Migrate to current pre-release revisions of dependencies (#583)
The CHANGELOG lists the specific versions currently pinned; it will be modified to instead reference the public releases once they exist and this crate uses them.
This commit is contained in:
+45
-18
@@ -41,8 +41,8 @@ use crate::{
|
||||
};
|
||||
use log::error;
|
||||
use x509_cert::{
|
||||
builder::{Builder, CertificateBuilder, Profile},
|
||||
der::{self, referenced::OwnedToRef, Decode, Encode},
|
||||
builder::{profile::BuilderProfile, Builder, CertificateBuilder},
|
||||
der::{referenced::OwnedToRef, Decode, Encode},
|
||||
name::Name,
|
||||
serial_number::SerialNumber,
|
||||
spki::{SubjectPublicKeyInfoOwned, SubjectPublicKeyInfoRef},
|
||||
@@ -109,23 +109,18 @@ impl Certificate {
|
||||
extensions: F,
|
||||
) -> Result<Self>
|
||||
where
|
||||
F: FnOnce(&mut CertificateBuilder<'_, yubikey_signer::Signer<'_, KT>>) -> der::Result<()>,
|
||||
F: FnOnce(&mut CertificateBuilder<SelfSigned>) -> der::Result<()>,
|
||||
{
|
||||
let signer = yubikey_signer::Signer::new(yubikey, key, subject_pki.owned_to_ref())?;
|
||||
let mut builder = CertificateBuilder::new(
|
||||
Profile::Manual { issuer: None },
|
||||
serial,
|
||||
validity,
|
||||
subject,
|
||||
subject_pki,
|
||||
&signer,
|
||||
)
|
||||
.map_err(|_| Error::KeyError)?;
|
||||
let signer =
|
||||
yubikey_signer::Signer::<'_, KT>::new(yubikey, key, subject_pki.owned_to_ref())?;
|
||||
let mut builder =
|
||||
CertificateBuilder::new(SelfSigned { subject }, serial, validity, subject_pki)
|
||||
.map_err(|_| Error::KeyError)?;
|
||||
|
||||
// Add custom extensions
|
||||
extensions(&mut builder)?;
|
||||
|
||||
let cert = builder.build().map_err(|_| Error::KeyError)?;
|
||||
let cert = builder.build(&signer).map_err(|_| Error::KeyError)?;
|
||||
let cert = Self { cert };
|
||||
cert.write(yubikey, key, CertInfo::Uncompressed)?;
|
||||
|
||||
@@ -174,23 +169,55 @@ impl Certificate {
|
||||
|
||||
/// Returns the Issuer field of the certificate.
|
||||
pub fn issuer(&self) -> String {
|
||||
self.cert.tbs_certificate.issuer.to_string()
|
||||
self.cert.tbs_certificate().issuer().to_string()
|
||||
}
|
||||
|
||||
/// Returns the SubjectName field of the certificate.
|
||||
pub fn subject(&self) -> String {
|
||||
self.cert.tbs_certificate.subject.to_string()
|
||||
self.cert.tbs_certificate().subject().to_string()
|
||||
}
|
||||
|
||||
/// Returns the SubjectPublicKeyInfo field of the certificate.
|
||||
pub fn subject_pki(&self) -> SubjectPublicKeyInfoRef<'_> {
|
||||
self.cert
|
||||
.tbs_certificate
|
||||
.subject_public_key_info
|
||||
.tbs_certificate()
|
||||
.subject_public_key_info()
|
||||
.owned_to_ref()
|
||||
}
|
||||
}
|
||||
|
||||
/// A [`BuilderProfile`] for self-signed certificates.
|
||||
///
|
||||
/// This profile has no default extensions.
|
||||
pub struct SelfSigned {
|
||||
subject: Name,
|
||||
}
|
||||
|
||||
impl BuilderProfile for SelfSigned {
|
||||
fn get_issuer(&self, subject: &Name) -> Name {
|
||||
// RFC 5280 Section 3.2:
|
||||
//
|
||||
// > Self-issued certificates are CA certificates in which the issuer and subject
|
||||
// > are the same entity. [..] Self-signed certificates are self-issued
|
||||
// > certificates where the digital signature may be verified by the public key
|
||||
// > bound into the certificate.
|
||||
subject.clone()
|
||||
}
|
||||
|
||||
fn get_subject(&self) -> Name {
|
||||
self.subject.clone()
|
||||
}
|
||||
|
||||
fn build_extensions(
|
||||
&self,
|
||||
_spk: SubjectPublicKeyInfoRef<'_>,
|
||||
_issuer_spk: SubjectPublicKeyInfoRef<'_>,
|
||||
_tbs: &x509_cert::TbsCertificate,
|
||||
) -> x509_cert::builder::Result<Vec<x509_cert::ext::Extension>> {
|
||||
Ok(vec![])
|
||||
}
|
||||
}
|
||||
|
||||
/// Read certificate
|
||||
pub(crate) fn read_certificate(txn: &Transaction<'_>, slot: SlotId) -> Result<Buffer> {
|
||||
let object_id = slot.object_id();
|
||||
|
||||
@@ -57,6 +57,9 @@ pub enum Error {
|
||||
/// Authentication error
|
||||
AuthenticationError,
|
||||
|
||||
/// Error while building a certificate
|
||||
CertificateBuilder,
|
||||
|
||||
/// Generic error
|
||||
GenericError,
|
||||
|
||||
@@ -136,6 +139,7 @@ impl Error {
|
||||
}
|
||||
Error::ArgumentError => f.write_str("argument error"),
|
||||
Error::AuthenticationError => f.write_str("authentication error"),
|
||||
Error::CertificateBuilder => f.write_str("certificate builder error"),
|
||||
Error::GenericError => f.write_str("generic error"),
|
||||
Error::InvalidObject => f.write_str("invalid object"),
|
||||
Error::KeyError => f.write_str("key error"),
|
||||
@@ -197,3 +201,9 @@ impl From<der::Error> for Error {
|
||||
Error::ParseError
|
||||
}
|
||||
}
|
||||
|
||||
impl From<x509_cert::builder::Error> for Error {
|
||||
fn from(_err: x509_cert::builder::Error) -> Error {
|
||||
Error::CertificateBuilder
|
||||
}
|
||||
}
|
||||
|
||||
+3
-5
@@ -42,7 +42,7 @@ use crate::{
|
||||
yubikey::YubiKey,
|
||||
};
|
||||
use des::{
|
||||
cipher::{generic_array::GenericArray, BlockDecrypt, BlockEncrypt, KeyInit},
|
||||
cipher::{BlockCipherDecrypt, BlockCipherEncrypt, KeyInit},
|
||||
TdesEde3,
|
||||
};
|
||||
#[cfg(feature = "untested")]
|
||||
@@ -314,16 +314,14 @@ impl MgmKey {
|
||||
/// Encrypt with 3DES key
|
||||
pub(crate) fn encrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] {
|
||||
let mut output = input.to_owned();
|
||||
TdesEde3::new(GenericArray::from_slice(&self.0))
|
||||
.encrypt_block(GenericArray::from_mut_slice(&mut output));
|
||||
TdesEde3::new(&self.0.into()).encrypt_block((&mut output).into());
|
||||
output
|
||||
}
|
||||
|
||||
/// Decrypt with 3DES key
|
||||
pub(crate) fn decrypt(&self, input: &[u8; DES_LEN_DES]) -> [u8; DES_LEN_DES] {
|
||||
let mut output = input.to_owned();
|
||||
TdesEde3::new(GenericArray::from_slice(&self.0))
|
||||
.decrypt_block(GenericArray::from_mut_slice(&mut output));
|
||||
TdesEde3::new(&self.0.into()).decrypt_block((&mut output).into());
|
||||
output
|
||||
}
|
||||
}
|
||||
|
||||
+1
-1
@@ -183,7 +183,7 @@ impl<'tx> Transaction<'tx> {
|
||||
if !pin.is_empty() {
|
||||
let mut data = Zeroizing::new([0xff; CB_PIN_MAX]);
|
||||
data[0..pin.len()].copy_from_slice(pin);
|
||||
query.data(data.as_ref());
|
||||
query.data(data.as_slice());
|
||||
}
|
||||
|
||||
let response = query.transmit(self, 261)?;
|
||||
|
||||
Reference in New Issue
Block a user