1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
use crate::cert::{lenient_certificate_serial_number, Cert, EndEntityOrCa};
use crate::{der, Error};

/// A trust anchor (a.k.a. root CA).
///
/// Traditionally, certificate verification libraries have represented trust
/// anchors as full X.509 root certificates. However, those certificates
/// contain a lot more data than is needed for verifying certificates. The
/// `TrustAnchor` representation allows an application to store just the
/// essential elements of trust anchors. The `TrustAnchor::try_from_cert_der`
/// function allows converting X.509 certificates to to the minimized
/// `TrustAnchor` representation, either at runtime or in a build script.
#[derive(Debug)]
pub struct TrustAnchor<'a> {
    /// The value of the `subject` field of the trust anchor.
    pub subject: &'a [u8],

    /// The value of the `subjectPublicKeyInfo` field of the trust anchor.
    pub spki: &'a [u8],

    /// The value of a DER-encoded NameConstraints, containing name
    /// constraints to apply to the trust anchor, if any.
    pub name_constraints: Option<&'a [u8]>,
}

/// Trust anchors which may be used for authenticating servers.
#[deprecated(
    since = "0.101.2",
    note = "The per-usage trust anchor representations and verification functions are deprecated in \
        favor of the general-purpose `TrustAnchor` type and `EndEntity::verify_for_usage` function. \
        The new `verify_for_usage` function expresses trust anchor and end entity purpose with the \
        key usage argument."
)]
#[derive(Debug)]
pub struct TlsServerTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);

/// Trust anchors which may be used for authenticating clients.
#[deprecated(
    since = "0.101.2",
    note = "The per-usage trust anchor representations and verification functions are deprecated in \
        favor of the general-purpose `TrustAnchor` type and `EndEntity::verify_for_usage` function. \
        The new `verify_for_usage` function expresses trust anchor and end entity purpose with the \
        key usage argument."
)]
#[derive(Debug)]
pub struct TlsClientTrustAnchors<'a>(pub &'a [TrustAnchor<'a>]);

impl<'a> TrustAnchor<'a> {
    /// Interprets the given DER-encoded certificate as a `TrustAnchor`. The
    /// certificate is not validated. In particular, there is no check that the
    /// certificate is self-signed or even that the certificate has the cA basic
    /// constraint.
    pub fn try_from_cert_der(cert_der: &'a [u8]) -> Result<Self, Error> {
        let cert_der = untrusted::Input::from(cert_der);

        // XXX: `EndEntityOrCA::EndEntity` is used instead of `EndEntityOrCA::CA`
        // because we don't have a reference to a child cert, which is needed for
        // `EndEntityOrCA::CA`. For this purpose, it doesn't matter.
        //
        // v1 certificates will result in `Error::BadDer` because `parse_cert` will
        // expect a version field that isn't there. In that case, try to parse the
        // certificate using a special parser for v1 certificates. Notably, that
        // parser doesn't allow extensions, so there's no need to worry about
        // embedded name constraints in a v1 certificate.
        match Cert::from_der(cert_der, EndEntityOrCa::EndEntity) {
            Ok(cert) => Ok(Self::from(cert)),
            Err(Error::UnsupportedCertVersion) => {
                Self::from_v1_der(cert_der).or(Err(Error::BadDer))
            }
            Err(err) => Err(err),
        }
    }

    /// Parses a v1 certificate directly into a TrustAnchor.
    fn from_v1_der(cert_der: untrusted::Input<'a>) -> Result<Self, Error> {
        // X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
        cert_der.read_all(Error::BadDer, |cert_der| {
            der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |cert_der| {
                let anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |tbs| {
                    // The version number field does not appear in v1 certificates.
                    lenient_certificate_serial_number(tbs)?;

                    skip(tbs, der::Tag::Sequence)?; // signature.
                    skip(tbs, der::Tag::Sequence)?; // issuer.
                    skip(tbs, der::Tag::Sequence)?; // validity.
                    let subject = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;
                    let spki = der::expect_tag_and_get_value(tbs, der::Tag::Sequence)?;

                    Ok(TrustAnchor {
                        subject: subject.as_slice_less_safe(),
                        spki: spki.as_slice_less_safe(),
                        name_constraints: None,
                    })
                });

                // read and discard signatureAlgorithm + signature
                skip(cert_der, der::Tag::Sequence)?;
                skip(cert_der, der::Tag::BitString)?;

                anchor
            })
        })
    }
}

impl<'a> From<Cert<'a>> for TrustAnchor<'a> {
    fn from(cert: Cert<'a>) -> Self {
        Self {
            subject: cert.subject.as_slice_less_safe(),
            spki: cert.spki.value().as_slice_less_safe(),
            name_constraints: cert.name_constraints.map(|nc| nc.as_slice_less_safe()),
        }
    }
}

fn skip(input: &mut untrusted::Reader, tag: der::Tag) -> Result<(), Error> {
    der::expect_tag_and_get_value(input, tag).map(|_| ())
}