Skip to content

Commit

Permalink
style: fix clippy errors
Browse files Browse the repository at this point in the history 
- Also applies `cargo fmt`.
  • Loading branch information
@kikuomax
kikuomax committed Nov 21, 2023
1 parent 63a2e35 commit 1d65e46
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 37 deletions.
57 changes: 25 additions & 32 deletions src/certificate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,46 +33,39 @@ impl Certificate {
}
// checks authority and subject key IDs
// https://github.com/openssl/openssl/blob/1c6a37975495dd633847ff0c07747fae272d5e4d/crypto/x509/v3_purp.c#L1002
match (
if let (Some(issuer_exts), Some(subject_exts)) = (
self.inner.tbs_certificate.extensions.as_ref(),
subject.inner.tbs_certificate.extensions.as_ref(),
) {
(Some(issuer_exts), Some(subject_exts)) => {
let skid = issuer_exts
.iter()
.find(|ext| ext.extn_id == ID_CE_SUBJECT_KEY_IDENTIFIER)
.and_then(|skid| {
SubjectKeyIdentifier::from_der(skid.extn_value.as_bytes()).ok()
});
let akid = subject_exts
.iter()
.find(|ext| ext.extn_id == ID_CE_AUTHORITY_KEY_IDENTIFIER)
.and_then(|akid| {
AuthorityKeyIdentifier::from_der(akid.extn_value.as_bytes()).ok()
let skid = issuer_exts
.iter()
.find(|ext| ext.extn_id == ID_CE_SUBJECT_KEY_IDENTIFIER)
.and_then(|skid| SubjectKeyIdentifier::from_der(skid.extn_value.as_bytes()).ok());
let akid = subject_exts
.iter()
.find(|ext| ext.extn_id == ID_CE_AUTHORITY_KEY_IDENTIFIER)
.and_then(|akid| AuthorityKeyIdentifier::from_der(akid.extn_value.as_bytes()).ok());
if let (Some(skid), Some(akid)) = (skid, akid) {
if akid.key_identifier.is_some_and(|id| id != skid.0) {
return false;
}
if akid
.authority_cert_serial_number
.is_some_and(|n| n != self.inner.tbs_certificate.serial_number)
{
return false;
}
if let Some(gen_names) = akid.authority_cert_issuer {
let name = gen_names.iter().find_map(|name| match name {
GeneralName::DirectoryName(name) => Some(name),
_ => None,
});
if let (Some(skid), Some(akid)) = (skid, akid) {
if akid.key_identifier.is_some_and(|id| id != skid.0) {
if name.is_some_and(|name| name.to_string() != self.issuer) {
return false;
}
if akid
.authority_cert_serial_number
.is_some_and(|n| n != self.inner.tbs_certificate.serial_number)
{
return false;
}
if let Some(gen_names) = akid.authority_cert_issuer {
let name = gen_names.iter().find_map(|name| match name {
GeneralName::DirectoryName(name) => Some(name),
_ => None,
});
if name.is_some_and(|name| name.to_string() != self.issuer) {
return false;
}
}
}
}
_ => (),
};
}
// TODO: check signature algorithms
// retracted the previous check because it was too strict; it required
// both digest and public key algorithms to match while OpenSSL requires
Expand Down
8 changes: 3 additions & 5 deletions src/find.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -251,11 +251,9 @@ where
}
#[cfg(feature = "resolve")]
// edge is url, cannot perform synchronously
Edge::Url(_, _) => {
return Err(X509PathFinderError::Error(
"cannot resolve URLs, use `find` istead".into(),
));
}
Edge::Url(_, _) => Err(X509PathFinderError::Error(
"cannot resolve URLs, use `find` istead".into(),
)),
// edge is end, stop search
Edge::End => Ok(()),
}
Expand Down

0 comments on commit 1d65e46

Please sign in to comment.