mls_rs_core/identity/
x509.rs

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// Copyright by contributors to this project.
// SPDX-License-Identifier: (Apache-2.0 OR MIT)

use core::{
    convert::Infallible,
    fmt::{self, Debug},
    ops::{Deref, DerefMut},
};

use alloc::vec::Vec;
use mls_rs_codec::{MlsDecode, MlsEncode, MlsSize};

use super::{Credential, CredentialType, MlsCredential};

#[derive(Clone, PartialEq, Eq, Hash, PartialOrd, Ord, MlsSize, MlsEncode, MlsDecode)]
#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
#[cfg_attr(
    all(feature = "ffi", not(test)),
    safer_ffi_gen::ffi_type(clone, opaque)
)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
/// X.509 certificate in DER format.
pub struct DerCertificate(
    #[mls_codec(with = "mls_rs_codec::byte_vec")]
    #[cfg_attr(feature = "serde", serde(with = "crate::vec_serde"))]
    Vec<u8>,
);

impl Debug for DerCertificate {
    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
        crate::debug::pretty_bytes(&self.0)
            .named("DerCertificate")
            .fmt(f)
    }
}

#[cfg_attr(all(feature = "ffi", not(test)), safer_ffi_gen::safer_ffi_gen)]
impl DerCertificate {
    /// Create a der certificate from raw bytes.
    pub fn new(data: Vec<u8>) -> DerCertificate {
        DerCertificate(data)
    }

    /// Convert this certificate into raw bytes.
    pub fn into_vec(self) -> Vec<u8> {
        self.0
    }
}

impl From<Vec<u8>> for DerCertificate {
    fn from(data: Vec<u8>) -> Self {
        DerCertificate(data)
    }
}

impl Deref for DerCertificate {
    type Target = [u8];

    fn deref(&self) -> &Self::Target {
        &self.0
    }
}

impl AsRef<[u8]> for DerCertificate {
    fn as_ref(&self) -> &[u8] {
        &self.0
    }
}

#[derive(Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, MlsSize, MlsEncode, MlsDecode)]
#[cfg_attr(feature = "arbitrary", derive(arbitrary::Arbitrary))]
#[cfg_attr(
    all(feature = "ffi", not(test)),
    safer_ffi_gen::ffi_type(clone, opaque)
)]
#[cfg_attr(feature = "serde", derive(serde::Serialize, serde::Deserialize))]
/// A chain of [`DerCertificate`] that is ordered from leaf to root.
///
/// Certificate chains MAY leave out root CA's so long as they are
/// provided as input to whatever certificate validator ultimately is
/// verifying the chain.
pub struct CertificateChain(Vec<DerCertificate>);

impl Deref for CertificateChain {
    type Target = Vec<DerCertificate>;

    fn deref(&self) -> &Self::Target {
        &self.0
    }
}

impl DerefMut for CertificateChain {
    fn deref_mut(&mut self) -> &mut Self::Target {
        &mut self.0
    }
}

impl From<Vec<DerCertificate>> for CertificateChain {
    fn from(cert_data: Vec<DerCertificate>) -> Self {
        CertificateChain(cert_data)
    }
}

impl From<Vec<Vec<u8>>> for CertificateChain {
    fn from(value: Vec<Vec<u8>>) -> Self {
        CertificateChain(value.into_iter().map(DerCertificate).collect())
    }
}

impl FromIterator<DerCertificate> for CertificateChain {
    fn from_iter<T: IntoIterator<Item = DerCertificate>>(iter: T) -> Self {
        CertificateChain::from(iter.into_iter().collect::<Vec<_>>())
    }
}

impl CertificateChain {
    /// Get the leaf certificate, which is the first certificate in the chain.
    pub fn leaf(&self) -> Option<&DerCertificate> {
        self.0.first()
    }

    /// Convert this certificate chain into a [`Credential`] enum.
    pub fn into_credential(self) -> Credential {
        Credential::X509(self)
    }
}

impl MlsCredential for CertificateChain {
    type Error = Infallible;

    fn credential_type() -> CredentialType {
        CredentialType::X509
    }

    fn into_credential(self) -> Result<Credential, Self::Error> {
        Ok(self.into_credential())
    }
}