From e57110c03a247689a0f9386d56fb03ab88778e34 Mon Sep 17 00:00:00 2001 From: Thomas Eizinger Date: Tue, 3 Oct 2023 11:59:58 +1100 Subject: [PATCH] Remove `TryFrom` impls The `TryFrom` impl doesn't communicate that these bytes need to be DER-encoded. Forcing the user to use the constructor makes this obvious. --- CHANGELOG.md | 4 ++++ examples/rsa-irc.rs | 2 +- src/key_pair.rs | 21 ++------------------- tests/botan.rs | 8 +++----- tests/webpki.rs | 6 ++---- 5 files changed, 12 insertions(+), 29 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 697c35f1..517f21a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ # Changes +## Unreleased + +- Remove `TryFrom<[u8]>` and `TryFrom>` for `KeyPair` in favor of the more descriptive `KeyPair::from_der`. + ## Release 0.11.3 - October 1, 2023 - Fix for import errors building without the optional `pem` feature. diff --git a/examples/rsa-irc.rs b/examples/rsa-irc.rs index 440cdac4..fbd0be3e 100644 --- a/examples/rsa-irc.rs +++ b/examples/rsa-irc.rs @@ -19,7 +19,7 @@ fn main() -> Result<(), Box> { let bits = 2048; let private_key = RsaPrivateKey::new(&mut rng, bits)?; let private_key_der = private_key.to_pkcs8_der()?; - let key_pair = rcgen::KeyPair::try_from(private_key_der.as_bytes()).unwrap(); + let key_pair = rcgen::KeyPair::from_der(private_key_der.as_bytes()).unwrap(); params.key_pair = Some(key_pair); let cert = Certificate::from_params(params)?; diff --git a/src/key_pair.rs b/src/key_pair.rs index 4c8d6b04..9e29f51f 100644 --- a/src/key_pair.rs +++ b/src/key_pair.rs @@ -3,7 +3,6 @@ use pem::Pem; use ring::rand::SystemRandom; use ring::signature::KeyPair as RingKeyPair; use ring::signature::{self, EcdsaKeyPair, Ed25519KeyPair, RsaEncoding, RsaKeyPair}; -use std::convert::TryFrom; use std::fmt; use yasna::DERWriter; @@ -56,7 +55,7 @@ impl KeyPair { /// /// Equivalent to using the [`TryFrom`] implementation. pub fn from_der(der: &[u8]) -> Result { - Ok(der.try_into()?) + Ok(KeyPair::from_raw(der)?) } /// Returns the key pair's signature algorithm pub fn algorithm(&self) -> &'static SignatureAlgorithm { @@ -67,7 +66,7 @@ impl KeyPair { pub fn from_pem(pem_str: &str) -> Result { let private_key = pem::parse(pem_str)?; let private_key_der: &[_] = private_key.contents(); - Ok(private_key_der.try_into()?) + Ok(KeyPair::from_raw(private_key_der)?) } /// Obtains the key pair from a raw public key and a remote private key @@ -186,22 +185,6 @@ pub trait RemoteKeyPair { fn algorithm(&self) -> &'static SignatureAlgorithm; } -impl TryFrom<&[u8]> for KeyPair { - type Error = RcgenError; - - fn try_from(pkcs8: &[u8]) -> Result { - KeyPair::from_raw(pkcs8) - } -} - -impl TryFrom> for KeyPair { - type Error = RcgenError; - - fn try_from(pkcs8: Vec) -> Result { - KeyPair::from_raw(&pkcs8) - } -} - impl KeyPair { /// Generate a new random key pair for the specified signature algorithm pub fn generate(alg: &'static SignatureAlgorithm) -> Result { diff --git a/tests/botan.rs b/tests/botan.rs index 99d2a8ed..a33d51d1 100644 --- a/tests/botan.rs +++ b/tests/botan.rs @@ -1,10 +1,10 @@ #![cfg(feature = "x509-parser")] -use rcgen::DnValue; use rcgen::{BasicConstraints, Certificate, CertificateParams, DnType, IsCa}; use rcgen::{ CertificateRevocationList, CertificateRevocationListParams, RevocationReason, RevokedCertParams, }; +use rcgen::{DnValue, KeyPair}; use rcgen::{KeyUsagePurpose, SerialNumber}; use time::{Duration, OffsetDateTime}; @@ -172,7 +172,6 @@ fn test_botan_separate_ca() { #[cfg(feature = "x509-parser")] #[test] fn test_botan_imported_ca() { - use std::convert::TryInto; let mut params = default_params(); params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); let ca_cert = Certificate::from_params(params).unwrap(); @@ -182,7 +181,7 @@ fn test_botan_imported_ca() { ca_cert.serialize_private_key_der(), ); - let ca_key_pair = ca_key_der.as_slice().try_into().unwrap(); + let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap(); let imported_ca_cert_params = CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap(); let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap(); @@ -205,7 +204,6 @@ fn test_botan_imported_ca() { #[cfg(feature = "x509-parser")] #[test] fn test_botan_imported_ca_with_printable_string() { - use std::convert::TryInto; let mut params = default_params(); params.distinguished_name.push( DnType::CountryName, @@ -219,7 +217,7 @@ fn test_botan_imported_ca_with_printable_string() { ca_cert.serialize_private_key_der(), ); - let ca_key_pair = ca_key_der.as_slice().try_into().unwrap(); + let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap(); let imported_ca_cert_params = CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap(); let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap(); diff --git a/tests/webpki.rs b/tests/webpki.rs index aa1d6df6..78b92e91 100644 --- a/tests/webpki.rs +++ b/tests/webpki.rs @@ -404,7 +404,6 @@ fn test_webpki_separate_ca_name_constraints() { #[cfg(feature = "x509-parser")] #[test] fn test_webpki_imported_ca() { - use std::convert::TryInto; let mut params = util::default_params(); params.is_ca = IsCa::Ca(BasicConstraints::Unconstrained); let ca_cert = Certificate::from_params(params).unwrap(); @@ -414,7 +413,7 @@ fn test_webpki_imported_ca() { ca_cert.serialize_private_key_der(), ); - let ca_key_pair = ca_key_der.as_slice().try_into().unwrap(); + let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap(); let imported_ca_cert_params = CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap(); let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap(); @@ -443,7 +442,6 @@ fn test_webpki_imported_ca() { #[cfg(feature = "x509-parser")] #[test] fn test_webpki_imported_ca_with_printable_string() { - use std::convert::TryInto; let mut params = util::default_params(); params.distinguished_name.push( DnType::CountryName, @@ -457,7 +455,7 @@ fn test_webpki_imported_ca_with_printable_string() { ca_cert.serialize_private_key_der(), ); - let ca_key_pair = ca_key_der.as_slice().try_into().unwrap(); + let ca_key_pair = KeyPair::from_der(ca_key_der.as_slice()).unwrap(); let imported_ca_cert_params = CertificateParams::from_ca_cert_der(ca_cert_der.as_slice(), ca_key_pair).unwrap(); let imported_ca_cert = Certificate::from_params(imported_ca_cert_params).unwrap();