Skip to content

Commit

Permalink
Complete converting Rust Python imports (#9546)
Browse files Browse the repository at this point in the history 
* Convert src/rust/src/x509/common.rs

* Convert src/rust/src/x509/certificate.rs
  • Loading branch information
@alex
alex authored Sep 6, 2023
1 parent 73cfc50 commit 8595393
Show file tree
Hide file tree
Showing 3 changed files with 110 additions and 120 deletions.
42 changes: 42 additions & 0 deletions src/rust/src/types.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,48 @@ pub static RELATIVE_DISTINGUISHED_NAME: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["RelativeDistinguishedName"]);
pub static NAME_ATTRIBUTE: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["NameAttribute"]);
pub static NAME_CONSTRAINTS: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["NameConstraints"]);
pub static MS_CERTIFICATE_TEMPLATE: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["MSCertificateTemplate"]);
pub static CRL_DISTRIBUTION_POINTS: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["CRLDistributionPoints"]);
pub static BASIC_CONSTRAINTS: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["BasicConstraints"]);
pub static INHIBIT_ANY_POLICY: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["InhibitAnyPolicy"]);
pub static OCSP_NO_CHECK: LazyPyImport = LazyPyImport::new("cryptography.x509", &["OCSPNoCheck"]);
pub static POLICY_CONSTRAINTS: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["PolicyConstraints"]);
pub static CERTIFICATE_POLICIES: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["CertificatePolicies"]);
pub static SUBJECT_INFORMATION_ACCESS: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["SubjectInformationAccess"]);
pub static KEY_USAGE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["KeyUsage"]);
pub static EXTENDED_KEY_USAGE: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["ExtendedKeyUsage"]);
pub static SUBJECT_KEY_IDENTIFIER: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["SubjectKeyIdentifier"]);
pub static TLS_FEATURE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["TLSFeature"]);
pub static SUBJECT_ALTERNATIVE_NAME: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["SubjectAlternativeName"]);
pub static POLICY_INFORMATION: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["PolicyInformation"]);
pub static USER_NOTICE: LazyPyImport = LazyPyImport::new("cryptography.x509", &["UserNotice"]);
pub static NOTICE_REFERENCE: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["NoticeReference"]);
pub static REGISTERED_ID: LazyPyImport = LazyPyImport::new("cryptography.x509", &["RegisteredID"]);
pub static DIRECTORY_NAME: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["DirectoryName"]);
pub static UNIFORM_RESOURCE_IDENTIFIER: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["UniformResourceIdentifier"]);
pub static DNS_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["DNSName"]);
pub static RFC822_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["RFC822Name"]);
pub static OTHER_NAME: LazyPyImport = LazyPyImport::new("cryptography.x509", &["OtherName"]);
pub static CERTIFICATE_VERSION_V1: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["Version", "v1"]);
pub static CERTIFICATE_VERSION_V3: LazyPyImport =
LazyPyImport::new("cryptography.x509", &["Version", "v3"]);

pub static CRL_REASON_FLAGS: LazyPyImport =
LazyPyImport::new("cryptography.x509.extensions", &["_CRLREASONFLAGS"]);
Expand Down
138 changes: 46 additions & 92 deletions src/rust/src/x509/certificate.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -297,14 +297,9 @@ impl Certificate {
}

fn cert_version(py: pyo3::Python<'_>, version: u8) -> Result<&pyo3::PyAny, CryptographyError> {
let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?;
match version {
0 => Ok(x509_module
.getattr(pyo3::intern!(py, "Version"))?
.get_item(pyo3::intern!(py, "v1"))?),
2 => Ok(x509_module
.getattr(pyo3::intern!(py, "Version"))?
.get_item(pyo3::intern!(py, "v3"))?),
0 => Ok(types::CERTIFICATE_VERSION_V1.get(py)?),
2 => Ok(types::CERTIFICATE_VERSION_V3.get(py)?),
_ => Err(CryptographyError::from(
exceptions::InvalidVersion::new_err((
format!("{} is not a valid X509 version", version),
Expand Down Expand Up @@ -450,7 +445,6 @@ fn parse_user_notice(
py: pyo3::Python<'_>,
un: UserNotice<'_>,
) -> Result<pyo3::PyObject, CryptographyError> {
let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?;
let et = match un.explicit_text {
Some(data) => parse_display_text(py, data)?,
None => py.None(),
Expand All @@ -462,15 +456,14 @@ fn parse_user_notice(
for num in data.notice_numbers.unwrap_read().clone() {
numbers.append(big_byte_slice_to_py_int(py, num.as_bytes())?.to_object(py))?;
}
x509_module
.call_method1(pyo3::intern!(py, "NoticeReference"), (org, numbers))?
types::NOTICE_REFERENCE
.get(py)?
.call1((org, numbers))?
.to_object(py)
}
None => py.None(),
};
Ok(x509_module
.call_method1(pyo3::intern!(py, "UserNotice"), (nr, et))?
.to_object(py))
Ok(types::USER_NOTICE.get(py)?.call1((nr, et))?.to_object(py))
}

fn parse_policy_qualifiers<'a>(
Expand Down Expand Up @@ -512,7 +505,6 @@ fn parse_cp(
ext: &Extension<'_>,
) -> Result<pyo3::PyObject, CryptographyError> {
let cp = ext.value::<asn1::SequenceOf<'_, PolicyInformation<'_>>>()?;
let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?;
let certificate_policies = pyo3::types::PyList::empty(py);
for policyinfo in cp {
let pi_oid = oid_to_py_oid(py, &policyinfo.policy_identifier)?.to_object(py);
Expand All @@ -522,8 +514,9 @@ fn parse_cp(
}
None => py.None(),
};
let pi = x509_module
.call_method1(pyo3::intern!(py, "PolicyInformation"), (pi_oid, py_pqis))?
let pi = types::POLICY_INFORMATION
.get(py)?
.call1((pi_oid, py_pqis))?
.to_object(py);
certificate_policies.append(pi)?;
}
Expand Down Expand Up @@ -669,24 +662,19 @@ pub fn parse_cert_ext<'p>(
py: pyo3::Python<'p>,
ext: &Extension<'_>,
) -> CryptographyResult<Option<&'p pyo3::PyAny>> {
let x509_module = py.import(pyo3::intern!(py, "cryptography.x509"))?;
match ext.extn_id {
oid::SUBJECT_ALTERNATIVE_NAME_OID => {
let gn_seq = ext.value::<SubjectAlternativeName<'_>>()?;
let sans = x509::parse_general_names(py, &gn_seq)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "SubjectAlternativeName"))?
.call1((sans,))?,
types::SUBJECT_ALTERNATIVE_NAME.get(py)?.call1((sans,))?,
))
}
oid::ISSUER_ALTERNATIVE_NAME_OID => {
let gn_seq = ext.value::<IssuerAlternativeName<'_>>()?;
let ians = x509::parse_general_names(py, &gn_seq)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "IssuerAlternativeName"))?
.call1((ians,))?,
types::ISSUER_ALTERNATIVE_NAME.get(py)?.call1((ians,))?,
))
}
oid::TLS_FEATURE_OID => {
Expand All @@ -697,17 +685,13 @@ pub fn parse_cert_ext<'p>(
let py_feature = tls_feature_type_to_enum.get_item(feature.to_object(py))?;
features.append(py_feature)?;
}
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "TLSFeature"))?
.call1((features,))?,
))
Ok(Some(types::TLS_FEATURE.get(py)?.call1((features,))?))
}
oid::SUBJECT_KEY_IDENTIFIER_OID => {
let identifier = ext.value::<&[u8]>()?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "SubjectKeyIdentifier"))?
types::SUBJECT_KEY_IDENTIFIER
.get(py)?
.call1((identifier,))?,
))
}
Expand All @@ -717,101 +701,71 @@ pub fn parse_cert_ext<'p>(
let oid_obj = oid_to_py_oid(py, &oid)?;
ekus.append(oid_obj)?;
}
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "ExtendedKeyUsage"))?
.call1((ekus,))?,
))
Ok(Some(types::EXTENDED_KEY_USAGE.get(py)?.call1((ekus,))?))
}
oid::KEY_USAGE_OID => {
let kus = ext.value::<KeyUsage<'_>>()?;

Ok(Some(
x509_module.getattr(pyo3::intern!(py, "KeyUsage"))?.call1((
kus.digital_signature(),
kus.content_comitment(),
kus.key_encipherment(),
kus.data_encipherment(),
kus.key_agreement(),
kus.key_cert_sign(),
kus.crl_sign(),
kus.encipher_only(),
kus.decipher_only(),
))?,
))
Ok(Some(types::KEY_USAGE.get(py)?.call1((
kus.digital_signature(),
kus.content_comitment(),
kus.key_encipherment(),
kus.data_encipherment(),
kus.key_agreement(),
kus.key_cert_sign(),
kus.crl_sign(),
kus.encipher_only(),
kus.decipher_only(),
))?))
}
oid::AUTHORITY_INFORMATION_ACCESS_OID => {
let ads = parse_access_descriptions(py, ext)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "AuthorityInformationAccess"))?
.call1((ads,))?,
types::AUTHORITY_INFORMATION_ACCESS.get(py)?.call1((ads,))?,
))
}
oid::SUBJECT_INFORMATION_ACCESS_OID => {
let ads = parse_access_descriptions(py, ext)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "SubjectInformationAccess"))?
.call1((ads,))?,
types::SUBJECT_INFORMATION_ACCESS.get(py)?.call1((ads,))?,
))
}
oid::CERTIFICATE_POLICIES_OID => {
let cp = parse_cp(py, ext)?;
Ok(Some(x509_module.call_method1(
pyo3::intern!(py, "CertificatePolicies"),
(cp,),
)?))
Ok(Some(types::CERTIFICATE_POLICIES.get(py)?.call1((cp,))?))
}
oid::POLICY_CONSTRAINTS_OID => {
let pc = ext.value::<PolicyConstraints>()?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "PolicyConstraints"))?
.call1((pc.require_explicit_policy, pc.inhibit_policy_mapping))?,
))
Ok(Some(types::POLICY_CONSTRAINTS.get(py)?.call1((
pc.require_explicit_policy,
pc.inhibit_policy_mapping,
))?))
}
oid::OCSP_NO_CHECK_OID => {
ext.value::<()>()?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "OCSPNoCheck"))?
.call0()?,
))
Ok(Some(types::OCSP_NO_CHECK.get(py)?.call0()?))
}
oid::INHIBIT_ANY_POLICY_OID => {
let bignum = ext.value::<asn1::BigUint<'_>>()?;
let pynum = big_byte_slice_to_py_int(py, bignum.as_bytes())?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "InhibitAnyPolicy"))?
.call1((pynum,))?,
))
Ok(Some(types::INHIBIT_ANY_POLICY.get(py)?.call1((pynum,))?))
}
oid::BASIC_CONSTRAINTS_OID => {
let bc = ext.value::<BasicConstraints>()?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "BasicConstraints"))?
types::BASIC_CONSTRAINTS
.get(py)?
.call1((bc.ca, bc.path_length))?,
))
}
oid::AUTHORITY_KEY_IDENTIFIER_OID => Ok(Some(parse_authority_key_identifier(py, ext)?)),
oid::CRL_DISTRIBUTION_POINTS_OID => {
let dp = parse_distribution_points(py, ext)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "CRLDistributionPoints"))?
.call1((dp,))?,
))
Ok(Some(types::CRL_DISTRIBUTION_POINTS.get(py)?.call1((dp,))?))
}
oid::FRESHEST_CRL_OID => {
let dp = parse_distribution_points(py, ext)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "FreshestCRL"))?
.call1((dp,))?,
))
Ok(Some(types::FRESHEST_CRL.get(py)?.call1((dp,))?))
}
oid::NAME_CONSTRAINTS_OID => {
let nc = ext.value::<NameConstraints<'_>>()?;
Expand All @@ -824,19 +778,19 @@ pub fn parse_cert_ext<'p>(
None => py.None(),
};
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "NameConstraints"))?
types::NAME_CONSTRAINTS
.get(py)?
.call1((permitted_subtrees, excluded_subtrees))?,
))
}
oid::MS_CERTIFICATE_TEMPLATE => {
let ms_cert_tpl = ext.value::<MSCertificateTemplate>()?;
let py_oid = oid_to_py_oid(py, &ms_cert_tpl.template_id)?;
Ok(Some(
x509_module
.getattr(pyo3::intern!(py, "MSCertificateTemplate"))?
.call1((py_oid, ms_cert_tpl.major_version, ms_cert_tpl.minor_version))?,
))
Ok(Some(types::MS_CERTIFICATE_TEMPLATE.get(py)?.call1((
py_oid,
ms_cert_tpl.major_version,
ms_cert_tpl.minor_version,
))?))
}
_ => Ok(None),
}
Expand Down
Loading

0 comments on commit 8595393

Please sign in to comment.