Update x509-cert to 0.2.5
Test: m
Change-Id: I0210dd86c169e08e5ecf5eada8fd08de71ae2d1b
diff --git a/crates/x509-cert/.android-checksum.json b/crates/x509-cert/.android-checksum.json
index 9d4547d..e67664d 100644
--- a/crates/x509-cert/.android-checksum.json
+++ b/crates/x509-cert/.android-checksum.json
@@ -1 +1 @@
-{"package":null,"files":{".cargo-checksum.json":"08efe45b1c528b0861eb82b40b18b7fcb92e94f6e46942531edd6d794f302b6d","Android.bp":"53cf5119ef15f62c35d011df9d045cb2296970378b307e093ade2ffec47df137","CHANGELOG.md":"1909bec3e617e195116b1499a92e7d82f900bcb5ecca68c69b38a656d94b6dd1","Cargo.toml":"ec99e4fa1cdfcd0068fc34c6d3cb3de2fb60e12fd24b488ceb1d2bdf79fc8455","LICENSE":"a70b9d6cc87b5937a78beace08f2370fd91d1d12b38f09c5d7e004ece883f9b6","LICENSE-APACHE":"a70b9d6cc87b5937a78beace08f2370fd91d1d12b38f09c5d7e004ece883f9b6","LICENSE-MIT":"6f853bf2cbee873e386d54aead5f9ac24173f5dd0666bbc6533962495935bd9f","METADATA":"8b5571e45893e5fba7ee414972b8f75518b09a47f249dea344d2cb875b68622a","MODULE_LICENSE_APACHE2":"0d6f8afa3940b7f06bebee651376d43bc8b0d5b437337be2696d30377451e93a","README.md":"cfbb7a4795d32dc807fed749c41a13f745e5936dc698235452cf9ea982ec04e5","cargo_embargo.json":"5a95c7f70a6263393974d388575a632347aeb706672c45664a3228ab78fe81c2","rules.mk":"b8adb139cddc201d52ef6d24c4222d6d2a30810dad2ca49de539bd04ae095e48","src/anchor.rs":"6bc92d3e68f6ba9bd9d3688d651e455f359ec7f2f62ac1b4f1f1f1f5c9c83337","src/attr.rs":"1d27c559517156672fc12ca0e7a38cd075db4e55341b08976bce554bd9c4db7c","src/builder.rs":"6bb11b8f95a013bdcf21c8ee9ec624da8126f402dc021ebe5ec0caa78c3449ec","src/certificate.rs":"847c2cc229e02fab606d4496d5449fce06aad99f69cb8b224c61331ced4a6587","src/crl.rs":"62aefab95d5943d54a3155f8ac73563f0fbe1947520958f4ee411b8973ea4e89","src/ext.rs":"98d1cd52285a79b16f0d68de778ac74165d084ce2e174f73798445f4270c9feb","src/ext/pkix.rs":"8b3c602a5d87dc93cde19cdae0972356cd4b2a6c4d3f21c8cbf25cb4a09220bc","src/ext/pkix/access.rs":"5dbc7d2d155d3cf200a2a0c57c7f0279c988018172f284d9240d85d8ba2322ca","src/ext/pkix/authkeyid.rs":"61f8053cb614cc1231f764b872652652daeec5ae1407d5b93e047add9535da50","src/ext/pkix/certpolicy.rs":"50ff6430b3450219f36df3438d80bc8ce7be467b06e8c9f39300563a8a8bf7ca","src/ext/pkix/constraints.rs":"8993d558880f382a876c365e2c2cbf632bc3a7abb3e3ac3a46fbe95d9a7beee2","src/ext/pkix/constraints/basic.rs":"b9c1de0725b2bb265187860aa99cbcd48595fd9390cca76ce1839b25c40f449e","src/ext/pkix/constraints/name.rs":"8348eca14eb954584b3bc19ad46cfef29acfe1d2827f81735e6cb4517aa956b5","src/ext/pkix/constraints/policy.rs":"85646bf33d969a6d3b8823ea770419bc9ef94eea93c8bc8203affb90e5fa4e00","src/ext/pkix/crl.rs":"cd703adf57ca4e9744420afa7f1e3947a4e3704a016f77398a33f5b4d6828c6b","src/ext/pkix/crl/dp.rs":"1d88e871eb9b76131dc6c85188fa07db68a5d4848f2f9c7420467bacfcfc827f","src/ext/pkix/keyusage.rs":"45023e818739b40d000fed3a241aedab52ec3a7d707d96b2892e406a3d9cfc1a","src/ext/pkix/name.rs":"65bcfa0e9858bee26af4d2f7cd19a404235af07456142daab2bd59dd4a5863ef","src/ext/pkix/name/dirstr.rs":"33fbbda1bdc27a468d091694e354c9e935911fd8c715cf0cce5af56219166044","src/ext/pkix/name/dp.rs":"4e6d17b6e1ad25f91cc9b3e96ad306b1f5fb029051c95540171e08d1801ee12a","src/ext/pkix/name/ediparty.rs":"ebe08d05b367b48d606b7f2cad14dde996dedf305ad8da683e690b7e75a2333d","src/ext/pkix/name/general.rs":"df774c141e3a5609fadbb7ad4080c34cc2077093c306c035202d9816469a216e","src/ext/pkix/name/other.rs":"68f42e4b290fd8cb42c81481dca16b04f07a985a86b4d469b87d920da2c59ed0","src/ext/pkix/policymap.rs":"9b5e6b6a4664b5fcafcc4669d98e3422993aa6a2601abb9e6d0ecd8762d1e800","src/lib.rs":"fcaad0a0655ffbafe6d542b119d3c66709aa12f883c8ac71ade51f6cf7431650","src/macros.rs":"510656a58db95b7568966285da2f59ffcf7dd907d4ff32c34b13af046172e28d","src/name.rs":"dab18acbf1e143c154301ada9f50dfc6b4cd10d3ceabcb03ff182198bcec2cc8","src/request.rs":"b5fe1a2660b1fab89e52e94a762fba696502ff760a0d355f757cf49cc987f4ab","src/serial_number.rs":"3a9b2ee179c329257089ca9a36380c82c593cfe115cfaab6c5c1037db68f7e18","src/time.rs":"af9ce954537d08197514e9f26de762cce745b17ef93d27cff33eacaadd8d2cbb","tests/builder.rs":"0b150cd9f419f7db1b54f2e43e6ea7bbf8c790ae80265e7ffb9f929325bf325d","tests/certificate.rs":"a1c895d0455ab3bcd019bf0ab6be6ac57ac9cd31f950157dea4146f75cc4f540","tests/certreq.rs":"fe11eb658f2b7ba8471046f8172077390f95d1ba0c20b56a1c87d232e1378463","tests/crl.rs":"a5dc9d90f3c29801350c26b0593eb121ce5457943ce542611dc2d720e9beb0ac","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.der":"75786e10feef22caf7b781b16153ca380c791bc90ba8eb121f5a3e815f43199d","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.pem":"ae81d0bbbd9165ee42710194d495c9353b001a7e7aada03a19c89b8fd6762e55","tests/examples/085B1E2F40254F9C7A2387BE9FF4EC116C326E10.fake.der":"d21f492c91bcc035bbc985f6e49ce87a3c325478bd2f1d87443614c0a7a8b57d","tests/examples/0954e2343dd5efe0a7f0967d69caf33e5f893720.der":"ffc05668f1ce0de35d8dfb37ba0644b188b496f01d24dd913f98eb32853c3e8b","tests/examples/0fcc78fbbca9f32b08b19b032b84f2c86a128f35.der":"52243877830bd0977abaca6de191eda543428e1313d3eb2b2834c7c1f04981bb","tests/examples/15b05c4865410c6b3ff76a4e8f3d87276756bd0c.der":"06fd0bbbbe0ec2911161e44ce32ffd479d37c90718bd0c0613a18171bc55b1c8","tests/examples/16ee54e48c76eaa1052e09010d8faefee95e5ebb.der":"5de01a2f495fe3462633adfc9ac8bb48b3bef561e313ba59c7c20997307140d2","tests/examples/2049a5b28f104b2c6e1a08546f9cfc0353d6fd30.der":"1d3f9c44697b504d9f0e67500f9fbeaab0d15f5524e64f89cca731d9eea77809","tests/examples/21723e7a0fb61a0bd4a29879b82a02b2fb4ad096.der":"735043a0604b36febf8a355972418b75d2c0ea2ce034ae5dd04adea79c0b20af","tests/examples/284A0A3A9B56DD752DAA2E09E2FADEDB858D9338.fake.der":"58285002e787c4745e78090cb2e436a26567887cf53187d4743f276ad704f2d1","tests/examples/28879DABB0FD11618FB74E47BE049D2933866D53.fake.der":"b01dc4763a311fdd96792d37f299c579f3562c672d9657159b206b52616fb623","tests/examples/288C8BCFEE6B89D110DAE2C9873897BF7FF53382.fake.der":"cfc9e7c1dcecd1d6451ab66f9838cc42087f98145f5c4e861cef8e9d198cf9e2","tests/examples/28903a635b5280fae6774c0b6da7d6baa64af2e8.der":"12919c7d67791a0e098e1ee587dc9770231eda6d0da2d512770a0a06b5ef639a","tests/examples/33D8388EDA1E92475EF19075D2EF4093D1CB6F7F.fake.der":"40a08b6bfc6808c1c84a3d6983949dbc5645d111c6aa4f2204ff5542edd39c0b","tests/examples/342cd9d3062da48c346965297f081ebc2ef68fdc.der":"405b4073c9555ff756128f108ddd82d91d9064c0ca9779ed879868a8a133cd6c","tests/examples/554D5FF11DA613A155584D8D4AA07F67724D8077.fake.der":"03324299002e5e1cc88b7ff0062f11554dc396fc18c14b0cca7559a69169f752","tests/examples/GoodCACRL.crl":"0545facc2cb39c8d8fc7ce70f4273b358e522a47fd7a1cdf64f7de2edb34d3aa","tests/examples/GoodCACert.crt":"fac99bf58934b7123b28cbb7996e412cbee7e52c496b54342cd7340309fe3e1d","tests/examples/amazon.der":"2f29cc3f99fd2174688baaece457ac193198c63e0840ad0c79f86240dd3af98e","tests/examples/amazon.pem":"794290f965510d52a2ae4592607cb1c7755f273448249cb6da53ebfb484bde38","tests/examples/crates.io-chain.pem":"04a2052fbe76e2078d0703c26d84f104080263d4ec9653629bf7e48373e64c1a","tests/examples/eca.der":"802c8187d5ddccd8338992f64c7b06f93ac8fd40b0baa94109d59ff69f5aec91","tests/examples/eca_policies.ta":"c1f09b4967382945d9903d9cf7f4a7805523f39d02f0d06448361c893e2cd389","tests/examples/entrust.der":"ba2b9abeb461886a7694cc69900588873390a196ee990a04c924303c9286ca70","tests/examples/entrust_dnConstraint.ta":"b024896247b39b35907d8b6d8d13b44cd7677368989f021b82d3030e9373197d","tests/examples/exostar.der":"54a832e3884cffb2d0a8a7b2f0229b055056605b799d18b91259001cd6b4f7c5","tests/examples/exostar_policyFlags.ta":"ae4628b0855d1ebd56e50d59f03df97d8ee866aa0c7144134531acdcc6783256","tests/examples/p256-priv.der":"d59088d2ee7ae348a2004e1b68310cbb578bdb55d6dfcc818d3d2db5a6fac41c","tests/examples/p256-pub.der":"ab6440b4b3b9de11add8399ed3ace375998b699e98a6a866e64cb153e6e4ed02","tests/examples/qualcomm.pem":"65a9088c4005f63ea7bc2be4974c55fd9b0362915d806f00eb728f2b30dd01da","tests/examples/raytheon.der":"100b1620083fd0132b8a84f9f388556e8b2db071bdcff6e8fc2635c34bdeb8aa","tests/examples/raytheon_pathLenConstraint.ta":"cd7aac4eca47245f84d3716d39d5f22e0fe1e7f5d867289ce19e34394743d3c9","tests/examples/rsa2048-crt.der":"71ec02da3c975c35a3bffaf8207563930af6a2a4cce77893739a6a194b537560","tests/examples/rsa2048-crt.pem":"3296eab83df1a45b39d5f31247ae13378b0304db1b43592406ef801fe138aab6","tests/examples/rsa2048-csr.der":"9f8bd4b70808b133c510294647dd79bcdf9a1ca473bb9040a5d54a80fa764d42","tests/examples/rsa2048-csr.pem":"70007309164b32603e7f6803ed95a5ae90b780bec64eb8c94c38b1188b5e4525","tests/examples/rsa2048-priv.der":"2e3d02886556a2dc878dd7a77ada1da31ccfccf2bf7e9a7bd95a8af2e69a6a90","tests/examples/rsa2048-prv.der":"b2990cf58ec751a094b322a1d83da5ca872a4da703e843210c38867d6ac8962f","tests/examples/rsa2048-prv.pem":"8a7b693904789775feba3d1f359777e0d260a61a3ebb6ce5d9fa03d7aab2c0c5","tests/examples/rsa2048-pub.der":"ae8610c59ff00fa33560b51c864fe2cc9fa894448cc23a9829cd9b0e97477f02","tests/examples/tscpbcasha256.crl":"d65fda5694a4f1ef96634e132745bf027ddb6a7389d5f859081675a66dfb7dcb","tests/general_name.rs":"365c44f393415793f227a91742416ee4a7aa4e28642f2a7dba1132fee226c8b6","tests/name.rs":"e751de20cddfd5d85ffdd44ba4b7d6124007ef6ba6ea3c24352973170f846cf6","tests/pkix_extensions.rs":"14b9641ed252ea141a325c91072de936a763174ac95649185a9a782363ff25a8","tests/trust_anchor_format.rs":"c897b75bc08e23871fc8fb1d411a3534346edf7e2b705369fff7e9098f71e910","tests/validity.rs":"9a5b74e2d0e6846434356d7091100c337ced43575430dc15e975e6858e957c62"}}
\ No newline at end of file
+{"package":null,"files":{".cargo-checksum.json":"4450696ae6ab5f1a7acbf231d29ff4499b76ec5aeafaaada91d9b37017aa7585","Android.bp":"c00f891a3965f596d462e64da0f30780d8e3252f44a7166cd394de8506c20a61","CHANGELOG.md":"69350a877f33e45fd0ee86ac5436f70c9fcb8f69259029307f110ab0b1c73253","Cargo.toml":"30fe6e7745b6594a36e53d3ecbb107e4748b137ad3e4f952443c1a3a84806645","LICENSE":"a70b9d6cc87b5937a78beace08f2370fd91d1d12b38f09c5d7e004ece883f9b6","LICENSE-APACHE":"a70b9d6cc87b5937a78beace08f2370fd91d1d12b38f09c5d7e004ece883f9b6","LICENSE-MIT":"6f853bf2cbee873e386d54aead5f9ac24173f5dd0666bbc6533962495935bd9f","METADATA":"658d190d7a0ea0ec4cb2542ea502da49423cf1aeea1d5f136f2b00b6ddd77d42","MODULE_LICENSE_APACHE2":"0d6f8afa3940b7f06bebee651376d43bc8b0d5b437337be2696d30377451e93a","README.md":"cfbb7a4795d32dc807fed749c41a13f745e5936dc698235452cf9ea982ec04e5","cargo_embargo.json":"5a95c7f70a6263393974d388575a632347aeb706672c45664a3228ab78fe81c2","rules.mk":"b8adb139cddc201d52ef6d24c4222d6d2a30810dad2ca49de539bd04ae095e48","src/anchor.rs":"6bc92d3e68f6ba9bd9d3688d651e455f359ec7f2f62ac1b4f1f1f1f5c9c83337","src/attr.rs":"1d27c559517156672fc12ca0e7a38cd075db4e55341b08976bce554bd9c4db7c","src/builder.rs":"8638f72af1bc3eca4ae4560ce7276b4df62c30324e80d4c6675adab7533e2bf0","src/certificate.rs":"847c2cc229e02fab606d4496d5449fce06aad99f69cb8b224c61331ced4a6587","src/crl.rs":"62aefab95d5943d54a3155f8ac73563f0fbe1947520958f4ee411b8973ea4e89","src/ext.rs":"98d1cd52285a79b16f0d68de778ac74165d084ce2e174f73798445f4270c9feb","src/ext/pkix.rs":"59e7d6c86147dfaac6aa88ae97fd74f7cd5a7c3139b41e15481496a2e2e4dca2","src/ext/pkix/access.rs":"5dbc7d2d155d3cf200a2a0c57c7f0279c988018172f284d9240d85d8ba2322ca","src/ext/pkix/authkeyid.rs":"61f8053cb614cc1231f764b872652652daeec5ae1407d5b93e047add9535da50","src/ext/pkix/certpolicy.rs":"50ff6430b3450219f36df3438d80bc8ce7be467b06e8c9f39300563a8a8bf7ca","src/ext/pkix/constraints.rs":"8993d558880f382a876c365e2c2cbf632bc3a7abb3e3ac3a46fbe95d9a7beee2","src/ext/pkix/constraints/basic.rs":"b9c1de0725b2bb265187860aa99cbcd48595fd9390cca76ce1839b25c40f449e","src/ext/pkix/constraints/name.rs":"8348eca14eb954584b3bc19ad46cfef29acfe1d2827f81735e6cb4517aa956b5","src/ext/pkix/constraints/policy.rs":"85646bf33d969a6d3b8823ea770419bc9ef94eea93c8bc8203affb90e5fa4e00","src/ext/pkix/crl.rs":"cd703adf57ca4e9744420afa7f1e3947a4e3704a016f77398a33f5b4d6828c6b","src/ext/pkix/crl/dp.rs":"1d88e871eb9b76131dc6c85188fa07db68a5d4848f2f9c7420467bacfcfc827f","src/ext/pkix/keyusage.rs":"45023e818739b40d000fed3a241aedab52ec3a7d707d96b2892e406a3d9cfc1a","src/ext/pkix/name.rs":"65bcfa0e9858bee26af4d2f7cd19a404235af07456142daab2bd59dd4a5863ef","src/ext/pkix/name/dirstr.rs":"33fbbda1bdc27a468d091694e354c9e935911fd8c715cf0cce5af56219166044","src/ext/pkix/name/dp.rs":"4e6d17b6e1ad25f91cc9b3e96ad306b1f5fb029051c95540171e08d1801ee12a","src/ext/pkix/name/ediparty.rs":"ebe08d05b367b48d606b7f2cad14dde996dedf305ad8da683e690b7e75a2333d","src/ext/pkix/name/general.rs":"d4b691503fedf3efac4af09a374eb5e48cef5d1f70a5d4e5549129f43ed24e8e","src/ext/pkix/name/other.rs":"bece63704232359568424cfea04c9b8b57151adcc031d77b777a5ede9cb82540","src/ext/pkix/policymap.rs":"9b5e6b6a4664b5fcafcc4669d98e3422993aa6a2601abb9e6d0ecd8762d1e800","src/ext/pkix/sct.rs":"34710fc07e463f4193e2d8697574d3a6649888f7ddc50c84d9d48ba25d322f1b","src/lib.rs":"fcaad0a0655ffbafe6d542b119d3c66709aa12f883c8ac71ade51f6cf7431650","src/macros.rs":"510656a58db95b7568966285da2f59ffcf7dd907d4ff32c34b13af046172e28d","src/name.rs":"a0a861483a68ac189575a4a0874474ceaf50e89d924b1eadcd3c6e2f1ed527e3","src/request.rs":"b5fe1a2660b1fab89e52e94a762fba696502ff760a0d355f757cf49cc987f4ab","src/serial_number.rs":"e4f2d5248771d488204caa23c81b2e275cbf485546f381513c5e13f58f37147b","src/time.rs":"af9ce954537d08197514e9f26de762cce745b17ef93d27cff33eacaadd8d2cbb","tests/builder.rs":"5342a6864281376f67ae4a390b32c76c97d361a622e9495108a47f53e9524005","tests/certificate.rs":"eefc0a2967f9664380c9020c20e5812e997dd48d3d0c82b308f9cda48c54fcd9","tests/certreq.rs":"fe11eb658f2b7ba8471046f8172077390f95d1ba0c20b56a1c87d232e1378463","tests/crl.rs":"a5dc9d90f3c29801350c26b0593eb121ce5457943ce542611dc2d720e9beb0ac","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.der":"75786e10feef22caf7b781b16153ca380c791bc90ba8eb121f5a3e815f43199d","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.pem":"ae81d0bbbd9165ee42710194d495c9353b001a7e7aada03a19c89b8fd6762e55","tests/examples/085B1E2F40254F9C7A2387BE9FF4EC116C326E10.fake.der":"d21f492c91bcc035bbc985f6e49ce87a3c325478bd2f1d87443614c0a7a8b57d","tests/examples/0954e2343dd5efe0a7f0967d69caf33e5f893720.der":"ffc05668f1ce0de35d8dfb37ba0644b188b496f01d24dd913f98eb32853c3e8b","tests/examples/0fcc78fbbca9f32b08b19b032b84f2c86a128f35.der":"52243877830bd0977abaca6de191eda543428e1313d3eb2b2834c7c1f04981bb","tests/examples/15b05c4865410c6b3ff76a4e8f3d87276756bd0c.der":"06fd0bbbbe0ec2911161e44ce32ffd479d37c90718bd0c0613a18171bc55b1c8","tests/examples/16ee54e48c76eaa1052e09010d8faefee95e5ebb.der":"5de01a2f495fe3462633adfc9ac8bb48b3bef561e313ba59c7c20997307140d2","tests/examples/2049a5b28f104b2c6e1a08546f9cfc0353d6fd30.der":"1d3f9c44697b504d9f0e67500f9fbeaab0d15f5524e64f89cca731d9eea77809","tests/examples/21723e7a0fb61a0bd4a29879b82a02b2fb4ad096.der":"735043a0604b36febf8a355972418b75d2c0ea2ce034ae5dd04adea79c0b20af","tests/examples/284A0A3A9B56DD752DAA2E09E2FADEDB858D9338.fake.der":"58285002e787c4745e78090cb2e436a26567887cf53187d4743f276ad704f2d1","tests/examples/28879DABB0FD11618FB74E47BE049D2933866D53.fake.der":"b01dc4763a311fdd96792d37f299c579f3562c672d9657159b206b52616fb623","tests/examples/288C8BCFEE6B89D110DAE2C9873897BF7FF53382.fake.der":"cfc9e7c1dcecd1d6451ab66f9838cc42087f98145f5c4e861cef8e9d198cf9e2","tests/examples/28903a635b5280fae6774c0b6da7d6baa64af2e8.der":"12919c7d67791a0e098e1ee587dc9770231eda6d0da2d512770a0a06b5ef639a","tests/examples/33D8388EDA1E92475EF19075D2EF4093D1CB6F7F.fake.der":"40a08b6bfc6808c1c84a3d6983949dbc5645d111c6aa4f2204ff5542edd39c0b","tests/examples/342cd9d3062da48c346965297f081ebc2ef68fdc.der":"405b4073c9555ff756128f108ddd82d91d9064c0ca9779ed879868a8a133cd6c","tests/examples/554D5FF11DA613A155584D8D4AA07F67724D8077.fake.der":"03324299002e5e1cc88b7ff0062f11554dc396fc18c14b0cca7559a69169f752","tests/examples/GoodCACRL.crl":"0545facc2cb39c8d8fc7ce70f4273b358e522a47fd7a1cdf64f7de2edb34d3aa","tests/examples/GoodCACert.crt":"fac99bf58934b7123b28cbb7996e412cbee7e52c496b54342cd7340309fe3e1d","tests/examples/amazon.der":"2f29cc3f99fd2174688baaece457ac193198c63e0840ad0c79f86240dd3af98e","tests/examples/amazon.pem":"794290f965510d52a2ae4592607cb1c7755f273448249cb6da53ebfb484bde38","tests/examples/crates.io-chain.pem":"04a2052fbe76e2078d0703c26d84f104080263d4ec9653629bf7e48373e64c1a","tests/examples/eca.der":"802c8187d5ddccd8338992f64c7b06f93ac8fd40b0baa94109d59ff69f5aec91","tests/examples/eca_policies.ta":"c1f09b4967382945d9903d9cf7f4a7805523f39d02f0d06448361c893e2cd389","tests/examples/entrust.der":"ba2b9abeb461886a7694cc69900588873390a196ee990a04c924303c9286ca70","tests/examples/entrust_dnConstraint.ta":"b024896247b39b35907d8b6d8d13b44cd7677368989f021b82d3030e9373197d","tests/examples/exostar.der":"54a832e3884cffb2d0a8a7b2f0229b055056605b799d18b91259001cd6b4f7c5","tests/examples/exostar_policyFlags.ta":"ae4628b0855d1ebd56e50d59f03df97d8ee866aa0c7144134531acdcc6783256","tests/examples/p256-priv.der":"d59088d2ee7ae348a2004e1b68310cbb578bdb55d6dfcc818d3d2db5a6fac41c","tests/examples/p256-pub.der":"ab6440b4b3b9de11add8399ed3ace375998b699e98a6a866e64cb153e6e4ed02","tests/examples/qualcomm.pem":"65a9088c4005f63ea7bc2be4974c55fd9b0362915d806f00eb728f2b30dd01da","tests/examples/raytheon.der":"100b1620083fd0132b8a84f9f388556e8b2db071bdcff6e8fc2635c34bdeb8aa","tests/examples/raytheon_pathLenConstraint.ta":"cd7aac4eca47245f84d3716d39d5f22e0fe1e7f5d867289ce19e34394743d3c9","tests/examples/rsa2048-crt.der":"71ec02da3c975c35a3bffaf8207563930af6a2a4cce77893739a6a194b537560","tests/examples/rsa2048-crt.pem":"3296eab83df1a45b39d5f31247ae13378b0304db1b43592406ef801fe138aab6","tests/examples/rsa2048-csr.der":"9f8bd4b70808b133c510294647dd79bcdf9a1ca473bb9040a5d54a80fa764d42","tests/examples/rsa2048-csr.pem":"70007309164b32603e7f6803ed95a5ae90b780bec64eb8c94c38b1188b5e4525","tests/examples/rsa2048-priv.der":"2e3d02886556a2dc878dd7a77ada1da31ccfccf2bf7e9a7bd95a8af2e69a6a90","tests/examples/rsa2048-prv.der":"b2990cf58ec751a094b322a1d83da5ca872a4da703e843210c38867d6ac8962f","tests/examples/rsa2048-prv.pem":"8a7b693904789775feba3d1f359777e0d260a61a3ebb6ce5d9fa03d7aab2c0c5","tests/examples/rsa2048-pub.der":"ae8610c59ff00fa33560b51c864fe2cc9fa894448cc23a9829cd9b0e97477f02","tests/examples/tscpbcasha256.crl":"d65fda5694a4f1ef96634e132745bf027ddb6a7389d5f859081675a66dfb7dcb","tests/general_name.rs":"365c44f393415793f227a91742416ee4a7aa4e28642f2a7dba1132fee226c8b6","tests/name.rs":"e751de20cddfd5d85ffdd44ba4b7d6124007ef6ba6ea3c24352973170f846cf6","tests/pkix_extensions.rs":"b62c295181af15be496b1951547dad88821037f09cdd5d85f73ac9d192745627","tests/trust_anchor_format.rs":"c897b75bc08e23871fc8fb1d411a3534346edf7e2b705369fff7e9098f71e910","tests/validity.rs":"9a5b74e2d0e6846434356d7091100c337ced43575430dc15e975e6858e957c62"}}
\ No newline at end of file
diff --git a/crates/x509-cert/.cargo-checksum.json b/crates/x509-cert/.cargo-checksum.json
index 4caf555..c0260d5 100644
--- a/crates/x509-cert/.cargo-checksum.json
+++ b/crates/x509-cert/.cargo-checksum.json
@@ -1 +1 @@
-{"files":{"CHANGELOG.md":"043e0aa12a2234d83a6275b3c441ad4a20e35b69573f1ab0bc9807328386c0c6","Cargo.toml":"8eac04d64bf333868cda728353223b88b99a3a0c2c13a2bcccee688d8acc6002","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"90c503b61dee04e1449c323ec34c229dfb68d7adcb96c7e140ee55f70fce2d8e","README.md":"134e595199609f93ce701855a28deb5f8efd499cce90d14f8d7eacf07df5dd81","src/anchor.rs":"6ecb9d5fd0dbf4d11259ca84b4b0401176dbe6f48015fe3cf5f2e298cad030f3","src/attr.rs":"4e4a3f0c6fb9e6f0b18f2bd2b9823292058348d5232ee9c0252cb9a7666795a6","src/builder.rs":"6983c82f49fd66ea7fe88b02d1568f22dfa977c4e727b238f05be16cfef781d8","src/certificate.rs":"68808361a48741be9e1c16aff98581b35761f81debb5aa97679d124485e3ca51","src/crl.rs":"77edbb79548f8eaecb088752f7ecb3a28cb81345d64c25eaee5f4255a37a6784","src/ext.rs":"b867b7c0fbff7499749cc272e332cbb7407888aaf36407e0e68800d1ce59d037","src/ext/pkix.rs":"5c97e5fdaf578278fd001e41ed27be557dc31f1ea0aa909a0d655919c09b974f","src/ext/pkix/access.rs":"ff64cb248ff3932b74ebf7eab2b69fa51b7ca238e68f85a15c59155ccb983e7e","src/ext/pkix/authkeyid.rs":"cd12ce35614d27768856a3899ee905ea4141d335606f5d7ab42e22853751a4bc","src/ext/pkix/certpolicy.rs":"2be7db88e52a448a33818d9383b6d7ef07eb5d52c98316fcb0ac9fb1b9773948","src/ext/pkix/constraints.rs":"68fe4071e21306b6c74c6ee28c61dec946bbc681766b2d33be22891a49c95e44","src/ext/pkix/constraints/basic.rs":"9dd80d33f24f4d9ca6d2bc6077a2b90b15edc639a76abada509d0e098a8b3493","src/ext/pkix/constraints/name.rs":"6f6852652507c8a742c6e0d4289ed32e67c795b9e183a27a85b90b0d51825a98","src/ext/pkix/constraints/policy.rs":"2d9fcebc0cac3d26404e9a675e015dc926938eda81bd87e8c34163a245109541","src/ext/pkix/crl.rs":"7d02db6ddda693722270ead960029a0a7ad4156bf905a01d50104114413cbf59","src/ext/pkix/crl/dp.rs":"239f8de74b6ce65595ff2c547e80112b534d3dc20d66d1de72fc9a620cf40d3b","src/ext/pkix/keyusage.rs":"8f717b7f1520d554acf75674b69575bf7665b193cb6253090af941f0a953684d","src/ext/pkix/name.rs":"945dc3a845b8eeae8f2340c786344c780d80493b7b263a1a78592f61493e5d47","src/ext/pkix/name/dirstr.rs":"9d3a9d2f771e3c2d96653a0976471f029b17c936415ce1057f937a79b2e3e4eb","src/ext/pkix/name/dp.rs":"c3e84d12459b490a8a6ea27716909cbe5429de0902b24f63f69cc93e45d40939","src/ext/pkix/name/ediparty.rs":"8d7dff42927ac368b859c70a4755e9661da620dbe5374540073955dc9f00164c","src/ext/pkix/name/general.rs":"16dafa78b1cbb2aef5988aea86441243b58775a75e6f371b5d41eaf0f7218eb5","src/ext/pkix/name/other.rs":"194184079c7f7829b578736fdcdf3c6329286fb0ba261fc366b814c05d8bd0aa","src/ext/pkix/policymap.rs":"c3b2298900fce5228c8ab06cca06577caa676686839ddea9a9bc0ab223a6aa4f","src/lib.rs":"2ad71e3cdc9460898d16a824227e19d83cf60d69e563bc7f9f58fb47aecacadf","src/macros.rs":"3104401b4acb01238ee2bd6c3575b49504d1b03e89f12b4c8e7b577af6cff60b","src/name.rs":"c0428f5e6086cae97dae5a89e701cde44846292f756fe9d272c1313177700100","src/request.rs":"133ee2462510669b7d0610a80d76f688d55cc49a1e7d9bc798e0ec7d35c569b8","src/serial_number.rs":"dc1e94157364394ca97549fbff0cc35d11892c99ccc681383f77492cb6b6c840","src/time.rs":"655ccced65bd97279f2a8b5bece32f282c3189f808770fe75a76e9ece1bfaeb0","tests/builder.rs":"367ffa3c941a4c8e2b830a40978dc796463e503dea62d05708d0bf6873fc33df","tests/certificate.rs":"c752993d956cfebd74a7b5d8ba5e04626cd6983b7bf10c1688abd32af9fb63eb","tests/certreq.rs":"ef3dcaef71ed0cd0f391e820627c5c622df2bc75f3a636a6ff1a9a5d71478962","tests/crl.rs":"9620abb796c47c6931146b66d7840803375afb9ef2969b3007c1c3054c39d1c2","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.der":"d6c5bdce158bad5f5107441cb2bbe42adfa7bee7c6ccf369b68c993315be04b8","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.pem":"b152f44a300694af28b3dd7416d3bc1ffce028dab5e5633b3623548b10f63a76","tests/examples/085B1E2F40254F9C7A2387BE9FF4EC116C326E10.fake.der":"321f8f032322e8933279bcff4a5e86780eb58286edd68d99d1f91394450dd760","tests/examples/0954e2343dd5efe0a7f0967d69caf33e5f893720.der":"0b57e9180fc8f1b466a2421069d232cf45596106f83e6fd19621caea183f1cf6","tests/examples/0fcc78fbbca9f32b08b19b032b84f2c86a128f35.der":"6061f773354cd2ed5613a094ab0e8270d5c2479932b42dfda727db83febd18b8","tests/examples/15b05c4865410c6b3ff76a4e8f3d87276756bd0c.der":"f74da4d9a687c5046499aefc9fa867de91a1a3941a09f24cf94603b7ab78108a","tests/examples/16ee54e48c76eaa1052e09010d8faefee95e5ebb.der":"7e32368e24a2cc48d3d29e883b260e40ceda22af97189c78fc5b928484e9a010","tests/examples/2049a5b28f104b2c6e1a08546f9cfc0353d6fd30.der":"ec0cbf1b122d440981788e57ef55fc7e0ca556126b476f865a1418e1273f5993","tests/examples/21723e7a0fb61a0bd4a29879b82a02b2fb4ad096.der":"6c03a6b5b01df504e5af7886e6bceb77e14d09f07f42e397952783b9cea38c6a","tests/examples/284A0A3A9B56DD752DAA2E09E2FADEDB858D9338.fake.der":"a7358a8665442cfc8d96d1525954b3376d8222c0c0c34189f73f8b2b097ecb4f","tests/examples/28879DABB0FD11618FB74E47BE049D2933866D53.fake.der":"d60ff530d5cf57b8338ef30c8396414f0736e74ead47a0d49c8b28eafa05158f","tests/examples/288C8BCFEE6B89D110DAE2C9873897BF7FF53382.fake.der":"40317ddec0b0c91f14043a8263a74c8548de13d30b4afd6730228a1cb0ae1572","tests/examples/28903a635b5280fae6774c0b6da7d6baa64af2e8.der":"88497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799","tests/examples/33D8388EDA1E92475EF19075D2EF4093D1CB6F7F.fake.der":"6fac22b428f1b8d4cf83f203e2e6d1a0c98bb5741cae9982267f75f589158c0a","tests/examples/342cd9d3062da48c346965297f081ebc2ef68fdc.der":"5e3571f33f45a7df1537a68b5ffb9e036af9d2f5bc4c9717130dc43d7175aac7","tests/examples/554D5FF11DA613A155584D8D4AA07F67724D8077.fake.der":"4ec4474a86383ab4a0979ad9bb453a8608c1eb3379aba82ca856f527dfcd25b1","tests/examples/GoodCACRL.crl":"d78e5eca421f082f55bf1c25ddf697111be3eeee0d395e339f1b97711ee2b496","tests/examples/GoodCACert.crt":"86d218374763fce77d5b2b45398db48f10e553da1875be7d6103085baca0343f","tests/examples/amazon.der":"5bf3d7e0e6927f773d5106c822c53f6f52c199f7eb1b3b8154b41f2924391c75","tests/examples/amazon.pem":"3b2d6d64e99ec971a1d4455cd6743c8f43e1829ef1f7764199242414960697fd","tests/examples/crates.io-chain.pem":"7bb36476e05b7f5431893bd27373cd17d616a5925aab75e116bd92849238912b","tests/examples/eca.der":"343ff530f246b00c71616a5d42541d551114baf74b7f786c7b42527586c6b22a","tests/examples/eca_policies.ta":"18f040c9e6cffbc36f6e3ff398b6f8797dfbd82717f2c88020be260c0d398ce0","tests/examples/entrust.der":"32e407c73121bf961287e9ccc7110a54f5c90e1e3ccf9f10478b36813fb54ae9","tests/examples/entrust_dnConstraint.ta":"c8bce2bf5424794450ce6a6137590beb1409bd732eaec29370986bc22e82e59b","tests/examples/exostar.der":"b63d71c64784857fc0677f634e7bc9bd0b2b1963f3272317a0406f8746cb9477","tests/examples/exostar_policyFlags.ta":"8927c86016bf1db45421bc497333f2306417b82b852f122582a3820a47084a1d","tests/examples/p256-priv.der":"8125ab208d2181ed3ef05ff0ab1906e5898c36a858277e5b987e78e505288769","tests/examples/p256-pub.der":"b9968d56ed8d6aa3fb43b15fa01e355d7a3a0203b1408b3fd2733637c4d1642c","tests/examples/qualcomm.pem":"4ec6058239c3589ab450c6cae9a4415cff429dfdc9490c35d9f022d03d1a6a82","tests/examples/raytheon.der":"d85ae3f67b0acf316829a02cec624b50f76732ca5c503fce4f53b64a168aa94c","tests/examples/raytheon_pathLenConstraint.ta":"08c8480329fb3fb9e73540c0d7e288b12025ddc7a4bd17ffe8085c33006034ea","tests/examples/rsa2048-crt.der":"283b2e3824ea47fb1556cccb1898eadcecf1adadfcf0782ba41ad7122a213568","tests/examples/rsa2048-crt.pem":"e443351100f1b9acd798f878d5e6266f40265179e7b47933f0e250b75069fdd8","tests/examples/rsa2048-csr.der":"f22da04d95947d3c42a4d1619af70097cd38d0156af5ad31f53c044776c4e909","tests/examples/rsa2048-csr.pem":"c58ca6cd37b4f2f7beb6eb184a26e6819ae650f03abeaf6efa50fa55e54e0b43","tests/examples/rsa2048-priv.der":"f94b60300e4877e863b2bea8d5c366a90432794454c05e0ec098ddbf96263614","tests/examples/rsa2048-prv.der":"2ce481dc184e82f43ff3b5fe2b8cdd2a9113c76f35e2c34e070c6706f73ad09d","tests/examples/rsa2048-prv.pem":"22a248487fb9602d223844cba1993ebf53e701287675e9446c95d38867604b17","tests/examples/rsa2048-pub.der":"efeda9bfead9fd0594f6a5cf6fdf6c163116a3b1fad6d73cea05295b68fd1794","tests/examples/tscpbcasha256.crl":"f7759eefacb39ae86931780a6aafad162b5cd57209d1cf283876296dfb5f06e7","tests/general_name.rs":"fee62078996ccb4440133de1909dfc35519f9d9e4aca3c2262c120bbc44d7bce","tests/name.rs":"ced4a3a0991f3523ffbb67b1c495378b19254a547160ed3b80111ac2f700dd94","tests/pkix_extensions.rs":"d0bd2d522bd9a71647f6d3469882a9e1a7bd95da6f826eb880adfaafb43c2b86","tests/trust_anchor_format.rs":"cd6d88262debb8690efd7e2b213442de5ac02cd408ca1125fcd7607577b90647","tests/validity.rs":"687e1c549a250ab6384578e0d31637c932aaf1d6f990c1d5ff3e2163d50ef97e"},"package":"25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29"}
\ No newline at end of file
+{"files":{"CHANGELOG.md":"b181c64efd3e0df95b5b93b6c089aa92bdc81810fde02b752e9cea247d4c7c59","Cargo.toml":"fdcf27b202c4f2008053a6bfa487bbadfd293b00cd9734c818dad3092010aeda","LICENSE-APACHE":"a9040321c3712d8fd0b09cf52b17445de04a23a10165049ae187cd39e5c86be5","LICENSE-MIT":"90c503b61dee04e1449c323ec34c229dfb68d7adcb96c7e140ee55f70fce2d8e","README.md":"134e595199609f93ce701855a28deb5f8efd499cce90d14f8d7eacf07df5dd81","src/anchor.rs":"6ecb9d5fd0dbf4d11259ca84b4b0401176dbe6f48015fe3cf5f2e298cad030f3","src/attr.rs":"4e4a3f0c6fb9e6f0b18f2bd2b9823292058348d5232ee9c0252cb9a7666795a6","src/builder.rs":"efe4effadef8ac0d05f2015d7cc1ceb1ec61ce3cc17b3ddf42cfe10c7fd526a6","src/certificate.rs":"68808361a48741be9e1c16aff98581b35761f81debb5aa97679d124485e3ca51","src/crl.rs":"77edbb79548f8eaecb088752f7ecb3a28cb81345d64c25eaee5f4255a37a6784","src/ext.rs":"b867b7c0fbff7499749cc272e332cbb7407888aaf36407e0e68800d1ce59d037","src/ext/pkix.rs":"fb1f05395b751802774fcaaa2bbe73ab1ec8a39a4456823d424834f26e270fb7","src/ext/pkix/access.rs":"ff64cb248ff3932b74ebf7eab2b69fa51b7ca238e68f85a15c59155ccb983e7e","src/ext/pkix/authkeyid.rs":"cd12ce35614d27768856a3899ee905ea4141d335606f5d7ab42e22853751a4bc","src/ext/pkix/certpolicy.rs":"2be7db88e52a448a33818d9383b6d7ef07eb5d52c98316fcb0ac9fb1b9773948","src/ext/pkix/constraints.rs":"68fe4071e21306b6c74c6ee28c61dec946bbc681766b2d33be22891a49c95e44","src/ext/pkix/constraints/basic.rs":"9dd80d33f24f4d9ca6d2bc6077a2b90b15edc639a76abada509d0e098a8b3493","src/ext/pkix/constraints/name.rs":"6f6852652507c8a742c6e0d4289ed32e67c795b9e183a27a85b90b0d51825a98","src/ext/pkix/constraints/policy.rs":"2d9fcebc0cac3d26404e9a675e015dc926938eda81bd87e8c34163a245109541","src/ext/pkix/crl.rs":"7d02db6ddda693722270ead960029a0a7ad4156bf905a01d50104114413cbf59","src/ext/pkix/crl/dp.rs":"239f8de74b6ce65595ff2c547e80112b534d3dc20d66d1de72fc9a620cf40d3b","src/ext/pkix/keyusage.rs":"8f717b7f1520d554acf75674b69575bf7665b193cb6253090af941f0a953684d","src/ext/pkix/name.rs":"945dc3a845b8eeae8f2340c786344c780d80493b7b263a1a78592f61493e5d47","src/ext/pkix/name/dirstr.rs":"9d3a9d2f771e3c2d96653a0976471f029b17c936415ce1057f937a79b2e3e4eb","src/ext/pkix/name/dp.rs":"c3e84d12459b490a8a6ea27716909cbe5429de0902b24f63f69cc93e45d40939","src/ext/pkix/name/ediparty.rs":"8d7dff42927ac368b859c70a4755e9661da620dbe5374540073955dc9f00164c","src/ext/pkix/name/general.rs":"36dc7f461ddea25278d68b6ddb46b2d89456debc2dfdb75be52261ded2f8f8bb","src/ext/pkix/name/other.rs":"efa2c11e0c7619e5b11beda823730bcf3c9deeeac16ab3d9b5a62951d9f0fc3b","src/ext/pkix/policymap.rs":"c3b2298900fce5228c8ab06cca06577caa676686839ddea9a9bc0ab223a6aa4f","src/ext/pkix/sct.rs":"3c138094e5a0a01ac2de3a2bc6cd15d60fc6687f04fa9cf853088faed7ff11e0","src/lib.rs":"2ad71e3cdc9460898d16a824227e19d83cf60d69e563bc7f9f58fb47aecacadf","src/macros.rs":"3104401b4acb01238ee2bd6c3575b49504d1b03e89f12b4c8e7b577af6cff60b","src/name.rs":"cb7579e953b0109602e2252f9683cb32f28d3208f2af8abfadb498866b73bad0","src/request.rs":"133ee2462510669b7d0610a80d76f688d55cc49a1e7d9bc798e0ec7d35c569b8","src/serial_number.rs":"01f4c4abdf341b01128745f4c7fbb369f0317ba2dff5925ccf1bbbf7c254d54c","src/time.rs":"655ccced65bd97279f2a8b5bece32f282c3189f808770fe75a76e9ece1bfaeb0","tests/builder.rs":"00ad98d8514ec617cc5a3f9f9b1f3d195b9a6a4bbc6662e6d6972895998b8661","tests/certificate.rs":"307867d2c7250103834ea30872d88a7d8a89374d1f7e45f78f89f457adfa526d","tests/certreq.rs":"ef3dcaef71ed0cd0f391e820627c5c622df2bc75f3a636a6ff1a9a5d71478962","tests/crl.rs":"9620abb796c47c6931146b66d7840803375afb9ef2969b3007c1c3054c39d1c2","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.der":"d6c5bdce158bad5f5107441cb2bbe42adfa7bee7c6ccf369b68c993315be04b8","tests/examples/026EDA6FA1EDFA8C253936C75B5EEBD954BFF452.fake.pem":"b152f44a300694af28b3dd7416d3bc1ffce028dab5e5633b3623548b10f63a76","tests/examples/085B1E2F40254F9C7A2387BE9FF4EC116C326E10.fake.der":"321f8f032322e8933279bcff4a5e86780eb58286edd68d99d1f91394450dd760","tests/examples/0954e2343dd5efe0a7f0967d69caf33e5f893720.der":"0b57e9180fc8f1b466a2421069d232cf45596106f83e6fd19621caea183f1cf6","tests/examples/0fcc78fbbca9f32b08b19b032b84f2c86a128f35.der":"6061f773354cd2ed5613a094ab0e8270d5c2479932b42dfda727db83febd18b8","tests/examples/15b05c4865410c6b3ff76a4e8f3d87276756bd0c.der":"f74da4d9a687c5046499aefc9fa867de91a1a3941a09f24cf94603b7ab78108a","tests/examples/16ee54e48c76eaa1052e09010d8faefee95e5ebb.der":"7e32368e24a2cc48d3d29e883b260e40ceda22af97189c78fc5b928484e9a010","tests/examples/2049a5b28f104b2c6e1a08546f9cfc0353d6fd30.der":"ec0cbf1b122d440981788e57ef55fc7e0ca556126b476f865a1418e1273f5993","tests/examples/21723e7a0fb61a0bd4a29879b82a02b2fb4ad096.der":"6c03a6b5b01df504e5af7886e6bceb77e14d09f07f42e397952783b9cea38c6a","tests/examples/284A0A3A9B56DD752DAA2E09E2FADEDB858D9338.fake.der":"a7358a8665442cfc8d96d1525954b3376d8222c0c0c34189f73f8b2b097ecb4f","tests/examples/28879DABB0FD11618FB74E47BE049D2933866D53.fake.der":"d60ff530d5cf57b8338ef30c8396414f0736e74ead47a0d49c8b28eafa05158f","tests/examples/288C8BCFEE6B89D110DAE2C9873897BF7FF53382.fake.der":"40317ddec0b0c91f14043a8263a74c8548de13d30b4afd6730228a1cb0ae1572","tests/examples/28903a635b5280fae6774c0b6da7d6baa64af2e8.der":"88497f01602f3154246ae28c4d5aef10f1d87ebb76626f4ae0b7f95ba7968799","tests/examples/33D8388EDA1E92475EF19075D2EF4093D1CB6F7F.fake.der":"6fac22b428f1b8d4cf83f203e2e6d1a0c98bb5741cae9982267f75f589158c0a","tests/examples/342cd9d3062da48c346965297f081ebc2ef68fdc.der":"5e3571f33f45a7df1537a68b5ffb9e036af9d2f5bc4c9717130dc43d7175aac7","tests/examples/554D5FF11DA613A155584D8D4AA07F67724D8077.fake.der":"4ec4474a86383ab4a0979ad9bb453a8608c1eb3379aba82ca856f527dfcd25b1","tests/examples/GoodCACRL.crl":"d78e5eca421f082f55bf1c25ddf697111be3eeee0d395e339f1b97711ee2b496","tests/examples/GoodCACert.crt":"86d218374763fce77d5b2b45398db48f10e553da1875be7d6103085baca0343f","tests/examples/amazon.der":"5bf3d7e0e6927f773d5106c822c53f6f52c199f7eb1b3b8154b41f2924391c75","tests/examples/amazon.pem":"3b2d6d64e99ec971a1d4455cd6743c8f43e1829ef1f7764199242414960697fd","tests/examples/crates.io-chain.pem":"7bb36476e05b7f5431893bd27373cd17d616a5925aab75e116bd92849238912b","tests/examples/eca.der":"343ff530f246b00c71616a5d42541d551114baf74b7f786c7b42527586c6b22a","tests/examples/eca_policies.ta":"18f040c9e6cffbc36f6e3ff398b6f8797dfbd82717f2c88020be260c0d398ce0","tests/examples/entrust.der":"32e407c73121bf961287e9ccc7110a54f5c90e1e3ccf9f10478b36813fb54ae9","tests/examples/entrust_dnConstraint.ta":"c8bce2bf5424794450ce6a6137590beb1409bd732eaec29370986bc22e82e59b","tests/examples/exostar.der":"b63d71c64784857fc0677f634e7bc9bd0b2b1963f3272317a0406f8746cb9477","tests/examples/exostar_policyFlags.ta":"8927c86016bf1db45421bc497333f2306417b82b852f122582a3820a47084a1d","tests/examples/p256-priv.der":"8125ab208d2181ed3ef05ff0ab1906e5898c36a858277e5b987e78e505288769","tests/examples/p256-pub.der":"b9968d56ed8d6aa3fb43b15fa01e355d7a3a0203b1408b3fd2733637c4d1642c","tests/examples/qualcomm.pem":"4ec6058239c3589ab450c6cae9a4415cff429dfdc9490c35d9f022d03d1a6a82","tests/examples/raytheon.der":"d85ae3f67b0acf316829a02cec624b50f76732ca5c503fce4f53b64a168aa94c","tests/examples/raytheon_pathLenConstraint.ta":"08c8480329fb3fb9e73540c0d7e288b12025ddc7a4bd17ffe8085c33006034ea","tests/examples/rsa2048-crt.der":"283b2e3824ea47fb1556cccb1898eadcecf1adadfcf0782ba41ad7122a213568","tests/examples/rsa2048-crt.pem":"e443351100f1b9acd798f878d5e6266f40265179e7b47933f0e250b75069fdd8","tests/examples/rsa2048-csr.der":"f22da04d95947d3c42a4d1619af70097cd38d0156af5ad31f53c044776c4e909","tests/examples/rsa2048-csr.pem":"c58ca6cd37b4f2f7beb6eb184a26e6819ae650f03abeaf6efa50fa55e54e0b43","tests/examples/rsa2048-priv.der":"f94b60300e4877e863b2bea8d5c366a90432794454c05e0ec098ddbf96263614","tests/examples/rsa2048-prv.der":"2ce481dc184e82f43ff3b5fe2b8cdd2a9113c76f35e2c34e070c6706f73ad09d","tests/examples/rsa2048-prv.pem":"22a248487fb9602d223844cba1993ebf53e701287675e9446c95d38867604b17","tests/examples/rsa2048-pub.der":"efeda9bfead9fd0594f6a5cf6fdf6c163116a3b1fad6d73cea05295b68fd1794","tests/examples/tscpbcasha256.crl":"f7759eefacb39ae86931780a6aafad162b5cd57209d1cf283876296dfb5f06e7","tests/general_name.rs":"fee62078996ccb4440133de1909dfc35519f9d9e4aca3c2262c120bbc44d7bce","tests/name.rs":"ced4a3a0991f3523ffbb67b1c495378b19254a547160ed3b80111ac2f700dd94","tests/pkix_extensions.rs":"ae1aa9088ce3b74b8b046c48f249aca8a2d5f7c2ba036bb778f3eb7538cbed22","tests/trust_anchor_format.rs":"cd6d88262debb8690efd7e2b213442de5ac02cd408ca1125fcd7607577b90647","tests/validity.rs":"687e1c549a250ab6384578e0d31637c932aaf1d6f990c1d5ff3e2163d50ef97e"},"package":"1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"}
\ No newline at end of file
diff --git a/crates/x509-cert/Android.bp b/crates/x509-cert/Android.bp
index 5cdfa7e..5080661 100644
--- a/crates/x509-cert/Android.bp
+++ b/crates/x509-cert/Android.bp
@@ -18,7 +18,7 @@
host_supported: true,
crate_name: "x509_cert",
cargo_env_compat: true,
- cargo_pkg_version: "0.2.4",
+ cargo_pkg_version: "0.2.5",
crate_root: "src/lib.rs",
edition: "2021",
rustlibs: [
@@ -44,7 +44,7 @@
name: "libx509_cert_nostd",
crate_name: "x509_cert",
cargo_env_compat: true,
- cargo_pkg_version: "0.2.4",
+ cargo_pkg_version: "0.2.5",
crate_root: "src/lib.rs",
edition: "2021",
rustlibs: [
diff --git a/crates/x509-cert/CHANGELOG.md b/crates/x509-cert/CHANGELOG.md
index 9922da4..72bd252 100644
--- a/crates/x509-cert/CHANGELOG.md
+++ b/crates/x509-cert/CHANGELOG.md
@@ -4,6 +4,19 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## 0.2.5 (2023-12-23)
+
+### Added
+- Signed Certificate Timestamp (SCT) extension support ([#1134])
+
+### Changed
+- Relax dependencies ([#1179])
+- Use `SubjectPublicKeyInfoOwned::from_key` ([#1271])
+
+[#1134]: https://github.com/RustCrypto/formats/pull/1134
+[#1179]: https://github.com/RustCrypto/formats/pull/1179
+[#1271]: https://github.com/RustCrypto/formats/pull/1271
+
## 0.2.4 (2023-07-25)
### Added
diff --git a/crates/x509-cert/Cargo.toml b/crates/x509-cert/Cargo.toml
index 793721f..61a064f 100644
--- a/crates/x509-cert/Cargo.toml
+++ b/crates/x509-cert/Cargo.toml
@@ -13,7 +13,7 @@
edition = "2021"
rust-version = "1.65"
name = "x509-cert"
-version = "0.2.4"
+version = "0.2.5"
authors = ["RustCrypto Developers"]
description = """
Pure Rust implementation of the X.509 Public Key Infrastructure Certificate
@@ -56,7 +56,7 @@
]
[dependencies.sha1]
-version = "0.10.0"
+version = "0.10.6"
optional = true
[dependencies.signature]
@@ -65,11 +65,17 @@
optional = true
[dependencies.spki]
-version = "0.7.2"
+version = "0.7.3"
features = ["alloc"]
+[dependencies.tls_codec]
+version = "0.4.0"
+features = ["derive"]
+optional = true
+default-features = false
+
[dev-dependencies.ecdsa]
-version = "0.16.7"
+version = "0.16.8"
features = [
"digest",
"pem",
@@ -85,11 +91,11 @@
version = "0.8.5"
[dev-dependencies.rsa]
-version = "0.9.2"
+version = "0.9.6"
features = ["sha2"]
[dev-dependencies.rstest]
-version = "0.17"
+version = "0.18"
[dev-dependencies.sha2]
version = "0.10"
@@ -119,8 +125,10 @@
"der/pem",
"spki/pem",
]
+sct = ["dep:tls_codec"]
std = [
"const-oid/std",
"der/std",
"spki/std",
+ "tls_codec?/std",
]
diff --git a/crates/x509-cert/METADATA b/crates/x509-cert/METADATA
index 8e639d5..b425707 100644
--- a/crates/x509-cert/METADATA
+++ b/crates/x509-cert/METADATA
@@ -1,17 +1,17 @@
name: "x509-cert"
description: "Pure Rust implementation of the X.509 Public Key Infrastructure Certificate format as described in RFC 5280."
third_party {
- version: "0.2.4"
+ version: "0.2.5"
license_type: NOTICE
last_upgrade_date {
- year: 2023
- month: 12
- day: 15
+ year: 2025
+ month: 1
+ day: 13
}
homepage: "https://crates.io/crates/x509-cert"
identifier {
type: "Archive"
- value: "https://static.crates.io/crates/x509-cert/x509-cert-0.2.4.crate"
- version: "0.2.4"
+ value: "https://static.crates.io/crates/x509-cert/x509-cert-0.2.5.crate"
+ version: "0.2.5"
}
}
diff --git a/crates/x509-cert/src/builder.rs b/crates/x509-cert/src/builder.rs
index ec51a7e..c778f1e 100644
--- a/crates/x509-cert/src/builder.rs
+++ b/crates/x509-cert/src/builder.rs
@@ -276,9 +276,7 @@
cert_signer: &'s S,
) -> Result<Self> {
let verifying_key = cert_signer.verifying_key();
- let signer_pub = verifying_key
- .to_public_key_der()?
- .decode_msg::<SubjectPublicKeyInfoOwned>()?;
+ let signer_pub = SubjectPublicKeyInfoOwned::from_key(verifying_key)?;
let signature_alg = cert_signer.signature_algorithm_identifier()?;
let issuer = profile.get_issuer(&subject);
@@ -370,9 +368,7 @@
pub fn new(subject: Name, req_signer: &'s S) -> Result<Self> {
let version = Default::default();
let verifying_key = req_signer.verifying_key();
- let public_key = verifying_key
- .to_public_key_der()?
- .decode_msg::<SubjectPublicKeyInfoOwned>()?;
+ let public_key = SubjectPublicKeyInfoOwned::from_key(verifying_key)?;
let attributes = Default::default();
let extension_req = Default::default();
diff --git a/crates/x509-cert/src/ext/pkix.rs b/crates/x509-cert/src/ext/pkix.rs
index 95a5e2b..2c7a4ff 100644
--- a/crates/x509-cert/src/ext/pkix.rs
+++ b/crates/x509-cert/src/ext/pkix.rs
@@ -9,6 +9,8 @@
mod authkeyid;
mod keyusage;
mod policymap;
+#[cfg(feature = "sct")]
+pub mod sct;
use crate::attr::AttributeTypeAndValue;
@@ -24,6 +26,12 @@
pub use keyusage::{ExtendedKeyUsage, KeyUsage, KeyUsages, PrivateKeyUsagePeriod};
pub use policymap::{PolicyMapping, PolicyMappings};
+#[cfg(feature = "sct")]
+pub use sct::{
+ Error, HashAlgorithm, SerializedSct, SignatureAlgorithm, SignatureAndHashAlgorithm,
+ SignedCertificateTimestamp, SignedCertificateTimestampList, Version,
+};
+
pub use const_oid::db::rfc5280::{
ID_CE_INHIBIT_ANY_POLICY, ID_CE_ISSUER_ALT_NAME, ID_CE_SUBJECT_ALT_NAME,
ID_CE_SUBJECT_DIRECTORY_ATTRIBUTES, ID_CE_SUBJECT_KEY_IDENTIFIER,
diff --git a/crates/x509-cert/src/ext/pkix/name/general.rs b/crates/x509-cert/src/ext/pkix/name/general.rs
index bd0fa7e..821599d 100644
--- a/crates/x509-cert/src/ext/pkix/name/general.rs
+++ b/crates/x509-cert/src/ext/pkix/name/general.rs
@@ -86,6 +86,7 @@
}
#[cfg(all(feature = "std", test))]
+#[allow(clippy::unwrap_used)]
mod tests {
use super::*;
use der::Encode;
diff --git a/crates/x509-cert/src/ext/pkix/name/other.rs b/crates/x509-cert/src/ext/pkix/name/other.rs
index 26b93bc..89a565e 100644
--- a/crates/x509-cert/src/ext/pkix/name/other.rs
+++ b/crates/x509-cert/src/ext/pkix/name/other.rs
@@ -21,6 +21,7 @@
#[test]
#[cfg(test)]
+#[allow(clippy::unwrap_used)]
fn test() {
use alloc::string::ToString;
use der::{asn1::Utf8StringRef, Decode, Encode};
diff --git a/crates/x509-cert/src/ext/pkix/sct.rs b/crates/x509-cert/src/ext/pkix/sct.rs
new file mode 100644
index 0000000..32539a5
--- /dev/null
+++ b/crates/x509-cert/src/ext/pkix/sct.rs
@@ -0,0 +1,734 @@
+//! Signed Certificate Timestamp list extension as defined in the
+//! [Certificate Transparency RFC 6962].
+//!
+//! [Certificate Transparency RFC 6962]: https://datatracker.ietf.org/doc/html/rfc6962
+
+#![cfg(feature = "sct")]
+
+use alloc::{format, vec::Vec};
+use const_oid::{AssociatedOid, ObjectIdentifier};
+use der::asn1::OctetString;
+use tls_codec::{
+ DeserializeBytes, SerializeBytes, TlsByteVecU16, TlsDeserializeBytes, TlsSerializeBytes,
+ TlsSize,
+};
+
+/// A signed certificate timestamp list (SCT list) as defined in [RFC 6962 Section 3.3].
+///
+/// ```text
+/// SignedCertificateTimestampList ::= OCTET STRING
+/// ```
+///
+/// [RFC 6962 Section 3.3]: https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
+#[derive(Debug, PartialEq)]
+pub struct SignedCertificateTimestampList(OctetString);
+
+//TODO: Remove this and use const-oid's rfc6962::CT_PRECERT_SCTS once a const-oid version
+// containing it is published
+const CT_PRECERT_SCTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.4.1.11129.2.4.2");
+
+impl AssociatedOid for SignedCertificateTimestampList {
+ const OID: ObjectIdentifier = CT_PRECERT_SCTS;
+}
+
+impl_newtype!(SignedCertificateTimestampList, OctetString);
+impl_extension!(SignedCertificateTimestampList, critical = false);
+
+/// Errors that are thrown by this module.
+#[derive(PartialEq, Debug)]
+pub enum Error {
+ /// [Errors][der::Error] from the `der` crate.
+ Der(der::Error),
+ /// [Errors][tls_codec::Error] from the `tls_codec` crate.
+ Tls(tls_codec::Error),
+}
+
+impl From<der::Error> for Error {
+ fn from(value: der::Error) -> Self {
+ Error::Der(value)
+ }
+}
+
+impl From<tls_codec::Error> for Error {
+ fn from(value: tls_codec::Error) -> Self {
+ Error::Tls(value)
+ }
+}
+
+impl SignedCertificateTimestampList {
+ /// Creates a new [`SignedCertificateTimestampList`] from a slice of [`SerializedSct`]s.
+ pub fn new(serialized_scts: &[SerializedSct]) -> Result<Self, Error> {
+ let mut result: Vec<u8> = Vec::new();
+ for timestamp in serialized_scts {
+ let buffer = timestamp.tls_serialize()?;
+ result.extend(buffer);
+ }
+ let tls_vec = TlsByteVecU16::new(result);
+ let buffer = tls_vec.tls_serialize()?;
+ Ok(SignedCertificateTimestampList(OctetString::new(buffer)?))
+ }
+
+ /// Parses the encoded [SerializedSct]s and returns a [Vec] containing them.
+ ///
+ /// Returns an [error][Error] if a [SerializedSct] can't be
+ /// deserialized or if there are trailing bytes after all [SerializedSct]s
+ /// are deserialized.
+ pub fn parse_timestamps(&self) -> Result<Vec<SerializedSct>, Error> {
+ let (tls_vec, rest) = TlsByteVecU16::tls_deserialize_bytes(self.0.as_bytes())?;
+ if !rest.is_empty() {
+ return Err(tls_codec::Error::TrailingData)?;
+ }
+ let mut bytes = tls_vec.as_slice();
+ let mut result = Vec::new();
+ while !bytes.is_empty() {
+ let (serialized_sct, rest) = SerializedSct::tls_deserialize_bytes(bytes)?;
+ result.push(serialized_sct);
+ bytes = rest;
+ }
+ Ok(result)
+ }
+}
+
+/// A byte string that contains a serialized [SignedCertificateTimestamp] as
+/// defined in [RFC 6962 section 3.3].
+///
+/// [RFC 6962 section 3.3]: https://datatracker.ietf.org/doc/html/rfc6962#section-3.3
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+pub struct SerializedSct {
+ data: TlsByteVecU16,
+}
+
+impl SerializedSct {
+ /// Creates a new [SerializedSct] from a [SignedCertificateTimestamp].
+ ///
+ /// Returns [tls_codec Error][tls_codec::Error] if the given [SignedCertificateTimestamp]
+ /// can't be serialized.
+ pub fn new(timestamp: SignedCertificateTimestamp) -> Result<Self, tls_codec::Error> {
+ let buffer = timestamp.tls_serialize()?;
+ Ok(SerializedSct {
+ data: TlsByteVecU16::from_slice(&buffer),
+ })
+ }
+
+ /// Parses a [SignedCertificateTimestamp] from a this [SerializedSct].
+ ///
+ /// Returns an [error][Error] if a [SignedCertificateTimestamp] can't be
+ /// deserialized or if there are trailing bytes after a
+ /// [SignedCertificateTimestamp] has been deserialized.
+ pub fn parse_timestamp(&self) -> Result<SignedCertificateTimestamp, Error> {
+ let (sct, rest) = SignedCertificateTimestamp::tls_deserialize_bytes(self.data.as_slice())?;
+ if !rest.is_empty() {
+ return Err(tls_codec::Error::TrailingData)?;
+ }
+ Ok(sct)
+ }
+}
+
+/// A signed certificate timestamp (SCT) as defined in [RFC 6962 section 3.2].
+///
+/// [RFC 6962 section 3.2]: https://datatracker.ietf.org/doc/html/rfc6962#section-3.2
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+pub struct SignedCertificateTimestamp {
+ /// The version of the protocol to which the SCT conforms.
+ /// Currently, it is always v1.
+ pub version: Version,
+ /// The SHA-256 hash of the log's public key, calculated over
+ /// the DER encoding of the key represented as [SubjectPublicKeyInfo][spki::SubjectPublicKeyInfo].
+ pub log_id: LogId,
+ /// the current NTP Time measured since the `UNIX_EPOCH`
+ /// (January 1, 1970, 00:00), ignoring leap seconds, in milliseconds.
+ pub timestamp: u64,
+ /// The future extensions to protocol version v1.
+ /// Currently, no extensions are specified.
+ pub extensions: TlsByteVecU16,
+ /// A digital signature over many fields including
+ /// version, timestamp, extensions and others. See [RFC 6962 section 3.2]
+ /// for a complete list.
+ ///
+ /// [RFC 6962 section 3.2]:https://datatracker.ietf.org/doc/html/rfc6962#section-3.2
+ pub signature: DigitallySigned,
+}
+
+impl SignedCertificateTimestamp {
+ /// Creates a [DateTime][der::DateTime] from the timestamp field since the `UNIX_EPOCH`.
+ ///
+ /// Returns an error if timestamp is outside the supported date range.
+ pub fn timestamp(&self) -> Result<der::DateTime, der::Error> {
+ der::DateTime::from_unix_duration(core::time::Duration::from_millis(self.timestamp))
+ }
+}
+
+/// The version of the protocol to which the SCT conforms
+/// as defined in [RFC 6962 section 3.2]. Currently, it is always v1.
+///
+/// [RFC 6962 section 3.2]: https://datatracker.ietf.org/doc/html/rfc6962#section-3.2
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+#[repr(u8)]
+pub enum Version {
+ /// Version 1.
+ V1 = 0,
+}
+
+/// The SHA-256 hash of the log's public key, calculated over
+/// the DER encoding of the key represented as [SubjectPublicKeyInfo][spki::SubjectPublicKeyInfo]
+/// as defined in [RFC 6962 section 3.2].
+///
+/// [RFC 6962 section 3.2]: https://datatracker.ietf.org/doc/html/rfc6962#section-3.2
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+pub struct LogId {
+ /// Hash of the log's public key.
+ pub key_id: [u8; 32],
+}
+
+/// Digital signature as defined in [RFC 5246 section 4.7].
+///
+/// [RFC 5246 section 4.7]: https://datatracker.ietf.org/doc/html/rfc5246#section-4.7
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+pub struct DigitallySigned {
+ /// [SignatureAndHashAlgorithm] as defined in [RFC 5246 section 7.4.1.4.1].
+ ///
+ /// [RFC 5246 section 7.4.1.4.1]: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
+ pub algorithm: SignatureAndHashAlgorithm,
+ /// Digital signature over some contents using the [SignatureAndHashAlgorithm].
+ pub signature: TlsByteVecU16,
+}
+
+/// A combination of signature and hashing algorithms as defined in [RFC 5246 section 7.4.1.4.1].
+///
+/// [RFC 5246 section 7.4.1.4.1]: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+pub struct SignatureAndHashAlgorithm {
+ /// The hashing algorithm.
+ pub hash: HashAlgorithm,
+ /// The signature algorithm.
+ pub signature: SignatureAlgorithm,
+}
+
+/// Signature algorithm as defined in [RFC 5246 section 7.4.1.4.1].
+///
+/// [RFC 5246 section 7.4.1.4.1]: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+#[repr(u8)]
+pub enum SignatureAlgorithm {
+ /// Anonymous signature algorithm.
+ Anonymous = 0,
+ /// RSA signature algorithm.
+ Rsa = 1,
+ /// DSA signature algorithm.
+ Dsa = 2,
+ /// ECDSA signature algorithm.
+ Ecdsa = 3,
+ /// ED25519 signature algorithm.
+ Ed25519 = 7,
+ /// ED448 signature algorithm.
+ Ed448 = 8,
+}
+
+/// Hashing algorithm as defined in [RFC 5246 section 7.4.1.4.1].
+///
+/// [RFC 5246 section 7.4.1.4.1]: https://datatracker.ietf.org/doc/html/rfc5246#section-7.4.1.4.1
+#[derive(PartialEq, Debug, TlsDeserializeBytes, TlsSerializeBytes, TlsSize)]
+#[repr(u8)]
+pub enum HashAlgorithm {
+ /// No algorithm.
+ None = 0,
+ /// MD5 algorithm.
+ Md5 = 1,
+ /// SHA1 algorithm.
+ Sha1 = 2,
+ /// SHA224 algorithm.
+ Sha224 = 3,
+ /// SHA256 algorithm.
+ Sha256 = 4,
+ /// SHA384 algorithm.
+ Sha384 = 5,
+ /// SHA512 algorithm.
+ Sha512 = 6,
+ /// Intrinsic algorithm.
+ Intrinsic = 8,
+}
+
+#[cfg(test)]
+mod tests {
+ use der::{asn1::OctetString, Decode, Encode};
+ use tls_codec::{DeserializeBytes, SerializeBytes, TlsByteVecU16};
+
+ use crate::ext::pkix::sct::LogId;
+
+ use super::{
+ DigitallySigned, HashAlgorithm, SerializedSct, SignatureAlgorithm,
+ SignatureAndHashAlgorithm, SignedCertificateTimestamp, SignedCertificateTimestampList,
+ Version,
+ };
+
+ fn run_deserialization_test<'a, T: DeserializeBytes + PartialEq + core::fmt::Debug>(
+ bytes: &'a [u8],
+ expected_result: Result<(T, &[u8]), tls_codec::Error>,
+ ) -> Result<(T, &'a [u8]), tls_codec::Error> {
+ let actual_result = T::tls_deserialize_bytes(bytes);
+ assert_eq!(actual_result, expected_result);
+ actual_result
+ }
+
+ fn run_serialization_test<T: SerializeBytes>(value: T, expected_bytes: &[u8]) {
+ let result = value.tls_serialize().expect("failed to serialize value");
+ assert_eq!(expected_bytes, &result);
+ }
+
+ #[test]
+ fn test_hash_algorithm_deserialization() {
+ let bytes = [0, 1, 2, 3, 4, 5, 6, 8];
+
+ let result = run_deserialization_test(
+ &bytes,
+ Ok((HashAlgorithm::None, [1, 2, 3, 4, 5, 6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Md5, [2, 3, 4, 5, 6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Sha1, [3, 4, 5, 6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Sha224, [4, 5, 6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Sha256, [5, 6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Sha384, [6, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Sha512, [8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((HashAlgorithm::Intrinsic, [].as_slice())),
+ );
+ let _ = run_deserialization_test::<HashAlgorithm>(
+ result.expect("run_deserialization_test failed").1,
+ Err(tls_codec::Error::EndOfStream),
+ );
+ let _ =
+ run_deserialization_test::<HashAlgorithm>(&[7], Err(tls_codec::Error::UnknownValue(7)));
+ let _ =
+ run_deserialization_test::<HashAlgorithm>(&[9], Err(tls_codec::Error::UnknownValue(9)));
+ }
+
+ #[test]
+ fn test_hash_algorithm_serialization() {
+ run_serialization_test(HashAlgorithm::None, &[0]);
+ run_serialization_test(HashAlgorithm::Md5, &[1]);
+ run_serialization_test(HashAlgorithm::Sha1, &[2]);
+ run_serialization_test(HashAlgorithm::Sha224, &[3]);
+ run_serialization_test(HashAlgorithm::Sha256, &[4]);
+ run_serialization_test(HashAlgorithm::Sha384, &[5]);
+ run_serialization_test(HashAlgorithm::Sha512, &[6]);
+ run_serialization_test(HashAlgorithm::Intrinsic, &[8]);
+ }
+
+ #[test]
+ fn test_signature_algorithm_deserialization() {
+ let bytes = [0, 1, 2, 3, 7, 8];
+
+ let result = run_deserialization_test(
+ &bytes,
+ Ok((SignatureAlgorithm::Anonymous, [1, 2, 3, 7, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((SignatureAlgorithm::Rsa, [2, 3, 7, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((SignatureAlgorithm::Dsa, [3, 7, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((SignatureAlgorithm::Ecdsa, [7, 8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((SignatureAlgorithm::Ed25519, [8].as_slice())),
+ );
+ let result = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((SignatureAlgorithm::Ed448, [].as_slice())),
+ );
+ let _ = run_deserialization_test::<SignatureAlgorithm>(
+ result.expect("run_deserialization_test failed").1,
+ Err(tls_codec::Error::EndOfStream),
+ );
+ let _ = run_deserialization_test::<SignatureAlgorithm>(
+ &[4],
+ Err(tls_codec::Error::UnknownValue(4)),
+ );
+ let _ = run_deserialization_test::<SignatureAlgorithm>(
+ &[5],
+ Err(tls_codec::Error::UnknownValue(5)),
+ );
+ let _ = run_deserialization_test::<SignatureAlgorithm>(
+ &[6],
+ Err(tls_codec::Error::UnknownValue(6)),
+ );
+ let _ = run_deserialization_test::<SignatureAlgorithm>(
+ &[9],
+ Err(tls_codec::Error::UnknownValue(9)),
+ );
+ }
+
+ #[test]
+ fn test_signature_algorithm_serialization() {
+ run_serialization_test(SignatureAlgorithm::Anonymous, &[0]);
+ run_serialization_test(SignatureAlgorithm::Rsa, &[1]);
+ run_serialization_test(SignatureAlgorithm::Dsa, &[2]);
+ run_serialization_test(SignatureAlgorithm::Ecdsa, &[3]);
+ run_serialization_test(SignatureAlgorithm::Ed25519, &[7]);
+ run_serialization_test(SignatureAlgorithm::Ed448, &[8]);
+ }
+
+ #[test]
+ fn test_signature_and_hash_algorithm_deserialization() {
+ let bytes = [4, 3, 2, 1];
+
+ let result = run_deserialization_test(
+ &bytes,
+ Ok((
+ SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ [2, 1].as_slice(),
+ )),
+ );
+
+ let _ = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((
+ SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha1,
+ signature: SignatureAlgorithm::Rsa,
+ },
+ [].as_slice(),
+ )),
+ );
+ }
+
+ #[test]
+ fn test_signature_and_hash_algorithm_serialization() {
+ run_serialization_test(
+ SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha1,
+ signature: SignatureAlgorithm::Rsa,
+ },
+ &[2, 1],
+ );
+ run_serialization_test(
+ SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ &[4, 3],
+ );
+ }
+
+ #[test]
+ fn test_digitally_signed_deserialization() {
+ let bytes = [4, 3, 0, 3, 2, 1, 0, 2, 1, 0, 1, 9];
+
+ let result = run_deserialization_test(
+ &bytes,
+ Ok((
+ DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&[2, 1, 0]),
+ },
+ [2, 1, 0, 1, 9].as_slice(),
+ )),
+ );
+
+ let _ = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((
+ DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha1,
+ signature: SignatureAlgorithm::Rsa,
+ },
+ signature: TlsByteVecU16::from_slice(&[9]),
+ },
+ [].as_slice(),
+ )),
+ );
+ }
+
+ #[test]
+ fn test_digitally_signed_serialization() {
+ run_serialization_test(
+ DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&[0, 1, 2]),
+ },
+ &[4, 3, 0, 3, 0, 1, 2],
+ );
+ run_serialization_test(
+ DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha1,
+ signature: SignatureAlgorithm::Rsa,
+ },
+ signature: TlsByteVecU16::from_slice(&[0, 1, 2]),
+ },
+ &[2, 1, 0, 3, 0, 1, 2],
+ );
+ }
+
+ #[test]
+ fn test_version_deserialization() {
+ let bytes = [0, 0];
+
+ let result = run_deserialization_test(&bytes, Ok((Version::V1, [0].as_slice())));
+
+ let _ = run_deserialization_test(
+ result.expect("run_deserialization_test failed").1,
+ Ok((Version::V1, [].as_slice())),
+ );
+ let _ = run_deserialization_test::<Version>(&[1], Err(tls_codec::Error::UnknownValue(1)));
+ }
+
+ #[test]
+ fn test_version_serialization() {
+ run_serialization_test(Version::V1, &[0]);
+ }
+
+ #[test]
+ fn test_log_id_deserialization() {
+ let bytes = [42; 36];
+
+ let _ =
+ run_deserialization_test(&bytes, Ok((LogId { key_id: [42; 32] }, [42; 4].as_slice())));
+ }
+
+ #[test]
+ fn test_log_id_serialization() {
+ run_serialization_test(LogId { key_id: [3; 32] }, &[3; 32]);
+ }
+
+ const TLS_SCT_EXAMPLE: [u8; 119] = [
+ 0, 122, 50, 140, 84, 216, 183, 45, 182, 32, 234, 56, 224, 82, 30, 233, 132, 22, 112, 50,
+ 19, 133, 77, 59, 210, 43, 193, 58, 87, 163, 82, 235, 82, 0, 0, 1, 135, 224, 74, 186, 106,
+ 0, 0, 4, 3, 0, 72, 48, 70, 2, 33, 0, 170, 82, 81, 162, 157, 234, 14, 189, 167, 13, 247,
+ 211, 97, 112, 248, 172, 149, 125, 58, 18, 238, 60, 150, 157, 124, 245, 188, 138, 102, 212,
+ 244, 187, 2, 33, 0, 209, 79, 31, 63, 208, 79, 240, 233, 193, 187, 28, 33, 190, 95, 130, 66,
+ 183, 222, 187, 42, 22, 83, 0, 119, 226, 246, 19, 197, 47, 237, 198, 149,
+ ];
+
+ #[test]
+ fn test_sct_deserialization() {
+ let _ = run_deserialization_test(
+ &TLS_SCT_EXAMPLE,
+ Ok((
+ SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: TLS_SCT_EXAMPLE[1..33]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ TLS_SCT_EXAMPLE[33..41]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&TLS_SCT_EXAMPLE[47..]),
+ },
+ },
+ &[],
+ )),
+ );
+ }
+
+ #[test]
+ fn test_sct_serialization() {
+ run_serialization_test(
+ SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: TLS_SCT_EXAMPLE[1..33]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ TLS_SCT_EXAMPLE[33..41]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&TLS_SCT_EXAMPLE[47..]),
+ },
+ },
+ &TLS_SCT_EXAMPLE,
+ );
+ }
+
+ const SCT_EXAMPLE: [u8; 245] = [
+ 4, 129, 242, 0, 240, 0, 119, 0, 122, 50, 140, 84, 216, 183, 45, 182, 32, 234, 56, 224, 82,
+ 30, 233, 132, 22, 112, 50, 19, 133, 77, 59, 210, 43, 193, 58, 87, 163, 82, 235, 82, 0, 0,
+ 1, 135, 224, 74, 186, 106, 0, 0, 4, 3, 0, 72, 48, 70, 2, 33, 0, 170, 82, 81, 162, 157, 234,
+ 14, 189, 167, 13, 247, 211, 97, 112, 248, 172, 149, 125, 58, 18, 238, 60, 150, 157, 124,
+ 245, 188, 138, 102, 212, 244, 187, 2, 33, 0, 209, 79, 31, 63, 208, 79, 240, 233, 193, 187,
+ 28, 33, 190, 95, 130, 66, 183, 222, 187, 42, 22, 83, 0, 119, 226, 246, 19, 197, 47, 237,
+ 198, 149, 0, 117, 0, 173, 247, 190, 250, 124, 255, 16, 200, 139, 157, 61, 156, 30, 62, 24,
+ 106, 180, 103, 41, 93, 207, 177, 12, 36, 202, 133, 134, 52, 235, 220, 130, 138, 0, 0, 1,
+ 135, 224, 74, 186, 164, 0, 0, 4, 3, 0, 70, 48, 68, 2, 32, 29, 110, 144, 37, 157, 227, 170,
+ 70, 67, 16, 68, 195, 212, 168, 246, 37, 94, 69, 210, 136, 42, 113, 217, 230, 34, 152, 253,
+ 116, 13, 174, 232, 191, 2, 32, 16, 25, 200, 223, 59, 176, 40, 145, 76, 85, 242, 133, 130,
+ 212, 61, 216, 83, 238, 115, 130, 82, 240, 196, 162, 249, 54, 199, 120, 175, 72, 223, 14,
+ ];
+
+ #[test]
+ fn test_sct_list_deserialization() {
+ fn run_test(
+ bytes: &[u8],
+ expected_result: Result<SignedCertificateTimestampList, der::Error>,
+ ) -> Result<SignedCertificateTimestampList, der::Error> {
+ let actual_result = SignedCertificateTimestampList::from_der(bytes);
+ assert_eq!(actual_result, expected_result);
+ actual_result
+ }
+
+ let result = run_test(
+ &SCT_EXAMPLE,
+ Ok(SignedCertificateTimestampList(
+ OctetString::new(&SCT_EXAMPLE[3..]).expect("failed to convert to u8 array"),
+ )),
+ );
+ let scts = result
+ .expect("run_test failed")
+ .parse_timestamps()
+ .expect("parse_timestamps failed");
+ assert_eq!(
+ scts[0].parse_timestamp(),
+ Ok(SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: SCT_EXAMPLE[8..40]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ SCT_EXAMPLE[40..48]
+ .try_into()
+ .expect("failed to convert to u8 array")
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&SCT_EXAMPLE[54..126]),
+ },
+ })
+ );
+ assert_eq!(
+ scts[1].parse_timestamp(),
+ Ok(SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: SCT_EXAMPLE[129..161]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ SCT_EXAMPLE[161..169]
+ .try_into()
+ .expect("failed to convert to u8 array")
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&SCT_EXAMPLE[175..]),
+ },
+ })
+ );
+ }
+
+ #[test]
+ fn test_sct_list_serialization() {
+ let serialized_sct1 = SerializedSct::new(SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: SCT_EXAMPLE[8..40]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ SCT_EXAMPLE[40..48]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&SCT_EXAMPLE[54..126]),
+ },
+ })
+ .expect("failed to create SerializedSct");
+ let serialized_sct2 = SerializedSct::new(SignedCertificateTimestamp {
+ version: Version::V1,
+ log_id: LogId {
+ key_id: SCT_EXAMPLE[129..161]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ },
+ timestamp: u64::from_be_bytes(
+ SCT_EXAMPLE[161..169]
+ .try_into()
+ .expect("failed to convert to u8 array"),
+ ),
+ extensions: TlsByteVecU16::from_slice(&[]),
+ signature: DigitallySigned {
+ algorithm: SignatureAndHashAlgorithm {
+ hash: HashAlgorithm::Sha256,
+ signature: SignatureAlgorithm::Ecdsa,
+ },
+ signature: TlsByteVecU16::from_slice(&SCT_EXAMPLE[175..]),
+ },
+ })
+ .expect("failed to create SerializedSct");
+ let list = SignedCertificateTimestampList::new(&[serialized_sct1, serialized_sct2])
+ .expect("failed to create SignedCertificateTimestampList");
+ let der = list.to_der().expect("failed to convert to der");
+ assert_eq!(der.as_slice(), SCT_EXAMPLE.as_slice());
+ }
+}
diff --git a/crates/x509-cert/src/name.rs b/crates/x509-cert/src/name.rs
index ec62249..c12a25c 100644
--- a/crates/x509-cert/src/name.rs
+++ b/crates/x509-cert/src/name.rs
@@ -96,7 +96,7 @@
/// Split a string at all non-escaped separators.
fn split(s: &str, b: u8) -> impl '_ + Iterator<Item = &'_ str> {
let mut prev = 0;
- find(s, b).chain([s.len()].into_iter()).map(move |i| {
+ find(s, b).chain([s.len()]).map(move |i| {
let x = &s[prev..i];
prev = i + 1;
x
diff --git a/crates/x509-cert/src/serial_number.rs b/crates/x509-cert/src/serial_number.rs
index b14487a..42952fd 100644
--- a/crates/x509-cert/src/serial_number.rs
+++ b/crates/x509-cert/src/serial_number.rs
@@ -147,6 +147,7 @@
}
#[cfg(test)]
+#[allow(clippy::unwrap_used)]
mod tests {
use alloc::string::ToString;
diff --git a/crates/x509-cert/tests/builder.rs b/crates/x509-cert/tests/builder.rs
index 06aae51..d31eb8c 100644
--- a/crates/x509-cert/tests/builder.rs
+++ b/crates/x509-cert/tests/builder.rs
@@ -138,7 +138,7 @@
let builder = CertificateBuilder::new(
profile,
serial_number.clone(),
- validity.clone(),
+ validity,
subject.clone(),
pub_key.clone(),
&signer,
@@ -251,14 +251,12 @@
fn rsa_signer() -> SigningKey<Sha256> {
let private_key = rsa::RsaPrivateKey::from_pkcs1_der(RSA_2048_PRIV_DER_EXAMPLE).unwrap();
- let signing_key = SigningKey::<Sha256>::new(private_key);
- signing_key
+ SigningKey::<Sha256>::new(private_key)
}
fn rsa_pss_signer() -> rsa::pss::SigningKey<Sha256> {
let private_key = rsa::RsaPrivateKey::from_pkcs1_der(RSA_2048_PRIV_DER_EXAMPLE).unwrap();
- let signing_key = rsa::pss::SigningKey::<Sha256>::new(private_key);
- signing_key
+ rsa::pss::SigningKey::<Sha256>::new(private_key)
}
const PKCS8_PRIVATE_KEY_DER: &[u8] = include_bytes!("examples/p256-priv.der");
diff --git a/crates/x509-cert/tests/certificate.rs b/crates/x509-cert/tests/certificate.rs
index e5b3243..d4859c2 100644
--- a/crates/x509-cert/tests/certificate.rs
+++ b/crates/x509-cert/tests/certificate.rs
@@ -437,7 +437,7 @@
assert_eq!(pem_encoded_cert, reencoded.as_bytes());
}
-#[cfg(all(feature = "pem"))]
+#[cfg(feature = "pem")]
#[test]
fn load_certificate_chains() {
let pem_encoded_chain = include_bytes!("examples/crates.io-chain.pem");
diff --git a/crates/x509-cert/tests/pkix_extensions.rs b/crates/x509-cert/tests/pkix_extensions.rs
index 108eeb5..9d9973a 100644
--- a/crates/x509-cert/tests/pkix_extensions.rs
+++ b/crates/x509-cert/tests/pkix_extensions.rs
@@ -1,4 +1,5 @@
//! Certificate tests
+#![allow(clippy::bool_assert_comparison)]
use const_oid::AssociatedOid;
use der::asn1::{Ia5StringRef, OctetString, PrintableStringRef, Utf8StringRef};
use der::{Decode, Encode, ErrorKind, Length, Tag, Tagged};
@@ -211,194 +212,284 @@
let result = Certificate::from_der(der_encoded_cert);
let cert: Certificate = result.unwrap();
let exts = cert.tbs_certificate.extensions.unwrap();
- let i = exts.iter();
- let mut counter = 0;
- for ext in i {
- if 0 == counter {
- assert_eq!(ext.extn_id.to_string(), ID_CE_KEY_USAGE.to_string());
- assert_eq!(ext.critical, true);
+ for (i, ext) in exts.iter().enumerate() {
+ match i {
+ 0 => {
+ assert_eq!(ext.extn_id.to_string(), ID_CE_KEY_USAGE.to_string());
+ assert_eq!(ext.critical, true);
- let ku = KeyUsage::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(KeyUsages::KeyCertSign | KeyUsages::CRLSign, ku);
+ let ku = KeyUsage::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(KeyUsages::KeyCertSign | KeyUsages::CRLSign, ku);
- let reencoded = ku.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
- } else if 1 == counter {
- assert_eq!(ext.extn_id.to_string(), ID_CE_BASIC_CONSTRAINTS.to_string());
- assert_eq!(ext.critical, true);
- let bc = BasicConstraints::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(true, bc.ca);
- assert!(bc.path_len_constraint.is_none());
-
- let reencoded = bc.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
- } else if 2 == counter {
- assert_eq!(ext.extn_id.to_string(), ID_CE_POLICY_MAPPINGS.to_string());
- assert_eq!(ext.critical, false);
- let pm = PolicyMappings::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(19, pm.0.len());
-
- let reencoded = pm.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
-
- let subject_domain_policy: [&str; 19] = [
- "2.16.840.1.101.3.2.1.48.2",
- "2.16.840.1.101.3.2.1.48.2",
- "2.16.840.1.101.3.2.1.48.3",
- "2.16.840.1.101.3.2.1.48.3",
- "2.16.840.1.101.3.2.1.48.5",
- "2.16.840.1.101.3.2.1.48.5",
- "2.16.840.1.101.3.2.1.48.4",
- "2.16.840.1.101.3.2.1.48.4",
- "2.16.840.1.101.3.2.1.48.6",
- "2.16.840.1.101.3.2.1.48.6",
- "2.16.840.1.101.3.2.1.48.78",
- "2.16.840.1.101.3.2.1.48.78",
- "2.16.840.1.101.3.2.1.48.78",
- "2.16.840.1.101.3.2.1.48.79",
- "2.16.840.1.101.3.2.1.48.80",
- "2.16.840.1.101.3.2.1.48.99",
- "2.16.840.1.101.3.2.1.48.99",
- "2.16.840.1.101.3.2.1.48.100",
- "2.16.840.1.101.3.2.1.48.100",
- ];
-
- let issuer_domain_policy: [&str; 19] = [
- "2.16.840.1.113839.0.100.2.1",
- "2.16.840.1.113839.0.100.2.2",
- "2.16.840.1.113839.0.100.3.1",
- "2.16.840.1.113839.0.100.3.2",
- "2.16.840.1.113839.0.100.14.1",
- "2.16.840.1.113839.0.100.14.2",
- "2.16.840.1.113839.0.100.12.1",
- "2.16.840.1.113839.0.100.12.2",
- "2.16.840.1.113839.0.100.15.1",
- "2.16.840.1.113839.0.100.15.2",
- "2.16.840.1.113839.0.100.18.0",
- "2.16.840.1.113839.0.100.18.1",
- "2.16.840.1.113839.0.100.18.2",
- "2.16.840.1.113839.0.100.19.1",
- "2.16.840.1.113839.0.100.20.1",
- "2.16.840.1.113839.0.100.37.1",
- "2.16.840.1.113839.0.100.37.2",
- "2.16.840.1.113839.0.100.38.1",
- "2.16.840.1.113839.0.100.38.2",
- ];
-
- let mut counter_pm = 0;
- for mapping in pm.0 {
- assert_eq!(
- issuer_domain_policy[counter_pm],
- mapping.issuer_domain_policy.to_string()
- );
- assert_eq!(
- subject_domain_policy[counter_pm],
- mapping.subject_domain_policy.to_string()
- );
- counter_pm += 1;
+ let reencoded = ku.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
}
- } else if 3 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_CE_CERTIFICATE_POLICIES.to_string()
- );
- assert_eq!(ext.critical, false);
- let cps = CertificatePolicies::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(19, cps.0.len());
+ 1 => {
+ assert_eq!(ext.extn_id.to_string(), ID_CE_BASIC_CONSTRAINTS.to_string());
+ assert_eq!(ext.critical, true);
+ let bc = BasicConstraints::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(true, bc.ca);
+ assert!(bc.path_len_constraint.is_none());
- let reencoded = cps.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
+ let reencoded = bc.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+ }
+ 2 => {
+ assert_eq!(ext.extn_id.to_string(), ID_CE_POLICY_MAPPINGS.to_string());
+ assert_eq!(ext.critical, false);
+ let pm = PolicyMappings::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(19, pm.0.len());
- let ids: [&str; 19] = [
- "2.16.840.1.113839.0.100.2.1",
- "2.16.840.1.113839.0.100.2.2",
- "2.16.840.1.113839.0.100.3.1",
- "2.16.840.1.113839.0.100.3.2",
- "2.16.840.1.113839.0.100.14.1",
- "2.16.840.1.113839.0.100.14.2",
- "2.16.840.1.113839.0.100.12.1",
- "2.16.840.1.113839.0.100.12.2",
- "2.16.840.1.113839.0.100.15.1",
- "2.16.840.1.113839.0.100.15.2",
- "2.16.840.1.113839.0.100.18.0",
- "2.16.840.1.113839.0.100.18.1",
- "2.16.840.1.113839.0.100.18.2",
- "2.16.840.1.113839.0.100.19.1",
- "2.16.840.1.113839.0.100.20.1",
- "2.16.840.1.113839.0.100.37.1",
- "2.16.840.1.113839.0.100.37.2",
- "2.16.840.1.113839.0.100.38.1",
- "2.16.840.1.113839.0.100.38.2",
- ];
+ let reencoded = pm.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
- let mut cp_counter = 0;
- for cp in cps.0 {
- assert_eq!(ids[cp_counter], cp.policy_identifier.to_string());
- if 18 == cp_counter {
- assert!(cp.policy_qualifiers.is_some());
- let pq = cp.policy_qualifiers.unwrap();
- let mut counter_pq = 0;
- for pqi in pq.iter() {
- if 0 == counter_pq {
- assert_eq!("1.3.6.1.5.5.7.2.1", pqi.policy_qualifier_id.to_string());
- let cpsval =
- Ia5StringRef::try_from(pqi.qualifier.as_ref().unwrap()).unwrap();
- assert_eq!(
- "https://secure.identrust.com/certificates/policy/IGC/index.html",
- cpsval.to_string()
- );
- } else if 1 == counter_pq {
- assert_eq!("1.3.6.1.5.5.7.2.2", pqi.policy_qualifier_id.to_string());
- // TODO VisibleString
- }
- counter_pq += 1;
- }
- } else {
- assert!(cp.policy_qualifiers.is_none())
+ let subject_domain_policy: [&str; 19] = [
+ "2.16.840.1.101.3.2.1.48.2",
+ "2.16.840.1.101.3.2.1.48.2",
+ "2.16.840.1.101.3.2.1.48.3",
+ "2.16.840.1.101.3.2.1.48.3",
+ "2.16.840.1.101.3.2.1.48.5",
+ "2.16.840.1.101.3.2.1.48.5",
+ "2.16.840.1.101.3.2.1.48.4",
+ "2.16.840.1.101.3.2.1.48.4",
+ "2.16.840.1.101.3.2.1.48.6",
+ "2.16.840.1.101.3.2.1.48.6",
+ "2.16.840.1.101.3.2.1.48.78",
+ "2.16.840.1.101.3.2.1.48.78",
+ "2.16.840.1.101.3.2.1.48.78",
+ "2.16.840.1.101.3.2.1.48.79",
+ "2.16.840.1.101.3.2.1.48.80",
+ "2.16.840.1.101.3.2.1.48.99",
+ "2.16.840.1.101.3.2.1.48.99",
+ "2.16.840.1.101.3.2.1.48.100",
+ "2.16.840.1.101.3.2.1.48.100",
+ ];
+
+ let issuer_domain_policy: [&str; 19] = [
+ "2.16.840.1.113839.0.100.2.1",
+ "2.16.840.1.113839.0.100.2.2",
+ "2.16.840.1.113839.0.100.3.1",
+ "2.16.840.1.113839.0.100.3.2",
+ "2.16.840.1.113839.0.100.14.1",
+ "2.16.840.1.113839.0.100.14.2",
+ "2.16.840.1.113839.0.100.12.1",
+ "2.16.840.1.113839.0.100.12.2",
+ "2.16.840.1.113839.0.100.15.1",
+ "2.16.840.1.113839.0.100.15.2",
+ "2.16.840.1.113839.0.100.18.0",
+ "2.16.840.1.113839.0.100.18.1",
+ "2.16.840.1.113839.0.100.18.2",
+ "2.16.840.1.113839.0.100.19.1",
+ "2.16.840.1.113839.0.100.20.1",
+ "2.16.840.1.113839.0.100.37.1",
+ "2.16.840.1.113839.0.100.37.2",
+ "2.16.840.1.113839.0.100.38.1",
+ "2.16.840.1.113839.0.100.38.2",
+ ];
+
+ for (j, mapping) in pm.0.iter().enumerate() {
+ assert_eq!(
+ issuer_domain_policy[j],
+ mapping.issuer_domain_policy.to_string()
+ );
+ assert_eq!(
+ subject_domain_policy[j],
+ mapping.subject_domain_policy.to_string()
+ );
}
-
- cp_counter += 1;
}
- } else if 4 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_CE_SUBJECT_KEY_IDENTIFIER.to_string()
- );
- assert_eq!(ext.critical, false);
- let skid = SubjectKeyIdentifier::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(Length::new(21), skid.0.len());
- assert_eq!(
- &hex!("DBD3DEBF0D7B615B32803BC0206CD7AADD39B8ACFF"),
- skid.0.as_bytes()
- );
+ 3 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_CE_CERTIFICATE_POLICIES.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let cps = CertificatePolicies::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(19, cps.0.len());
- let reencoded = skid.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
- } else if 5 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_CE_CRL_DISTRIBUTION_POINTS.to_string()
- );
- assert_eq!(ext.critical, false);
- let crl_dps = CrlDistributionPoints::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(2, crl_dps.0.len());
+ let reencoded = cps.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
- let reencoded = crl_dps.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
+ let ids: [&str; 19] = [
+ "2.16.840.1.113839.0.100.2.1",
+ "2.16.840.1.113839.0.100.2.2",
+ "2.16.840.1.113839.0.100.3.1",
+ "2.16.840.1.113839.0.100.3.2",
+ "2.16.840.1.113839.0.100.14.1",
+ "2.16.840.1.113839.0.100.14.2",
+ "2.16.840.1.113839.0.100.12.1",
+ "2.16.840.1.113839.0.100.12.2",
+ "2.16.840.1.113839.0.100.15.1",
+ "2.16.840.1.113839.0.100.15.2",
+ "2.16.840.1.113839.0.100.18.0",
+ "2.16.840.1.113839.0.100.18.1",
+ "2.16.840.1.113839.0.100.18.2",
+ "2.16.840.1.113839.0.100.19.1",
+ "2.16.840.1.113839.0.100.20.1",
+ "2.16.840.1.113839.0.100.37.1",
+ "2.16.840.1.113839.0.100.37.2",
+ "2.16.840.1.113839.0.100.38.1",
+ "2.16.840.1.113839.0.100.38.2",
+ ];
- let mut crldp_counter = 0;
- for crldp in crl_dps.0 {
- let dpn = crldp.distribution_point.unwrap();
- if 0 == crldp_counter {
- match dpn {
- DistributionPointName::FullName(gns) => {
- assert_eq!(1, gns.len());
- let gn = gns.get(0).unwrap();
+ for (cp_counter, cp) in cps.0.into_iter().enumerate() {
+ assert_eq!(ids[cp_counter], cp.policy_identifier.to_string());
+ match cp_counter {
+ 18 => {
+ assert!(cp.policy_qualifiers.is_some());
+ let pq = cp.policy_qualifiers.unwrap();
+ for (pq_counter, pqi) in pq.iter().enumerate() {
+ match pq_counter {
+ 0 => {
+ assert_eq!(
+ "1.3.6.1.5.5.7.2.1",
+ pqi.policy_qualifier_id.to_string()
+ );
+ let cpsval =
+ Ia5StringRef::try_from(pqi.qualifier.as_ref().unwrap())
+ .unwrap();
+ assert_eq!(
+ "https://secure.identrust.com/certificates/policy/IGC/index.html",
+ cpsval.to_string()
+ );
+ }
+ 1 => {
+ assert_eq!(
+ "1.3.6.1.5.5.7.2.2",
+ pqi.policy_qualifier_id.to_string()
+ );
+ // TODO VisibleString
+ }
+ _ => unreachable!(),
+ }
+ }
+ }
+ _ => assert!(cp.policy_qualifiers.is_none()),
+ }
+ }
+ }
+ 4 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_CE_SUBJECT_KEY_IDENTIFIER.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let skid = SubjectKeyIdentifier::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(Length::new(21), skid.0.len());
+ assert_eq!(
+ &hex!("DBD3DEBF0D7B615B32803BC0206CD7AADD39B8ACFF"),
+ skid.0.as_bytes()
+ );
+
+ let reencoded = skid.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+ }
+ 5 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_CE_CRL_DISTRIBUTION_POINTS.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let crl_dps = CrlDistributionPoints::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(2, crl_dps.0.len());
+
+ let reencoded = crl_dps.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+
+ for (crldp_counter, crldp) in crl_dps.0.into_iter().enumerate() {
+ let dpn = crldp.distribution_point.unwrap();
+ match crldp_counter {
+ 0 => match dpn {
+ DistributionPointName::FullName(gns) => {
+ assert_eq!(1, gns.len());
+ let gn = gns.first().unwrap();
+ match gn {
+ GeneralName::UniformResourceIdentifier(uri) => {
+ assert_eq!(
+ "http://crl-pte.identrust.com.test/crl/IGCRootca1.crl",
+ uri.to_string()
+ );
+ }
+ _ => {
+ panic!("Expected UniformResourceIdentifier");
+ }
+ }
+ }
+ _ => {
+ panic!("Expected FullName");
+ }
+ },
+ 1 => match dpn {
+ DistributionPointName::FullName(gns) => {
+ assert_eq!(1, gns.len());
+ let gn = gns.first().unwrap();
+ match gn {
+ GeneralName::UniformResourceIdentifier(uri) => {
+ assert_eq!("ldap://ldap-pte.identrust.com.test/cn%3DIGC%20Root%20CA1%2Co%3DIdenTrust%2Cc%3DUS%3FcertificateRevocationList%3Bbinary", uri.to_string());
+ }
+ _ => {
+ panic!("Expected UniformResourceIdentifier");
+ }
+ }
+ }
+ _ => {
+ panic!("Expected UniformResourceIdentifier");
+ }
+ },
+ _ => unreachable!(),
+ }
+ }
+ }
+ 6 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_PE_SUBJECT_INFO_ACCESS.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let sias = SubjectInfoAccessSyntax::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(1, sias.0.len());
+
+ let reencoded = sias.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+
+ for sia in sias.0 {
+ assert_eq!("1.3.6.1.5.5.7.48.5", sia.access_method.to_string());
+ let gn = sia.access_location;
+ match gn {
+ GeneralName::UniformResourceIdentifier(gn) => {
+ assert_eq!(
+ "http://http.cite.fpki-lab.gov.test/bridge/caCertsIssuedBytestFBCA.p7c",
+ gn.to_string()
+ );
+ }
+ _ => {
+ panic!("Expected UniformResourceIdentifier");
+ }
+ }
+ }
+ }
+ 7 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_PE_AUTHORITY_INFO_ACCESS.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let aias = AuthorityInfoAccessSyntax::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(2, aias.0.len());
+
+ let reencoded = aias.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+
+ for (aia_counter, aia) in aias.0.into_iter().enumerate() {
+ match aia_counter {
+ 0 => {
+ assert_eq!("1.3.6.1.5.5.7.48.2", aia.access_method.to_string());
+ let gn = aia.access_location;
match gn {
- GeneralName::UniformResourceIdentifier(uri) => {
+ GeneralName::UniformResourceIdentifier(gn) => {
assert_eq!(
- "http://crl-pte.identrust.com.test/crl/IGCRootca1.crl",
- uri.to_string()
+ "http://apps-stg.identrust.com.test/roots/IGCRootca1.p7c",
+ gn.to_string()
);
}
_ => {
@@ -406,133 +497,54 @@
}
}
}
- _ => {
- panic!("Expected FullName");
- }
- }
- } else if 1 == crldp_counter {
- match dpn {
- DistributionPointName::FullName(gns) => {
- assert_eq!(1, gns.len());
- let gn = gns.get(0).unwrap();
+ 1 => {
+ assert_eq!("1.3.6.1.5.5.7.48.1", aia.access_method.to_string());
+ let gn = aia.access_location;
match gn {
- GeneralName::UniformResourceIdentifier(uri) => {
- assert_eq!("ldap://ldap-pte.identrust.com.test/cn%3DIGC%20Root%20CA1%2Co%3DIdenTrust%2Cc%3DUS%3FcertificateRevocationList%3Bbinary", uri.to_string());
+ GeneralName::UniformResourceIdentifier(gn) => {
+ assert_eq!(
+ "http://igcrootpte.ocsp.identrust.com.test:8125",
+ gn.to_string()
+ );
}
_ => {
panic!("Expected UniformResourceIdentifier");
}
}
}
- _ => {
- panic!("Expected UniformResourceIdentifier");
- }
- }
- }
-
- crldp_counter += 1;
- }
- } else if 6 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_PE_SUBJECT_INFO_ACCESS.to_string()
- );
- assert_eq!(ext.critical, false);
- let sias = SubjectInfoAccessSyntax::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(1, sias.0.len());
-
- let reencoded = sias.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
-
- for sia in sias.0 {
- assert_eq!("1.3.6.1.5.5.7.48.5", sia.access_method.to_string());
- let gn = sia.access_location;
- match gn {
- GeneralName::UniformResourceIdentifier(gn) => {
- assert_eq!(
- "http://http.cite.fpki-lab.gov.test/bridge/caCertsIssuedBytestFBCA.p7c",
- gn.to_string()
- );
- }
- _ => {
- panic!("Expected UniformResourceIdentifier");
+ _ => unreachable!(),
}
}
}
- } else if 7 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_PE_AUTHORITY_INFO_ACCESS.to_string()
- );
- assert_eq!(ext.critical, false);
- let aias = AuthorityInfoAccessSyntax::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(2, aias.0.len());
- let mut aia_counter = 0;
+ 8 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_CE_INHIBIT_ANY_POLICY.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let iap = InhibitAnyPolicy::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(0, iap.0);
- let reencoded = aias.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
-
- for aia in aias.0 {
- if 0 == aia_counter {
- assert_eq!("1.3.6.1.5.5.7.48.2", aia.access_method.to_string());
- let gn = aia.access_location;
- match gn {
- GeneralName::UniformResourceIdentifier(gn) => {
- assert_eq!(
- "http://apps-stg.identrust.com.test/roots/IGCRootca1.p7c",
- gn.to_string()
- );
- }
- _ => {
- panic!("Expected UniformResourceIdentifier");
- }
- }
- } else if 1 == aia_counter {
- assert_eq!("1.3.6.1.5.5.7.48.1", aia.access_method.to_string());
- let gn = aia.access_location;
- match gn {
- GeneralName::UniformResourceIdentifier(gn) => {
- assert_eq!(
- "http://igcrootpte.ocsp.identrust.com.test:8125",
- gn.to_string()
- );
- }
- _ => {
- panic!("Expected UniformResourceIdentifier");
- }
- }
- }
-
- aia_counter += 1;
+ let reencoded = iap.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
}
- } else if 8 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_CE_INHIBIT_ANY_POLICY.to_string()
- );
- assert_eq!(ext.critical, false);
- let iap = InhibitAnyPolicy::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(0, iap.0);
+ 9 => {
+ assert_eq!(
+ ext.extn_id.to_string(),
+ ID_CE_AUTHORITY_KEY_IDENTIFIER.to_string()
+ );
+ assert_eq!(ext.critical, false);
+ let akid = AuthorityKeyIdentifier::from_der(ext.extn_value.as_bytes()).unwrap();
+ assert_eq!(
+ &hex!("7C4C863AB80BD589870BEDB7E11BBD2A08BB3D23FF"),
+ akid.key_identifier.as_ref().unwrap().as_bytes()
+ );
- let reencoded = iap.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
- } else if 9 == counter {
- assert_eq!(
- ext.extn_id.to_string(),
- ID_CE_AUTHORITY_KEY_IDENTIFIER.to_string()
- );
- assert_eq!(ext.critical, false);
- let akid = AuthorityKeyIdentifier::from_der(ext.extn_value.as_bytes()).unwrap();
- assert_eq!(
- &hex!("7C4C863AB80BD589870BEDB7E11BBD2A08BB3D23FF"),
- akid.key_identifier.as_ref().unwrap().as_bytes()
- );
-
- let reencoded = akid.to_der().and_then(OctetString::new).unwrap();
- assert_eq!(ext.extn_value, reencoded);
+ let reencoded = akid.to_der().and_then(OctetString::new).unwrap();
+ assert_eq!(ext.extn_value, reencoded);
+ }
+ _ => unreachable!(),
}
-
- counter += 1;
}
let der_encoded_cert = include_bytes!("examples/GoodCACert.crt");
@@ -850,22 +862,15 @@
let gn =
GeneralName::from_der(&hex!("A45C305A310B3009060355040613025553311F301D060355040A131654657374204365727469666963617465732032303137311C301A060355040B13136F6E6C79536F6D65526561736F6E7320434133310C300A0603550403130343524C")).unwrap();
- match gn {
- GeneralName::DirectoryName(gn) => {
- assert_eq!(4, gn.0.len());
- }
- _ => {}
+ if let GeneralName::DirectoryName(gn) = gn {
+ assert_eq!(4, gn.0.len());
}
let gns =
GeneralNames::from_der(&hex!("305EA45C305A310B3009060355040613025553311F301D060355040A131654657374204365727469666963617465732032303137311C301A060355040B13136F6E6C79536F6D65526561736F6E7320434133310C300A0603550403130343524C")).unwrap();
assert_eq!(1, gns.len());
- let gn = gns.get(0).unwrap();
- match gn {
- GeneralName::DirectoryName(gn) => {
- assert_eq!(4, gn.0.len());
- }
- _ => {}
+ if let GeneralName::DirectoryName(gn) = gns.first().unwrap() {
+ assert_eq!(4, gn.0.len());
}
//TODO - fix decode impl (expecting a SEQUENCE despite this being a CHOICE). Sort out FixedTag implementation.
@@ -887,20 +892,13 @@
let dp =
DistributionPoint::from_der(&hex!("3062A060A05EA45C305A310B3009060355040613025553311F301D060355040A131654657374204365727469666963617465732032303137311C301A060355040B13136F6E6C79536F6D65526561736F6E7320434133310C300A0603550403130343524C")).unwrap();
- let dpn = dp.distribution_point.unwrap();
- match dpn {
- DistributionPointName::FullName(dpn) => {
- assert_eq!(1, dpn.len());
- let gn = dpn.get(0).unwrap();
- match gn {
- GeneralName::DirectoryName(gn) => {
- assert_eq!(4, gn.0.len());
- }
- _ => {}
- }
+ if let DistributionPointName::FullName(dpn) = dp.distribution_point.unwrap() {
+ assert_eq!(1, dpn.len());
+ if let GeneralName::DirectoryName(gn) = dpn.first().unwrap() {
+ assert_eq!(4, gn.0.len());
}
- _ => {}
}
+
assert!(dp.crl_issuer.is_none());
assert!(dp.reasons.is_none());
diff --git a/pseudo_crate/Cargo.lock b/pseudo_crate/Cargo.lock
index 39eaecd..061446e 100644
--- a/pseudo_crate/Cargo.lock
+++ b/pseudo_crate/Cargo.lock
@@ -5229,6 +5229,27 @@
checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
[[package]]
+name = "tls_codec"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "b5e78c9c330f8c85b2bae7c8368f2739157db9991235123aa1b15ef9502bfb6a"
+dependencies = [
+ "tls_codec_derive",
+ "zeroize",
+]
+
+[[package]]
+name = "tls_codec_derive"
+version = "0.4.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8d9ef545650e79f30233c0003bcc2504d7efac6dad25fca40744de773fe2049c"
+dependencies = [
+ "proc-macro2 1.0.92",
+ "quote 1.0.37",
+ "syn 2.0.90",
+]
+
+[[package]]
name = "tokio"
version = "1.42.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
@@ -6518,13 +6539,14 @@
[[package]]
name = "x509-cert"
-version = "0.2.4"
+version = "0.2.5"
source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25eefca1d99701da3a57feb07e5079fc62abba059fc139e98c13bbb250f3ef29"
+checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"
dependencies = [
"const-oid",
"der",
"spki",
+ "tls_codec",
]
[[package]]
diff --git a/pseudo_crate/Cargo.toml b/pseudo_crate/Cargo.toml
index 419e9da..4c710c3 100644
--- a/pseudo_crate/Cargo.toml
+++ b/pseudo_crate/Cargo.toml
@@ -390,7 +390,7 @@
webpki = "=0.22.4"
which = "=4.4.0"
winnow = "=0.5.37"
-x509-cert = "=0.2.4"
+x509-cert = "=0.2.5"
xml-rs = "=0.8.19"
yaml-rust = "=0.4.5"
zerocopy = "=0.8.13"
