diff options
| author | Paul Kehrer <paul.l.kehrer@gmail.com> | 2021-06-04 22:15:25 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-04 23:15:25 -0400 |
| commit | 144a39cfbe86b18e5f48548decd42e39a8d3437a (patch) | |
| tree | d6b62de3d5948c5978fd7156aaeccab3ad1bbf1d /src/rust | |
| parent | 686185003b03c9611fd31ba409d90d8080130f36 (diff) | |
| download | cryptography-144a39cfbe86b18e5f48548decd42e39a8d3437a.tar.gz | |
oxidize policy constraints (#6087)
* oxidize policy constraints
* cargo fmt
Diffstat (limited to 'src/rust')
| -rw-r--r-- | src/rust/src/x509.rs | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/rust/src/x509.rs b/src/rust/src/x509.rs index bcefde675..21f2a2d7f 100644 --- a/src/rust/src/x509.rs +++ b/src/rust/src/x509.rs @@ -11,6 +11,7 @@ lazy_static::lazy_static! { static ref OCSP_NO_CHECK_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("1.3.6.1.5.5.7.48.1.5").unwrap(); static ref KEY_USAGE_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("2.5.29.15").unwrap(); + static ref POLICY_CONSTRAINTS_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("2.5.29.36").unwrap(); static ref EXTENDED_KEY_USAGE_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("2.5.29.37").unwrap(); static ref BASIC_CONSTRAINTS_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("2.5.29.19").unwrap(); static ref SUBJECT_KEY_IDENTIFIER_OID: asn1::ObjectIdentifier<'static> = asn1::ObjectIdentifier::from_string("2.5.29.14").unwrap(); @@ -27,6 +28,14 @@ struct BasicConstraints { path_length: Option<u64>, } +#[derive(asn1::Asn1Read)] +struct PolicyConstraints { + #[implicit(0)] + require_explicit_policy: Option<u64>, + #[implicit(1)] + inhibit_policy_mapping: Option<u64>, +} + fn get_bit(input: &[u8], n: usize) -> bool { let idx = n / 8; let v = 1 << (7 - (n & 0x07)); @@ -98,6 +107,14 @@ fn parse_x509_extension( ), )? .to_object(py)) + } else if oid == *POLICY_CONSTRAINTS_OID { + let pc = asn1::parse_single::<PolicyConstraints>(ext_data)?; + Ok(x509_module + .call1( + "PolicyConstraints", + (pc.require_explicit_policy, pc.inhibit_policy_mapping), + )? + .to_object(py)) } else if oid == *PRECERT_POISON_OID { asn1::parse_single::<()>(ext_data)?; Ok(x509_module.call0("PrecertPoison")?.to_object(py)) |