Skip to content

Commit

Permalink
Resolve coverage issues.
Browse files Browse the repository at this point in the history
  • Loading branch information
deivse committed Oct 8, 2024
1 parent 866dffa commit 06f15ee
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 25 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ use cryptography_x509::{

use crate::{ops::CryptoOps, policy::Policy, ValidationError};

#[derive(Clone)]
pub struct ExtensionPolicy<B: CryptoOps> {
pub(crate) authority_information_access: ExtensionValidator<B>,
pub(crate) authority_key_identifier: ExtensionValidator<B>,
Expand Down Expand Up @@ -124,7 +123,6 @@ impl<B: CryptoOps> ExtensionPolicy<B> {
}

/// Represents different criticality states for an extension.
#[derive(Clone)]
pub(crate) enum Criticality {
/// The extension MUST be marked as critical.
Critical,
Expand Down Expand Up @@ -153,7 +151,6 @@ type MaybeExtensionValidatorCallback<B> =
fn(&Policy<'_, B>, &Certificate<'_>, Option<&Extension<'_>>) -> Result<(), ValidationError>;

/// Represents different validation states for an extension.
#[derive(Clone)]
pub(crate) enum ExtensionValidator<B: CryptoOps> {
/// The extension MUST NOT be present.
NotPresent,
Expand Down
4 changes: 1 addition & 3 deletions src/rust/cryptography-x509-verification/src/policy/mod.rs
Original file line number Diff line number Diff line change
Expand Up @@ -25,12 +25,10 @@ use cryptography_x509::oid::{
use once_cell::sync::Lazy;

use crate::ops::CryptoOps;
use crate::policy::extension::{ca, common, ee, Criticality, ExtensionValidator};
use crate::policy::extension::{ca, common, ee, Criticality, ExtensionPolicy, ExtensionValidator};
use crate::types::{DNSName, DNSPattern, IPAddress};
use crate::{ValidationError, VerificationCertificate};

pub use crate::policy::extension::ExtensionPolicy;

// RSA key constraints, as defined in CA/B 6.1.5.
static WEBPKI_MINIMUM_RSA_MODULUS: usize = 2048;

Expand Down
29 changes: 10 additions & 19 deletions src/rust/src/x509/verify.rs
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ use cryptography_x509::{
};
use cryptography_x509_verification::{
ops::{CryptoOps, VerificationCertificate},
policy::{ExtensionPolicy, Policy, Subject},
policy::{Policy, Subject},
trust_store::Store,
types::{DNSName, IPAddress},
};
Expand All @@ -22,7 +22,6 @@ use crate::x509::sign;

use super::parse_general_names;

#[derive(Clone)]
pub(crate) struct PyCryptoOps {}

impl CryptoOps for PyCryptoOps {
Expand Down Expand Up @@ -74,8 +73,6 @@ pub(crate) struct PolicyBuilder {
time: Option<asn1::DateTime>,
store: Option<pyo3::Py<PyStore>>,
max_chain_depth: Option<u8>,
ca_ext_policy: Option<ExtensionPolicy<PyCryptoOps>>,
ee_ext_policy: Option<ExtensionPolicy<PyCryptoOps>>,
}

impl PolicyBuilder {
Expand All @@ -84,8 +81,6 @@ impl PolicyBuilder {
time: self.time.clone(),
store: self.store.as_ref().map(|s| s.clone_ref(py)),
max_chain_depth: self.max_chain_depth,
ca_ext_policy: self.ca_ext_policy.clone(),
ee_ext_policy: self.ee_ext_policy.clone(),
}
}
}
Expand All @@ -98,8 +93,6 @@ impl PolicyBuilder {
time: None,
store: None,
max_chain_depth: None,
ca_ext_policy: None,
ee_ext_policy: None,
}
}

Expand Down Expand Up @@ -311,24 +304,22 @@ impl PyClientVerifier {
py_chain.append(c.extra())?;
}

// NOTE: The `unwrap()` cannot fail, since the underlying policy
// enforces the well-formedness of the extension set.
let subjects = match &chain[0]
// NOTE: These `unwrap()`s cannot fail, since the underlying policy
// enforces the presence of a SAN and the well-formedness of the
// extension set.
let leaf_san = &chain[0]
.certificate()
.extensions()
.ok()
.unwrap()
.get_extension(&SUBJECT_ALTERNATIVE_NAME_OID)
{
Some(leaf_san) => {
let leaf_gns = leaf_san.value::<SubjectAlternativeName<'_>>()?;
Some(parse_general_names(py, &leaf_gns)?)
}
None => None,
};
.unwrap();

let leaf_gns = leaf_san.value::<SubjectAlternativeName<'_>>()?;
let py_gns = parse_general_names(py, &leaf_gns)?;

Ok(PyVerifiedClient {
subjects,
subjects: Some(py_gns),
chain: py_chain.unbind(),
})
}
Expand Down

0 comments on commit 06f15ee

Please sign in to comment.