Skip to content

Commit

Permalink
add initial X.509 path validation implementation (#8873)
Browse files Browse the repository at this point in the history
  • Loading branch information
woodruffw authored Dec 22, 2023
1 parent a47bfb6 commit 3763aa7
Show file tree
Hide file tree
Showing 10 changed files with 1,215 additions and 117 deletions.
26 changes: 4 additions & 22 deletions src/rust/cryptography-x509-validation/src/certificate.rs
Original file line number Diff line number Diff line change
Expand Up @@ -6,38 +6,24 @@
use cryptography_x509::certificate::Certificate;

use crate::ops::CryptoOps;

// TODO: Remove these attributes once we start using these helpers.
#[allow(dead_code)]
pub(crate) fn cert_is_self_issued(cert: &Certificate<'_>) -> bool {
cert.issuer() == cert.subject()
}

#[allow(dead_code)]
pub(crate) fn cert_is_self_signed<B: CryptoOps>(cert: &Certificate<'_>, ops: &B) -> bool {
match ops.public_key(cert) {
Ok(pk) => cert_is_self_issued(cert) && ops.verify_signed_by(cert, pk).is_ok(),
Err(_) => false,
}
}

#[cfg(test)]
mod tests {
pub(crate) mod tests {
use crate::certificate::Certificate;
use crate::ops::tests::{cert, v1_cert_pem, NullOps};
use crate::ops::tests::{cert, v1_cert_pem};
use crate::ops::CryptoOps;

use super::{cert_is_self_issued, cert_is_self_signed};
use super::cert_is_self_issued;

#[test]
fn test_certificate_v1() {
let cert_pem = v1_cert_pem();
let cert = cert(&cert_pem);
let ops = NullOps {};

assert!(!cert_is_self_issued(&cert));
assert!(!cert_is_self_signed(&cert, &ops));
}

fn ca_pem() -> pem::Pem {
Expand All @@ -61,13 +47,11 @@ Xw4nMqk=
fn test_certificate_ca() {
let cert_pem = ca_pem();
let cert = cert(&cert_pem);
let ops = NullOps {};

assert!(cert_is_self_issued(&cert));
assert!(cert_is_self_signed(&cert, &ops));
}

struct PublicKeyErrorOps {}
pub(crate) struct PublicKeyErrorOps {}
impl CryptoOps for PublicKeyErrorOps {
type Key = ();
type Err = ();
Expand All @@ -90,10 +74,8 @@ Xw4nMqk=
fn test_certificate_public_key_error() {
let cert_pem = ca_pem();
let cert = cert(&cert_pem);
let ops = PublicKeyErrorOps {};

assert!(cert_is_self_issued(&cert));
assert!(!cert_is_self_signed(&cert, &ops));
}

#[test]
Expand Down
Loading

0 comments on commit 3763aa7

Please sign in to comment.