zar 0.2.0

XAR archive reader/writer library. Fuzz-tested against MacOS xar.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

use std::io::Error;
use std::sync::LazyLock;

use x509_cert::der::asn1::BitStringRef;
use x509_cert::der::referenced::OwnedToRef;
use x509_cert::Certificate;

use crate::RootCertVerifier;

#[allow(clippy::expect_used)]
static APPLE_ROOT_PUBLIC_KEY: LazyLock<BitStringRef<'static>> = LazyLock::new(|| {
    let der = include_bytes!(concat!(env!("OUT_DIR"), "/apple-bit-string"));
    BitStringRef::from_bytes(&der[..]).expect("Failed to parse Apple root public key")
});

/// A [`RootCertVerifier`] that trusts only Apple root certificate.
///
/// Only compares the public key.
pub struct AppleRootCertVerifier;

impl RootCertVerifier for AppleRootCertVerifier {
    fn verify(&self, candidate: &Certificate) -> Result<(), Error> {
        if candidate
            .tbs_certificate
            .subject_public_key_info
            .subject_public_key
            .owned_to_ref()
            == *APPLE_ROOT_PUBLIC_KEY
        {
            return Ok(());
        }
        Err(Error::other("untrusted root certificate"))
    }
}