Skip to content

Commit

Permalink
Finish removal of gil-refs feature from pyo3
Browse files Browse the repository at this point in the history
  • Loading branch information
@alex
alex committed Apr 14, 2024
1 parent 0fb841d commit 4800074
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 33 deletions.
2 changes: 1 addition & 1 deletion src/rust/Cargo.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ rust-version = "1.65.0"
[dependencies]
once_cell = "1"
cfg-if = "1"
pyo3 = { version = "0.21.1", features = ["abi3", "gil-refs"] }
pyo3 = { version = "0.21.1", features = ["abi3"] }
asn1 = { version = "0.16.1", default-features = false }
cryptography-cffi = { path = "cryptography-cffi" }
cryptography-keepalive = { path = "cryptography-keepalive" }
Expand Down
30 changes: 16 additions & 14 deletions src/rust/src/x509/common.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,55 +101,56 @@ fn encode_name_bytes<'p>(

pub(crate) fn encode_general_names<'a>(
py: pyo3::Python<'_>,
ka: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_bytes: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_str: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedStr>,
py_gns: &pyo3::Bound<'a, pyo3::PyAny>,
) -> Result<Vec<GeneralName<'a>>, CryptographyError> {
let mut gns = vec![];
for el in py_gns.iter()? {
let gn = encode_general_name(py, ka, &el?)?;
let gn = encode_general_name(py, ka_bytes, ka_str, &el?)?;
gns.push(gn);
}
Ok(gns)
}

pub(crate) fn encode_general_name<'a>(
py: pyo3::Python<'_>,
ka: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_bytes: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_str: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedStr>,
gn: &pyo3::Bound<'a, pyo3::PyAny>,
) -> Result<GeneralName<'a>, CryptographyError> {
let gn_type = gn.get_type();
let gn_value = gn.getattr(pyo3::intern!(py, "value"))?;

if gn_type.is(&types::DNS_NAME.get(py)?) {
Ok(GeneralName::DNSName(UnvalidatedIA5String(
gn_value.extract::<&str>()?,
ka_str.add(gn_value.extract()?),
)))
} else if gn_type.is(&types::RFC822_NAME.get(py)?) {
Ok(GeneralName::RFC822Name(UnvalidatedIA5String(
gn_value.extract::<&str>()?,
ka_str.add(gn_value.extract()?),
)))
} else if gn_type.is(&types::DIRECTORY_NAME.get(py)?) {
let name = encode_name(py, ka, &gn_value)?;
let name = encode_name(py, ka_bytes, &gn_value)?;
Ok(GeneralName::DirectoryName(name))
} else if gn_type.is(&types::OTHER_NAME.get(py)?) {
let py_oid = gn.getattr(pyo3::intern!(py, "type_id"))?;
Ok(GeneralName::OtherName(OtherName {
type_id: py_oid_to_oid(py_oid)?,
value: asn1::parse_single(gn_value.extract::<&[u8]>()?).map_err(|e| {
value: asn1::parse_single(ka_bytes.add(gn_value.extract()?)).map_err(|e| {
pyo3::exceptions::PyValueError::new_err(format!(
"OtherName value must be valid DER: {e:?}"
))
})?,
}))
} else if gn_type.is(&types::UNIFORM_RESOURCE_IDENTIFIER.get(py)?) {
Ok(GeneralName::UniformResourceIdentifier(
UnvalidatedIA5String(gn_value.extract::<&str>()?),
UnvalidatedIA5String(ka_str.add(gn_value.extract()?)),
))
} else if gn_type.is(&types::IP_ADDRESS.get(py)?) {
Ok(GeneralName::IPAddress(
gn.call_method0(pyo3::intern!(py, "_packed"))?
.extract::<&[u8]>()?,
))
Ok(GeneralName::IPAddress(ka_bytes.add(
gn.call_method0(pyo3::intern!(py, "_packed"))?.extract()?,
)))
} else if gn_type.is(&types::REGISTERED_ID.get(py)?) {
let oid = py_oid_to_oid(gn_value)?;
Ok(GeneralName::RegisteredID(oid))
Expand All @@ -165,13 +166,14 @@ pub(crate) fn encode_access_descriptions<'a>(
py_ads: &pyo3::Bound<'a, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
let mut ads = vec![];
let ka = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();
for py_ad in py_ads.iter()? {
let py_ad = py_ad?;
let py_oid = py_ad.getattr(pyo3::intern!(py, "access_method"))?;
let access_method = py_oid_to_oid(py_oid)?;
let py_access_location = py_ad.getattr(pyo3::intern!(py, "access_location"))?;
let access_location = encode_general_name(py, &ka, &py_access_location)?;
let access_location = encode_general_name(py, &ka_bytes, &ka_str, &py_access_location)?;
ads.push(AccessDescription {
access_method,
access_location,
Expand Down
58 changes: 40 additions & 18 deletions src/rust/src/x509/extensions.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,16 @@ use pyo3::pybacked::PyBackedStr;

fn encode_general_subtrees<'a>(
py: pyo3::Python<'_>,
ka: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_bytes: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedBytes>,
ka_str: &'a cryptography_keepalive::KeepAlive<pyo3::pybacked::PyBackedStr>,
subtrees: &pyo3::Bound<'a, pyo3::PyAny>,
) -> Result<Option<extensions::SequenceOfSubtrees<'a>>, CryptographyError> {
if subtrees.is_none() {
Ok(None)
} else {
let mut subtree_seq = vec![];
for name in subtrees.iter()? {
let gn = x509::common::encode_general_name(py, ka, &name?)?;
let gn = x509::common::encode_general_name(py, ka_bytes, ka_str, &name?)?;
subtree_seq.push(extensions::GeneralSubtree {
base: gn,
minimum: 0,
Expand All @@ -46,9 +47,11 @@ pub(crate) fn encode_authority_key_identifier<'a>(
}
let aki = py_aki.extract::<PyAuthorityKeyIdentifier<'_>>()?;

let ka = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();
let authority_cert_issuer = if let Some(authority_cert_issuer) = aki.authority_cert_issuer {
let gns = x509::common::encode_general_names(py, &ka, &authority_cert_issuer)?;
let gns =
x509::common::encode_general_names(py, &ka_bytes, &ka_str, &authority_cert_issuer)?;
Some(common::Asn1ReadableOrWritable::new_write(
asn1::SequenceOfWriter::new(gns),
))
Expand Down Expand Up @@ -82,28 +85,33 @@ pub(crate) fn encode_distribution_points<'p>(
reasons: Option<pyo3::Bound<'a, pyo3::PyAny>>,
}

let ka = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();
let mut dps = vec![];
for py_dp in py_dps.iter()? {
let py_dp = py_dp?.extract::<PyDistributionPoint<'_>>()?;

let crl_issuer = if let Some(py_crl_issuer) = py_dp.crl_issuer {
let gns = x509::common::encode_general_names(py, &ka, &py_crl_issuer)?;
let gns = x509::common::encode_general_names(py, &ka_bytes, &ka_str, &py_crl_issuer)?;
Some(common::Asn1ReadableOrWritable::new_write(
asn1::SequenceOfWriter::new(gns),
))
} else {
None
};
let distribution_point = if let Some(py_full_name) = py_dp.full_name {
let gns = x509::common::encode_general_names(py, &ka, &py_full_name)?;
let gns = x509::common::encode_general_names(py, &ka_bytes, &ka_str, &py_full_name)?;
Some(extensions::DistributionPointName::FullName(
common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)),
))
} else if let Some(py_relative_name) = py_dp.relative_name {
let mut name_entries = vec![];
for py_name_entry in py_relative_name.iter()? {
name_entries.push(x509::common::encode_name_entry(py, &ka, &py_name_entry?)?);
name_entries.push(x509::common::encode_name_entry(
py,
&ka_bytes,
&py_name_entry?,
)?);
}
Some(extensions::DistributionPointName::NameRelativeToCRLIssuer(
common::Asn1ReadableOrWritable::new_write(asn1::SetOfWriter::new(name_entries)),
Expand Down Expand Up @@ -317,7 +325,8 @@ fn encode_issuing_distribution_point(
py: pyo3::Python<'_>,
ext: &pyo3::Bound<'_, pyo3::PyAny>,
) -> CryptographyResult<Vec<u8>> {
let ka = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();

let only_some_reasons = if ext
.getattr(pyo3::intern!(py, "only_some_reasons"))?
Expand All @@ -331,7 +340,7 @@ fn encode_issuing_distribution_point(
};
let distribution_point = if ext.getattr(pyo3::intern!(py, "full_name"))?.is_truthy()? {
let py_full_name = ext.getattr(pyo3::intern!(py, "full_name"))?;
let gns = x509::common::encode_general_names(ext.py(), &ka, &py_full_name)?;
let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, &py_full_name)?;
Some(extensions::DistributionPointName::FullName(
common::Asn1ReadableOrWritable::new_write(asn1::SequenceOfWriter::new(gns)),
))
Expand All @@ -341,7 +350,7 @@ fn encode_issuing_distribution_point(
{
let mut name_entries = vec![];
for py_name_entry in ext.getattr(pyo3::intern!(py, "relative_name"))?.iter()? {
let name_entry = x509::common::encode_name_entry(ext.py(), &ka, &py_name_entry?)?;
let name_entry = x509::common::encode_name_entry(ext.py(), &ka_bytes, &py_name_entry?)?;
name_entries.push(name_entry);
}
Some(extensions::DistributionPointName::NameRelativeToCRLIssuer(
Expand Down Expand Up @@ -454,13 +463,24 @@ pub(crate) fn encode_extension(
Ok(Some(asn1::write_single(&pc)?))
}
&oid::NAME_CONSTRAINTS_OID => {
let ka = cryptography_keepalive::KeepAlive::new();
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();

let permitted = ext.getattr(pyo3::intern!(py, "permitted_subtrees"))?;
let excluded = ext.getattr(pyo3::intern!(py, "excluded_subtrees"))?;
let nc = extensions::NameConstraints {
permitted_subtrees: encode_general_subtrees(ext.py(), &ka, &permitted)?,
excluded_subtrees: encode_general_subtrees(ext.py(), &ka, &excluded)?,
permitted_subtrees: encode_general_subtrees(
ext.py(),
&ka_bytes,
&ka_str,
&permitted,
)?,
excluded_subtrees: encode_general_subtrees(
ext.py(),
&ka_bytes,
&ka_str,
&excluded,
)?,
};
Ok(Some(asn1::write_single(&nc)?))
}
Expand All @@ -475,8 +495,9 @@ pub(crate) fn encode_extension(
)?))
}
&oid::ISSUER_ALTERNATIVE_NAME_OID | &oid::SUBJECT_ALTERNATIVE_NAME_OID => {
let ka = cryptography_keepalive::KeepAlive::new();
let gns = x509::common::encode_general_names(ext.py(), &ka, ext)?;
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();
let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, ext)?;
Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(gns))?))
}
&oid::AUTHORITY_KEY_IDENTIFIER_OID => {
Expand Down Expand Up @@ -506,8 +527,9 @@ pub(crate) fn encode_extension(
Ok(Some(asn1::write_single(&asn1::Enumerated::new(value))?))
}
&oid::CERTIFICATE_ISSUER_OID => {
let ka = cryptography_keepalive::KeepAlive::new();
let gns = x509::common::encode_general_names(ext.py(), &ka, ext)?;
let ka_bytes = cryptography_keepalive::KeepAlive::new();
let ka_str = cryptography_keepalive::KeepAlive::new();
let gns = x509::common::encode_general_names(ext.py(), &ka_bytes, &ka_str, ext)?;
Ok(Some(asn1::write_single(&asn1::SequenceOfWriter::new(gns))?))
}
&oid::INVALIDITY_DATE_OID => {
Expand Down

0 comments on commit 4800074

Please sign in to comment.