1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Copyright by contributors to this project.
// SPDX-License-Identifier: (Apache-2.0 OR MIT)
use core::{
convert::Infallible,
ops::{Deref, DerefMut},
};
use alloc::vec::Vec;
use mls_rs_codec::{MlsDecode, MlsEncode, MlsSize};
use super::{Credential, CredentialType, MlsCredential};
#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, MlsSize, MlsEncode, MlsDecode)]
#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
#[cfg_attr(
all(feature = "ffi", not(test)),
safer_ffi_gen::ffi_type(clone, opaque)
)]
/// X.509 certificate in DER format.
pub struct DerCertificate(#[mls_codec(with = "mls_rs_codec::byte_vec")] Vec<u8>);
#[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen)]
impl DerCertificate {
/// Create a der certificate from raw bytes.
pub fn new(data: Vec<u8>) -> DerCertificate {
DerCertificate(data)
}
/// Convert this certificate into raw bytes.
pub fn into_vec(self) -> Vec<u8> {
self.0
}
}
impl From<Vec<u8>> for DerCertificate {
fn from(data: Vec<u8>) -> Self {
DerCertificate(data)
}
}
impl Deref for DerCertificate {
type Target = [u8];
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl AsRef<[u8]> for DerCertificate {
fn as_ref(&self) -> &[u8] {
&self.0
}
}
#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, MlsSize, MlsEncode, MlsDecode)]
#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
#[cfg_attr(
all(feature = "ffi", not(test)),
safer_ffi_gen::ffi_type(clone, opaque)
)]
/// A chain of [`DerCertificate`] that is ordered from leaf to root.
///
/// Certificate chains MAY leave out root CA's so long as they are
/// provided as input to whatever certificate validator ultimately is
/// verifying the chain.
pub struct CertificateChain(Vec<DerCertificate>);
impl Deref for CertificateChain {
type Target = Vec<DerCertificate>;
fn deref(&self) -> &Self::Target {
&self.0
}
}
impl DerefMut for CertificateChain {
fn deref_mut(&mut self) -> &mut Self::Target {
&mut self.0
}
}
impl From<Vec<DerCertificate>> for CertificateChain {
fn from(cert_data: Vec<DerCertificate>) -> Self {
CertificateChain(cert_data)
}
}
impl From<Vec<Vec<u8>>> for CertificateChain {
fn from(value: Vec<Vec<u8>>) -> Self {
CertificateChain(value.into_iter().map(DerCertificate).collect())
}
}
impl FromIterator<DerCertificate> for CertificateChain {
fn from_iter<T: IntoIterator<Item = DerCertificate>>(iter: T) -> Self {
CertificateChain::from(iter.into_iter().collect::<Vec<_>>())
}
}
impl CertificateChain {
/// Get the leaf certificate, which is the first certificate in the chain.
pub fn leaf(&self) -> Option<&DerCertificate> {
self.0.first()
}
/// Convert this certificate chain into a [`Credential`] enum.
pub fn into_credential(self) -> Credential {
Credential::X509(self)
}
}
impl MlsCredential for CertificateChain {
type Error = Infallible;
fn credential_type() -> CredentialType {
CredentialType::X509
}
fn into_credential(self) -> Result<Credential, Self::Error> {
Ok(self.into_credential())
}
}
|
