From 52f302d11c393091464564f644e791f8fe610efc Mon Sep 17 00:00:00 2001 From: Tony Arcieri Date: Fri, 27 Sep 2024 09:50:31 -0600 Subject: [PATCH] x509-cert: re-export `spki` types without `*Owned` suffixes (#1534) Re-exports the following with shorter names: - `spki::AlgorithmIdentifierOwned` => `x509_cert::AlgorithmIdentifier` - `spki::SubjectPublicKeyInfoOwned` => `x509_cert::SubjectPublicKeyInfo` These names are already quite long to begin with even without the `*Owned` suffix. The `x509-cert` crate has a hard dependency on `alloc` and always uses the `*Owned` types, so this allows for more convenient names in this scenario. --- x509-cert/src/anchor.rs | 12 +++++++----- x509-cert/src/builder.rs | 16 ++++++++-------- x509-cert/src/certificate.rs | 17 ++++++++--------- x509-cert/src/crl.rs | 19 ++++++++++--------- x509-cert/src/lib.rs | 4 ++++ x509-cert/src/request.rs | 6 +++--- x509-cert/tests/builder.rs | 20 +++++++------------- 7 files changed, 47 insertions(+), 47 deletions(-) diff --git a/x509-cert/src/anchor.rs b/x509-cert/src/anchor.rs index 16b591128..292372836 100644 --- a/x509-cert/src/anchor.rs +++ b/x509-cert/src/anchor.rs @@ -4,11 +4,13 @@ use crate::certificate::{CertificateInner, Profile, Rfc5280, TbsCertificateInner use crate::ext::pkix::{certpolicy::CertificatePolicies, NameConstraints}; use crate::{ext::Extensions, name::Name}; +use crate::SubjectPublicKeyInfo; use alloc::string::String; -use der::asn1::OctetString; -use der::flagset::{flags, FlagSet}; -use der::{Choice, Enumerated, Sequence}; -use spki::SubjectPublicKeyInfoOwned; +use der::{ + asn1::OctetString, + flagset::{flags, FlagSet}, + Choice, Enumerated, Sequence, +}; /// Version identifier for TrustAnchorInfo #[derive(Clone, Debug, Default, Copy, PartialEq, Eq, Enumerated)] @@ -41,7 +43,7 @@ pub struct TrustAnchorInfo { #[asn1(default = "Default::default")] pub version: Version, - pub pub_key: SubjectPublicKeyInfoOwned, + pub pub_key: SubjectPublicKeyInfo, pub key_id: OctetString, diff --git a/x509-cert/src/builder.rs b/x509-cert/src/builder.rs index 3e0d089a1..493cfaf7a 100644 --- a/x509-cert/src/builder.rs +++ b/x509-cert/src/builder.rs @@ -6,8 +6,7 @@ use core::fmt; use der::{asn1::BitString, referenced::OwnedToRef, Encode}; use signature::{rand_core::CryptoRngCore, Keypair, RandomizedSigner, Signer}; use spki::{ - AlgorithmIdentifier, DynSignatureAlgorithmIdentifier, EncodePublicKey, ObjectIdentifier, - SignatureBitStringEncoding, SubjectPublicKeyInfoOwned, + DynSignatureAlgorithmIdentifier, EncodePublicKey, ObjectIdentifier, SignatureBitStringEncoding, }; use crate::{ @@ -17,6 +16,7 @@ use crate::{ request::{attributes::AsAttribute, CertReq, CertReqInfo, ExtensionReq}, serial_number::SerialNumber, time::Validity, + AlgorithmIdentifier, SubjectPublicKeyInfo, }; pub mod profile; @@ -107,7 +107,7 @@ pub type Result = core::result::Result; /// /// ``` /// use der::Decode; -/// use x509_cert::spki::SubjectPublicKeyInfoOwned; +/// use x509_cert::spki::SubjectPublicKeyInfo; /// use x509_cert::builder::{CertificateBuilder, Builder, profile}; /// use x509_cert::name::Name; /// use x509_cert::serial_number::SerialNumber; @@ -131,7 +131,7 @@ pub type Result = core::result::Result; /// let subject = Name::from_str("CN=World domination corporation,O=World domination Inc,C=US").unwrap(); /// let profile = profile::cabf::Root::new(false,subject).expect("Create root profile"); /// -/// let pub_key = SubjectPublicKeyInfoOwned::try_from(RSA_2048_DER).expect("get rsa pub key"); +/// let pub_key = SubjectPublicKeyInfo::try_from(RSA_2048_DER).expect("get rsa pub key"); /// /// let mut signer = rsa_signer(); /// let mut builder = CertificateBuilder::new( @@ -159,7 +159,7 @@ where profile: P, serial_number: SerialNumber, mut validity: Validity, - subject_public_key_info: SubjectPublicKeyInfoOwned, + subject_public_key_info: SubjectPublicKeyInfo, ) -> Result { let signature_alg = AlgorithmIdentifier { oid: NULL_OID, @@ -255,7 +255,7 @@ impl RequestBuilder { oid: NULL_OID, parameters: None, }; - let public_key = SubjectPublicKeyInfoOwned { + let public_key = SubjectPublicKeyInfo { algorithm, subject_public_key: BitString::from_bytes(&[]).expect("unable to parse empty object"), }; @@ -362,7 +362,7 @@ where S::VerifyingKey: EncodePublicKey, { let verifying_key = cert_signer.verifying_key(); - let signer_pub = SubjectPublicKeyInfoOwned::from_key(&verifying_key)?; + let signer_pub = SubjectPublicKeyInfo::from_key(&verifying_key)?; self.tbs.signature = cert_signer.signature_algorithm_identifier()?; @@ -413,7 +413,7 @@ impl Builder for RequestBuilder { S::VerifyingKey: EncodePublicKey, { let verifying_key = signer.verifying_key(); - let public_key = SubjectPublicKeyInfoOwned::from_key(&verifying_key)?; + let public_key = SubjectPublicKeyInfo::from_key(&verifying_key)?; self.info.public_key = public_key; self.info diff --git a/x509-cert/src/certificate.rs b/x509-cert/src/certificate.rs index ae2642513..a348527cf 100644 --- a/x509-cert/src/certificate.rs +++ b/x509-cert/src/certificate.rs @@ -1,12 +1,11 @@ //! Certificate types use crate::{ext, name::Name, serial_number::SerialNumber, time::Validity}; +use crate::{AlgorithmIdentifier, SubjectPublicKeyInfo}; use alloc::vec::Vec; use const_oid::AssociatedOid; use core::{cmp::Ordering, fmt::Debug}; -use der::asn1::BitString; -use der::{Decode, Enumerated, ErrorKind, Sequence, Tag, ValueOrd}; -use spki::{AlgorithmIdentifierOwned, SubjectPublicKeyInfoOwned}; +use der::{asn1::BitString, Decode, Enumerated, ErrorKind, Sequence, Tag, ValueOrd}; #[cfg(feature = "pem")] use der::{ @@ -146,11 +145,11 @@ pub struct TbsCertificateInner { pub(crate) version: Version, pub(crate) serial_number: SerialNumber

, - pub(crate) signature: AlgorithmIdentifierOwned, + pub(crate) signature: AlgorithmIdentifier, pub(crate) issuer: Name, pub(crate) validity: Validity

, pub(crate) subject: Name, - pub(crate) subject_public_key_info: SubjectPublicKeyInfoOwned, + pub(crate) subject_public_key_info: SubjectPublicKeyInfo, #[asn1(context_specific = "1", tag_mode = "IMPLICIT", optional = "true")] pub(crate) issuer_unique_id: Option, @@ -179,7 +178,7 @@ impl TbsCertificateInner

{ /// Identifies the signature algorithm that this `TBSCertificate` should be signed with. /// /// In a signed certificate, matches [`CertificateInner::signature_algorithm`]. - pub fn signature(&self) -> &AlgorithmIdentifierOwned { + pub fn signature(&self) -> &AlgorithmIdentifier { &self.signature } @@ -203,7 +202,7 @@ impl TbsCertificateInner

{ /// Subject Public Key Info (SPKI): public key information about this certificate including /// algorithm identifier and key data. - pub fn subject_public_key_info(&self) -> &SubjectPublicKeyInfoOwned { + pub fn subject_public_key_info(&self) -> &SubjectPublicKeyInfo { &self.subject_public_key_info } @@ -330,7 +329,7 @@ pub type Certificate = CertificateInner; #[allow(missing_docs)] pub struct CertificateInner { pub(crate) tbs_certificate: TbsCertificateInner

, - pub(crate) signature_algorithm: AlgorithmIdentifierOwned, + pub(crate) signature_algorithm: AlgorithmIdentifier, pub(crate) signature: BitString, } @@ -341,7 +340,7 @@ impl CertificateInner

{ } /// Signature algorithm used to sign the serialization of [`CertificateInner::tbs_certificate`]. - pub fn signature_algorithm(&self) -> &AlgorithmIdentifierOwned { + pub fn signature_algorithm(&self) -> &AlgorithmIdentifier { &self.signature_algorithm } diff --git a/x509-cert/src/crl.rs b/x509-cert/src/crl.rs index 4896fc2df..22ee4b596 100644 --- a/x509-cert/src/crl.rs +++ b/x509-cert/src/crl.rs @@ -1,17 +1,18 @@ //! Certificate Revocation List types -use crate::certificate::{Profile, Rfc5280}; -use crate::ext::Extensions; -use crate::name::Name; -use crate::serial_number::SerialNumber; -use crate::time::Time; -use crate::Version; +use crate::{ + certificate::{Profile, Rfc5280}, + ext::Extensions, + name::Name, + serial_number::SerialNumber, + time::Time, + AlgorithmIdentifier, Version, +}; use alloc::vec::Vec; use der::asn1::BitString; use der::{Sequence, ValueOrd}; -use spki::AlgorithmIdentifierOwned; /// `CertificateList` as defined in [RFC 5280 Section 5.1]. /// @@ -28,7 +29,7 @@ use spki::AlgorithmIdentifierOwned; #[allow(missing_docs)] pub struct CertificateList { pub tbs_cert_list: TbsCertList

, - pub signature_algorithm: AlgorithmIdentifierOwned, + pub signature_algorithm: AlgorithmIdentifier, pub signature: BitString, } @@ -77,7 +78,7 @@ pub struct RevokedCert { #[allow(missing_docs)] pub struct TbsCertList { pub version: Version, - pub signature: AlgorithmIdentifierOwned, + pub signature: AlgorithmIdentifier, pub issuer: Name, pub this_update: Time, pub next_update: Option