remove rresult and hex dependencies

mirage · Oct 6, 2021 · a68d2b2 · a68d2b2
1 parent 5abecca
commit a68d2b2
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 32 deletions.
diff --git a/bin/dune b/bin/dune
@@ -1,5 +1,5 @@
 (executable
  (name extract_from_certdata)
  (public_name extract-from-certdata)
- (libraries logs logs.fmt logs.cli fmt fmt.tty fmt.cli hex bos rresult
-   astring cmdliner x509))
+ (libraries logs logs.fmt logs.cli fmt fmt.tty fmt.cli bos astring cmdliner
+            x509))
diff --git a/bin/extract_from_certdata.ml b/bin/extract_from_certdata.ml
@@ -2,8 +2,6 @@
 
 (* ideas from FreeBSD's security/ca-root-nss perl script, available at:
    https://github.com/freebsd/freebsd-ports/blob/master/security/ca_root_nss/files/MAca-bundle.pl.in *)
-open Rresult.R.Infix
-
 let until_end data =
   let rec go acc = function
     | [] -> invalid_arg "unexpected end of input (expected END)"
@@ -130,8 +128,17 @@ module M = Map.Make (struct
 end)
 
 let to_hex s =
-  let (`Hex serial) = Hex.of_string s in
-  serial
+  let char_hex n =
+    Char.unsafe_chr (n + if n < 10 then Char.code '0' else (Char.code 'a' - 10))
+  in
+  let slen = String.length s in
+  let out = Bytes.create (slen * 2) in
+  for i = 0 to pred slen do
+    let c = Char.code s.[i] in
+    Bytes.unsafe_set out (i * 2) (char_hex (c lsr 4));
+    Bytes.unsafe_set out (i * 2 + 1) (char_hex (c land 0x0f));
+  done;
+  Bytes.unsafe_to_string out
 
 let decode data =
   let certs, trust = split_into_certs_and_trust ([], []) None [] data in
@@ -235,15 +242,17 @@ let to_ml untrusted db =
     ]
 
 let jump () filename output =
-  Bos.OS.File.read_lines (Fpath.v filename) >>= fun data ->
-  let certs = decode data in
-  let trusted_certs, untrusted = filter_trusted certs in
-  Logs.debug (fun m ->
-      m "found %d certificates (%d total):" (M.cardinal trusted_certs)
-        (M.cardinal certs));
-  let out = to_ml untrusted trusted_certs in
-  let fn = match output with None -> "-" | Some filename -> filename in
-  Bos.OS.File.write (Fpath.v fn) out
+  Result.bind
+    (Bos.OS.File.read_lines (Fpath.v filename))
+    (fun data ->
+       let certs = decode data in
+       let trusted_certs, untrusted = filter_trusted certs in
+       Logs.debug (fun m ->
+           m "found %d certificates (%d total):" (M.cardinal trusted_certs)
+             (M.cardinal certs));
+       let out = to_ml untrusted trusted_certs in
+       let fn = match output with None -> "-" | Some filename -> filename in
+       Bos.OS.File.write (Fpath.v fn) out)
 
 let setup_log style_renderer level =
   Fmt_tty.setup_std_outputs ?style_renderer ();

diff --git a/ca-certs-nss.opam b/ca-certs-nss.opam
@@ -13,14 +13,12 @@ doc: "https://mirage.github.io/ca-certs-nss/doc"
 bug-reports: "https://github.com/mirage/ca-certs-nss/issues"
 depends: [
   "dune" {>= "2.7"}
-  "rresult"
   "mirage-crypto"
   "mirage-clock" {>= "3.0.0"}
   "x509" {>= "0.13.0"}
   "ocaml" {>= "4.08.0"}
   "logs" {build}
   "fmt" {build}
-  "hex" {build}
   "bos" {build}
   "astring" {build}
   "cmdliner" {build}

diff --git a/dune-project b/dune-project
@@ -11,13 +11,12 @@
 (package
  (name ca-certs-nss)
  (depends
-  rresult mirage-crypto
+  mirage-crypto
   (mirage-clock (>= 3.0.0))
   (x509 (>= 0.13.0))
   (ocaml (>= 4.08.0))
   (logs :build)
   (fmt :build)
-  (hex :build)
   (bos :build)
   (astring :build)
   (cmdliner :build)

diff --git a/lib/ca_certs_nss.ml b/lib/ca_certs_nss.ml
@@ -3,15 +3,13 @@ module Make (C : Mirage_clock.PCLOCK) = struct
     let tas =
       List.fold_left
         (fun acc data ->
-          let open Rresult.R.Infix in
-          acc >>= fun acc ->
-          X509.Certificate.decode_der (Cstruct.of_string data) >>| fun cert ->
-          cert :: acc)
+           Result.bind acc (fun acc ->
+               Result.map (fun cert -> cert :: acc)
+                 (X509.Certificate.decode_der (Cstruct.of_string data))))
         (Ok []) Trust_anchor.certificates
     and time () = Some (Ptime.v (C.now_d_ps ())) in
     fun ?crls ?allowed_hashes () ->
-      match tas with
-      | Ok t ->
-          Ok (X509.Authenticator.chain_of_trust ~time ?crls ?allowed_hashes t)
-      | Error e -> Error e
+      Result.map
+        (X509.Authenticator.chain_of_trust ~time ?crls ?allowed_hashes)
+        tas
 end
diff --git a/lib/dune b/lib/dune
@@ -19,4 +19,4 @@
  (name ca_certs_nss)
  (public_name ca-certs-nss)
  (modules ca_certs_nss trust_anchor)
- (libraries x509 rresult mirage-clock mirage-crypto))
+ (libraries x509 mirage-clock mirage-crypto))
diff --git a/test/tests.ml b/test/tests.ml
@@ -21,7 +21,7 @@ end
 
 module TA_2020_10_11 = Ca_certs_nss.Make (Clock_2020_10_11)
 
-let default_auth = Rresult.R.get_ok (TA_2020_10_11.authenticator ())
+let default_auth = Result.get_ok (TA_2020_10_11.authenticator ())
 
 let now = Ptime.v (Clock_2020_10_11.now_d_ps ())
 
@@ -38,7 +38,7 @@ end
 
 module TA_2020_05_30 = Ca_certs_nss.Make (Clock_2020_05_30)
 
-let auth_2020_05_30 = Rresult.R.get_ok (TA_2020_05_30.authenticator ())
+let auth_2020_05_30 = Result.get_ok (TA_2020_05_30.authenticator ())
 
 let err =
   let module M = struct
@@ -964,7 +964,7 @@ let tests =
     (fun (name, data) ->
       let host = Domain_name.(of_string_exn name |> host_exn)
       and chain =
-        Rresult.R.get_ok
+        Result.get_ok
           (X509.Certificate.decode_pem_multiple (Cstruct.of_string data))
       in
       ( name,
@@ -975,7 +975,7 @@ let tests =
       (fun (name, result, data, auth) ->
         let host = Domain_name.(of_string_exn name |> host_exn)
         and chain =
-          Rresult.R.get_ok
+          Result.get_ok
             (X509.Certificate.decode_pem_multiple (Cstruct.of_string data))
         and auth = match auth with None -> default_auth | Some a -> a in
         (name, `Quick, test_one auth (Error (result host chain)) host chain))