIdentifier { - oid: ocsp::HASH_NAME_TO_OIDS[py_hash.getattr("name")?.extract::<&str>()?].clone(), - // TODO: kind of verbose way to say "\x05\x00". - params: Some(asn1::parse_single(&null_der)?), - }, - issuer_name_hash, - issuer_key_hash, - serial_number: py_cert.raw.borrow_value_public().tbs_cert.serial, - }, + req_cert: ocsp::CertID::new(py, &py_cert, &py_issuer, py_hash)?, single_request_extensions: None, }]; let ocsp_req = RawOCSPRequest { |