1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
// This file is dual licensed under the terms of the Apache License, Version
// 2.0, and the BSD License. See the LICENSE file in the root of this repository
// for complete details.
use crate::error::CryptographyResult;
use crate::x509;
use crate::x509::certificate::Certificate;
use cryptography_x509::ocsp_req::CertID;
use cryptography_x509::{common, oid};
use once_cell::sync::Lazy;
use std::collections::HashMap;
pub(crate) static OIDS_TO_HASH: Lazy<HashMap<&asn1::ObjectIdentifier, &str>> = Lazy::new(|| {
let mut h = HashMap::new();
h.insert(&oid::SHA1_OID, "SHA1");
h.insert(&oid::SHA224_OID, "SHA224");
h.insert(&oid::SHA256_OID, "SHA256");
h.insert(&oid::SHA384_OID, "SHA384");
h.insert(&oid::SHA512_OID, "SHA512");
h
});
pub(crate) static HASH_NAME_TO_ALGORITHM_IDENTIFIERS: Lazy<
HashMap<&str, common::AlgorithmIdentifier<'_>>,
> = Lazy::new(|| {
let mut h = HashMap::new();
h.insert(
"sha1",
common::AlgorithmIdentifier {
oid: asn1::DefinedByMarker::marker(),
params: common::AlgorithmParameters::Sha1(()),
},
);
h.insert(
"sha224",
common::AlgorithmIdentifier {
oid: asn1::DefinedByMarker::marker(),
params: common::AlgorithmParameters::Sha224(()),
},
);
h.insert(
"sha256",
common::AlgorithmIdentifier {
oid: asn1::DefinedByMarker::marker(),
params: common::AlgorithmParameters::Sha256(()),
},
);
h.insert(
"sha384",
common::AlgorithmIdentifier {
oid: asn1::DefinedByMarker::marker(),
params: common::AlgorithmParameters::Sha384(()),
},
);
h.insert(
"sha512",
common::AlgorithmIdentifier {
oid: asn1::DefinedByMarker::marker(),
params: common::AlgorithmParameters::Sha512(()),
},
);
h
});
pub(crate) fn certid_new<'p>(
py: pyo3::Python<'p>,
cert: &'p Certificate,
issuer: &'p Certificate,
hash_algorithm: &'p pyo3::PyAny,
) -> CryptographyResult<CertID<'p>> {
let issuer_der = asn1::write_single(&cert.raw.borrow_value_public().tbs_cert.issuer)?;
let issuer_name_hash = hash_data(py, hash_algorithm, &issuer_der)?;
let issuer_key_hash = hash_data(
py,
hash_algorithm,
issuer
.raw
.borrow_value_public()
.tbs_cert
.spki
.subject_public_key
.as_bytes(),
)?;
Ok(CertID {
hash_algorithm: x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[hash_algorithm
.getattr(pyo3::intern!(py, "name"))?
.extract::<&str>()?]
.clone(),
issuer_name_hash,
issuer_key_hash,
serial_number: cert.raw.borrow_value_public().tbs_cert.serial,
})
}
pub(crate) fn certid_new_from_hash<'p>(
py: pyo3::Python<'p>,
issuer_name_hash: &'p [u8],
issuer_key_hash: &'p [u8],
serial_number: asn1::BigInt<'p>,
hash_algorithm: &'p pyo3::PyAny,
) -> CryptographyResult<CertID<'p>> {
Ok(CertID {
hash_algorithm: x509::ocsp::HASH_NAME_TO_ALGORITHM_IDENTIFIERS[hash_algorithm
.getattr(pyo3::intern!(py, "name"))?
.extract::<&str>()?]
.clone(),
issuer_name_hash,
issuer_key_hash,
serial_number,
})
}
pub(crate) fn hash_data<'p>(
py: pyo3::Python<'p>,
py_hash_alg: &'p pyo3::PyAny,
data: &[u8],
) -> pyo3::PyResult<&'p [u8]> {
let hash = py
.import(pyo3::intern!(py, "cryptography.hazmat.primitives.hashes"))?
.getattr(pyo3::intern!(py, "Hash"))?
.call1((py_hash_alg,))?;
hash.call_method1(pyo3::intern!(py, "update"), (data,))?;
hash.call_method0(pyo3::intern!(py, "finalize"))?.extract()
}
|