From c7e6317e1811369eb8cbeb032b88b1209fc5f815 Mon Sep 17 00:00:00 2001 From: Nathaniel McCallum Date: Fri, 4 Mar 2022 17:48:29 -0500 Subject: [PATCH] chore(x509): remove oids now defined in the oiddb Signed-off-by: Nathaniel McCallum --- Cargo.lock | 1 + x509/Cargo.toml | 1 + x509/src/ext/pkix.rs | 1 - x509/src/ext/pkix/oids.rs | 193 ---------------------------------- x509/tests/pkix_extensions.rs | 50 ++++++--- 5 files changed, 36 insertions(+), 210 deletions(-) delete mode 100644 x509/src/ext/pkix/oids.rs diff --git a/Cargo.lock b/Cargo.lock index 6120dd7d4..5d3d6abbf 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1216,6 +1216,7 @@ checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" name = "x509" version = "0.0.1" dependencies = [ + "const-oid", "der", "flagset", "hex-literal", diff --git a/x509/Cargo.toml b/x509/Cargo.toml index a18ec4746..f9461dc4f 100644 --- a/x509/Cargo.toml +++ b/x509/Cargo.toml @@ -16,6 +16,7 @@ rust-version = "1.56" [dependencies] der = { version = "=0.6.0-pre.1", features = ["derive", "alloc", "flagset"], path = "../der" } +const-oid = { version = "0.8", features = ["db"], path = "../const-oid" } flagset = { version = "0.4.3" } spki = { version = "=0.6.0-pre.0", path = "../spki" } diff --git a/x509/src/ext/pkix.rs b/x509/src/ext/pkix.rs index 27c9755e4..fd2576f23 100644 --- a/x509/src/ext/pkix.rs +++ b/x509/src/ext/pkix.rs @@ -4,7 +4,6 @@ pub mod certpolicy; pub mod constraints; pub mod crl; pub mod name; -pub mod oids; mod access; mod authkeyid; diff --git a/x509/src/ext/pkix/oids.rs b/x509/src/ext/pkix/oids.rs deleted file mode 100644 index 74d002851..000000000 --- a/x509/src/ext/pkix/oids.rs +++ /dev/null @@ -1,193 +0,0 @@ -//! Object identifier values from PKIX1Implicit and PKIX1Explicit ASN.1 modules - -use der::asn1::ObjectIdentifier; - -/// OID for CPS qualifier: 1.3.6.1.5.5.7.2.1 -pub const QT_CPS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.1"); - -/// OID for user notice qualifier: 1.3.6.1.5.5.7.2.2 -pub const QT_UNOTICE: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.2.2"); - -/// OID for OCSP access descriptor: 1.3.6.1.5.5.7.48.1: 1.3.6.1.5.5.7.48.1 -pub const AD_OCSP: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1"); - -/// OID for caIssuers access descriptor: 1.3.6.1.5.5.7.48.2 -pub const AD_CA_ISSUERS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.2"); - -/// OID for timeStamping access descriptor: 1.3.6.1.5.5.7.48.3 -pub const AD_TIME_STAMPING: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.3"); - -/// OID for caRepository access descriptor: 1.3.6.1.5.5.7.48.5 -pub const AD_CA_REPOSITORY: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.5"); - -/// OID for Name attribute: 2.5.4.41 -pub const AT_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.41"); - -/// OID for Surname attribute: 2.5.4.4 -pub const AT_SURNAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.4"); - -/// OID for givenName attribute: 2.5.4.42 -pub const AT_GIVENNAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.42"); - -/// OID for Initials attribute: 2.5.4.43 -pub const AT_INITIALS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.43"); - -/// OID for generationQualifier attribute: 2.5.4.44 -pub const AT_GENERATION_QUALIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.44"); - -/// OID for commonName attribute: 2.5.4.3 -pub const AT_COMMON_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.3"); - -/// OID for localityName attribute: 2.5.4.7 -pub const AT_LOCALITY_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.7"); - -/// OID for stateOrProvinceName attribute: 2.5.4.8 -pub const AT_STATEORPROVINCENAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.8"); - -/// OID for street attribute: 2.5.4.9 -pub const AT_STREET: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.9"); - -/// OID for organizationName attribute: 2.5.4.10 -pub const AT_ORGANIZATIONNAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.10"); - -/// OID for organizationalUnitName attribute: 2.5.4.11 -pub const AT_ORGANIZATIONALUNITNAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.11"); - -/// OID for title attribute: 2.5.4.12 -pub const AT_TITLE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.12"); - -/// OID for dnQualifier attribute: 2.5.4.46 -pub const AT_DNQUALIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.46"); - -/// OID for countryName attribute: 2.5.4.6 -pub const AT_COUNTRYNAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.6"); - -/// OID for serialNumber attribute: 2.5.4.5 -pub const AT_SERIALNUMBER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.5"); - -/// OID for pseudonym attribute: 2.5.4.65 -pub const AT_PSEUDONYM: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.4.65"); - -/// OID for domainComponent attribute: 0.9.2342.19200300.100.1.25 -pub const DOMAINCOMPONENT: ObjectIdentifier = - ObjectIdentifier::new_unwrap("0.9.2342.19200300.100.1.25"); - -/// OID for emailAddress attribute: 1.2.840.113549.1.9.1 -pub const EMAILADDRESS: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.2.840.113549.1.9.1"); - -/// OID for anyPolicy extension: 2.5.29.32.0 -pub const CE_ANYPOLICY: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.32.0"); - -/// OID for extKeyUsage extension: 2.5.29.37. See [`ExtendedKeyUsage`](type.ExtendedKeyUsage.html). -pub const CE_EXTKEYUSAGE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.37"); - -/// OID for anyExtendedKeyUsage EKU value: 2.5.29.37.0 -pub const CE_ANYEXTENDEDKEYUSAGE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.37.0"); - -/// OID for serverAuth key purpose: 1.3.6.1.5.5.7.3.31 -pub const KP_SERVERAUTH: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.31"); - -/// OID for clientAuth key purpose: 1.3.6.1.5.5.7.3.32 -pub const KP_CLIENTAUTH: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.32"); - -/// OID for codeSigning key purpose: 1.3.6.1.5.5.7.3.33 -pub const KP_CODESIGNING: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.33"); - -/// OID for emailProtection key purpose: 1.3.6.1.5.5.7.3.34 -pub const KP_EMAILPROTECTION: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.34"); - -/// OID for timeStamping key purpose: 1.3.6.1.5.5.7.3.38 -pub const KP_TIMESTAMPING: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.38"); - -/// OID for OCSPSigning key purpose: 1.3.6.1.5.5.7.3.39 -pub const KP_OCSPSIGNING: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.3.39"); - -/// OID for authorityInfoAccess extension: 1.3.6.1.5.5.7.1.1 -pub const PE_AUTHORITYINFOACCESS: ObjectIdentifier = - ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.1"); - -/// OID for subjectInfoAccess extension: 1.3.6.1.5.5.7.1.11 -pub const PE_SUBJECTINFOACCESS: ObjectIdentifier = - ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.1.11"); - -/// OID for subjectDirectoryAttributes extension: 2.5.29.9. See [`SubjectDirectoryAttributes`](type.SubjectDirectoryAttributes.html). -pub const CE_SUBJECT_DIRECTORY_ATTRIBUTES: ObjectIdentifier = - ObjectIdentifier::new_unwrap("2.5.29.9"); - -/// OID for subjectKeyIdentifier extension: 2.5.29.14. See [`SubjectKeyIdentifier`](type.SubjectKeyIdentifier.html). -pub const CE_SUBJECT_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.14"); - -/// OID for keyUsage extension: 2.5.29.15. See [`KeyUsage`](type.KeyUsage.html). -pub const CE_KEY_USAGE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.15"); - -/// OID for privateKeyUsagePeriod extension: 2.5.29.16. See [`PrivateKeyUsagePeriod`](struct.PrivateKeyUsagePeriod.html). -pub const CE_PRIVATE_KEY_USAGE_PERIOD: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.16"); - -/// OID for subjectAltName extension: 2.5.29.17. See [`SubjectAltName`](type.SubjectAltName.html). -pub const CE_SUBJECT_ALT_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.17"); - -/// OID for issuerAltName extension: 2.5.29.18. See [`IssuerAltName`](type.IssuerAltName.html). -pub const CE_ISSUER_ALT_NAME: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.18"); - -/// OID for basicConstraints extension: 2.5.29.19. See [`BasicConstraints`](struct.BasicConstraints.html). -pub const CE_BASIC_CONSTRAINTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.19"); - -/// OID for cRLNumber extension: 2.5.29.20 -pub const CE_CRLNUMBER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.20"); - -/// OID for cRLReasons extension: 2.5.29.21 -pub const CE_CRLREASONS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.21"); - -/// OID for issuingDistributionPoint extension: 2.5.29.28 -pub const CE_ISSUINGDISTRIBUTIONPOINT: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.28"); - -/// OID for deltaCRLIndicator extension: 2.5.29.27 -pub const CE_DELTACRLINDICATOR: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.27"); - -/// OID for certificateIssuer extension: 2.5.29.29 -pub const CE_CERTIFICATEISSUER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.29"); - -/// OID for holdInstructionCode extension: 2.5.29.23 -pub const CE_HOLDINSTRUCTIONCODE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.23"); - -/// OID forholdinstruction-callissuer attribute: 2.2.840.10040.2.2 -pub const HI_HOLDINSTRUCTION_CALLISSUER: ObjectIdentifier = - ObjectIdentifier::new_unwrap("2.2.840.10040.2.2"); - -/// OID for holdinstruction-reject attribute: 2.2.840.10040.23 -pub const HI_HOLDINSTRUCTION_REJECT: ObjectIdentifier = - ObjectIdentifier::new_unwrap("2.2.840.10040.23"); - -/// OID for invalidityDate extension: 2.5.29.24 -pub const CE_INVALIDITYDATE: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.24"); - -/// OID for nameConstraints extension: 2.5.29.30. See [`CertificatePolicies`](type.CertificatePolicies.html). -pub const CE_NAME_CONSTRAINTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.30"); - -/// OID for cRLDistributionPoints extension: 2.5.29.31. See [`CertificatePolicies`](type.CertificatePolicies.html). -pub const CE_CRL_DISTRIBUTION_POINTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.31"); - -/// OID for certificatePolicies extension: 2.5.29.32. See [`CertificatePolicies`](type.CertificatePolicies.html). -pub const CE_CERTIFICATE_POLICIES: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.32"); - -/// OID for policyMappings extension: 2.5.29.33. See [`PolicyMappings`](type.PolicyMappings.html). -pub const CE_POLICY_MAPPINGS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.33"); - -/// OID for authorityKeyIdentifier extension: 2.5.29.35. See [`AuthorityKeyIdentifier`](type.AuthorityKeyIdentifier.html). -pub const CE_AUTHORITY_KEY_IDENTIFIER: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.35"); - -/// OID for policyConstraints extension: 2.5.29.36. See [`PolicyConstraints`](struct.PolicyConstraints.html). -pub const CE_POLICY_CONSTRAINTS: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.36"); - -/// OID for policyConstraints extension: 2.5.29.46. See [`PolicyConstraints`](type.FreshestCRL.html). -pub const CE_FRESHEST_CRL: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.46"); - -/// OID for inhibitAnyPolicy extension: 2.5.29.54. See [`InhibitAnyPolicy`](type.InhibitAnyPolicy.html). -pub const CE_INHIBIT_ANY_POLICY: ObjectIdentifier = ObjectIdentifier::new_unwrap("2.5.29.54"); - -/// OID for ocspNoCheck extension: 1.3.6.1.5.5.7.48.1.5. See [`OcspNoCheck`](type.OcspNoCheck.html). -pub const OCSP_NOCHECK: ObjectIdentifier = ObjectIdentifier::new_unwrap("1.3.6.1.5.5.7.48.1.5"); - -/// OID for PIV NACI extension: 2.16.840.1.101.3.6.9.1. See [`PivNaciIndicator`](type.PivNaciIndicator.html). -pub const PIV_NACI_INDICATOR: ObjectIdentifier = - ObjectIdentifier::new_unwrap("2.16.840.1.101.3.6.9.1"); diff --git a/x509/tests/pkix_extensions.rs b/x509/tests/pkix_extensions.rs index b79720a8a..fe7cb552e 100644 --- a/x509/tests/pkix_extensions.rs +++ b/x509/tests/pkix_extensions.rs @@ -5,11 +5,14 @@ use hex_literal::hex; use x509::ext::other::{OcspNoCheck, PivNaciIndicator}; use x509::ext::pkix::crl::dp::{DistributionPoint, ReasonFlags, Reasons}; use x509::ext::pkix::name::{DistributionPointName, GeneralName, GeneralNames}; -use x509::ext::pkix::{oids::*, *}; +use x509::ext::pkix::*; use x509::ext::Extensions; use x509::name::Name; use x509::{Certificate, Version}; +use const_oid::db::rfc5280::*; +use const_oid::db::rfc5912::ID_CE_CERTIFICATE_POLICIES; + fn spin_over_exts<'a>(exts: Extensions<'a>) { let i = exts.iter(); for ext in i { @@ -264,7 +267,7 @@ fn decode_cert() { let mut counter = 0; for ext in i { if 0 == counter { - assert_eq!(ext.extn_id.to_string(), CE_KEY_USAGE.to_string()); + assert_eq!(ext.extn_id.to_string(), ID_CE_KEY_USAGE.to_string()); assert_eq!(ext.critical, true); let ku = KeyUsage::from_der(ext.extn_value).unwrap(); @@ -273,7 +276,7 @@ fn decode_cert() { let reencoded = ku.to_vec().unwrap(); assert_eq!(ext.extn_value, reencoded); } else if 1 == counter { - assert_eq!(ext.extn_id.to_string(), CE_BASIC_CONSTRAINTS.to_string()); + assert_eq!(ext.extn_id.to_string(), ID_CE_BASIC_CONSTRAINTS.to_string()); assert_eq!(ext.critical, true); let bc = BasicConstraints::from_der(ext.extn_value).unwrap(); assert_eq!(true, bc.ca); @@ -282,7 +285,7 @@ fn decode_cert() { let reencoded = bc.to_vec().unwrap(); assert_eq!(ext.extn_value, reencoded); } else if 2 == counter { - assert_eq!(ext.extn_id.to_string(), CE_POLICY_MAPPINGS.to_string()); + assert_eq!(ext.extn_id.to_string(), ID_CE_POLICY_MAPPINGS.to_string()); assert_eq!(ext.critical, false); let pm = PolicyMappings::from_der(ext.extn_value).unwrap(); assert_eq!(19, pm.len()); @@ -347,7 +350,10 @@ fn decode_cert() { counter_pm += 1; } } else if 3 == counter { - assert_eq!(ext.extn_id.to_string(), CE_CERTIFICATE_POLICIES.to_string()); + assert_eq!( + ext.extn_id.to_string(), + ID_CE_CERTIFICATE_POLICIES.to_string() + ); assert_eq!(ext.critical, false); let cps = CertificatePolicies::from_der(ext.extn_value).unwrap(); assert_eq!(19, cps.len()); @@ -407,7 +413,7 @@ fn decode_cert() { } else if 4 == counter { assert_eq!( ext.extn_id.to_string(), - CE_SUBJECT_KEY_IDENTIFIER.to_string() + ID_CE_SUBJECT_KEY_IDENTIFIER.to_string() ); assert_eq!(ext.critical, false); let skid = SubjectKeyIdentifier::from_der(ext.extn_value).unwrap(); @@ -422,7 +428,7 @@ fn decode_cert() { } else if 5 == counter { assert_eq!( ext.extn_id.to_string(), - CE_CRL_DISTRIBUTION_POINTS.to_string() + ID_CE_CRL_DISTRIBUTION_POINTS.to_string() ); assert_eq!(ext.critical, false); let crl_dps = CrlDistributionPoints::from_der(ext.extn_value).unwrap(); @@ -478,7 +484,10 @@ fn decode_cert() { crldp_counter += 1; } } else if 6 == counter { - assert_eq!(ext.extn_id.to_string(), PE_SUBJECTINFOACCESS.to_string()); + assert_eq!( + ext.extn_id.to_string(), + ID_PE_SUBJECT_INFO_ACCESS.to_string() + ); assert_eq!(ext.critical, false); let sias = SubjectInfoAccessSyntax::from_der(ext.extn_value).unwrap(); assert_eq!(1, sias.len()); @@ -502,7 +511,10 @@ fn decode_cert() { } } } else if 7 == counter { - assert_eq!(ext.extn_id.to_string(), PE_AUTHORITYINFOACCESS.to_string()); + assert_eq!( + ext.extn_id.to_string(), + ID_PE_AUTHORITY_INFO_ACCESS.to_string() + ); assert_eq!(ext.critical, false); let aias = AuthorityInfoAccessSyntax::from_der(ext.extn_value).unwrap(); assert_eq!(2, aias.len()); @@ -545,7 +557,10 @@ fn decode_cert() { aia_counter += 1; } } else if 8 == counter { - assert_eq!(ext.extn_id.to_string(), CE_INHIBIT_ANY_POLICY.to_string()); + assert_eq!( + ext.extn_id.to_string(), + ID_CE_INHIBIT_ANY_POLICY.to_string() + ); assert_eq!(ext.critical, false); let iap = InhibitAnyPolicy::from_der(ext.extn_value).unwrap(); assert_eq!(0, iap); @@ -555,7 +570,7 @@ fn decode_cert() { } else if 9 == counter { assert_eq!( ext.extn_id.to_string(), - CE_AUTHORITY_KEY_IDENTIFIER.to_string() + ID_CE_AUTHORITY_KEY_IDENTIFIER.to_string() ); assert_eq!(ext.critical, false); let akid = AuthorityKeyIdentifier::from_der(ext.extn_value).unwrap(); @@ -697,7 +712,7 @@ fn decode_cert() { if 0 == counter { assert_eq!( ext.extn_id.to_string(), - CE_AUTHORITY_KEY_IDENTIFIER.to_string() + ID_CE_AUTHORITY_KEY_IDENTIFIER.to_string() ); assert_eq!(ext.critical, false); let akid = AuthorityKeyIdentifier::from_der(ext.extn_value).unwrap(); @@ -708,7 +723,7 @@ fn decode_cert() { } else if 1 == counter { assert_eq!( ext.extn_id.to_string(), - CE_SUBJECT_KEY_IDENTIFIER.to_string() + ID_CE_SUBJECT_KEY_IDENTIFIER.to_string() ); assert_eq!(ext.critical, false); let skid = SubjectKeyIdentifier::from_der(ext.extn_value).unwrap(); @@ -717,12 +732,15 @@ fn decode_cert() { &hex!("580184241BBC2B52944A3DA510721451F5AF3AC9")[..] ); } else if 2 == counter { - assert_eq!(ext.extn_id.to_string(), CE_KEY_USAGE.to_string()); + assert_eq!(ext.extn_id.to_string(), ID_CE_KEY_USAGE.to_string()); assert_eq!(ext.critical, true); let ku = KeyUsage::from_der(ext.extn_value).unwrap(); assert_eq!(KeyUsages::KeyCertSign | KeyUsages::CRLSign, ku); } else if 3 == counter { - assert_eq!(ext.extn_id.to_string(), CE_CERTIFICATE_POLICIES.to_string()); + assert_eq!( + ext.extn_id.to_string(), + ID_CE_CERTIFICATE_POLICIES.to_string() + ); assert_eq!(ext.critical, false); let r = CertificatePolicies::from_der(ext.extn_value); let cp = r.unwrap(); @@ -731,7 +749,7 @@ fn decode_cert() { assert_eq!(p.policy_identifier.to_string(), "2.16.840.1.101.3.2.1.48.1"); } } else if 4 == counter { - assert_eq!(ext.extn_id.to_string(), CE_BASIC_CONSTRAINTS.to_string()); + assert_eq!(ext.extn_id.to_string(), ID_CE_BASIC_CONSTRAINTS.to_string()); assert_eq!(ext.critical, true); let bc = BasicConstraints::from_der(ext.extn_value).unwrap(); assert_eq!(bc.ca, true);