From 1d65e4669f6627f8296e6a42e3d84f906757d708 Mon Sep 17 00:00:00 2001 From: Kikuo Emoto Date: Tue, 21 Nov 2023 12:18:57 +0900 Subject: [PATCH] style: fix clippy errors - Also applies `cargo fmt`. --- src/certificate.rs | 57 ++++++++++++++++++++-------------------------- src/find.rs | 8 +++---- 2 files changed, 28 insertions(+), 37 deletions(-) diff --git a/src/certificate.rs b/src/certificate.rs index f97c0f0..55d805d 100644 --- a/src/certificate.rs +++ b/src/certificate.rs @@ -33,46 +33,39 @@ impl Certificate { } // checks authority and subject key IDs // https://github.com/openssl/openssl/blob/1c6a37975495dd633847ff0c07747fae272d5e4d/crypto/x509/v3_purp.c#L1002 - match ( + if let (Some(issuer_exts), Some(subject_exts)) = ( self.inner.tbs_certificate.extensions.as_ref(), subject.inner.tbs_certificate.extensions.as_ref(), ) { - (Some(issuer_exts), Some(subject_exts)) => { - let skid = issuer_exts - .iter() - .find(|ext| ext.extn_id == ID_CE_SUBJECT_KEY_IDENTIFIER) - .and_then(|skid| { - SubjectKeyIdentifier::from_der(skid.extn_value.as_bytes()).ok() - }); - let akid = subject_exts - .iter() - .find(|ext| ext.extn_id == ID_CE_AUTHORITY_KEY_IDENTIFIER) - .and_then(|akid| { - AuthorityKeyIdentifier::from_der(akid.extn_value.as_bytes()).ok() + let skid = issuer_exts + .iter() + .find(|ext| ext.extn_id == ID_CE_SUBJECT_KEY_IDENTIFIER) + .and_then(|skid| SubjectKeyIdentifier::from_der(skid.extn_value.as_bytes()).ok()); + let akid = subject_exts + .iter() + .find(|ext| ext.extn_id == ID_CE_AUTHORITY_KEY_IDENTIFIER) + .and_then(|akid| AuthorityKeyIdentifier::from_der(akid.extn_value.as_bytes()).ok()); + if let (Some(skid), Some(akid)) = (skid, akid) { + if akid.key_identifier.is_some_and(|id| id != skid.0) { + return false; + } + if akid + .authority_cert_serial_number + .is_some_and(|n| n != self.inner.tbs_certificate.serial_number) + { + return false; + } + if let Some(gen_names) = akid.authority_cert_issuer { + let name = gen_names.iter().find_map(|name| match name { + GeneralName::DirectoryName(name) => Some(name), + _ => None, }); - if let (Some(skid), Some(akid)) = (skid, akid) { - if akid.key_identifier.is_some_and(|id| id != skid.0) { + if name.is_some_and(|name| name.to_string() != self.issuer) { return false; } - if akid - .authority_cert_serial_number - .is_some_and(|n| n != self.inner.tbs_certificate.serial_number) - { - return false; - } - if let Some(gen_names) = akid.authority_cert_issuer { - let name = gen_names.iter().find_map(|name| match name { - GeneralName::DirectoryName(name) => Some(name), - _ => None, - }); - if name.is_some_and(|name| name.to_string() != self.issuer) { - return false; - } - } } } - _ => (), - }; + } // TODO: check signature algorithms // retracted the previous check because it was too strict; it required // both digest and public key algorithms to match while OpenSSL requires diff --git a/src/find.rs b/src/find.rs index b2b7a34..2664796 100644 --- a/src/find.rs +++ b/src/find.rs @@ -251,11 +251,9 @@ where } #[cfg(feature = "resolve")] // edge is url, cannot perform synchronously - Edge::Url(_, _) => { - return Err(X509PathFinderError::Error( - "cannot resolve URLs, use `find` istead".into(), - )); - } + Edge::Url(_, _) => Err(X509PathFinderError::Error( + "cannot resolve URLs, use `find` istead".into(), + )), // edge is end, stop search Edge::End => Ok(()), }