Skip to content

Commit

Permalink
Add Cert::der() method to access raw certificate DER
Browse files Browse the repository at this point in the history
  • Loading branch information
@djc
djc committed Oct 5, 2023
1 parent 44a51fc commit 4bfbcd2
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 0 deletions.
11 changes: 11 additions & 0 deletions src/cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,8 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

use pki_types::CertificateDer;

use crate::der::{self, DerIterator, FromDer, Tag, CONSTRUCTED, CONTEXT_SPECIFIC};
use crate::error::{DerTypeId, Error};
use crate::signed_data::SignedData;
Expand All @@ -38,6 +40,8 @@ pub struct Cert<'a> {
pub(crate) name_constraints: Option<untrusted::Input<'a>>,
pub(crate) subject_alt_name: Option<untrusted::Input<'a>>,
pub(crate) crl_distribution_points: Option<untrusted::Input<'a>>,

der: CertificateDer<'a>,
}

impl<'a> Cert<'a> {
Expand Down Expand Up @@ -94,6 +98,8 @@ impl<'a> Cert<'a> {
name_constraints: None,
subject_alt_name: None,
crl_distribution_points: None,

der: CertificateDer::from(cert_der.as_slice_less_safe()),
};

if !tbs.at_end() {
Expand Down Expand Up @@ -172,6 +178,11 @@ impl<'a> Cert<'a> {
) -> Option<impl Iterator<Item = Result<CrlDistributionPoint<'a>, Error>>> {
self.crl_distribution_points.map(DerIterator::new)
}

/// Raw DER encoded representation of the certificate.
pub fn der(&self) -> CertificateDer<'a> {
self.der.clone() // This is cheap, just cloning a reference.
}
}

// mozilla::pkix supports v1, v2, v3, and v4, including both the implicit
Expand Down
2 changes: 2 additions & 0 deletions src/verify_cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -805,13 +805,15 @@ mod tests {
.zip(intermediate_certs.iter())
{
assert!(public_values_eq(cert.subject, expected.subject));
assert_eq!(cert.der(), expected.der());
}

for (cert, expected) in path
.intermediate_certificates()
.zip(intermediate_certs.iter().rev())
{
assert!(public_values_eq(cert.subject, expected.subject));
assert_eq!(cert.der(), expected.der());
}

Ok(())
Expand Down

0 comments on commit 4bfbcd2

Please sign in to comment.