Snap for 7825444 from f178953783bbea245b936866a429f99215c4e607 to tm-d1-release
Change-Id: I7c9343eddfc2283fd4432966eaff291806dd503d
diff --git a/.cargo_vcs_info.json b/.cargo_vcs_info.json
index a19dcef..b81562c 100644
--- a/.cargo_vcs_info.json
+++ b/.cargo_vcs_info.json
@@ -1,5 +1,5 @@
{
"git": {
- "sha1": "8c8e7a47c7728b3ff6e6bf91bcc54d6acd9eeca5"
+ "sha1": "e81f1f2dd19b765c9a034dda316c5814ff97d157"
}
}
diff --git a/Android.bp b/Android.bp
index 6d64e30..5239816 100644
--- a/Android.bp
+++ b/Android.bp
@@ -42,7 +42,7 @@
host_supported: true,
crate_name: "x509_parser",
cargo_env_compat: true,
- cargo_pkg_version: "0.10.0",
+ cargo_pkg_version: "0.12.0",
srcs: ["src/lib.rs"],
edition: "2018",
features: ["default"],
diff --git a/CHANGELOG.md b/CHANGELOG.md
index dfcd92a..bc402dd 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,30 @@
### Thanks
+## 0.12.0
+
+### Added/Changed/Fixed
+
+- Upgrade to nom 7
+
+## 0.11.0
+
+### Added
+
+- Add SubjectPublicKeyInfo::raw field
+
+### Changed/Fixed
+
+- Fix der-parser dependency (#102)
+- Update oid-registry dependency (#77)
+- Set MSRV to 1.46 (indirect dependency on lexical-core and bitvec)
+- Extend the lifetimes exposed on TbsCertificate (#104)
+- Add missing test assets (#103)
+
+### Thanks
+
+- @jgalenson, @g2p, @kpp
+
## 0.10.0
### Added
diff --git a/Cargo.toml b/Cargo.toml
index 36bb744..bd75632 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -3,19 +3,18 @@
# When uploading crates to the registry Cargo will automatically
# "normalize" Cargo.toml files for maximal compatibility
# with all versions of Cargo and also rewrite `path` dependencies
-# to registry (e.g., crates.io) dependencies
+# to registry (e.g., crates.io) dependencies.
#
-# If you believe there's an error in this file please file an
-# issue against the rust-lang/cargo repository. If you're
-# editing this file be aware that the upstream Cargo.toml
-# will likely look very different (and much more reasonable)
+# If you are reading this file be aware that the original Cargo.toml
+# will likely look very different (and much more reasonable).
+# See Cargo.toml.orig for the original contents.
[package]
edition = "2018"
name = "x509-parser"
-version = "0.10.0"
+version = "0.12.0"
authors = ["Pierre Chifflier <chifflier@wzdftpd.net>"]
-include = ["CHANGELOG.md", "LICENSE-*", "README.md", ".gitignore", ".travis.yml", "Cargo.toml", "src/*.rs", "tests/*.rs", "assets/*.der", "assets/*.pem", "examples/*.rs"]
+include = ["CHANGELOG.md", "LICENSE-*", "README.md", ".gitignore", ".travis.yml", "Cargo.toml", "src/*.rs", "tests/*.rs", "assets/*.crl", "assets/*.csr", "assets/*.der", "assets/*.pem", "assets/crl-ext/*.der", "examples/*.rs"]
description = "Parser for the X.509 v3 format (RFC 5280 certificates)"
homepage = "https://github.com/rusticata/x509-parser"
readme = "README.md"
@@ -38,17 +37,17 @@
version = "2.2.1"
[dependencies.der-parser]
-version = "5.1"
+version = "6.0.0"
features = ["bigint"]
[dependencies.lazy_static]
version = "1.4"
[dependencies.nom]
-version = "6.0"
+version = "7.0"
[dependencies.oid-registry]
-version = "0.1.1"
+version = "0.2.0"
features = ["crypto", "x509"]
[dependencies.ring]
@@ -56,7 +55,7 @@
optional = true
[dependencies.rusticata-macros]
-version = "3.0"
+version = "4.0"
[dependencies.thiserror]
version = "1.0"
diff --git a/Cargo.toml.orig b/Cargo.toml.orig
index 0833677..bd19297 100644
--- a/Cargo.toml.orig
+++ b/Cargo.toml.orig
@@ -1,6 +1,6 @@
[package]
name = "x509-parser"
-version = "0.10.0"
+version = "0.12.0"
description = "Parser for the X.509 v3 format (RFC 5280 certificates)"
license = "MIT/Apache-2.0"
keywords = ["X509","Certificate","parser","nom"]
@@ -20,8 +20,11 @@
"Cargo.toml",
"src/*.rs",
"tests/*.rs",
+ "assets/*.crl",
+ "assets/*.csr",
"assets/*.der",
"assets/*.pem",
+ "assets/crl-ext/*.der",
"examples/*.rs"
]
@@ -39,9 +42,9 @@
chrono = { version="0.4", default-features=false, features=["std"] }
data-encoding = "2.2.1"
lazy_static = "1.4"
-nom = "6.0"
-oid-registry = { version="0.1.1", features=["crypto", "x509"] }
-rusticata-macros = "3.0"
+nom = "7.0"
+oid-registry = { version="0.2.0", features=["crypto", "x509"] }
+rusticata-macros = "4.0"
ring = { version="0.16", optional=true }
-der-parser = { version = "5.1", features=["bigint"] }
+der-parser = { version = "6.0.0", features=["bigint"] }
thiserror = "1.0"
diff --git a/METADATA b/METADATA
index 4d6197c..ab1ae51 100644
--- a/METADATA
+++ b/METADATA
@@ -7,13 +7,13 @@
}
url {
type: ARCHIVE
- value: "https://static.crates.io/crates/x509-parser/x509-parser-0.10.0.crate"
+ value: "https://static.crates.io/crates/x509-parser/x509-parser-0.12.0.crate"
}
- version: "0.10.0"
+ version: "0.12.0"
license_type: NOTICE
last_upgrade_date {
year: 2021
- month: 8
- day: 9
+ month: 9
+ day: 23
}
}
diff --git a/README.md b/README.md
index b6ffbeb..e6ad660 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@
[](https://crates.io/crates/x509-parser)
[](https://crates.io/crates/x509-parser)
[](https://github.com/rusticata/x509-parser/actions)
-[](#rust-version-requirements)
+[](#rust-version-requirements)
# X.509 Parser
@@ -103,7 +103,7 @@
## Rust version requirements
-`x509-parser` requires **Rustc version 1.45 or greater**, based on nom 6
+`x509-parser` requires **Rustc version 1.46 or greater**, based on nom 7
dependencies and for proc-macro attributes support.
[RFC5280]: https://tools.ietf.org/html/rfc5280
diff --git a/assets/crl-ext/crl-complex.der b/assets/crl-ext/crl-complex.der
new file mode 100644
index 0000000..f5140f1
--- /dev/null
+++ b/assets/crl-ext/crl-complex.der
Binary files differ
diff --git a/assets/crl-ext/crl-no-crl.der b/assets/crl-ext/crl-no-crl.der
new file mode 100644
index 0000000..03f7357
--- /dev/null
+++ b/assets/crl-ext/crl-no-crl.der
Binary files differ
diff --git a/assets/crl-ext/crl-simple.der b/assets/crl-ext/crl-simple.der
new file mode 100644
index 0000000..224a743
--- /dev/null
+++ b/assets/crl-ext/crl-simple.der
Binary files differ
diff --git a/assets/csr-empty-attributes.csr b/assets/csr-empty-attributes.csr
new file mode 100644
index 0000000..bfb84c8
--- /dev/null
+++ b/assets/csr-empty-attributes.csr
Binary files differ
diff --git a/assets/empty.crl b/assets/empty.crl
new file mode 100644
index 0000000..fc3f6b3
--- /dev/null
+++ b/assets/empty.crl
Binary files differ
diff --git a/assets/example.crl b/assets/example.crl
new file mode 100644
index 0000000..3df0b6f
--- /dev/null
+++ b/assets/example.crl
Binary files differ
diff --git a/assets/minimal.crl b/assets/minimal.crl
new file mode 100644
index 0000000..32cd969
--- /dev/null
+++ b/assets/minimal.crl
Binary files differ
diff --git a/assets/test.csr b/assets/test.csr
new file mode 100644
index 0000000..729df67
--- /dev/null
+++ b/assets/test.csr
@@ -0,0 +1,8 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBBjCBrQIBADAcMRowGAYDVQQDDBF0ZXN0LnJ1c3RpY2F0YS5mcjBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABMP1frFxwJLXiLU6UoqOPf31ucCm2NqR2yqpcHo6
+W7iWJe31OzYs0izP2qeUvdKfz2fpAbuGiRjwvN+H10dQQEGgLzAtBgkqhkiG9w0B
+CQ4xIDAeMBwGA1UdEQQVMBOCEXRlc3QucnVzdGljYXRhLmZyMAoGCCqGSM49BAMC
+A0gAMEUCIGqQHPHgpeyZa5YMLP2X5IwfmrvpIcg5fQ2xkXotGAa0AiEAydeBwr4r
+Iu7XDe015h8uz8xZs2QUEgRdr73lJXTX+Ck=
+-----END CERTIFICATE REQUEST-----
diff --git a/patches/rustdoc.patch b/patches/rustdoc.patch
deleted file mode 100644
index d6ec591..0000000
--- a/patches/rustdoc.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff --git a/src/traits.rs b/src/traits.rs
-index bd4d070..aae96e5 100644
---- a/src/traits.rs
-+++ b/src/traits.rs
-@@ -5,7 +5,18 @@ use crate::error::X509Result;
- ///
- /// The returned object uses zero-copy, and so has the same lifetime as the input.
- ///
--/// Note that only parsing is done, not validation (see the [`Validate`](crate::validate::Validate) trait).
-+#[cfg_attr(
-+ feature = "validate",
-+ doc = r#"
-+Note that only parsing is done, not validation (see the [`Validate`](crate::validate::Validate) trait).
-+"#
-+)]
-+#[cfg_attr(
-+ not(feature = "validate"),
-+ doc = r#"
-+Note that only parsing is done, not validation.
-+"#
-+)]
- ///
- /// # Example
- ///
diff --git a/src/certificate.rs b/src/certificate.rs
index 1d937b1..b2f2c63 100644
--- a/src/certificate.rs
+++ b/src/certificate.rs
@@ -322,27 +322,27 @@
impl<'a> TbsCertificate<'a> {
/// Returns the certificate extensions
#[inline]
- pub fn extensions(&self) -> &[X509Extension] {
+ pub fn extensions(&self) -> &[X509Extension<'a>] {
&self.extensions
}
/// Returns an iterator over the certificate extensions
#[inline]
- pub fn iter_extensions(&self) -> impl Iterator<Item = &X509Extension> {
+ pub fn iter_extensions(&self) -> impl Iterator<Item = &X509Extension<'a>> {
self.extensions.iter()
}
/// Searches for an extension with the given `Oid`.
///
/// Note: if there are several extensions with the same `Oid`, the first one is returned.
- pub fn find_extension(&self, oid: &Oid) -> Option<&X509Extension> {
+ pub fn find_extension(&self, oid: &Oid) -> Option<&X509Extension<'a>> {
self.extensions.iter().find(|&ext| ext.oid == *oid)
}
/// Builds and returns a map of extensions.
///
/// If an extension is present twice, this will fail and return `DuplicateExtensions`.
- pub fn extensions_map(&self) -> Result<HashMap<Oid, &X509Extension>, X509Error> {
+ pub fn extensions_map(&self) -> Result<HashMap<Oid, &X509Extension<'a>>, X509Error> {
self.extensions
.iter()
.try_fold(HashMap::new(), |mut m, ext| {
@@ -370,7 +370,7 @@
})
}
- pub fn extended_key_usage(&self) -> Option<(bool, &ExtendedKeyUsage)> {
+ pub fn extended_key_usage(&self) -> Option<(bool, &ExtendedKeyUsage<'a>)> {
self.find_extension(&OID_X509_EXT_EXTENDED_KEY_USAGE)
.and_then(|ext| match ext.parsed_extension {
ParsedExtension::ExtendedKeyUsage(ref eku) => Some((ext.critical, eku)),
@@ -394,7 +394,7 @@
})
}
- pub fn policy_mappings(&self) -> Option<(bool, &PolicyMappings)> {
+ pub fn policy_mappings(&self) -> Option<(bool, &PolicyMappings<'a>)> {
self.find_extension(&OID_X509_EXT_POLICY_MAPPINGS)
.and_then(|ext| match ext.parsed_extension {
ParsedExtension::PolicyMappings(ref pm) => Some((ext.critical, pm)),
@@ -402,7 +402,7 @@
})
}
- pub fn subject_alternative_name(&self) -> Option<(bool, &SubjectAlternativeName)> {
+ pub fn subject_alternative_name(&self) -> Option<(bool, &SubjectAlternativeName<'a>)> {
self.find_extension(&OID_X509_EXT_SUBJECT_ALT_NAME)
.and_then(|ext| match ext.parsed_extension {
ParsedExtension::SubjectAlternativeName(ref san) => Some((ext.critical, san)),
@@ -410,7 +410,7 @@
})
}
- pub fn name_constraints(&self) -> Option<(bool, &NameConstraints)> {
+ pub fn name_constraints(&self) -> Option<(bool, &NameConstraints<'a>)> {
self.find_extension(&OID_X509_EXT_NAME_CONSTRAINTS)
.and_then(|ext| match ext.parsed_extension {
ParsedExtension::NameConstraints(ref nc) => Some((ext.critical, nc)),
@@ -426,7 +426,7 @@
}
/// Get the raw bytes of the certificate serial number
- pub fn raw_serial(&self) -> &[u8] {
+ pub fn raw_serial(&self) -> &'a [u8] {
self.raw_serial
}
diff --git a/src/extensions.rs b/src/extensions.rs
index 6172d47..676cf04 100644
--- a/src/extensions.rs
+++ b/src/extensions.rs
@@ -10,7 +10,7 @@
use der_parser::error::{BerError, BerResult};
use der_parser::num_bigint::BigUint;
use der_parser::oid::Oid;
-use nom::combinator::{all_consuming, complete, map, map_opt, map_res, opt};
+use nom::combinator::{all_consuming, complete, map, map_res, opt};
use nom::multi::{many0, many1};
use nom::{Err, IResult, Parser};
use oid_registry::*;
@@ -1428,7 +1428,7 @@
// CRLNumber ::= INTEGER (0..MAX)
// Note from RFC 3280: "CRL verifiers MUST be able to handle CRLNumber values up to 20 octets."
fn parse_crl_number(i: &[u8]) -> IResult<&[u8], ParsedExtension, BerError> {
- let (rest, num) = map_opt(parse_der_integer, |obj| obj.as_biguint())(i)?;
+ let (rest, num) = map_res(parse_der_integer, |obj| obj.as_biguint())(i)?;
Ok((rest, ParsedExtension::CRLNumber(num)))
}
}
diff --git a/src/lib.rs b/src/lib.rs
index 7939c82..8bd14a9 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -4,7 +4,7 @@
//! [](https://crates.io/crates/x509-parser)
//! [](https://crates.io/crates/x509-parser)
//! [](https://github.com/rusticata/x509-parser/actions)
-//! [](#rust-version-requirements)
+//! [](#rust-version-requirements)
//!
//! # X.509 Parser
//!
@@ -109,7 +109,7 @@
//!
//! ## Rust version requirements
//!
-//! `x509-parser` requires **Rustc version 1.45 or greater**, based on nom 6
+//! `x509-parser` requires **Rustc version 1.46 or greater**, based on nom 7
//! dependencies and for proc-macro attributes support.
//!
//! [RFC5280]: https://tools.ietf.org/html/rfc5280
diff --git a/src/x509.rs b/src/x509.rs
index ecee084..95d1257 100644
--- a/src/x509.rs
+++ b/src/x509.rs
@@ -224,12 +224,15 @@
pub struct SubjectPublicKeyInfo<'a> {
pub algorithm: AlgorithmIdentifier<'a>,
pub subject_public_key: BitStringObject<'a>,
+ /// A raw unparsed PKIX, ASN.1 DER form (see RFC 5280, Section 4.1).
+ pub raw: &'a [u8],
}
impl<'a> FromDer<'a> for SubjectPublicKeyInfo<'a> {
/// Parse the SubjectPublicKeyInfo struct portion of a DER-encoded X.509 Certificate
fn from_der(i: &'a [u8]) -> X509Result<Self> {
- parse_der_sequence_defined_g(|i, _| {
+ let start_i = i;
+ parse_der_sequence_defined_g(move |i, _| {
let (i, algorithm) = AlgorithmIdentifier::from_der(i)?;
let (i, subject_public_key) = map_res(parse_der_bitstring, |x: DerObject<'a>| {
match x.content {
@@ -238,9 +241,12 @@
}
})(i)
.or(Err(X509Error::InvalidSPKI))?;
+ let len = start_i.offset(i);
+ let raw = &start_i[..len];
let spki = SubjectPublicKeyInfo {
algorithm,
subject_public_key,
+ raw,
};
Ok((i, spki))
})(i)
diff --git a/tests/test01.rs b/tests/test01.rs
index 1559888..45c0dca 100644
--- a/tests/test01.rs
+++ b/tests/test01.rs
@@ -1,5 +1,4 @@
-#[macro_use]
-extern crate nom;
+use nom::bytes::complete::take;
#[test]
fn test01() {
@@ -7,13 +6,11 @@
let _ = x509_parser::parse_x509_certificate(data);
}
-named!(parser02<&[u8],()>,
- do_parse!(
- _hdr: take!(1) >>
- _data: take!(18_446_744_073_709_551_615) >>
- ( () )
- )
-);
+fn parser02(input: &[u8]) -> nom::IResult<&[u8], ()> {
+ let (_hdr, input) = take(1_usize)(input)?;
+ let (_data, input) = take(18_446_744_073_709_551_615_usize)(input)?;
+ Ok((input, ()))
+}
#[test]
fn test02() {
