Skip to content

Commit

Permalink
tests: better DER sequence wrap w/ yasna.
Browse files Browse the repository at this point in the history
While updating the webpki-roots `codegen.rs` test to generate the root
collection using CCADB data we took a dev dependency on yasna[0] to
support DER serializing name constraints extensions based on a string
representation.

Having this dependency means we can drop the crummy hand-serialized
SEQUENCE wrapping that the `name_constraints` test from
`tests/verify.rs` was doing, replacing it with a Yasna serializer.

[0]: https://docs.rs/yasna/latest/yasna/
  • Loading branch information
cpu committed Nov 22, 2023
1 parent 1f31003 commit ed5db87
Showing 1 changed file with 5 additions and 5 deletions.
10 changes: 5 additions & 5 deletions tests/verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -109,11 +109,11 @@ fn rcgen_ee_for_name(name: String, issuer: &Certificate) -> Vec<u8> {
fn rcgen_name_constraints(der: &[u8]) -> rcgen::NameConstraints {
// x509 parser expects the outer SEQUENCE that the webpki trust anchor representation elides
// so wrap the DER up.
//
// Note: We take the cheap way out here and assume single byte length - if the following
// assert fails we'll need to more intelligently encode the sequence DER length.
assert!(der.len() < 0x80, "name constraint too long");
let wrapped_der = [&[0x30, der.len() as u8], der].concat();
let wrapped_der = yasna::construct_der(|writer| {
writer.write_sequence(|writer| {
writer.next().write_der(der);
})
});

// Constraints should parse with no trailing data.
let (trailing, constraints) = X509ParserNameConstraints::from_der(&wrapped_der).unwrap();
Expand Down

0 comments on commit ed5db87

Please sign in to comment.